Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/Kt5AY6bZ1gA0AyxYwkZX9eyBtTA.roa
File:                     Kt5AY6bZ1gA0AyxYwkZX9eyBtTA.roa (raw, json)
Hash identifier:          vEFM1Xuk52lqHbsTCEtx4tTiPZIq8w5DR7ss3hbOLsE=
Subject key identifier:   2A:DE:40:63:A6:D9:D6:00:34:03:2C:58:C2:46:57:F5:EC:81:B5:30
Certificate issuer:       /CN=4c7844abef711c232c84f83c807a420af3804728
Certificate serial:       0194236A02ECACF7E8017EA74D120CF2732F
Authority key identifier: 4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/Kt5AY6bZ1gA0AyxYwkZX9eyBtTA.roa
Signing time:             Wed 01 Jan 2025 19:48:57 +0000
ROA not before:           Wed 01 Jan 2025 19:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203192
IP address blocks:        185.143.8.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:02:ec:ac:f7:e8:01:7e:a7:4d:12:0c:f2:73:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c7844abef711c232c84f83c807a420af3804728
        Validity
            Not Before: Jan  1 19:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ade4063a6d9d60034032c58c24657f5ec81b530
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:16:78:c6:17:a6:bd:de:0c:5d:cd:f4:e5:f1:
                    9c:48:25:05:be:55:d2:59:ad:1d:8e:8c:5f:f6:5c:
                    db:7c:f4:2d:ec:95:20:37:fa:69:ab:06:4b:be:e6:
                    d3:76:26:b5:15:f2:ce:65:d3:47:8f:11:de:5f:ca:
                    f2:f6:e7:b8:68:ab:cb:21:b1:98:ac:fe:19:63:e2:
                    3e:ff:3f:e5:17:d8:90:e9:d9:81:75:4a:03:0e:e2:
                    8c:0d:ea:d2:ea:b3:97:a7:a2:38:9a:22:0e:d6:1e:
                    f3:8a:74:aa:57:aa:6d:b3:0b:32:08:5f:b5:fd:18:
                    39:03:06:f9:59:cb:11:b9:14:8c:1e:30:64:aa:e9:
                    03:39:f4:91:08:b4:94:01:ed:9b:07:2e:53:44:74:
                    55:3f:7c:03:f0:4a:87:a1:94:eb:7a:d5:01:d2:5d:
                    57:bf:bb:5f:ad:8b:f3:a4:e8:75:b3:7c:f3:ab:3b:
                    af:e3:82:ee:9c:f0:44:a8:82:7e:f5:94:b3:22:50:
                    c3:ee:e1:13:d3:ea:27:45:f2:e0:6d:c0:93:21:9e:
                    00:91:37:99:14:f8:5b:96:14:0c:a0:c3:90:73:fa:
                    66:fe:62:de:b9:31:6c:96:7e:dd:17:2b:3b:da:0f:
                    72:2e:47:a7:76:1f:47:13:7d:6e:10:1a:2b:cd:06:
                    43:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:DE:40:63:A6:D9:D6:00:34:03:2C:58:C2:46:57:F5:EC:81:B5:30
            X509v3 Authority Key Identifier:
                keyid:4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/Kt5AY6bZ1gA0AyxYwkZX9eyBtTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:f0:44:7c:10:49:15:7c:eb:86:0a:0d:5d:a1:f5:35:69:37:
         b5:83:be:fc:41:5f:93:88:09:78:fb:e5:a7:e1:d6:b5:d0:b8:
         7a:ec:47:4d:51:3f:81:65:d5:3a:d7:cd:73:0a:7a:d2:03:5c:
         b9:c6:21:e5:06:07:58:c7:42:79:32:68:93:00:b9:42:1b:b8:
         09:a7:a7:63:40:6f:d5:6d:98:ac:e3:b9:df:48:88:d5:2d:be:
         f0:27:99:76:73:09:9a:7a:ca:a4:cd:ef:4a:55:f1:56:d4:ec:
         cc:80:5d:bb:ae:c3:9c:24:a2:9d:cb:e8:be:ad:e7:35:2e:e4:
         fd:53:61:99:5a:a7:2e:bf:0f:7f:de:28:d7:65:39:fe:3d:92:
         3c:46:f3:cf:8b:51:9c:8b:cf:56:4b:ac:ed:ab:7e:b7:64:73:
         d2:01:94:3f:ff:86:06:fd:21:0f:b8:a9:af:0c:fa:fb:5f:46:
         ae:7b:ad:56:80:fe:0c:fb:76:8a:30:db:ee:05:bc:99:03:d8:
         6c:0e:42:91:01:30:ba:2f:7b:91:be:3d:44:36:66:6e:03:12:
         40:9f:1e:2c:cb:4f:63:a9:29:40:05:4b:bf:2b:ec:8d:7b:ab:
         f6:f8:3f:a2:ec:ce:28:82:3d:d5:f4:c1:38:1a:7d:fa:e1:17:
         f0:9f:5f:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjagLsrPfoAX6nTRIM8nMvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNzg0NGFiZWY3MTFjMjMyYzg0ZjgzYzgwN2E0MjBhZjM4
MDQ3MjgwHhcNMjUwMTAxMTk0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWRlNDA2M2E2ZDlkNjAwMzQwMzJjNThjMjQ2NTdmNWVjODFiNTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hZ4xhemvd4MXc305fGcSCUFvlXS
Wa0djoxf9lzbfPQt7JUgN/ppqwZLvubTdia1FfLOZdNHjxHeX8ry9ue4aKvLIbGY
rP4ZY+I+/z/lF9iQ6dmBdUoDDuKMDerS6rOXp6I4miIO1h7zinSqV6ptswsyCF+1
/Rg5Awb5WcsRuRSMHjBkqukDOfSRCLSUAe2bBy5TRHRVP3wD8EqHoZTretUB0l1X
v7tfrYvzpOh1s3zzqzuv44LunPBEqIJ+9ZSzIlDD7uET0+onRfLgbcCTIZ4AkTeZ
FPhblhQMoMOQc/pm/mLeuTFsln7dFys72g9yLkendh9HE31uEBorzQZDywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCreQGOm2dYANAMsWMJGV/XsgbUwMB8GA1UdIwQY
MBaAFEx4RKvvcRwjLIT4PIB6QgrzgEcoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgt
ZGFiNmI4M2NmN2VjLzEvS3Q1QVk2YloxZ0EwQXl4WXdrWlg5ZXlCdFRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgtZGFiNmI4M2NmN2Vj
LzEvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuY8IMA0G
CSqGSIb3DQEBCwUAA4IBAQAm8ER8EEkVfOuGCg1dofU1aTe1g778QV+TiAl4++Wn
4da10Lh67EdNUT+BZdU6181zCnrSA1y5xiHlBgdYx0J5MmiTALlCG7gJp6djQG/V
bZis47nfSIjVLb7wJ5l2cwmaesqkze9KVfFW1OzMgF27rsOcJKKdy+i+rec1LuT9
U2GZWqcuvw9/3ijXZTn+PZI8RvPPi1Gci89WS6ztq363ZHPSAZQ//4YG/SEPuKmv
DPr7X0aue61WgP4M+3aKMNvuBbyZA9hsDkKRATC6L3uRvj1ENmZuAxJAnx4sy09j
qSlABUu/K+yNe6v2+D+i7M4ogj3V9ME4Gn364Rfwn18K
-----END CERTIFICATE-----