Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/66a237-9bc5-4abd-9b8b-c55476759d0c/1/1-gQeQKPWe6VBKFGaq392MAxQ0ic.roa
File:                     1-gQeQKPWe6VBKFGaq392MAxQ0ic.roa (raw, json)
Hash identifier:          +DOjpolW4iTHwf6B67O0ExwBXhmJ6QS9NV2deInAC+k=
Subject key identifier:   FA:04:1E:40:A3:D6:7B:A5:41:28:51:9A:AB:7F:76:30:0C:50:D2:27
Certificate issuer:       /CN=bc4f1e6b011f4d6331a127955a548fa5052580a5
Certificate serial:       018CC94D3D4FEE7D1C363FBECD219076A8B2
Authority key identifier: BC:4F:1E:6B:01:1F:4D:63:31:A1:27:95:5A:54:8F:A5:05:25:80:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vE8eawEfTWMxoSeVWlSPpQUlgKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/66a237-9bc5-4abd-9b8b-c55476759d0c/1/1-gQeQKPWe6VBKFGaq392MAxQ0ic.roa
Signing time:             Tue 02 Jan 2024 08:32:11 +0000
ROA not before:           Tue 02 Jan 2024 08:32:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44400
IP address blocks:        185.128.164.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/66a237-9bc5-4abd-9b8b-c55476759d0c/1/vE8eawEfTWMxoSeVWlSPpQUlgKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/66a237-9bc5-4abd-9b8b-c55476759d0c/1/vE8eawEfTWMxoSeVWlSPpQUlgKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vE8eawEfTWMxoSeVWlSPpQUlgKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:3d:4f:ee:7d:1c:36:3f:be:cd:21:90:76:a8:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc4f1e6b011f4d6331a127955a548fa5052580a5
        Validity
            Not Before: Jan  2 08:32:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa041e40a3d67ba54128519aab7f76300c50d227
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e7:bc:20:55:de:b0:1d:95:ff:1c:9a:bc:44:
                    f9:fa:02:9d:55:0c:d5:fb:ad:55:27:9d:e9:a1:e5:
                    82:fc:61:c0:5c:f7:11:bb:e5:6d:94:bb:9e:48:9c:
                    7b:03:29:80:ff:ce:7e:b0:ef:6c:c0:c8:44:89:cb:
                    40:90:9d:ff:24:c9:64:83:60:ca:02:de:df:21:f9:
                    7f:b4:8b:e0:aa:81:f6:c4:7c:f6:d5:6f:50:f6:62:
                    d3:76:a2:23:60:72:c6:41:66:c3:79:a4:a2:4f:3d:
                    10:e3:57:df:56:fc:4b:bf:c7:5b:c2:a8:95:ac:5c:
                    80:6e:57:52:4e:29:4a:2a:66:86:e8:87:84:6d:49:
                    16:1e:38:a6:07:c8:71:c7:db:e7:5c:7d:b6:b1:06:
                    28:66:b3:13:25:18:20:26:19:08:61:f3:0a:7b:49:
                    4c:ac:7f:2c:d4:7c:40:7d:e6:66:49:12:a2:cb:89:
                    7f:72:14:3a:a1:54:72:49:33:65:b2:7d:a1:7e:1a:
                    57:82:04:62:a4:46:e4:d9:ad:52:f8:b5:b9:88:b1:
                    ba:77:4c:ff:d1:85:53:df:9d:87:0a:e2:42:55:c2:
                    d9:28:d5:c3:b8:7c:51:5e:31:d0:7b:3a:d0:e7:8c:
                    ad:f7:81:6d:f7:1f:d5:53:e5:63:85:80:0e:f2:fc:
                    8a:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:04:1E:40:A3:D6:7B:A5:41:28:51:9A:AB:7F:76:30:0C:50:D2:27
            X509v3 Authority Key Identifier:
                keyid:BC:4F:1E:6B:01:1F:4D:63:31:A1:27:95:5A:54:8F:A5:05:25:80:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vE8eawEfTWMxoSeVWlSPpQUlgKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/66a237-9bc5-4abd-9b8b-c55476759d0c/1/1-gQeQKPWe6VBKFGaq392MAxQ0ic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/66a237-9bc5-4abd-9b8b-c55476759d0c/1/vE8eawEfTWMxoSeVWlSPpQUlgKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:86:d2:d4:88:a5:1e:d2:bb:e5:66:f3:04:68:24:d7:46:e3:
         8f:58:b4:9e:34:8b:7f:f2:2d:47:42:ec:0c:ef:83:e2:a8:5c:
         c3:2c:42:ff:dd:13:04:b8:38:2e:c2:1e:4c:b5:31:af:2c:07:
         a0:87:e2:e5:be:a2:96:02:23:b0:5d:ac:67:64:bf:0f:79:63:
         99:60:9e:fc:b4:ea:d0:c7:9c:13:7b:51:52:c2:c3:67:69:8b:
         92:c2:88:35:0a:ca:12:e5:44:95:ec:43:b9:c9:42:de:e3:89:
         e3:c9:dc:1c:15:6e:1f:93:b5:eb:84:cd:d2:f5:d6:ad:97:dc:
         12:8e:0c:ac:62:24:d2:f0:3d:b1:6b:6d:76:56:18:16:65:e4:
         aa:aa:12:a2:16:6b:35:6c:db:f5:84:12:3e:b3:f2:b4:66:fd:
         07:1c:32:47:33:31:76:b4:59:b2:59:9f:a7:a9:10:b4:af:99:
         9e:55:67:7c:0d:93:a9:c0:ee:11:53:c9:91:e9:d7:ec:98:56:
         61:ec:7c:bf:b5:4b:13:a0:a3:66:8a:cb:1e:8e:89:ad:5b:93:
         33:1a:9d:e9:18:1f:14:8e:9b:fd:f9:98:bf:e6:f9:3e:49:fa:
         73:99:85:87:bd:4e:fa:9c:b7:d5:7a:58:aa:3d:d3:3a:7f:0d:
         93:87:1e:68
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTT1P7n0cNj++zSGQdqiyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNGYxZTZiMDExZjRkNjMzMWExMjc5NTVhNTQ4ZmE1MDUy
NTgwYTUwHhcNMjQwMTAyMDgzMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTA0MWU0MGEzZDY3YmE1NDEyODUxOWFhYjdmNzYzMDBjNTBkMjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOe8IFXesB2V/xyavET5+gKdVQzV
+61VJ53poeWC/GHAXPcRu+VtlLueSJx7AymA/85+sO9swMhEictAkJ3/JMlkg2DK
At7fIfl/tIvgqoH2xHz21W9Q9mLTdqIjYHLGQWbDeaSiTz0Q41ffVvxLv8dbwqiV
rFyAbldSTilKKmaG6IeEbUkWHjimB8hxx9vnXH22sQYoZrMTJRggJhkIYfMKe0lM
rH8s1HxAfeZmSRKiy4l/chQ6oVRySTNlsn2hfhpXggRipEbk2a1S+LW5iLG6d0z/
0YVT352HCuJCVcLZKNXDuHxRXjHQezrQ54yt94Ft9x/VU+VjhYAO8vyKMwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPoEHkCj1nulQShRmqt/djAMUNInMB8GA1UdIwQY
MBaAFLxPHmsBH01jMaEnlVpUj6UFJYClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkU4ZWF3RWZUV014b1NlVldsU1BwUVVsZ0tVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi82NmEyMzctOWJjNS00YWJkLTliOGIt
YzU1NDc2NzU5ZDBjLzEvMS1nUWVRS1BXZTZWQktGR2FxMzkyTUF4UTBpYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMWYvNjZhMjM3LTliYzUtNGFiZC05YjhiLWM1NTQ3Njc1OWQw
Yy8xL3ZFOGVhd0VmVFdNeG9TZVZXbFNQcFFVbGdLVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArmApDAN
BgkqhkiG9w0BAQsFAAOCAQEAZ4bS1IilHtK75WbzBGgk10bjj1i0njSLf/ItR0Ls
DO+D4qhcwyxC/90TBLg4LsIeTLUxrywHoIfi5b6ilgIjsF2sZ2S/D3ljmWCe/LTq
0MecE3tRUsLDZ2mLksKINQrKEuVElexDuclC3uOJ48ncHBVuH5O164TN0vXWrZfc
Eo4MrGIk0vA9sWttdlYYFmXkqqoSohZrNWzb9YQSPrPytGb9BxwyRzMxdrRZslmf
p6kQtK+ZnlVnfA2TqcDuEVPJkenX7JhWYex8v7VLE6CjZorLHo6JrVuTMxqd6Rgf
FI6b/fmYv+b5Pkn6c5mFh71O+py31XpYqj3TOn8Nk4ceaA==
-----END CERTIFICATE-----