Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/I0oAxDxSLp0kYIJPzmSmAbm_pC0.roa
File:                     I0oAxDxSLp0kYIJPzmSmAbm_pC0.roa (raw, json)
Hash identifier:          y5GzuisJisO10LjhFbKQRkgOHB9toSy6woSqQLas3GU=
Subject key identifier:   23:4A:00:C4:3C:52:2E:9D:24:60:82:4F:CE:64:A6:01:B9:BF:A4:2D
Certificate issuer:       /CN=4f2d30b015ec4ef1b0d3c64347c8d1b598293f81
Certificate serial:       018CC6B927D532E14D614296E0CCB4DA38FA
Authority key identifier: 4F:2D:30:B0:15:EC:4E:F1:B0:D3:C6:43:47:C8:D1:B5:98:29:3F:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/I0oAxDxSLp0kYIJPzmSmAbm_pC0.roa
Signing time:             Mon 01 Jan 2024 20:31:12 +0000
ROA not before:           Mon 01 Jan 2024 20:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198178
IP address blocks:        185.157.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:27:d5:32:e1:4d:61:42:96:e0:cc:b4:da:38:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f2d30b015ec4ef1b0d3c64347c8d1b598293f81
        Validity
            Not Before: Jan  1 20:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=234a00c43c522e9d2460824fce64a601b9bfa42d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d0:61:64:aa:99:15:af:e5:77:85:4d:67:21:
                    2d:6e:2b:4a:9c:94:83:3e:4c:aa:33:1c:80:e2:22:
                    21:f7:66:54:1d:b0:49:45:17:99:fe:3b:da:c0:db:
                    f1:d7:95:54:84:df:3b:13:9d:2f:0b:e4:96:a1:56:
                    07:e2:7f:5a:e1:eb:3b:04:dd:31:00:5e:a9:62:8c:
                    7d:fe:c3:8e:18:62:fa:53:b1:b8:62:8e:5a:4a:58:
                    58:7e:64:7b:df:1d:3b:32:be:b9:3a:9e:23:aa:d7:
                    35:dd:55:76:52:f2:4d:58:83:53:51:7d:bc:23:04:
                    84:2f:65:09:25:60:58:2d:1a:f5:7d:eb:b7:a5:ec:
                    02:c3:2f:b8:e3:f4:93:79:2b:5e:03:a9:29:87:7d:
                    a0:ee:e2:8d:cd:1a:ed:1c:1c:71:9b:48:c2:e2:c7:
                    bb:0e:4f:5d:bc:8f:72:6f:da:3a:8e:96:2d:b3:64:
                    b4:c7:fe:47:43:f8:40:bc:b4:e1:cb:4e:b3:00:07:
                    8c:8a:b1:a4:69:59:80:c8:8b:26:2e:3f:e5:b7:13:
                    3f:a2:34:c5:25:f1:01:46:41:00:46:7d:a1:69:c5:
                    0a:9d:af:b1:1d:fb:61:cc:cb:59:19:30:8c:ba:6f:
                    ec:8d:42:32:67:f9:da:3e:67:cd:a5:e3:73:c0:8d:
                    91:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:4A:00:C4:3C:52:2E:9D:24:60:82:4F:CE:64:A6:01:B9:BF:A4:2D
            X509v3 Authority Key Identifier:
                keyid:4F:2D:30:B0:15:EC:4E:F1:B0:D3:C6:43:47:C8:D1:B5:98:29:3F:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/I0oAxDxSLp0kYIJPzmSmAbm_pC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:15:81:2b:05:00:01:47:bc:66:5d:7a:37:74:8b:33:a1:73:
         79:13:fb:09:9c:90:c2:ac:2b:32:ef:ec:82:63:95:b0:22:2c:
         44:fb:14:9a:ba:68:5a:42:50:ef:94:26:f9:a6:16:ae:19:a5:
         93:ae:61:84:1c:48:c7:f1:be:4a:bd:9b:fd:be:db:d0:74:ee:
         ff:51:07:9e:d7:0b:e9:fb:02:97:da:f2:55:ca:44:ba:f9:0f:
         27:cb:44:0c:e0:cc:78:13:d4:9a:40:f0:7a:b3:83:c1:26:ef:
         1d:12:43:c5:f6:e5:bb:9f:b6:7d:77:62:2a:45:34:e4:51:87:
         fa:30:42:92:a7:ce:ea:b6:75:75:5e:85:e6:50:61:9b:e0:e5:
         fd:43:5f:3c:d3:4e:49:b7:b8:cb:2f:e7:e0:df:ad:f3:a3:d6:
         31:2d:5e:d1:c6:8d:28:82:46:38:2e:9f:11:34:4d:27:8b:e3:
         e4:87:f9:1d:95:30:22:9b:58:9c:35:94:03:ba:4c:25:8c:f1:
         dc:dd:b3:ac:b0:5d:a6:26:7a:af:9c:47:f3:db:b7:26:fd:76:
         6c:d9:08:3b:34:e3:21:c6:f9:e0:cc:ed:7b:10:fc:b7:4d:be:
         91:c7:2b:2e:ba:af:f7:0d:5f:11:53:f3:06:c8:af:9b:46:cc:
         8f:99:a3:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSfVMuFNYUKW4My02jj6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMmQzMGIwMTVlYzRlZjFiMGQzYzY0MzQ3YzhkMWI1OTgy
OTNmODEwHhcNMjQwMTAxMjAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzRhMDBjNDNjNTIyZTlkMjQ2MDgyNGZjZTY0YTYwMWI5YmZhNDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdBhZKqZFa/ld4VNZyEtbitKnJSD
PkyqMxyA4iIh92ZUHbBJRReZ/jvawNvx15VUhN87E50vC+SWoVYH4n9a4es7BN0x
AF6pYox9/sOOGGL6U7G4Yo5aSlhYfmR73x07Mr65Op4jqtc13VV2UvJNWINTUX28
IwSEL2UJJWBYLRr1feu3pewCwy+44/STeSteA6kph32g7uKNzRrtHBxxm0jC4se7
Dk9dvI9yb9o6jpYts2S0x/5HQ/hAvLThy06zAAeMirGkaVmAyIsmLj/ltxM/ojTF
JfEBRkEARn2hacUKna+xHfthzMtZGTCMum/sjUIyZ/naPmfNpeNzwI2RVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNKAMQ8Ui6dJGCCT85kpgG5v6QtMB8GA1UdIwQY
MBaAFE8tMLAV7E7xsNPGQ0fI0bWYKT+BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHkwd3NCWHNUdkd3MDhaRFI4alJ0WmdwUDRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi85NjY4YjUtNWU5Mi00YzE4LTliYjkt
NDM1MWJiZjc0YzBjLzEvSTBvQXhEeFNMcDBrWUlKUHptU21BYm1fcEMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi85NjY4YjUtNWU5Mi00YzE4LTliYjktNDM1MWJiZjc0YzBj
LzEvVHkwd3NCWHNUdkd3MDhaRFI4alJ0WmdwUDRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ14MA0G
CSqGSIb3DQEBCwUAA4IBAQAKFYErBQABR7xmXXo3dIszoXN5E/sJnJDCrCsy7+yC
Y5WwIixE+xSaumhaQlDvlCb5phauGaWTrmGEHEjH8b5KvZv9vtvQdO7/UQee1wvp
+wKX2vJVykS6+Q8ny0QM4Mx4E9SaQPB6s4PBJu8dEkPF9uW7n7Z9d2IqRTTkUYf6
MEKSp87qtnV1XoXmUGGb4OX9Q188005Jt7jLL+fg363zo9YxLV7Rxo0ogkY4Lp8R
NE0ni+Pkh/kdlTAim1icNZQDukwljPHc3bOssF2mJnqvnEfz27cm/XZs2Qg7NOMh
xvngzO17EPy3Tb6Rxysuuq/3DV8RU/MGyK+bRsyPmaNy
-----END CERTIFICATE-----