Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/0BIKvz0TX_6cTYTPd3XeKW3JP18.roa
File:                     0BIKvz0TX_6cTYTPd3XeKW3JP18.roa (raw, json)
Hash identifier:          DGCVwnyyfKaALTVdTfarysZf8r0zUP05MoyJxkVC5QA=
Subject key identifier:   D0:12:0A:BF:3D:13:5F:FE:9C:4D:84:CF:77:75:DE:29:6D:C9:3F:5F
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492E4E6FCC9C6D55D9249B780D2A4EA
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/0BIKvz0TX_6cTYTPd3XeKW3JP18.roa
Signing time:             Mon 01 Jan 2024 10:30:10 +0000
ROA not before:           Mon 01 Jan 2024 10:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202251
IP address blocks:        185.225.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:e4:e6:fc:c9:c6:d5:5d:92:49:b7:80:d2:a4:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0120abf3d135ffe9c4d84cf7775de296dc93f5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:8c:7e:89:25:ee:74:56:0b:af:f0:f8:00:c2:
                    09:22:33:fc:b2:01:23:1f:45:dc:d2:80:71:fc:2e:
                    e3:03:bb:3f:0f:d4:90:ca:d9:e0:99:dd:1c:44:4e:
                    f5:bf:f1:fb:f1:55:52:5e:f0:a2:07:e0:40:e5:4a:
                    98:9e:0e:2a:c4:81:08:fd:3f:65:7c:2a:c7:f3:a7:
                    f6:28:9c:60:3b:a1:7c:16:28:43:fd:b4:38:0e:06:
                    20:16:ec:be:95:a0:d6:a1:f8:d4:cc:42:b8:de:2d:
                    d9:84:3b:05:5a:48:f2:cb:24:10:e4:0d:10:0b:47:
                    5f:1a:98:1d:45:bf:7c:10:31:67:01:a4:9e:5e:55:
                    ef:60:c3:da:48:85:2f:22:f3:81:fe:b0:35:4d:c9:
                    ae:02:f9:85:34:e5:9b:a6:a1:8a:1c:c6:89:27:f0:
                    6c:a1:d6:9f:d5:60:5c:32:6b:dd:f9:e4:13:a4:58:
                    89:fc:1c:7e:dd:80:97:32:9e:41:c8:8d:af:00:17:
                    cc:13:ae:df:b5:ce:32:b0:30:c4:01:2a:2a:e4:a0:
                    8c:ce:fa:ae:7d:1e:6d:f4:bc:99:08:69:ed:50:3b:
                    14:a5:65:68:d0:65:d2:39:52:62:f6:a7:37:1b:63:
                    8a:d3:69:6c:36:ea:77:fc:a9:ac:16:8a:31:a4:3d:
                    82:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:12:0A:BF:3D:13:5F:FE:9C:4D:84:CF:77:75:DE:29:6D:C9:3F:5F
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/0BIKvz0TX_6cTYTPd3XeKW3JP18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:1b:02:54:55:87:27:1e:11:f0:15:a5:f3:24:30:0f:11:a6:
         70:b1:89:dc:d1:90:c7:47:70:3c:f5:f9:44:76:a4:15:da:d5:
         ed:6d:e0:a8:e1:7d:93:1b:d4:77:b0:24:e2:70:97:61:ee:be:
         ee:8b:4c:8c:f6:37:47:29:50:bf:ad:69:44:8f:dc:3a:f2:b3:
         ca:7b:5f:eb:2c:3a:43:1a:45:b5:0c:5e:e7:f0:46:27:9c:9c:
         5f:82:ca:6c:21:83:28:0e:f2:d9:31:23:14:7f:a7:26:14:6b:
         e4:2b:59:d5:5a:19:cc:78:6d:d7:16:a1:03:21:bc:e6:c8:7d:
         bd:d2:7e:51:43:9c:f2:0c:1d:04:b6:73:d0:63:26:cb:97:34:
         46:4d:0c:99:42:f9:70:fe:8b:bf:6e:28:dd:ed:39:dd:e1:c8:
         02:da:74:47:ab:38:65:8f:db:5e:f6:3a:06:de:fa:3d:cd:bc:
         af:3c:08:71:47:94:68:df:49:2d:9e:54:d2:0f:cf:9d:31:e5:
         2b:17:a5:2a:91:95:40:89:bb:77:ea:e3:de:23:7b:52:19:46:
         b4:4f:7a:75:37:87:95:0e:72:37:06:de:6c:88:08:58:90:fc:
         0c:7b:e2:bf:5d:cc:ff:24:34:15:d6:c0:7f:51:41:ec:37:8b:
         aa:6e:ff:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkuTm/MnG1V2SSbeA0qTqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDEyMGFiZjNkMTM1ZmZlOWM0ZDg0Y2Y3Nzc1ZGUyOTZkYzkzZjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4x+iSXudFYLr/D4AMIJIjP8sgEj
H0Xc0oBx/C7jA7s/D9SQytngmd0cRE71v/H78VVSXvCiB+BA5UqYng4qxIEI/T9l
fCrH86f2KJxgO6F8FihD/bQ4DgYgFuy+laDWofjUzEK43i3ZhDsFWkjyyyQQ5A0Q
C0dfGpgdRb98EDFnAaSeXlXvYMPaSIUvIvOB/rA1TcmuAvmFNOWbpqGKHMaJJ/Bs
odaf1WBcMmvd+eQTpFiJ/Bx+3YCXMp5ByI2vABfME67ftc4ysDDEASoq5KCMzvqu
fR5t9LyZCGntUDsUpWVo0GXSOVJi9qc3G2OK02lsNup3/KmsFooxpD2CUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNASCr89E1/+nE2Ez3d13iltyT9fMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvMEJJS3Z6MFRYXzZjVFlUUGQzWGVLVzNKUDE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueHwMA0G
CSqGSIb3DQEBCwUAA4IBAQBuGwJUVYcnHhHwFaXzJDAPEaZwsYnc0ZDHR3A89flE
dqQV2tXtbeCo4X2TG9R3sCTicJdh7r7ui0yM9jdHKVC/rWlEj9w68rPKe1/rLDpD
GkW1DF7n8EYnnJxfgspsIYMoDvLZMSMUf6cmFGvkK1nVWhnMeG3XFqEDIbzmyH29
0n5RQ5zyDB0EtnPQYybLlzRGTQyZQvlw/ou/bijd7Tnd4cgC2nRHqzhlj9te9joG
3vo9zbyvPAhxR5Ro30ktnlTSD8+dMeUrF6UqkZVAibt36uPeI3tSGUa0T3p1N4eV
DnI3Bt5siAhYkPwMe+K/Xcz/JDQV1sB/UUHsN4uqbv9y
-----END CERTIFICATE-----