Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/17272d-2234-42ce-b51b-74f6a2eae175/1/pQCtyhycb29ZldrwBrFN0Z3tPE4.roa
File:                     pQCtyhycb29ZldrwBrFN0Z3tPE4.roa (raw, json)
Hash identifier:          yBPBDNGX6i75Di0OTCg0blLB+j1b2vzgHt8OmZG5Xwo=
Subject key identifier:   A5:00:AD:CA:1C:9C:6F:6F:59:95:DA:F0:06:B1:4D:D1:9D:ED:3C:4E
Certificate issuer:       /CN=f4dff8b1bd0724ba130f86b848e33caea8e9f11d
Certificate serial:       01902B3865A4E8BF2815073047C74D2A5B87
Authority key identifier: F4:DF:F8:B1:BD:07:24:BA:13:0F:86:B8:48:E3:3C:AE:A8:E9:F1:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9N_4sb0HJLoTD4a4SOM8rqjp8R0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/17272d-2234-42ce-b51b-74f6a2eae175/1/pQCtyhycb29ZldrwBrFN0Z3tPE4.roa
Signing time:             Tue 18 Jun 2024 12:00:34 +0000
ROA not before:           Tue 18 Jun 2024 12:00:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204100
IP address blocks:        185.114.112.0/22 maxlen: 22
                          185.114.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/17272d-2234-42ce-b51b-74f6a2eae175/1/9N_4sb0HJLoTD4a4SOM8rqjp8R0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/17272d-2234-42ce-b51b-74f6a2eae175/1/9N_4sb0HJLoTD4a4SOM8rqjp8R0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9N_4sb0HJLoTD4a4SOM8rqjp8R0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 18:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2b:38:65:a4:e8:bf:28:15:07:30:47:c7:4d:2a:5b:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4dff8b1bd0724ba130f86b848e33caea8e9f11d
        Validity
            Not Before: Jun 18 12:00:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a500adca1c9c6f6f5995daf006b14dd19ded3c4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:0c:8e:e3:7e:d0:a6:42:ef:2a:3f:20:cc:55:
                    b0:38:6b:87:b8:4a:8c:06:f3:f0:c4:5f:86:3c:15:
                    ce:24:ba:b3:47:85:84:5c:21:4c:e1:72:b0:16:84:
                    5e:b5:44:08:fb:cc:1a:e3:7e:c2:32:93:29:6e:39:
                    fa:07:33:d7:a0:d3:4f:8a:c6:cb:6e:6b:f4:ba:b8:
                    48:6a:e4:2a:6c:c5:9a:14:61:1a:ce:68:d3:1a:33:
                    a3:df:25:7d:4d:f0:31:61:d7:c3:0a:46:fd:c1:8c:
                    ac:fa:3b:0e:9c:95:9f:8b:a1:22:6b:60:d8:54:48:
                    cb:a9:da:d7:67:eb:6e:bc:e5:7d:e0:f7:d2:c7:83:
                    03:e4:73:d5:59:eb:10:f3:da:c8:1a:bd:bd:ce:ff:
                    8e:3b:98:ba:22:6c:86:2b:6a:7a:94:62:85:1d:f9:
                    54:46:6e:94:dc:9c:be:d3:ab:00:fe:12:29:b5:28:
                    98:e9:e3:df:a9:4f:16:ce:63:70:ed:b2:b2:3c:10:
                    29:75:b2:50:6e:f0:fe:e8:aa:06:d3:98:b3:0a:fc:
                    86:17:fd:61:8e:a0:01:51:fa:df:93:c2:5a:e5:c3:
                    e1:9d:5c:61:fe:d6:65:08:5e:24:33:1c:f3:f4:d3:
                    2e:2f:48:f2:66:51:17:21:a1:21:cb:e2:00:6a:94:
                    93:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:00:AD:CA:1C:9C:6F:6F:59:95:DA:F0:06:B1:4D:D1:9D:ED:3C:4E
            X509v3 Authority Key Identifier:
                keyid:F4:DF:F8:B1:BD:07:24:BA:13:0F:86:B8:48:E3:3C:AE:A8:E9:F1:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9N_4sb0HJLoTD4a4SOM8rqjp8R0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/17272d-2234-42ce-b51b-74f6a2eae175/1/pQCtyhycb29ZldrwBrFN0Z3tPE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/17272d-2234-42ce-b51b-74f6a2eae175/1/9N_4sb0HJLoTD4a4SOM8rqjp8R0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:80:eb:71:cd:a5:68:d6:22:1f:50:ea:41:de:e5:da:3c:c6:
         cd:d9:78:ec:fd:ee:f8:03:00:46:a1:55:6a:7a:f2:b0:03:8b:
         4b:3c:62:b3:a7:60:77:d1:94:08:aa:5f:3c:f8:0c:d9:7b:54:
         63:4a:7e:db:45:3b:55:53:01:e4:0e:3b:19:06:f4:38:59:f5:
         80:b3:09:31:41:65:38:96:70:50:82:60:25:2d:2f:e3:ab:47:
         07:e7:16:4b:3e:f7:02:9b:58:06:b6:7a:ac:de:de:bf:69:1e:
         7a:dc:a2:39:78:93:7c:04:ba:b7:03:70:cd:61:c3:2d:b0:68:
         c4:b0:41:b6:94:0c:e1:2d:e9:7c:d7:6d:02:8e:51:f3:51:1d:
         8c:12:be:79:30:d1:30:68:45:f4:17:84:71:88:46:da:c6:fd:
         b8:2d:3a:19:8b:70:32:4b:39:4b:c7:99:75:82:8a:22:6d:ca:
         7f:8e:be:48:83:88:fb:29:05:98:74:7c:58:35:8e:5c:36:86:
         3f:9a:ee:b0:c5:42:af:d9:26:5e:72:d3:30:61:f3:5f:ab:eb:
         16:23:fc:7e:ef:c0:7d:ac:30:47:b0:41:0a:a6:60:af:f3:01:
         97:fa:2e:63:dc:95:d4:76:34:9f:21:03:3b:54:d2:ff:75:b1:
         2c:1b:1c:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZArOGWk6L8oFQcwR8dNKluHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZGZmOGIxYmQwNzI0YmExMzBmODZiODQ4ZTMzY2FlYThl
OWYxMWQwHhcNMjQwNjE4MTIwMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTAwYWRjYTFjOWM2ZjZmNTk5NWRhZjAwNmIxNGRkMTlkZWQzYzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQyO437QpkLvKj8gzFWwOGuHuEqM
BvPwxF+GPBXOJLqzR4WEXCFM4XKwFoRetUQI+8wa437CMpMpbjn6BzPXoNNPisbL
bmv0urhIauQqbMWaFGEazmjTGjOj3yV9TfAxYdfDCkb9wYys+jsOnJWfi6Eia2DY
VEjLqdrXZ+tuvOV94PfSx4MD5HPVWesQ89rIGr29zv+OO5i6ImyGK2p6lGKFHflU
Rm6U3Jy+06sA/hIptSiY6ePfqU8WzmNw7bKyPBApdbJQbvD+6KoG05izCvyGF/1h
jqABUfrfk8Ja5cPhnVxh/tZlCF4kMxzz9NMuL0jyZlEXIaEhy+IAapST/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKUArcocnG9vWZXa8AaxTdGd7TxOMB8GA1UdIwQY
MBaAFPTf+LG9ByS6Ew+GuEjjPK6o6fEdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU5fNHNiMEhKTG9URDRhNFNPTThycWpwOFIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8xNzI3MmQtMjIzNC00MmNlLWI1MWIt
NzRmNmEyZWFlMTc1LzEvcFFDdHloeWNiMjlabGRyd0JyRk4wWjN0UEU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8xNzI3MmQtMjIzNC00MmNlLWI1MWItNzRmNmEyZWFlMTc1
LzEvOU5fNHNiMEhKTG9URDRhNFNPTThycWpwOFIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXJwMA0G
CSqGSIb3DQEBCwUAA4IBAQBogOtxzaVo1iIfUOpB3uXaPMbN2Xjs/e74AwBGoVVq
evKwA4tLPGKzp2B30ZQIql88+AzZe1RjSn7bRTtVUwHkDjsZBvQ4WfWAswkxQWU4
lnBQgmAlLS/jq0cH5xZLPvcCm1gGtnqs3t6/aR563KI5eJN8BLq3A3DNYcMtsGjE
sEG2lAzhLel8120CjlHzUR2MEr55MNEwaEX0F4RxiEbaxv24LToZi3AySzlLx5l1
gooibcp/jr5Ig4j7KQWYdHxYNY5cNoY/mu6wxUKv2SZectMwYfNfq+sWI/x+78B9
rDBHsEEKpmCv8wGX+i5j3JXUdjSfIQM7VNL/dbEsGxyg
-----END CERTIFICATE-----