Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/e61985-f881-4035-ab5b-c9a9baa43f94/1/_KT56VY32xo-GEs0OmdmCcYxpO0.roa
File:                     _KT56VY32xo-GEs0OmdmCcYxpO0.roa (raw, json)
Hash identifier:          TRyEolSa22toe8C2sYg3u4dmra01+1e/AZpzWAIR7YU=
Subject key identifier:   FC:A4:F9:E9:56:37:DB:1A:3E:18:4B:34:3A:67:66:09:C6:31:A4:ED
Certificate issuer:       /CN=607cea6e103a2325c48c1667a99c7b17eb3ce7b6
Certificate serial:       018CC72575E969AFC7047EBECA42EDF15DE6
Authority key identifier: 60:7C:EA:6E:10:3A:23:25:C4:8C:16:67:A9:9C:7B:17:EB:3C:E7:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YHzqbhA6IyXEjBZnqZx7F-s857Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/e61985-f881-4035-ab5b-c9a9baa43f94/1/_KT56VY32xo-GEs0OmdmCcYxpO0.roa
Signing time:             Mon 01 Jan 2024 22:29:30 +0000
ROA not before:           Mon 01 Jan 2024 22:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205894
IP address blocks:        185.232.177.0/24 maxlen: 24
                          185.232.176.0/22 maxlen: 22
                          185.232.176.0/24 maxlen: 24
                          185.232.179.0/24 maxlen: 24
                          185.232.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/e61985-f881-4035-ab5b-c9a9baa43f94/1/YHzqbhA6IyXEjBZnqZx7F-s857Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/e61985-f881-4035-ab5b-c9a9baa43f94/1/YHzqbhA6IyXEjBZnqZx7F-s857Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YHzqbhA6IyXEjBZnqZx7F-s857Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:75:e9:69:af:c7:04:7e:be:ca:42:ed:f1:5d:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=607cea6e103a2325c48c1667a99c7b17eb3ce7b6
        Validity
            Not Before: Jan  1 22:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fca4f9e95637db1a3e184b343a676609c631a4ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:e3:81:c0:fb:07:5b:41:cf:a7:5f:7f:8d:0f:
                    4a:89:42:1d:0f:31:2f:64:2b:9d:cd:9a:17:e8:ed:
                    27:ea:17:12:7d:66:52:41:84:49:24:e8:99:1e:cd:
                    d1:22:82:75:fb:e0:64:03:9b:bb:23:62:14:c8:99:
                    d6:bc:5b:03:52:42:96:76:9d:55:27:d4:f5:63:d3:
                    17:1c:49:a0:a0:b8:1a:38:3a:35:6c:87:1c:61:38:
                    b2:57:89:98:f4:07:41:bc:dd:28:9b:4e:61:00:10:
                    43:9a:1a:c4:9f:ca:c7:dd:42:88:bc:fa:0a:9c:72:
                    fa:c8:fb:1e:62:33:0a:ed:38:33:b3:23:27:67:bc:
                    0f:4e:15:20:9c:ce:47:32:40:e2:e9:b7:bc:1a:5d:
                    de:47:d2:49:8d:85:72:87:08:3e:90:80:74:9b:e4:
                    79:99:5e:52:ad:8e:2b:38:bf:43:0c:f8:21:64:f0:
                    d7:7f:ce:22:90:98:74:1f:d6:d6:25:67:e4:19:6b:
                    d1:28:8f:07:7b:ef:57:e3:ac:29:3d:b4:ab:50:7f:
                    b2:43:5b:f3:46:b5:44:af:b5:88:ef:b0:5a:7c:a4:
                    74:05:65:55:31:36:b7:c1:8b:34:da:7d:db:42:a5:
                    d8:14:4d:3d:11:fb:2d:86:cd:ab:7e:01:b5:c1:5c:
                    06:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:A4:F9:E9:56:37:DB:1A:3E:18:4B:34:3A:67:66:09:C6:31:A4:ED
            X509v3 Authority Key Identifier:
                keyid:60:7C:EA:6E:10:3A:23:25:C4:8C:16:67:A9:9C:7B:17:EB:3C:E7:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YHzqbhA6IyXEjBZnqZx7F-s857Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/e61985-f881-4035-ab5b-c9a9baa43f94/1/_KT56VY32xo-GEs0OmdmCcYxpO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/e61985-f881-4035-ab5b-c9a9baa43f94/1/YHzqbhA6IyXEjBZnqZx7F-s857Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:94:3d:db:57:38:c4:a8:2a:de:51:19:51:d8:02:a3:12:b8:
         80:a1:d7:bf:f5:b9:6b:6f:dc:3e:0c:e5:67:36:a3:3c:17:ca:
         03:2c:e3:0b:f5:cf:42:0f:c1:81:e8:b2:00:96:16:41:0c:13:
         d7:df:68:8e:ae:3e:dd:19:7e:db:c5:b3:6e:0f:4d:e7:fb:ff:
         61:03:68:73:29:05:5e:48:f4:e2:6a:8a:6c:e8:70:eb:a9:21:
         5e:02:39:35:b4:81:f2:07:b4:e7:b7:8a:4a:77:9c:b0:d6:1b:
         92:7f:c7:c3:2b:9f:84:71:a8:1f:6f:46:85:2c:7a:2c:30:76:
         8f:f2:25:d6:96:61:e2:9a:7e:82:0d:c8:cd:0c:91:bf:1f:76:
         3b:ca:a4:48:2f:bf:6f:fa:11:3a:16:3f:77:82:88:6b:78:e6:
         46:f7:86:aa:cc:fa:45:2c:67:5b:3f:f4:50:a1:77:d5:31:57:
         a2:ca:8d:05:c6:cc:c8:73:28:d6:56:9d:41:ba:fd:01:0c:76:
         1f:40:82:56:95:7b:0f:3a:0f:b6:d0:da:d1:67:8c:c8:36:9d:
         35:21:ab:11:6e:f2:8a:b3:b4:27:0b:bf:79:fa:1d:91:b4:1c:
         5d:ac:fc:4a:0e:c2:24:8b:c8:c9:fa:b1:a6:55:9a:f3:47:ae:
         10:dc:cb:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJXXpaa/HBH6+ykLt8V3mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwN2NlYTZlMTAzYTIzMjVjNDhjMTY2N2E5OWM3YjE3ZWIz
Y2U3YjYwHhcNMjQwMTAxMjIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2E0ZjllOTU2MzdkYjFhM2UxODRiMzQzYTY3NjYwOWM2MzFhNGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+OBwPsHW0HPp19/jQ9KiUIdDzEv
ZCudzZoX6O0n6hcSfWZSQYRJJOiZHs3RIoJ1++BkA5u7I2IUyJnWvFsDUkKWdp1V
J9T1Y9MXHEmgoLgaODo1bIccYTiyV4mY9AdBvN0om05hABBDmhrEn8rH3UKIvPoK
nHL6yPseYjMK7TgzsyMnZ7wPThUgnM5HMkDi6be8Gl3eR9JJjYVyhwg+kIB0m+R5
mV5SrY4rOL9DDPghZPDXf84ikJh0H9bWJWfkGWvRKI8He+9X46wpPbSrUH+yQ1vz
RrVEr7WI77BafKR0BWVVMTa3wYs02n3bQqXYFE09Efsths2rfgG1wVwGrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPyk+elWN9saPhhLNDpnZgnGMaTtMB8GA1UdIwQY
MBaAFGB86m4QOiMlxIwWZ6mcexfrPOe2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUh6cWJoQTZJeVhFakJabnFaeDdGLXM4NTdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS9lNjE5ODUtZjg4MS00MDM1LWFiNWIt
YzlhOWJhYTQzZjk0LzEvX0tUNTZWWTMyeG8tR0VzME9tZG1DY1l4cE8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS9lNjE5ODUtZjg4MS00MDM1LWFiNWItYzlhOWJhYTQzZjk0
LzEvWUh6cWJoQTZJeVhFakJabnFaeDdGLXM4NTdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueiwMA0G
CSqGSIb3DQEBCwUAA4IBAQA2lD3bVzjEqCreURlR2AKjEriAode/9blrb9w+DOVn
NqM8F8oDLOML9c9CD8GB6LIAlhZBDBPX32iOrj7dGX7bxbNuD03n+/9hA2hzKQVe
SPTiaops6HDrqSFeAjk1tIHyB7Tnt4pKd5yw1huSf8fDK5+Ecagfb0aFLHosMHaP
8iXWlmHimn6CDcjNDJG/H3Y7yqRIL79v+hE6Fj93gohreOZG94aqzPpFLGdbP/RQ
oXfVMVeiyo0FxszIcyjWVp1Buv0BDHYfQIJWlXsPOg+20NrRZ4zINp01IasRbvKK
s7QnC795+h2RtBxdrPxKDsIki8jJ+rGmVZrzR64Q3MsU
-----END CERTIFICATE-----