Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/00e8e1-c235-49a9-9f92-63831ae951ef/1/5rfZkN3aBuwnLnl7XuDTDvgxh_o.roa
File:                     5rfZkN3aBuwnLnl7XuDTDvgxh_o.roa (raw, json)
Hash identifier:          6aQ8mC7wKAZmS5ZBtAPgbamFxVt4YiEgOkDviNq1/uU=
Subject key identifier:   E6:B7:D9:90:DD:DA:06:EC:27:2E:79:7B:5E:E0:D3:0E:F8:31:87:FA
Certificate issuer:       /CN=1f5cf6d120e28138b0aa2fc83cba9b0e96796c36
Certificate serial:       018CCA2BA5FFD819B1100B1909D5CC26EDFA
Authority key identifier: 1F:5C:F6:D1:20:E2:81:38:B0:AA:2F:C8:3C:BA:9B:0E:96:79:6C:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H1z20SDigTiwqi_IPLqbDpZ5bDY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/00e8e1-c235-49a9-9f92-63831ae951ef/1/5rfZkN3aBuwnLnl7XuDTDvgxh_o.roa
Signing time:             Tue 02 Jan 2024 12:35:07 +0000
ROA not before:           Tue 02 Jan 2024 12:35:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202506
IP address blocks:        185.247.160.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/00e8e1-c235-49a9-9f92-63831ae951ef/1/H1z20SDigTiwqi_IPLqbDpZ5bDY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/00e8e1-c235-49a9-9f92-63831ae951ef/1/H1z20SDigTiwqi_IPLqbDpZ5bDY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H1z20SDigTiwqi_IPLqbDpZ5bDY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:a5:ff:d8:19:b1:10:0b:19:09:d5:cc:26:ed:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f5cf6d120e28138b0aa2fc83cba9b0e96796c36
        Validity
            Not Before: Jan  2 12:35:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6b7d990ddda06ec272e797b5ee0d30ef83187fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:38:5c:6f:73:bb:46:6e:f3:22:e0:b3:15:8a:
                    bd:a5:85:45:94:b3:2d:22:71:32:f2:d2:72:36:98:
                    93:5d:16:4a:95:22:f0:c3:63:d1:cd:ee:7a:c3:de:
                    d0:11:0a:d3:28:89:8a:04:fb:49:05:21:65:ef:68:
                    89:64:8e:ce:d3:62:c1:5b:22:81:ae:d4:90:51:1e:
                    8f:1e:4f:e2:2c:85:ad:bc:95:88:7e:17:27:1e:26:
                    50:6d:61:19:62:ad:20:b0:af:e7:fa:9d:7d:5d:72:
                    e0:e6:8d:66:a9:69:a7:e2:be:06:fb:59:25:ae:13:
                    1c:ee:c2:38:9e:ca:8e:cd:88:6b:f2:56:6a:72:ab:
                    74:17:14:da:f8:85:d8:fe:6c:d1:51:eb:31:f1:da:
                    62:9c:5f:45:9c:87:66:ab:e7:9d:fd:cd:d5:84:7c:
                    dd:78:05:26:eb:95:ad:14:96:44:f7:83:9b:5f:88:
                    30:71:b8:91:b2:e9:4c:30:73:49:7f:49:e1:b4:02:
                    1a:0e:13:9f:c1:75:02:7e:a5:7e:01:a3:75:2b:44:
                    e0:d8:03:29:63:98:6e:f8:a5:54:9d:75:64:66:71:
                    9f:7e:73:7d:c7:b6:d1:08:c3:27:07:a0:38:db:cc:
                    63:78:28:04:aa:46:32:f4:61:b1:04:5c:b5:99:a8:
                    b4:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:B7:D9:90:DD:DA:06:EC:27:2E:79:7B:5E:E0:D3:0E:F8:31:87:FA
            X509v3 Authority Key Identifier:
                keyid:1F:5C:F6:D1:20:E2:81:38:B0:AA:2F:C8:3C:BA:9B:0E:96:79:6C:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H1z20SDigTiwqi_IPLqbDpZ5bDY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/00e8e1-c235-49a9-9f92-63831ae951ef/1/5rfZkN3aBuwnLnl7XuDTDvgxh_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/00e8e1-c235-49a9-9f92-63831ae951ef/1/H1z20SDigTiwqi_IPLqbDpZ5bDY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.247.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:c6:ae:24:f1:98:9a:6a:bf:f8:79:29:eb:78:54:70:89:51:
         84:8d:91:7c:31:bc:ec:2c:51:be:ac:a6:69:3d:d8:41:c9:17:
         cf:9e:f1:21:06:20:52:26:96:bf:5f:11:4a:4a:32:9e:1a:5f:
         67:14:eb:8e:21:4a:3e:d9:75:20:a1:b6:1b:bc:9a:c8:c9:2c:
         56:b8:e9:74:43:e5:22:75:23:36:39:26:b6:22:32:27:85:1e:
         2d:88:71:8e:4e:b6:84:b0:e3:3b:b3:58:b5:2c:d4:fa:fd:9e:
         dd:11:a7:dc:2d:76:46:a9:d2:7a:3b:cb:38:d4:f7:8f:26:ad:
         48:ec:81:60:8f:2c:70:9b:34:e6:fb:80:ec:08:9e:16:ed:0a:
         16:1b:09:e2:e1:92:5c:81:8f:9f:2b:ef:69:7c:03:83:39:cb:
         42:0b:f3:3d:72:42:2e:4b:88:65:16:fe:6b:72:b1:a9:c3:f2:
         c4:0e:b1:96:5a:ec:99:25:75:88:0c:07:e0:9a:d9:91:a6:87:
         7d:38:89:8e:eb:25:8d:fb:63:88:09:20:18:c0:62:2d:ed:df:
         2d:e7:ed:c0:44:40:cd:76:c5:35:fb:d9:b9:12:2c:f4:53:2b:
         ea:68:cd:9a:17:ce:3b:7b:43:5a:5a:f0:56:d4:f7:e1:d3:fa:
         b8:0c:ff:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK6X/2BmxEAsZCdXMJu36MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNWNmNmQxMjBlMjgxMzhiMGFhMmZjODNjYmE5YjBlOTY3
OTZjMzYwHhcNMjQwMTAyMTIzNTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmI3ZDk5MGRkZGEwNmVjMjcyZTc5N2I1ZWUwZDMwZWY4MzE4N2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjhcb3O7Rm7zIuCzFYq9pYVFlLMt
InEy8tJyNpiTXRZKlSLww2PRze56w97QEQrTKImKBPtJBSFl72iJZI7O02LBWyKB
rtSQUR6PHk/iLIWtvJWIfhcnHiZQbWEZYq0gsK/n+p19XXLg5o1mqWmn4r4G+1kl
rhMc7sI4nsqOzYhr8lZqcqt0FxTa+IXY/mzRUesx8dpinF9FnIdmq+ed/c3VhHzd
eAUm65WtFJZE94ObX4gwcbiRsulMMHNJf0nhtAIaDhOfwXUCfqV+AaN1K0Tg2AMp
Y5hu+KVUnXVkZnGffnN9x7bRCMMnB6A428xjeCgEqkYy9GGxBFy1mai0wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOa32ZDd2gbsJy55e17g0w74MYf6MB8GA1UdIwQY
MBaAFB9c9tEg4oE4sKovyDy6mw6WeWw2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDF6MjBTRGlnVGl3cWlfSVBMcWJEcFo1YkRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8wMGU4ZTEtYzIzNS00OWE5LTlmOTIt
NjM4MzFhZTk1MWVmLzEvNXJmWmtOM2FCdXduTG5sN1h1RFREdmd4aF9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8wMGU4ZTEtYzIzNS00OWE5LTlmOTItNjM4MzFhZTk1MWVm
LzEvSDF6MjBTRGlnVGl3cWlfSVBMcWJEcFo1YkRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufegMA0G
CSqGSIb3DQEBCwUAA4IBAQANxq4k8Ziaar/4eSnreFRwiVGEjZF8MbzsLFG+rKZp
PdhByRfPnvEhBiBSJpa/XxFKSjKeGl9nFOuOIUo+2XUgobYbvJrIySxWuOl0Q+Ui
dSM2OSa2IjInhR4tiHGOTraEsOM7s1i1LNT6/Z7dEafcLXZGqdJ6O8s41PePJq1I
7IFgjyxwmzTm+4DsCJ4W7QoWGwni4ZJcgY+fK+9pfAODOctCC/M9ckIuS4hlFv5r
crGpw/LEDrGWWuyZJXWIDAfgmtmRpod9OImO6yWN+2OICSAYwGIt7d8t5+3AREDN
dsU1+9m5Eiz0UyvqaM2aF847e0NaWvBW1Pfh0/q4DP+U
-----END CERTIFICATE-----