Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/6758a0-3bb2-475e-a9b8-b909ed202b64/1/r5RExikwh9VTxHZbndQhO_XU-vQ.roa
File:                     r5RExikwh9VTxHZbndQhO_XU-vQ.roa (raw, json)
Hash identifier:          9NeQ0bAnfg+NNUQ9+vUOpq7EYWJaPxwQiPdu/Cupofw=
Subject key identifier:   AF:94:44:C6:29:30:87:D5:53:C4:76:5B:9D:D4:21:3B:F5:D4:FA:F4
Certificate issuer:       /CN=8b423e1d72b103070bed579c40597ed20b84c16e
Certificate serial:       01942521813BB857FEE0043D5CE16AE669FA
Authority key identifier: 8B:42:3E:1D:72:B1:03:07:0B:ED:57:9C:40:59:7E:D2:0B:84:C1:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i0I-HXKxAwcL7VecQFl-0guEwW4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/6758a0-3bb2-475e-a9b8-b909ed202b64/1/r5RExikwh9VTxHZbndQhO_XU-vQ.roa
Signing time:             Thu 02 Jan 2025 03:49:00 +0000
ROA not before:           Thu 02 Jan 2025 03:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214904
IP address blocks:        185.116.148.0/22 maxlen: 22
                          2a06:7f00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/6758a0-3bb2-475e-a9b8-b909ed202b64/1/i0I-HXKxAwcL7VecQFl-0guEwW4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/6758a0-3bb2-475e-a9b8-b909ed202b64/1/i0I-HXKxAwcL7VecQFl-0guEwW4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i0I-HXKxAwcL7VecQFl-0guEwW4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:81:3b:b8:57:fe:e0:04:3d:5c:e1:6a:e6:69:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b423e1d72b103070bed579c40597ed20b84c16e
        Validity
            Not Before: Jan  2 03:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af9444c6293087d553c4765b9dd4213bf5d4faf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:33:b2:a9:ab:2f:76:e5:01:c0:d0:1e:69:2d:
                    27:ab:44:62:fb:e1:28:94:7f:1c:02:08:14:57:3b:
                    09:a1:d7:76:9b:49:a8:a6:f7:65:c2:31:6b:27:ea:
                    1e:ab:3f:ca:71:2c:31:30:1e:f5:7d:87:0b:90:47:
                    42:5a:2c:ff:6e:49:4b:62:dd:7c:a8:78:7a:be:e0:
                    d2:0a:87:06:e4:d0:fc:a7:0c:ba:80:ac:a1:35:03:
                    c6:ef:9c:ed:b7:5f:a1:e3:bb:13:0b:b9:b4:ab:4c:
                    7d:c5:f4:aa:8a:eb:ec:ca:e7:0a:66:88:b7:21:5b:
                    15:2a:5e:82:d3:59:6c:ce:36:21:03:e6:28:c7:8b:
                    b6:22:43:c4:df:df:de:be:1a:b3:63:dd:e1:50:c8:
                    fe:a2:b0:19:46:4a:40:bc:09:3d:df:73:ba:ba:4d:
                    d0:16:80:e6:c8:41:19:39:d8:e7:10:40:cd:9c:f9:
                    91:ac:81:e7:32:f0:32:b6:29:ea:e1:06:3e:1c:73:
                    84:50:d6:fe:d2:67:67:61:39:82:52:c7:09:a0:0b:
                    ca:f8:5c:5c:7b:44:fd:8a:c9:ba:c8:10:7a:cb:db:
                    a1:3c:3f:82:ce:bb:02:2f:0a:dd:d1:e0:29:2d:fb:
                    65:2e:3e:75:04:0b:be:98:b1:f0:39:e6:ba:95:e8:
                    e2:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:94:44:C6:29:30:87:D5:53:C4:76:5B:9D:D4:21:3B:F5:D4:FA:F4
            X509v3 Authority Key Identifier:
                keyid:8B:42:3E:1D:72:B1:03:07:0B:ED:57:9C:40:59:7E:D2:0B:84:C1:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i0I-HXKxAwcL7VecQFl-0guEwW4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/6758a0-3bb2-475e-a9b8-b909ed202b64/1/r5RExikwh9VTxHZbndQhO_XU-vQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/6758a0-3bb2-475e-a9b8-b909ed202b64/1/i0I-HXKxAwcL7VecQFl-0guEwW4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.116.148.0/22
                IPv6:
                  2a06:7f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         50:51:12:84:52:14:17:e3:d2:bd:14:0f:81:8c:2b:b5:f9:8f:
         c7:51:2e:75:21:b5:20:5c:e1:4b:89:eb:45:8d:01:cb:82:2e:
         c3:8a:e3:d2:a8:31:6a:c8:94:57:ce:67:18:5e:18:57:34:f3:
         69:78:d3:95:66:f1:c9:44:95:9d:d7:56:f0:63:b4:4c:4d:b9:
         b0:3f:90:95:00:a8:de:6a:ec:90:5e:2f:7c:e7:f9:29:91:a0:
         bf:d8:ab:fb:50:5b:b2:f8:30:81:67:95:b2:f3:46:73:19:e7:
         21:d4:8f:8d:cb:cb:f8:fa:7c:d1:c1:f7:bd:12:40:81:4a:c2:
         dd:2b:de:02:1a:c9:32:1d:54:a5:e1:cc:a0:a0:82:b2:0a:88:
         df:14:a2:10:45:d4:b8:b7:dd:81:d5:41:7f:7e:d6:f9:a4:4a:
         8c:a3:cc:d0:ba:92:89:83:2e:60:3e:ee:49:51:32:14:e0:ce:
         62:fe:29:a3:5f:a2:ca:58:3a:a5:97:14:d4:b1:21:ed:31:79:
         ec:cf:15:2b:5c:b7:5b:4e:e2:6f:33:33:1f:ca:54:65:7e:ec:
         6a:2e:fb:13:a3:e3:f4:50:c3:7c:1e:d7:63:70:2e:97:d6:c9:
         b3:82:ce:3f:13:21:70:a6:9a:d0:69:97:3a:cc:00:d8:e6:36:
         8b:00:64:a8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIYE7uFf+4AQ9XOFq5mn6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNDIzZTFkNzJiMTAzMDcwYmVkNTc5YzQwNTk3ZWQyMGI4
NGMxNmUwHhcNMjUwMTAyMDM0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjk0NDRjNjI5MzA4N2Q1NTNjNDc2NWI5ZGQ0MjEzYmY1ZDRmYWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzOyqasvduUBwNAeaS0nq0Ri++Eo
lH8cAggUVzsJodd2m0mopvdlwjFrJ+oeqz/KcSwxMB71fYcLkEdCWiz/bklLYt18
qHh6vuDSCocG5ND8pwy6gKyhNQPG75ztt1+h47sTC7m0q0x9xfSqiuvsyucKZoi3
IVsVKl6C01lszjYhA+Yox4u2IkPE39/evhqzY93hUMj+orAZRkpAvAk933O6uk3Q
FoDmyEEZOdjnEEDNnPmRrIHnMvAytinq4QY+HHOEUNb+0mdnYTmCUscJoAvK+Fxc
e0T9ism6yBB6y9uhPD+CzrsCLwrd0eApLftlLj51BAu+mLHwOea6lejiwwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK+URMYpMIfVU8R2W53UITv11Pr0MB8GA1UdIwQY
MBaAFItCPh1ysQMHC+1XnEBZftILhMFuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTBJLUhYS3hBd2NMN1ZlY1FGbC0wZ3VFd1c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC82NzU4YTAtM2JiMi00NzVlLWE5Yjgt
YjkwOWVkMjAyYjY0LzEvcjVSRXhpa3doOVZUeEhaYm5kUWhPX1hVLXZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC82NzU4YTAtM2JiMi00NzVlLWE5YjgtYjkwOWVkMjAyYjY0
LzEvaTBJLUhYS3hBd2NMN1ZlY1FGbC0wZ3VFd1c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXSUMA0E
AgACMAcDBQMqBn8AMA0GCSqGSIb3DQEBCwUAA4IBAQBQURKEUhQX49K9FA+BjCu1
+Y/HUS51IbUgXOFLietFjQHLgi7DiuPSqDFqyJRXzmcYXhhXNPNpeNOVZvHJRJWd
11bwY7RMTbmwP5CVAKjeauyQXi985/kpkaC/2Kv7UFuy+DCBZ5Wy80ZzGech1I+N
y8v4+nzRwfe9EkCBSsLdK94CGskyHVSl4cygoIKyCojfFKIQRdS4t92B1UF/ftb5
pEqMo8zQupKJgy5gPu5JUTIU4M5i/imjX6LKWDqllxTUsSHtMXnszxUrXLdbTuJv
MzMfylRlfuxqLvsTo+P0UMN8HtdjcC6X1smzgs4/EyFwpprQaZc6zADY5jaLAGSo
-----END CERTIFICATE-----