Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/b416a5-ee4f-4cc7-b0c4-7475f70df9fa/1/5N3mMfZ7p9Hlz-2Wf4_fC62WzO8.roa
File:                     5N3mMfZ7p9Hlz-2Wf4_fC62WzO8.roa (raw, json)
Hash identifier:          wulJ4WyhP9C0sVmFJlUPDLYFVgxV3AJ/dkKG9LWwfUA=
Subject key identifier:   E4:DD:E6:31:F6:7B:A7:D1:E5:CF:ED:96:7F:8F:DF:0B:AD:96:CC:EF
Certificate issuer:       /CN=ff1f615b91839f51ed3a5b53753b27b02c76da95
Certificate serial:       018CC6B78D39FF037880CAADCC27D9757038
Authority key identifier: FF:1F:61:5B:91:83:9F:51:ED:3A:5B:53:75:3B:27:B0:2C:76:DA:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_x9hW5GDn1HtOltTdTsnsCx22pU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/b416a5-ee4f-4cc7-b0c4-7475f70df9fa/1/5N3mMfZ7p9Hlz-2Wf4_fC62WzO8.roa
Signing time:             Mon 01 Jan 2024 20:29:27 +0000
ROA not before:           Mon 01 Jan 2024 20:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56567
IP address blocks:        185.114.148.0/22 maxlen: 22
                          185.220.192.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/b416a5-ee4f-4cc7-b0c4-7475f70df9fa/1/_x9hW5GDn1HtOltTdTsnsCx22pU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/b416a5-ee4f-4cc7-b0c4-7475f70df9fa/1/_x9hW5GDn1HtOltTdTsnsCx22pU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_x9hW5GDn1HtOltTdTsnsCx22pU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:8d:39:ff:03:78:80:ca:ad:cc:27:d9:75:70:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff1f615b91839f51ed3a5b53753b27b02c76da95
        Validity
            Not Before: Jan  1 20:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4dde631f67ba7d1e5cfed967f8fdf0bad96ccef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:20:d2:26:dd:1d:c6:38:e3:a0:84:ed:5e:f4:
                    93:56:e4:73:e0:d4:90:37:80:e1:74:f0:6a:fe:09:
                    43:7b:fa:7b:96:15:cb:b7:8d:00:1c:f3:6f:92:5f:
                    1b:4c:71:eb:5f:31:08:8a:e8:e4:a0:8b:23:64:58:
                    81:2d:b2:48:74:57:9a:56:a8:0c:90:31:ba:ab:ab:
                    02:72:0a:db:53:6e:d6:3c:d8:74:e7:50:2d:8d:5f:
                    c4:e2:71:b7:2a:7d:a2:2c:5b:ea:a1:39:07:cc:15:
                    cb:51:fb:58:f4:c4:af:c9:7a:e1:61:3a:12:aa:b1:
                    29:e0:63:f7:51:0c:a2:97:ff:99:74:e1:b4:bb:b8:
                    01:25:1c:d0:ea:05:73:06:81:fa:f0:0b:85:fa:e7:
                    39:2c:e9:0d:c9:e3:b7:5f:51:8c:6c:5b:47:ae:88:
                    f7:84:2d:86:30:e5:09:98:b8:17:14:0f:47:a9:5f:
                    ae:ab:38:98:92:08:6c:b8:25:73:79:24:35:b3:46:
                    03:30:90:be:9e:28:ee:98:c7:92:1a:68:38:99:8f:
                    ed:e9:f0:f8:71:4b:76:5c:9b:d5:72:de:4d:85:60:
                    6b:e7:0a:3d:b4:dc:e6:19:3a:7d:d8:b0:84:ef:32:
                    8d:d7:dd:ed:f5:4e:fe:d2:f4:fc:11:0d:7f:c8:ba:
                    ec:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:DD:E6:31:F6:7B:A7:D1:E5:CF:ED:96:7F:8F:DF:0B:AD:96:CC:EF
            X509v3 Authority Key Identifier:
                keyid:FF:1F:61:5B:91:83:9F:51:ED:3A:5B:53:75:3B:27:B0:2C:76:DA:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_x9hW5GDn1HtOltTdTsnsCx22pU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/b416a5-ee4f-4cc7-b0c4-7475f70df9fa/1/5N3mMfZ7p9Hlz-2Wf4_fC62WzO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/b416a5-ee4f-4cc7-b0c4-7475f70df9fa/1/_x9hW5GDn1HtOltTdTsnsCx22pU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.148.0/22
                  185.220.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:3b:a6:80:a9:65:47:d9:3d:15:0b:26:38:a9:1f:69:7c:60:
         d5:2d:f1:6b:d6:5a:b9:05:dc:7f:e5:96:55:48:2b:fb:c8:90:
         39:ef:5e:8f:a1:17:e2:52:32:b4:00:61:04:29:3b:dd:37:03:
         d6:bf:26:5b:e8:f4:a6:c4:9d:74:0a:ff:3c:95:da:78:b9:78:
         32:f9:01:e9:ca:58:b8:10:6b:44:e8:c2:e0:0c:d3:e4:1e:9b:
         5f:32:0b:95:d2:c0:99:57:1b:38:93:6f:7a:03:27:6a:fc:20:
         34:46:9c:3a:af:46:49:5c:ee:d4:d2:ee:5b:94:05:10:d0:7d:
         d9:06:0d:21:d1:a4:90:cf:4e:f2:b1:03:01:32:cf:cf:c9:a2:
         97:0c:9d:b6:4b:96:76:ab:26:cd:23:f0:cb:e4:70:01:9b:7d:
         83:64:a2:87:36:7e:eb:7f:ae:04:05:24:d4:3e:c0:7f:a1:59:
         bf:0e:88:86:25:f5:96:f8:90:42:18:f4:81:84:e1:a0:43:15:
         49:95:f6:e1:4f:0e:26:1f:f6:7c:37:6e:73:17:0d:a4:fd:e2:
         46:63:c2:2f:fe:76:39:82:76:82:7d:ff:75:76:36:32:3f:4f:
         fd:ab:8e:45:b9:e4:64:69:fd:b1:bb:82:bb:46:ce:c2:db:e4:
         75:ce:e9:b8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGt405/wN4gMqtzCfZdXA4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMWY2MTViOTE4MzlmNTFlZDNhNWI1Mzc1M2IyN2IwMmM3
NmRhOTUwHhcNMjQwMTAxMjAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGRkZTYzMWY2N2JhN2QxZTVjZmVkOTY3ZjhmZGYwYmFkOTZjY2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCDSJt0dxjjjoITtXvSTVuRz4NSQ
N4DhdPBq/glDe/p7lhXLt40AHPNvkl8bTHHrXzEIiujkoIsjZFiBLbJIdFeaVqgM
kDG6q6sCcgrbU27WPNh051AtjV/E4nG3Kn2iLFvqoTkHzBXLUftY9MSvyXrhYToS
qrEp4GP3UQyil/+ZdOG0u7gBJRzQ6gVzBoH68AuF+uc5LOkNyeO3X1GMbFtHroj3
hC2GMOUJmLgXFA9HqV+uqziYkghsuCVzeSQ1s0YDMJC+nijumMeSGmg4mY/t6fD4
cUt2XJvVct5NhWBr5wo9tNzmGTp92LCE7zKN193t9U7+0vT8EQ1/yLrs3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOTd5jH2e6fR5c/tln+P3wutlszvMB8GA1UdIwQY
MBaAFP8fYVuRg59R7TpbU3U7J7AsdtqVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3g5aFc1R0RuMUh0T2x0VGRUc25zQ3gyMnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9iNDE2YTUtZWU0Zi00Y2M3LWIwYzQt
NzQ3NWY3MGRmOWZhLzEvNU4zbU1mWjdwOUhsei0yV2Y0X2ZDNjJXek84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9iNDE2YTUtZWU0Zi00Y2M3LWIwYzQtNzQ3NWY3MGRmOWZh
LzEvX3g5aFc1R0RuMUh0T2x0VGRUc25zQ3gyMnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuXKUAwQC
udzAMA0GCSqGSIb3DQEBCwUAA4IBAQBIO6aAqWVH2T0VCyY4qR9pfGDVLfFr1lq5
Bdx/5ZZVSCv7yJA5716PoRfiUjK0AGEEKTvdNwPWvyZb6PSmxJ10Cv88ldp4uXgy
+QHpyli4EGtE6MLgDNPkHptfMguV0sCZVxs4k296Aydq/CA0Rpw6r0ZJXO7U0u5b
lAUQ0H3ZBg0h0aSQz07ysQMBMs/PyaKXDJ22S5Z2qybNI/DL5HABm32DZKKHNn7r
f64EBSTUPsB/oVm/DoiGJfWW+JBCGPSBhOGgQxVJlfbhTw4mH/Z8N25zFw2k/eJG
Y8Iv/nY5gnaCff91djYyP0/9q45FueRkaf2xu4K7Rs7C2+R1zum4
-----END CERTIFICATE-----