Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/1-mBckpLEw9UGTfJd1V4E5TNfyV8.roa
File:                     1-mBckpLEw9UGTfJd1V4E5TNfyV8.roa (raw, json)
Hash identifier:          M/XKBZLQ+3xBfpkOhilnQwbN0qvFhcpTK4PjZ6r6TmI=
Subject key identifier:   FA:60:5C:92:92:C4:C3:D5:06:4D:F2:5D:D5:5E:04:E5:33:5F:C9:5F
Certificate issuer:       /CN=eba8db3b54d081c30bf51bdc7b19e4f6480b7f53
Certificate serial:       019420D5D414BE1591165F7551588068ADAE
Authority key identifier: EB:A8:DB:3B:54:D0:81:C3:0B:F5:1B:DC:7B:19:E4:F6:48:0B:7F:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/66jbO1TQgcML9Rvcexnk9kgLf1M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/1-mBckpLEw9UGTfJd1V4E5TNfyV8.roa
Signing time:             Wed 01 Jan 2025 07:47:51 +0000
ROA not before:           Wed 01 Jan 2025 07:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5650
IP address blocks:        185.192.36.0/22 maxlen: 22
                          185.192.36.0/23 maxlen: 23
                          185.192.38.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/66jbO1TQgcML9Rvcexnk9kgLf1M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/66jbO1TQgcML9Rvcexnk9kgLf1M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/66jbO1TQgcML9Rvcexnk9kgLf1M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:d4:14:be:15:91:16:5f:75:51:58:80:68:ad:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eba8db3b54d081c30bf51bdc7b19e4f6480b7f53
        Validity
            Not Before: Jan  1 07:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa605c9292c4c3d5064df25dd55e04e5335fc95f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:04:df:14:fc:66:24:34:c9:8e:72:84:39:ab:
                    e6:7f:d8:68:50:fb:3a:7c:c9:bf:fd:ee:4d:d9:e7:
                    f1:69:92:fe:5b:e8:fb:d7:9e:73:9e:18:c3:5f:e2:
                    81:e1:6e:b7:fd:26:d0:c5:25:4a:b4:37:76:58:c9:
                    fa:28:14:c5:86:18:30:81:a2:56:15:74:51:ca:55:
                    91:9c:28:be:1c:8b:c3:2e:fa:c5:f3:0a:bb:02:de:
                    65:bb:41:d7:7b:04:c5:c2:df:90:a7:98:00:88:63:
                    7e:08:00:7d:93:61:e4:6c:16:17:8c:7e:c6:fb:92:
                    a3:49:eb:4f:6d:df:3f:5c:fb:05:b5:b5:6a:66:e0:
                    da:db:39:1b:a1:fe:55:1a:a7:f1:10:ee:1a:54:b8:
                    a7:27:78:25:69:49:69:61:e0:6b:3c:4f:d7:f5:f5:
                    ce:a3:52:b0:18:64:d2:e7:82:e5:a4:c0:0a:97:5e:
                    f6:61:c6:da:f0:63:67:6a:fa:87:87:6d:de:c9:ae:
                    52:84:66:dc:ce:3b:78:f1:c7:91:a0:2b:1c:f2:fb:
                    ff:48:f3:4f:26:fe:74:ca:6c:c3:d5:d8:5e:f0:e5:
                    84:4d:1f:93:2f:a0:a2:2c:23:67:a3:1b:48:e3:94:
                    85:46:a2:e2:1e:7c:59:62:28:80:13:cc:fc:8d:df:
                    df:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:60:5C:92:92:C4:C3:D5:06:4D:F2:5D:D5:5E:04:E5:33:5F:C9:5F
            X509v3 Authority Key Identifier:
                keyid:EB:A8:DB:3B:54:D0:81:C3:0B:F5:1B:DC:7B:19:E4:F6:48:0B:7F:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/66jbO1TQgcML9Rvcexnk9kgLf1M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/1-mBckpLEw9UGTfJd1V4E5TNfyV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/66jbO1TQgcML9Rvcexnk9kgLf1M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:a2:a2:7e:db:ab:88:65:ec:b1:51:cc:db:fa:d1:3c:11:70:
         b6:d5:f1:22:31:e7:fc:99:dd:e3:83:d3:4c:65:88:a3:1a:e9:
         9f:c9:08:ae:3e:47:45:4f:32:8e:b0:64:c3:2a:06:b3:84:33:
         d5:ab:c8:cf:c9:71:e3:25:25:47:b5:f3:b2:d8:4d:b2:84:88:
         fb:d2:8a:4f:2c:06:0f:2f:a0:dd:89:8e:5f:c6:66:0f:f0:59:
         4f:2f:74:75:86:77:22:a8:a2:a9:15:51:1f:04:5d:0e:de:6e:
         a7:aa:aa:bd:29:4f:44:5c:8c:e9:97:02:96:a1:dd:e5:30:0b:
         1d:db:32:6f:ab:79:a4:c9:73:16:97:2c:e0:8e:8c:8c:fd:e7:
         26:8d:b3:dd:b6:23:d7:27:05:4c:70:4a:45:2c:c1:3b:e5:15:
         4a:b2:55:a8:ca:4a:aa:5e:39:11:7a:57:02:7a:4f:a7:71:16:
         4a:ba:89:39:2a:08:b1:cd:df:45:81:2b:d1:ce:18:f4:90:20:
         0b:64:4a:8d:58:db:03:c9:35:81:e3:e9:ea:f1:d5:60:4f:1c:
         d6:ce:d3:b6:02:72:c9:11:76:c5:88:5c:e3:21:f1:f7:7d:87:
         5c:28:8c:08:d3:60:4f:14:28:e4:58:a3:10:c5:9c:3b:2d:6d:
         d8:1e:bf:1f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQg1dQUvhWRFl91UViAaK2uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYThkYjNiNTRkMDgxYzMwYmY1MWJkYzdiMTllNGY2NDgw
YjdmNTMwHhcNMjUwMTAxMDc0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTYwNWM5MjkyYzRjM2Q1MDY0ZGYyNWRkNTVlMDRlNTMzNWZjOTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ATfFPxmJDTJjnKEOavmf9hoUPs6
fMm//e5N2efxaZL+W+j7155znhjDX+KB4W63/SbQxSVKtDd2WMn6KBTFhhgwgaJW
FXRRylWRnCi+HIvDLvrF8wq7At5lu0HXewTFwt+Qp5gAiGN+CAB9k2HkbBYXjH7G
+5KjSetPbd8/XPsFtbVqZuDa2zkbof5VGqfxEO4aVLinJ3glaUlpYeBrPE/X9fXO
o1KwGGTS54LlpMAKl172Ycba8GNnavqHh23eya5ShGbczjt48ceRoCsc8vv/SPNP
Jv50ymzD1dhe8OWETR+TL6CiLCNnoxtI45SFRqLiHnxZYiiAE8z8jd/fqwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPpgXJKSxMPVBk3yXdVeBOUzX8lfMB8GA1UdIwQY
MBaAFOuo2ztU0IHDC/Ub3HsZ5PZIC39TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjZqYk8xVFFnY01MOVJ2Y2V4bms5a2dMZjFNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi82Y2NmMDMtMDkwZC00MTZlLTg2Y2Yt
ZTlkYzNmMWNmODI0LzEvMS1tQmNrcExFdzlVR1RmSmQxVjRFNVROZnlWOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDIvNmNjZjAzLTA5MGQtNDE2ZS04NmNmLWU5ZGMzZjFjZjgy
NC8xLzY2amJPMVRRZ2NNTDlSdmNleG5rOWtnTGYxTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArnAJDAN
BgkqhkiG9w0BAQsFAAOCAQEAHqKifturiGXssVHM2/rRPBFwttXxIjHn/Jnd44PT
TGWIoxrpn8kIrj5HRU8yjrBkwyoGs4Qz1avIz8lx4yUlR7XzsthNsoSI+9KKTywG
Dy+g3YmOX8ZmD/BZTy90dYZ3IqiiqRVRHwRdDt5up6qqvSlPRFyM6ZcClqHd5TAL
Hdsyb6t5pMlzFpcs4I6MjP3nJo2z3bYj1ycFTHBKRSzBO+UVSrJVqMpKql45EXpX
AnpPp3EWSrqJOSoIsc3fRYEr0c4Y9JAgC2RKjVjbA8k1gePp6vHVYE8c1s7TtgJy
yRF2xYhc4yHx932HXCiMCNNgTxQo5FijEMWcOy1t2B6/Hw==
-----END CERTIFICATE-----