Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/3cc135-f166-42eb-8203-f49120bed51c/1/Xz0wI_pCJDd8UUw9CH5KX_N2MDg.roa
File:                     Xz0wI_pCJDd8UUw9CH5KX_N2MDg.roa (raw, json)
Hash identifier:          /P4xOvM5B/PHo+LRVBhU15slC6fDxyjhv0TWk60KuMk=
Subject key identifier:   5F:3D:30:23:FA:42:24:37:7C:51:4C:3D:08:7E:4A:5F:F3:76:30:38
Certificate issuer:       /CN=345ae646ea34ad2688aca2fdd1a6f3340356495e
Certificate serial:       018CC56E1796EE857E132848A92C51F5C97D
Authority key identifier: 34:5A:E6:46:EA:34:AD:26:88:AC:A2:FD:D1:A6:F3:34:03:56:49:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NFrmRuo0rSaIrKL90abzNANWSV4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/3cc135-f166-42eb-8203-f49120bed51c/1/Xz0wI_pCJDd8UUw9CH5KX_N2MDg.roa
Signing time:             Mon 01 Jan 2024 14:29:35 +0000
ROA not before:           Mon 01 Jan 2024 14:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.120.172.0/24 maxlen: 24
                          185.120.173.0/24 maxlen: 24
                          185.120.174.0/24 maxlen: 24
                          185.120.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/3cc135-f166-42eb-8203-f49120bed51c/1/NFrmRuo0rSaIrKL90abzNANWSV4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/3cc135-f166-42eb-8203-f49120bed51c/1/NFrmRuo0rSaIrKL90abzNANWSV4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NFrmRuo0rSaIrKL90abzNANWSV4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:17:96:ee:85:7e:13:28:48:a9:2c:51:f5:c9:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=345ae646ea34ad2688aca2fdd1a6f3340356495e
        Validity
            Not Before: Jan  1 14:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f3d3023fa4224377c514c3d087e4a5ff3763038
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:18:8a:6c:5a:16:30:0a:a9:69:de:a6:97:a6:
                    81:91:cf:9d:d1:04:9d:0b:a8:87:37:f3:b5:bb:46:
                    ed:76:60:cc:2d:b0:ee:99:c6:3c:40:3d:4c:6a:c7:
                    95:2d:be:6b:1f:91:d7:28:c3:09:77:1f:3b:5c:4a:
                    7d:40:4f:cd:70:68:62:c0:c9:cc:c0:e2:ff:7a:fa:
                    0e:2f:a0:8f:bc:51:d3:7d:0d:67:0b:e0:97:0e:7e:
                    62:c8:c2:12:17:0e:af:03:9a:c4:d1:b0:23:47:25:
                    9f:6e:07:55:10:b4:85:8f:16:31:79:3c:97:74:1f:
                    4e:b1:0b:69:ec:6f:9a:2e:3b:ac:1f:93:88:99:66:
                    d9:03:c3:23:09:77:df:24:c7:0d:02:b9:25:5d:1a:
                    ea:02:64:4f:d1:3f:48:0b:c9:e5:87:b4:a5:2f:a0:
                    95:7a:e8:e6:5f:f3:a0:df:3d:93:db:97:0b:2b:67:
                    c5:b3:63:6d:ba:92:db:e3:39:7e:2a:d7:75:b2:5b:
                    7b:dc:cd:64:de:ba:f4:93:4b:89:2d:4f:a3:13:b8:
                    2c:a8:62:89:67:ee:98:85:eb:20:67:b8:c2:81:e8:
                    df:88:b0:62:38:e6:a3:54:36:fe:f6:ba:5c:ef:30:
                    3e:24:cf:6a:e5:73:83:e6:f8:b3:98:49:9c:57:e2:
                    fc:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:3D:30:23:FA:42:24:37:7C:51:4C:3D:08:7E:4A:5F:F3:76:30:38
            X509v3 Authority Key Identifier:
                keyid:34:5A:E6:46:EA:34:AD:26:88:AC:A2:FD:D1:A6:F3:34:03:56:49:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NFrmRuo0rSaIrKL90abzNANWSV4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/3cc135-f166-42eb-8203-f49120bed51c/1/Xz0wI_pCJDd8UUw9CH5KX_N2MDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/3cc135-f166-42eb-8203-f49120bed51c/1/NFrmRuo0rSaIrKL90abzNANWSV4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:91:41:37:1c:80:9d:ac:b1:5b:67:9f:54:2f:c6:75:78:e5:
         df:84:11:38:1d:9d:e5:04:71:74:81:58:cb:a2:07:08:4e:b1:
         a6:c9:f3:cc:3a:d8:41:ec:13:f3:de:a3:e2:33:5a:0d:b5:5f:
         eb:cb:1f:b0:bc:73:73:3c:0e:20:f5:dd:16:18:42:c6:ae:1f:
         9d:6b:38:e5:32:16:c6:b2:8c:f5:e8:f1:c5:f1:40:4a:f1:47:
         9f:e3:96:dd:5d:e5:1a:25:2e:c4:bf:8c:51:c8:55:8b:35:d8:
         41:71:0f:d1:db:dd:14:c5:90:f8:92:6c:56:34:c9:aa:0d:87:
         1e:ca:ed:16:b1:b2:f8:5b:d3:6e:f8:a2:72:b8:09:06:e2:74:
         ea:31:a8:f7:1d:ae:50:24:5a:bc:89:22:de:61:b8:a0:2b:ed:
         84:bb:f4:d8:f2:57:13:97:9b:c1:4c:3b:a4:d2:70:23:7a:eb:
         72:80:4e:6b:eb:fa:49:8a:c9:ce:df:4c:ff:bb:6f:64:f9:b3:
         8d:df:c0:1f:68:ed:fa:87:e7:74:a4:8e:e8:a8:c5:f2:1e:0a:
         d6:00:68:01:7d:1e:ea:5a:84:fe:cb:cb:c8:b3:61:93:b1:f0:
         49:7c:9c:96:3f:4f:e6:6e:34:1d:82:70:27:63:23:ef:38:08:
         41:8f:df:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbheW7oV+EyhIqSxR9cl9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NWFlNjQ2ZWEzNGFkMjY4OGFjYTJmZGQxYTZmMzM0MDM1
NjQ5NWUwHhcNMjQwMTAxMTQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjNkMzAyM2ZhNDIyNDM3N2M1MTRjM2QwODdlNGE1ZmYzNzYzMDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBiKbFoWMAqpad6ml6aBkc+d0QSd
C6iHN/O1u0btdmDMLbDumcY8QD1MaseVLb5rH5HXKMMJdx87XEp9QE/NcGhiwMnM
wOL/evoOL6CPvFHTfQ1nC+CXDn5iyMISFw6vA5rE0bAjRyWfbgdVELSFjxYxeTyX
dB9OsQtp7G+aLjusH5OImWbZA8MjCXffJMcNArklXRrqAmRP0T9IC8nlh7SlL6CV
eujmX/Og3z2T25cLK2fFs2NtupLb4zl+Ktd1slt73M1k3rr0k0uJLU+jE7gsqGKJ
Z+6YhesgZ7jCgejfiLBiOOajVDb+9rpc7zA+JM9q5XOD5vizmEmcV+L8lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF89MCP6QiQ3fFFMPQh+Sl/zdjA4MB8GA1UdIwQY
MBaAFDRa5kbqNK0miKyi/dGm8zQDVkleMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkZybVJ1bzByU2FJcktMOTBhYnpOQU5XU1Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8zY2MxMzUtZjE2Ni00MmViLTgyMDMt
ZjQ5MTIwYmVkNTFjLzEvWHowd0lfcENKRGQ4VVV3OUNINUtYX04yTURnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8zY2MxMzUtZjE2Ni00MmViLTgyMDMtZjQ5MTIwYmVkNTFj
LzEvTkZybVJ1bzByU2FJcktMOTBhYnpOQU5XU1Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXisMA0G
CSqGSIb3DQEBCwUAA4IBAQAukUE3HICdrLFbZ59UL8Z1eOXfhBE4HZ3lBHF0gVjL
ogcITrGmyfPMOthB7BPz3qPiM1oNtV/ryx+wvHNzPA4g9d0WGELGrh+dazjlMhbG
soz16PHF8UBK8Uef45bdXeUaJS7Ev4xRyFWLNdhBcQ/R290UxZD4kmxWNMmqDYce
yu0WsbL4W9Nu+KJyuAkG4nTqMaj3Ha5QJFq8iSLeYbigK+2Eu/TY8lcTl5vBTDuk
0nAjeutygE5r6/pJisnO30z/u29k+bON38AfaO36h+d0pI7oqMXyHgrWAGgBfR7q
WoT+y8vIs2GTsfBJfJyWP0/mbjQdgnAnYyPvOAhBj9/M
-----END CERTIFICATE-----