Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/wd7rWD8zD76euZ_kg78oGyLdlvI.roa
File:                     wd7rWD8zD76euZ_kg78oGyLdlvI.roa (raw, json)
Hash identifier:          a+KdM2KHv23/nsO4SJIcCiSLmDdo4GCQHcMFjfHo1zE=
Subject key identifier:   C1:DE:EB:58:3F:33:0F:BE:9E:B9:9F:E4:83:BF:28:1B:22:DD:96:F2
Certificate issuer:       /CN=fb987244611b5230536744b6a89f044f32f462ea
Certificate serial:       018CC7942627DC02F4D8612D5E5A847030C7
Authority key identifier: FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/wd7rWD8zD76euZ_kg78oGyLdlvI.roa
Signing time:             Tue 02 Jan 2024 00:30:24 +0000
ROA not before:           Tue 02 Jan 2024 00:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201096
IP address blocks:        85.206.144.0/23 maxlen: 24
                          85.206.146.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:26:27:dc:02:f4:d8:61:2d:5e:5a:84:70:30:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb987244611b5230536744b6a89f044f32f462ea
        Validity
            Not Before: Jan  2 00:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1deeb583f330fbe9eb99fe483bf281b22dd96f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:cf:cc:60:87:60:b8:bb:b1:88:f4:bf:ff:a2:
                    99:40:0d:80:79:22:67:e3:cc:29:89:02:f4:fe:4a:
                    0a:bb:b1:25:59:c5:ea:41:86:9c:d1:7b:9b:93:d0:
                    35:f0:90:96:4d:7b:57:f7:4c:d8:78:61:f5:62:8b:
                    eb:19:8b:e0:a5:f6:63:a5:44:dc:d1:27:79:28:76:
                    79:03:e1:7f:cf:9a:b1:ff:80:dc:9b:9d:27:51:e5:
                    7a:7f:17:ed:3a:90:38:10:8d:4f:fe:5e:0e:d1:5a:
                    a7:31:21:41:fe:33:ab:f2:3a:a9:63:a2:32:37:b5:
                    c8:e3:a9:b1:5d:b0:c5:54:2c:e3:2c:bd:d1:7f:84:
                    98:6e:8f:7f:2a:b6:78:ec:dc:ad:f2:57:6f:75:f2:
                    8a:5e:79:c8:93:d8:5d:8c:0a:66:2b:d1:42:28:99:
                    8a:8e:bb:c4:97:11:c9:27:66:88:4a:f5:13:1f:b7:
                    ba:bd:fc:a9:c1:8f:12:70:b1:00:77:21:a5:6d:38:
                    f7:a4:a7:34:97:38:4f:87:96:1f:84:4b:94:51:7f:
                    7f:f3:c9:46:f3:14:68:09:6b:5c:12:81:d7:da:f2:
                    49:b5:48:d4:e9:06:94:a3:2f:b3:48:a1:b7:62:f7:
                    d2:eb:af:1f:ff:82:f0:14:cb:0e:aa:81:7b:13:b1:
                    08:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:DE:EB:58:3F:33:0F:BE:9E:B9:9F:E4:83:BF:28:1B:22:DD:96:F2
            X509v3 Authority Key Identifier:
                keyid:FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/wd7rWD8zD76euZ_kg78oGyLdlvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.206.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:a1:b0:22:89:f8:eb:5a:9c:99:05:52:d7:93:b2:a5:e5:41:
         6d:3f:2f:f0:cd:07:bd:a3:40:5e:ca:10:2e:2a:38:52:94:e7:
         8f:c3:55:ef:b2:fc:54:e9:d1:cb:54:2f:e2:23:b4:76:c2:df:
         ff:a3:06:a3:bd:b0:f1:66:75:95:e5:bf:10:6e:8d:5e:d4:fc:
         1d:dd:e0:b2:6f:ec:66:fd:70:7e:4a:b6:f7:10:1b:1b:e8:50:
         1c:b1:44:dd:e1:cc:d7:0e:19:9c:5c:ee:3f:52:bd:9b:1c:4e:
         c8:1d:ac:be:6b:8c:9c:29:f6:23:e3:a3:92:c1:33:4e:75:d2:
         6f:e1:7c:51:f8:d8:4c:2e:f2:9c:6e:5e:6c:31:50:d1:57:6a:
         ae:2b:e0:ea:47:8b:d6:66:2c:d4:ee:9f:a7:86:64:66:20:15:
         80:4c:ec:c3:eb:d0:3e:20:1a:35:37:e0:b3:e7:07:2c:37:40:
         a6:28:04:90:5e:d3:9d:84:63:33:26:c0:5d:c0:35:83:5c:b3:
         1a:ff:ba:df:88:c3:ed:57:3a:4c:7f:c3:a4:9c:3b:f0:86:d2:
         4f:36:0a:7b:f0:94:0f:38:94:87:cb:ac:fc:19:6d:55:7e:55:
         9b:36:06:e2:8f:b3:24:66:30:83:00:ed:10:ad:aa:c5:a5:87:
         bc:45:7e:21
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlCYn3AL02GEtXlqEcDDHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiOTg3MjQ0NjExYjUyMzA1MzY3NDRiNmE4OWYwNDRmMzJm
NDYyZWEwHhcNMjQwMTAyMDAzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWRlZWI1ODNmMzMwZmJlOWViOTlmZTQ4M2JmMjgxYjIyZGQ5NmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoM/MYIdguLuxiPS//6KZQA2AeSJn
48wpiQL0/koKu7ElWcXqQYac0Xubk9A18JCWTXtX90zYeGH1YovrGYvgpfZjpUTc
0Sd5KHZ5A+F/z5qx/4Dcm50nUeV6fxftOpA4EI1P/l4O0VqnMSFB/jOr8jqpY6Iy
N7XI46mxXbDFVCzjLL3Rf4SYbo9/KrZ47Nyt8ldvdfKKXnnIk9hdjApmK9FCKJmK
jrvElxHJJ2aISvUTH7e6vfypwY8ScLEAdyGlbTj3pKc0lzhPh5YfhEuUUX9/88lG
8xRoCWtcEoHX2vJJtUjU6QaUoy+zSKG3YvfS668f/4LwFMsOqoF7E7EIqQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMHe61g/Mw++nrmf5IO/KBsi3ZbyMB8GA1UdIwQY
MBaAFPuYckRhG1IwU2dEtqifBE8y9GLqMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS01aHlSR0ViVWpCVFowUzJxSjhFVHpMMFl1by5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAw
LWJlNTgzMmQ1ZjdhYS8xL3dkN3JXRDh6RDc2ZXVaX2tnNzhvR3lMZGx2SS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAwLWJlNTgzMmQ1Zjdh
YS8xLzEtNWh5UkdFYlVqQlRaMFMycUo4RVR6TDBZdW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJVzpAw
DQYJKoZIhvcNAQELBQADggEBAB2hsCKJ+OtanJkFUteTsqXlQW0/L/DNB72jQF7K
EC4qOFKU54/DVe+y/FTp0ctUL+IjtHbC3/+jBqO9sPFmdZXlvxBujV7U/B3d4LJv
7Gb9cH5KtvcQGxvoUByxRN3hzNcOGZxc7j9SvZscTsgdrL5rjJwp9iPjo5LBM051
0m/hfFH42Ewu8pxuXmwxUNFXaq4r4OpHi9ZmLNTun6eGZGYgFYBM7MPr0D4gGjU3
4LPnByw3QKYoBJBe052EYzMmwF3ANYNcsxr/ut+Iw+1XOkx/w6ScO/CG0k82Cnvw
lA84lIfLrPwZbVV+VZs2BuKPsyRmMIMA7RCtqsWlh7xFfiE=
-----END CERTIFICATE-----