Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/IQUY6hZIRlDD87bVe3Fdnfwe3cQ.roa
File:                     IQUY6hZIRlDD87bVe3Fdnfwe3cQ.roa (raw, json)
Hash identifier:          yLkAZNO68WsfjR6Rq6ZHJh3pFlE8GxmK6nsysNArrSs=
Subject key identifier:   21:05:18:EA:16:48:46:50:C3:F3:B6:D5:7B:71:5D:9D:FC:1E:DD:C4
Certificate issuer:       /CN=f8a966664ec96edbd12e8e82e940bfb9faec105e
Certificate serial:       018CC6B78F69CDE9FA814476D203D6AFA0AC
Authority key identifier: F8:A9:66:66:4E:C9:6E:DB:D1:2E:8E:82:E9:40:BF:B9:FA:EC:10:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/IQUY6hZIRlDD87bVe3Fdnfwe3cQ.roa
Signing time:             Mon 01 Jan 2024 20:29:27 +0000
ROA not before:           Mon 01 Jan 2024 20:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212520
IP address blocks:        185.177.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:8f:69:cd:e9:fa:81:44:76:d2:03:d6:af:a0:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8a966664ec96edbd12e8e82e940bfb9faec105e
        Validity
            Not Before: Jan  1 20:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=210518ea16484650c3f3b6d57b715d9dfc1eddc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:37:22:6a:c2:c2:4d:d9:de:9f:60:61:3d:94:
                    6a:b6:81:a8:0e:40:ac:7e:ee:64:3a:71:15:52:df:
                    e3:0b:31:fd:43:3d:a1:61:cb:d3:fb:10:71:67:a5:
                    d8:68:86:c9:1f:dd:a5:1e:2d:c0:27:e1:b3:2f:55:
                    b7:b9:69:af:c3:8f:88:47:b6:49:dc:eb:a0:6d:08:
                    ed:2d:ef:e1:7d:84:03:a2:03:fd:ed:7d:e4:36:62:
                    d4:fb:29:8c:e8:b5:7c:c9:4d:5a:4b:04:a2:11:be:
                    9f:d6:d2:f8:98:ca:4b:f1:00:12:f6:1c:ed:ed:4d:
                    3b:4e:6b:a6:8c:fe:b2:44:c9:42:6a:4a:6f:55:bc:
                    e2:bc:8f:c3:9f:c5:8f:6c:b4:4c:a6:25:ca:ed:6f:
                    24:d8:a6:86:32:2c:ba:17:f5:96:b0:43:9d:60:ce:
                    88:a0:fa:05:3c:b7:bd:e4:d5:2b:59:b4:29:55:0b:
                    97:aa:2b:c1:c3:c3:2a:95:f0:aa:54:05:f2:3f:a5:
                    10:c8:21:a3:c2:cd:20:5b:f6:22:08:cd:08:aa:c3:
                    5d:11:6b:d3:1b:e8:de:82:2a:d6:54:2d:6a:f1:d5:
                    33:e8:89:ba:51:58:bb:9a:97:8b:33:4c:f9:65:ac:
                    0a:6d:51:2b:50:17:34:12:ab:6b:e8:5d:5b:9e:a7:
                    9b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:05:18:EA:16:48:46:50:C3:F3:B6:D5:7B:71:5D:9D:FC:1E:DD:C4
            X509v3 Authority Key Identifier:
                keyid:F8:A9:66:66:4E:C9:6E:DB:D1:2E:8E:82:E9:40:BF:B9:FA:EC:10:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/IQUY6hZIRlDD87bVe3Fdnfwe3cQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:5a:b1:24:0e:73:e5:cc:ca:ee:0c:61:21:49:77:ad:97:f3:
         bd:fd:c6:6e:2a:9f:5f:f7:5c:15:b1:09:f0:f3:68:aa:2b:75:
         71:74:89:8a:0b:9b:e7:e6:4d:3d:42:60:86:d5:af:b2:57:bb:
         77:9c:09:09:15:40:dc:50:cd:5e:90:cf:35:94:e6:0a:4e:04:
         c2:ca:40:ea:32:ed:67:9b:82:ec:50:59:36:66:7c:dc:b6:35:
         e1:aa:79:3a:2a:51:36:b8:31:d2:5e:57:be:c6:81:42:99:ef:
         66:af:97:e9:50:ab:1a:4f:b1:02:9d:4e:67:41:57:a4:e2:b6:
         49:a0:76:4b:15:78:b3:3d:01:38:dd:81:ab:fa:43:63:b0:c1:
         d9:f2:9f:e7:0e:48:2a:7c:f6:79:93:70:e2:db:2c:95:7c:f2:
         61:b2:7a:22:ca:10:22:33:88:dd:57:b4:ab:ab:a2:06:8d:0f:
         6c:d6:0f:0d:b6:1c:38:c2:9e:41:fb:42:a3:82:95:1b:55:c4:
         63:8f:ad:75:41:d1:2f:72:36:be:49:89:e4:64:9e:10:6b:ea:
         a6:0b:56:e7:fc:12:bb:a9:a7:ea:8a:60:e4:5c:07:7a:06:4a:
         cc:03:bd:ab:55:50:00:56:20:26:85:97:10:79:60:5b:e1:6e:
         83:12:38:a6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGt49pzen6gUR20gPWr6CsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YTk2NjY2NGVjOTZlZGJkMTJlOGU4MmU5NDBiZmI5ZmFl
YzEwNWUwHhcNMjQwMTAxMjAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTA1MThlYTE2NDg0NjUwYzNmM2I2ZDU3YjcxNWQ5ZGZjMWVkZGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDciasLCTdnen2BhPZRqtoGoDkCs
fu5kOnEVUt/jCzH9Qz2hYcvT+xBxZ6XYaIbJH92lHi3AJ+GzL1W3uWmvw4+IR7ZJ
3OugbQjtLe/hfYQDogP97X3kNmLU+ymM6LV8yU1aSwSiEb6f1tL4mMpL8QAS9hzt
7U07TmumjP6yRMlCakpvVbzivI/Dn8WPbLRMpiXK7W8k2KaGMiy6F/WWsEOdYM6I
oPoFPLe95NUrWbQpVQuXqivBw8MqlfCqVAXyP6UQyCGjws0gW/YiCM0IqsNdEWvT
G+jegirWVC1q8dUz6Im6UVi7mpeLM0z5ZawKbVErUBc0Eqtr6F1bnqebxQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCEFGOoWSEZQw/O21XtxXZ38Ht3EMB8GA1UdIwQY
MBaAFPipZmZOyW7b0S6OgulAv7n67BBeMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1LbG1aazdKYnR2UkxvNkM2VUNfdWZyc0VGNC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUvNjRhYjk5LTQ5YWEtNGFhZS04ZGQ1
LTM4MjM1NWZjMmZmMS8xL0lRVVk2aFpJUmxERDg3YlZlM0ZkbmZ3ZTNjUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDUvNjRhYjk5LTQ5YWEtNGFhZS04ZGQ1LTM4MjM1NWZjMmZm
MS8xLzEtS2xtWms3SmJ0dlJMbzZDNlVDX3VmcnNFRjQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5sc4w
DQYJKoZIhvcNAQELBQADggEBAJBasSQOc+XMyu4MYSFJd62X8739xm4qn1/3XBWx
CfDzaKordXF0iYoLm+fmTT1CYIbVr7JXu3ecCQkVQNxQzV6QzzWU5gpOBMLKQOoy
7WebguxQWTZmfNy2NeGqeToqUTa4MdJeV77GgUKZ72avl+lQqxpPsQKdTmdBV6Ti
tkmgdksVeLM9ATjdgav6Q2Owwdnyn+cOSCp89nmTcOLbLJV88mGyeiLKECIziN1X
tKurogaND2zWDw22HDjCnkH7QqOClRtVxGOPrXVB0S9yNr5JieRknhBr6qYLVuf8
Erupp+qKYORcB3oGSswDvatVUABWICaFlxB5YFvhboMSOKY=
-----END CERTIFICATE-----