Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/fbbf8d-2c43-429d-b5cd-fcc220644558/1/RwfAvyO7mb8SIxEduBMOFv1GTTA.roa
File:                     RwfAvyO7mb8SIxEduBMOFv1GTTA.roa (raw, json)
Hash identifier:          jreq9xSXhp5MvltimCjC4OGpg2xum28KBuQv3YN2FSI=
Subject key identifier:   47:07:C0:BF:23:BB:99:BF:12:23:11:1D:B8:13:0E:16:FD:46:4D:30
Certificate issuer:       /CN=529343235581cf4104190da7a0ca174b9c0d0bd5
Certificate serial:       018CCA2BAAE1E5B83C857200EDD6A8C221D5
Authority key identifier: 52:93:43:23:55:81:CF:41:04:19:0D:A7:A0:CA:17:4B:9C:0D:0B:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UpNDI1WBz0EEGQ2noMoXS5wNC9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/fbbf8d-2c43-429d-b5cd-fcc220644558/1/RwfAvyO7mb8SIxEduBMOFv1GTTA.roa
Signing time:             Tue 02 Jan 2024 12:35:08 +0000
ROA not before:           Tue 02 Jan 2024 12:35:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7155
IP address blocks:        185.84.124.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/fbbf8d-2c43-429d-b5cd-fcc220644558/1/UpNDI1WBz0EEGQ2noMoXS5wNC9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/fbbf8d-2c43-429d-b5cd-fcc220644558/1/UpNDI1WBz0EEGQ2noMoXS5wNC9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UpNDI1WBz0EEGQ2noMoXS5wNC9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:aa:e1:e5:b8:3c:85:72:00:ed:d6:a8:c2:21:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=529343235581cf4104190da7a0ca174b9c0d0bd5
        Validity
            Not Before: Jan  2 12:35:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4707c0bf23bb99bf1223111db8130e16fd464d30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:1d:70:ae:6a:9c:6e:5c:17:b8:2a:87:12:dc:
                    5b:3a:76:a5:b2:4c:7d:a0:8a:fc:89:8d:6a:f8:fc:
                    e9:54:7b:28:f6:5b:8a:4b:0b:ac:b6:4e:3c:83:b8:
                    ef:71:e6:5c:9a:e0:df:c1:50:82:61:8c:19:5c:09:
                    67:b0:87:eb:b6:ed:0d:5f:c8:04:d8:2e:47:89:1d:
                    b6:32:34:a9:c9:c4:c5:a8:21:72:08:b0:38:f9:b0:
                    f3:eb:13:93:fa:ac:b9:01:29:9b:64:b2:6d:24:31:
                    fd:8b:e9:3d:26:e8:4a:b9:39:11:f1:32:71:44:ff:
                    ab:82:b4:c7:44:fa:c5:27:41:55:60:92:6b:ed:69:
                    cd:f4:26:14:3c:40:60:15:be:d4:21:3f:24:45:87:
                    16:ec:9d:4e:d1:0f:1e:21:43:31:4c:37:da:7d:ed:
                    d6:2d:45:16:32:36:88:6a:1b:e3:c3:fd:63:34:f4:
                    c3:80:70:3a:37:22:c2:5a:f0:f5:69:42:59:1c:83:
                    63:2e:62:31:d4:82:90:61:58:6c:c9:e1:05:f5:02:
                    fc:56:99:72:04:b7:f7:68:05:70:08:f7:a3:2d:db:
                    98:8f:0e:58:7d:34:49:f6:e8:8f:2c:32:40:46:45:
                    39:9a:c8:9d:7f:bd:78:30:11:d9:3a:15:9b:87:ee:
                    83:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:07:C0:BF:23:BB:99:BF:12:23:11:1D:B8:13:0E:16:FD:46:4D:30
            X509v3 Authority Key Identifier:
                keyid:52:93:43:23:55:81:CF:41:04:19:0D:A7:A0:CA:17:4B:9C:0D:0B:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpNDI1WBz0EEGQ2noMoXS5wNC9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/fbbf8d-2c43-429d-b5cd-fcc220644558/1/RwfAvyO7mb8SIxEduBMOFv1GTTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/fbbf8d-2c43-429d-b5cd-fcc220644558/1/UpNDI1WBz0EEGQ2noMoXS5wNC9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:8d:cf:90:ee:4c:40:72:25:88:75:b7:76:d9:0a:73:8b:ad:
         af:67:e1:88:82:7d:47:c0:96:d0:8b:aa:c0:c7:38:45:cf:fd:
         b7:87:c7:5a:94:20:9d:1a:6c:a5:d5:62:14:ca:5e:68:7f:2b:
         0b:cd:29:ed:b7:4e:a0:e3:67:d3:e0:2a:0a:19:5c:fd:d0:f8:
         e9:63:d6:ef:3a:10:78:d3:ab:02:c1:42:9b:f7:ca:7d:5d:7c:
         94:3f:df:90:a4:08:70:60:2a:d8:b1:7e:83:e4:69:4e:a1:6f:
         76:83:e0:98:ed:2a:ab:fb:41:bb:fb:1e:d0:11:ee:84:4a:1d:
         e4:a8:cb:a7:0e:5e:3c:d3:03:9f:ed:6b:4a:0c:dc:b3:33:cb:
         ae:f1:2b:a6:bc:3c:9e:bf:49:32:02:9e:01:bf:dd:81:42:bd:
         8b:9e:ea:d5:a6:f0:4e:e9:f7:43:56:0a:4a:79:08:5f:1f:74:
         21:bf:3b:f1:fb:32:f8:e4:23:ea:74:c3:29:de:2d:6c:31:8e:
         45:84:69:89:81:7b:22:68:c3:c0:5b:25:72:13:c5:10:63:40:
         f3:cd:4c:b3:67:3a:ac:92:ad:47:e6:e9:e1:23:2e:ad:4d:d8:
         7c:e5:56:15:da:45:0e:5e:b8:f1:f2:2a:0e:09:d3:96:fc:c4:
         6e:b2:5f:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK6rh5bg8hXIA7daowiHVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOTM0MzIzNTU4MWNmNDEwNDE5MGRhN2EwY2ExNzRiOWMw
ZDBiZDUwHhcNMjQwMTAyMTIzNTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzA3YzBiZjIzYmI5OWJmMTIyMzExMWRiODEzMGUxNmZkNDY0ZDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmB1wrmqcblwXuCqHEtxbOnalskx9
oIr8iY1q+PzpVHso9luKSwustk48g7jvceZcmuDfwVCCYYwZXAlnsIfrtu0NX8gE
2C5HiR22MjSpycTFqCFyCLA4+bDz6xOT+qy5ASmbZLJtJDH9i+k9JuhKuTkR8TJx
RP+rgrTHRPrFJ0FVYJJr7WnN9CYUPEBgFb7UIT8kRYcW7J1O0Q8eIUMxTDfafe3W
LUUWMjaIahvjw/1jNPTDgHA6NyLCWvD1aUJZHINjLmIx1IKQYVhsyeEF9QL8Vply
BLf3aAVwCPejLduYjw5YfTRJ9uiPLDJARkU5msidf714MBHZOhWbh+6DmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEcHwL8ju5m/EiMRHbgTDhb9Rk0wMB8GA1UdIwQY
MBaAFFKTQyNVgc9BBBkNp6DKF0ucDQvVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXBOREkxV0J6MEVFR1Eybm9Nb1hTNXdOQzlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9mYmJmOGQtMmM0My00MjlkLWI1Y2Qt
ZmNjMjIwNjQ0NTU4LzEvUndmQXZ5TzdtYjhTSXhFZHVCTU9GdjFHVFRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9mYmJmOGQtMmM0My00MjlkLWI1Y2QtZmNjMjIwNjQ0NTU4
LzEvVXBOREkxV0J6MEVFR1Eybm9Nb1hTNXdOQzlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVR8MA0G
CSqGSIb3DQEBCwUAA4IBAQA7jc+Q7kxAciWIdbd22Qpzi62vZ+GIgn1HwJbQi6rA
xzhFz/23h8dalCCdGmyl1WIUyl5ofysLzSntt06g42fT4CoKGVz90PjpY9bvOhB4
06sCwUKb98p9XXyUP9+QpAhwYCrYsX6D5GlOoW92g+CY7Sqr+0G7+x7QEe6ESh3k
qMunDl480wOf7WtKDNyzM8uu8SumvDyev0kyAp4Bv92BQr2LnurVpvBO6fdDVgpK
eQhfH3Qhvzvx+zL45CPqdMMp3i1sMY5FhGmJgXsiaMPAWyVyE8UQY0DzzUyzZzqs
kq1H5unhIy6tTdh85VYV2kUOXrjx8ioOCdOW/MRusl/2
-----END CERTIFICATE-----