Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/251f4a-82d7-46a5-a130-0a9b06e16ddc/1/I4JcEdFxmSx0F6vczLxZ9_L2F_s.roa
File:                     I4JcEdFxmSx0F6vczLxZ9_L2F_s.roa (raw, json)
Hash identifier:          oaJ3M9vBZ+1KDZZFXJUIUL/hj4/9cmdgqEPwMwlCpMs=
Subject key identifier:   23:82:5C:11:D1:71:99:2C:74:17:AB:DC:CC:BC:59:F7:F2:F6:17:FB
Certificate issuer:       /CN=5fcf5d25a3661a3e72d2729454f7ff804b43bdb9
Certificate serial:       018CC424621F49E8E21756887E3CFAD01D0D
Authority key identifier: 5F:CF:5D:25:A3:66:1A:3E:72:D2:72:94:54:F7:FF:80:4B:43:BD:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X89dJaNmGj5y0nKUVPf_gEtDvbk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/251f4a-82d7-46a5-a130-0a9b06e16ddc/1/I4JcEdFxmSx0F6vczLxZ9_L2F_s.roa
Signing time:             Mon 01 Jan 2024 08:29:27 +0000
ROA not before:           Mon 01 Jan 2024 08:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202422
IP address blocks:        185.105.0.0/24 maxlen: 24
                          185.105.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/251f4a-82d7-46a5-a130-0a9b06e16ddc/1/X89dJaNmGj5y0nKUVPf_gEtDvbk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/251f4a-82d7-46a5-a130-0a9b06e16ddc/1/X89dJaNmGj5y0nKUVPf_gEtDvbk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X89dJaNmGj5y0nKUVPf_gEtDvbk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:62:1f:49:e8:e2:17:56:88:7e:3c:fa:d0:1d:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fcf5d25a3661a3e72d2729454f7ff804b43bdb9
        Validity
            Not Before: Jan  1 08:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23825c11d171992c7417abdcccbc59f7f2f617fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:45:ee:d6:a2:25:05:f3:c2:e6:d1:f2:5d:b1:
                    83:af:25:fa:f6:80:20:af:42:c4:bd:e2:8b:e4:d2:
                    2f:49:74:f4:8d:1d:73:d4:33:15:8d:a3:75:04:36:
                    0c:47:b3:6e:66:0f:1b:7a:43:6a:61:0e:ac:c2:d1:
                    78:b3:85:7f:3d:29:50:63:3c:ca:62:c7:86:29:a9:
                    36:3d:0e:60:cb:ec:06:cf:4e:3f:41:14:4d:52:f2:
                    a0:3d:e2:51:32:b2:91:ab:e0:83:dc:d4:ab:09:95:
                    0b:d7:71:dd:d1:2e:65:8e:90:34:8a:dc:ff:6f:7b:
                    0f:72:ae:aa:65:96:bf:f5:a5:f2:f6:67:87:0c:b9:
                    c4:86:d1:8a:59:4e:b8:3f:e1:63:a2:6b:99:89:90:
                    90:08:7e:83:c9:a0:38:34:ea:5c:cd:99:be:57:63:
                    87:99:c7:a5:7d:64:a9:a6:0d:80:32:87:82:ae:38:
                    e6:23:f9:51:b1:e5:38:43:1f:c7:28:4f:40:9a:af:
                    3d:3e:d6:2e:13:d2:f2:cb:e8:de:c8:88:db:30:b5:
                    c7:fd:94:86:62:88:05:c9:06:07:7c:16:02:54:b2:
                    9b:0d:e7:0f:4c:43:83:a3:eb:29:35:48:30:f7:54:
                    21:55:af:10:85:39:a2:3b:5e:e3:f9:d7:d6:e8:01:
                    bd:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:82:5C:11:D1:71:99:2C:74:17:AB:DC:CC:BC:59:F7:F2:F6:17:FB
            X509v3 Authority Key Identifier:
                keyid:5F:CF:5D:25:A3:66:1A:3E:72:D2:72:94:54:F7:FF:80:4B:43:BD:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X89dJaNmGj5y0nKUVPf_gEtDvbk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/251f4a-82d7-46a5-a130-0a9b06e16ddc/1/I4JcEdFxmSx0F6vczLxZ9_L2F_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/251f4a-82d7-46a5-a130-0a9b06e16ddc/1/X89dJaNmGj5y0nKUVPf_gEtDvbk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.0.0/24
                  185.105.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:38:8d:9c:61:e5:93:85:b2:d4:a0:03:34:6a:e4:9a:6e:2e:
         b1:a2:df:3a:0e:4f:a0:4b:b4:ce:72:62:39:9f:2e:60:2c:df:
         0f:6d:b5:23:5a:b1:2e:bd:c4:e0:fe:1a:85:a0:d9:9a:d8:c1:
         6a:94:15:23:dc:a6:d6:2d:d2:ad:86:39:95:8c:d4:cd:39:ed:
         7f:2e:3a:3b:88:fb:31:d3:f8:94:2e:ee:41:5c:26:65:41:3d:
         05:f9:f4:d5:46:ca:27:17:f1:a4:dd:9a:6c:24:89:56:30:98:
         5d:d9:56:87:6e:2c:f4:a7:37:61:7d:7d:90:39:e8:5f:87:32:
         56:34:4a:31:2b:f1:c4:d3:5b:95:96:80:e5:32:cc:77:d6:ac:
         a4:2c:8e:b6:56:be:74:8b:43:40:78:05:c9:4f:1b:8e:52:33:
         33:98:f6:dd:55:e6:0d:3b:57:9e:e4:71:43:1f:4a:35:33:26:
         32:57:29:77:67:c5:b6:21:85:2e:81:e5:ee:33:9e:61:67:6b:
         5e:3d:0c:47:1d:5f:4b:6a:f9:e7:90:c3:16:e3:63:94:a1:23:
         59:73:ad:16:ac:8d:57:a0:32:85:a4:34:99:9e:00:37:4d:1d:
         34:cf:dc:ba:62:90:63:6a:57:96:d4:52:9b:2e:e5:b2:ff:d9:
         4c:39:b3:15
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJGIfSejiF1aIfjz60B0NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmY2Y1ZDI1YTM2NjFhM2U3MmQyNzI5NDU0ZjdmZjgwNGI0
M2JkYjkwHhcNMjQwMTAxMDgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzgyNWMxMWQxNzE5OTJjNzQxN2FiZGNjY2JjNTlmN2YyZjYxN2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukXu1qIlBfPC5tHyXbGDryX69oAg
r0LEveKL5NIvSXT0jR1z1DMVjaN1BDYMR7NuZg8bekNqYQ6swtF4s4V/PSlQYzzK
YseGKak2PQ5gy+wGz04/QRRNUvKgPeJRMrKRq+CD3NSrCZUL13Hd0S5ljpA0itz/
b3sPcq6qZZa/9aXy9meHDLnEhtGKWU64P+FjomuZiZCQCH6DyaA4NOpczZm+V2OH
mcelfWSppg2AMoeCrjjmI/lRseU4Qx/HKE9Amq89PtYuE9Lyy+jeyIjbMLXH/ZSG
YogFyQYHfBYCVLKbDecPTEODo+spNUgw91QhVa8QhTmiO17j+dfW6AG9vQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCOCXBHRcZksdBer3My8Wffy9hf7MB8GA1UdIwQY
MBaAFF/PXSWjZho+ctJylFT3/4BLQ725MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDg5ZEphTm1HajV5MG5LVVZQZl9nRXREdmJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8yNTFmNGEtODJkNy00NmE1LWExMzAt
MGE5YjA2ZTE2ZGRjLzEvSTRKY0VkRnhtU3gwRjZ2Y3pMeFo5X0wyRl9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8yNTFmNGEtODJkNy00NmE1LWExMzAtMGE5YjA2ZTE2ZGRj
LzEvWDg5ZEphTm1HajV5MG5LVVZQZl9nRXREdmJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuWkAAwQA
uWkDMA0GCSqGSIb3DQEBCwUAA4IBAQCVOI2cYeWThbLUoAM0auSabi6xot86Dk+g
S7TOcmI5ny5gLN8PbbUjWrEuvcTg/hqFoNma2MFqlBUj3KbWLdKthjmVjNTNOe1/
Ljo7iPsx0/iULu5BXCZlQT0F+fTVRsonF/Gk3ZpsJIlWMJhd2VaHbiz0pzdhfX2Q
OehfhzJWNEoxK/HE01uVloDlMsx31qykLI62Vr50i0NAeAXJTxuOUjMzmPbdVeYN
O1ee5HFDH0o1MyYyVyl3Z8W2IYUugeXuM55hZ2tePQxHHV9LavnnkMMW42OUoSNZ
c60WrI1XoDKFpDSZngA3TR00z9y6YpBjaleW1FKbLuWy/9lMObMV
-----END CERTIFICATE-----