Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/58fee9-3830-4da4-b144-915175e36e8e/1/H33l0KeJq9p6hlQ8Nce_Wi3dFtc.roa
File:                     H33l0KeJq9p6hlQ8Nce_Wi3dFtc.roa (raw, json)
Hash identifier:          +lKrMEFROmNi/y7a3TonC9tTql2mwO6tnIhMcLpS13A=
Subject key identifier:   1F:7D:E5:D0:A7:89:AB:DA:7A:86:54:3C:35:C7:BF:5A:2D:DD:16:D7
Certificate issuer:       /CN=79c98cbb37fea2e9c9a6eb6f92887c05a4c50691
Certificate serial:       018CC726CD121EFBC7E6D2C8F5EB0BF55737
Authority key identifier: 79:C9:8C:BB:37:FE:A2:E9:C9:A6:EB:6F:92:88:7C:05:A4:C5:06:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ecmMuzf-ounJputvkoh8BaTFBpE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/58fee9-3830-4da4-b144-915175e36e8e/1/H33l0KeJq9p6hlQ8Nce_Wi3dFtc.roa
Signing time:             Mon 01 Jan 2024 22:30:57 +0000
ROA not before:           Mon 01 Jan 2024 22:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1836
IP address blocks:        185.169.60.0/22 maxlen: 22
                          2a0a:3d00::/48 maxlen: 48
                          2a0a:3d00:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/58fee9-3830-4da4-b144-915175e36e8e/1/ecmMuzf-ounJputvkoh8BaTFBpE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/58fee9-3830-4da4-b144-915175e36e8e/1/ecmMuzf-ounJputvkoh8BaTFBpE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ecmMuzf-ounJputvkoh8BaTFBpE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:cd:12:1e:fb:c7:e6:d2:c8:f5:eb:0b:f5:57:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79c98cbb37fea2e9c9a6eb6f92887c05a4c50691
        Validity
            Not Before: Jan  1 22:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f7de5d0a789abda7a86543c35c7bf5a2ddd16d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:3d:e1:82:ad:90:a3:aa:6c:0e:0f:50:29:c8:
                    c6:9e:30:95:f4:61:7d:72:a0:9f:a9:7c:7f:35:cd:
                    f5:aa:39:b9:c5:2d:1b:62:d6:20:56:84:de:77:16:
                    d5:16:2a:cd:0a:d4:94:9e:b8:4c:14:dc:da:39:e8:
                    c2:b3:46:60:59:d7:8b:2c:95:b6:52:92:67:70:71:
                    3a:27:43:7a:98:45:70:f4:bc:79:9e:82:de:8d:9b:
                    a8:42:d8:94:0b:09:f0:97:31:03:b7:3d:6f:5d:fc:
                    06:cd:12:85:ce:72:e5:e3:3d:09:6a:77:af:21:df:
                    f6:d4:92:c9:ea:85:b3:1f:90:7c:4c:af:bb:92:9d:
                    84:34:57:23:37:08:29:fc:be:4d:4e:b3:a1:f6:9a:
                    30:d9:77:aa:89:f7:f4:b6:72:13:48:8c:fa:34:10:
                    32:e8:db:00:b5:8f:28:75:56:9e:05:62:8a:3c:41:
                    9d:7b:d5:a4:ef:7b:3f:30:e5:3b:f4:b7:e4:fc:86:
                    59:dc:33:9a:35:7a:73:5d:2a:ee:fa:44:9f:d1:23:
                    ab:14:54:4c:88:98:04:c9:58:84:8e:28:63:5f:99:
                    a5:04:b1:ae:31:e6:d4:83:4a:5a:6e:1a:d2:2c:c6:
                    42:d4:c9:6e:82:98:81:0f:a6:0d:34:a9:a2:25:c2:
                    20:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:7D:E5:D0:A7:89:AB:DA:7A:86:54:3C:35:C7:BF:5A:2D:DD:16:D7
            X509v3 Authority Key Identifier:
                keyid:79:C9:8C:BB:37:FE:A2:E9:C9:A6:EB:6F:92:88:7C:05:A4:C5:06:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ecmMuzf-ounJputvkoh8BaTFBpE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/58fee9-3830-4da4-b144-915175e36e8e/1/H33l0KeJq9p6hlQ8Nce_Wi3dFtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/58fee9-3830-4da4-b144-915175e36e8e/1/ecmMuzf-ounJputvkoh8BaTFBpE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.60.0/22
                IPv6:
                  2a0a:3d00::/47

    Signature Algorithm: sha256WithRSAEncryption
         39:60:67:f5:0b:6c:0e:b4:f0:80:58:ce:ba:c4:6d:bd:56:1f:
         af:08:22:86:aa:32:aa:52:80:0e:c2:02:e2:0b:67:f0:30:e9:
         43:25:f5:07:17:24:5c:c7:2e:bc:c8:e4:ff:55:19:09:b5:c1:
         14:27:01:e9:4e:e9:19:f2:fc:b4:29:2d:d2:c3:97:36:54:db:
         90:6b:23:80:af:c0:22:7f:41:21:e6:49:ce:80:52:72:0c:4b:
         71:d9:5c:2d:c3:64:10:4e:5f:8e:e1:8b:4b:0c:cd:29:f7:7a:
         8f:9e:f3:98:f9:65:3d:d2:86:d6:a7:f3:94:24:fb:22:21:18:
         ca:34:22:4e:54:87:ba:14:e1:67:db:c6:72:e3:c4:38:02:f6:
         9c:cf:d9:a5:8d:0d:2c:dc:82:93:21:4d:bc:21:4c:34:e5:9e:
         f0:e8:49:a9:f3:8e:ee:3a:00:13:1b:b9:4d:c5:e9:63:e7:02:
         fb:85:73:5f:6b:b2:8b:90:74:05:26:b1:8b:dc:ce:b2:e4:7d:
         d3:00:39:66:cb:8b:06:31:17:25:e7:56:44:33:c8:65:31:07:
         a7:03:a9:fc:08:2d:d0:3c:ba:c2:29:f1:4d:a7:2c:6e:99:a2:
         2c:c3:12:a0:ec:e6:e6:d9:72:d2:7f:1e:c7:96:12:08:ed:a7:
         0c:3b:ed:5a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHJs0SHvvH5tLI9esL9Vc3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5Yzk4Y2JiMzdmZWEyZTljOWE2ZWI2ZjkyODg3YzA1YTRj
NTA2OTEwHhcNMjQwMTAxMjIzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjdkZTVkMGE3ODlhYmRhN2E4NjU0M2MzNWM3YmY1YTJkZGQxNmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoT3hgq2Qo6psDg9QKcjGnjCV9GF9
cqCfqXx/Nc31qjm5xS0bYtYgVoTedxbVFirNCtSUnrhMFNzaOejCs0ZgWdeLLJW2
UpJncHE6J0N6mEVw9Lx5noLejZuoQtiUCwnwlzEDtz1vXfwGzRKFznLl4z0Janev
Id/21JLJ6oWzH5B8TK+7kp2ENFcjNwgp/L5NTrOh9pow2Xeqiff0tnITSIz6NBAy
6NsAtY8odVaeBWKKPEGde9Wk73s/MOU79Lfk/IZZ3DOaNXpzXSru+kSf0SOrFFRM
iJgEyViEjihjX5mlBLGuMebUg0pabhrSLMZC1MlugpiBD6YNNKmiJcIgiwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB995dCniavaeoZUPDXHv1ot3RbXMB8GA1UdIwQY
MBaAFHnJjLs3/qLpyabrb5KIfAWkxQaRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWNtTXV6Zi1vdW5KcHV0dmtvaDhCYVRGQnBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My81OGZlZTktMzgzMC00ZGE0LWIxNDQt
OTE1MTc1ZTM2ZThlLzEvSDMzbDBLZUpxOXA2aGxROE5jZV9XaTNkRnRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My81OGZlZTktMzgzMC00ZGE0LWIxNDQtOTE1MTc1ZTM2ZThl
LzEvZWNtTXV6Zi1vdW5KcHV0dmtvaDhCYVRGQnBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCuak8MA8E
AgACMAkDBwEqCj0AAAAwDQYJKoZIhvcNAQELBQADggEBADlgZ/ULbA608IBYzrrE
bb1WH68IIoaqMqpSgA7CAuILZ/Aw6UMl9QcXJFzHLrzI5P9VGQm1wRQnAelO6Rny
/LQpLdLDlzZU25BrI4CvwCJ/QSHmSc6AUnIMS3HZXC3DZBBOX47hi0sMzSn3eo+e
85j5ZT3Shtan85Qk+yIhGMo0Ik5Uh7oU4WfbxnLjxDgC9pzP2aWNDSzcgpMhTbwh
TDTlnvDoSanzju46ABMbuU3F6WPnAvuFc19rsouQdAUmsYvczrLkfdMAOWbLiwYx
FyXnVkQzyGUxB6cDqfwILdA8usIp8U2nLG6ZoizDEqDs5ubZctJ/HseWEgjtpww7
7Vo=
-----END CERTIFICATE-----