Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/ab2389-8d36-43fe-af42-9a3841967181/1/iuDEzP0RfBRQcBTPVMdlUPxJUcU.roa
File:                     iuDEzP0RfBRQcBTPVMdlUPxJUcU.roa (raw, json)
Hash identifier:          UPvN8s9T2ZxcMtpIvBFpOSDlfli7EXsGkFbHmNmVjS8=
Subject key identifier:   8A:E0:C4:CC:FD:11:7C:14:50:70:14:CF:54:C7:65:50:FC:49:51:C5
Certificate issuer:       /CN=473163527e83542dce693b16d0aedcd126d3319a
Certificate serial:       0191BC5881F3F307151410F7DBF75B686420
Authority key identifier: 47:31:63:52:7E:83:54:2D:CE:69:3B:16:D0:AE:DC:D1:26:D3:31:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RzFjUn6DVC3OaTsW0K7c0SbTMZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/ab2389-8d36-43fe-af42-9a3841967181/1/iuDEzP0RfBRQcBTPVMdlUPxJUcU.roa
Signing time:             Wed 04 Sep 2024 09:23:22 +0000
ROA not before:           Wed 04 Sep 2024 09:23:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201152
IP address blocks:        185.55.248.0/22 maxlen: 22
                          185.55.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/ab2389-8d36-43fe-af42-9a3841967181/1/RzFjUn6DVC3OaTsW0K7c0SbTMZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/ab2389-8d36-43fe-af42-9a3841967181/1/RzFjUn6DVC3OaTsW0K7c0SbTMZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RzFjUn6DVC3OaTsW0K7c0SbTMZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bc:58:81:f3:f3:07:15:14:10:f7:db:f7:5b:68:64:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=473163527e83542dce693b16d0aedcd126d3319a
        Validity
            Not Before: Sep  4 09:23:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ae0c4ccfd117c14507014cf54c76550fc4951c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:1d:6a:3f:9c:0d:8b:1b:3d:2f:dc:6b:a3:a7:
                    42:24:f4:0e:a7:00:25:b0:6f:f6:ab:89:c7:ff:13:
                    62:f3:3f:56:8a:1c:05:be:5c:56:a5:b6:05:09:c4:
                    90:2a:f2:8e:48:77:23:54:50:26:0a:c0:89:0f:1f:
                    a9:fd:3d:e5:11:b0:18:e7:27:56:8e:ec:dc:3d:e9:
                    2f:d9:46:d7:fa:c9:05:66:f8:5d:e0:48:34:db:44:
                    ce:aa:6f:fb:c6:46:90:7a:1d:90:09:2b:b0:f6:09:
                    f5:33:1b:0e:6c:8d:ae:f8:23:fe:ce:69:07:87:2e:
                    4b:17:45:df:d4:82:43:5f:9c:f1:22:f1:10:10:85:
                    79:88:46:24:5c:80:64:4b:2d:33:85:d6:30:98:6d:
                    5b:d4:82:c7:1b:95:65:de:30:1d:d7:28:58:f6:b7:
                    50:2d:d1:51:f8:d2:29:89:ff:1a:6b:8f:b0:bb:54:
                    79:5f:a8:a3:f8:db:a2:74:f7:0f:5b:cf:d8:ba:26:
                    f8:15:c8:c8:c4:0a:8e:a4:41:ef:4d:1a:10:b8:16:
                    37:38:6e:28:68:85:84:3a:f1:6f:30:50:de:fc:3c:
                    fc:a7:b6:29:28:f7:57:3b:ed:22:3b:f5:d7:5b:af:
                    88:95:58:a5:2e:6a:82:dc:ee:db:68:e9:3a:a9:c6:
                    94:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:E0:C4:CC:FD:11:7C:14:50:70:14:CF:54:C7:65:50:FC:49:51:C5
            X509v3 Authority Key Identifier:
                keyid:47:31:63:52:7E:83:54:2D:CE:69:3B:16:D0:AE:DC:D1:26:D3:31:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RzFjUn6DVC3OaTsW0K7c0SbTMZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/ab2389-8d36-43fe-af42-9a3841967181/1/iuDEzP0RfBRQcBTPVMdlUPxJUcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/ab2389-8d36-43fe-af42-9a3841967181/1/RzFjUn6DVC3OaTsW0K7c0SbTMZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.55.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:db:5d:5a:34:d0:6c:3b:11:86:9e:a5:c3:3f:eb:49:df:3c:
         5d:c7:d6:01:6a:42:6c:e5:84:13:2c:c8:d5:ea:c4:0d:16:a2:
         85:0f:4a:a0:82:af:09:38:65:d7:0d:75:25:8b:ba:61:dc:a6:
         01:32:a7:d8:10:bd:dc:9b:10:7c:7d:5e:2f:fd:83:9b:fb:20:
         a1:15:ca:d6:01:ec:aa:3a:1c:55:56:25:14:a3:de:e1:0e:8d:
         69:9e:57:0f:f8:46:83:f2:d4:ab:6a:9b:a7:0e:9c:c4:2d:b2:
         f3:c0:20:4d:50:32:16:15:c4:b8:43:d7:1e:f8:40:52:43:7b:
         c3:88:82:02:90:7d:4d:23:6f:59:77:79:1a:78:e7:9e:c6:41:
         74:e4:c8:5c:02:b2:bc:59:70:a2:4d:df:da:45:2b:a8:de:d1:
         dc:6e:0b:6b:56:4f:48:1d:12:ca:8e:f5:7a:a0:73:a9:51:b7:
         6e:23:8e:3b:e0:42:14:f8:f3:5e:a6:15:b7:16:0d:7e:78:ab:
         36:7d:7e:1e:8b:2e:f4:45:3d:2a:f1:80:ff:3e:b5:8f:e4:4a:
         fa:a8:ca:40:23:89:38:2f:3c:33:81:8f:51:e4:1c:6f:6b:0a:
         0d:b0:ac:7c:65:c8:b7:bd:d5:5f:6e:46:f5:df:3c:27:5f:c8:
         18:2e:18:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG8WIHz8wcVFBD32/dbaGQgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MzE2MzUyN2U4MzU0MmRjZTY5M2IxNmQwYWVkY2QxMjZk
MzMxOWEwHhcNMjQwOTA0MDkyMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWUwYzRjY2ZkMTE3YzE0NTA3MDE0Y2Y1NGM3NjU1MGZjNDk1MWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApB1qP5wNixs9L9xro6dCJPQOpwAl
sG/2q4nH/xNi8z9WihwFvlxWpbYFCcSQKvKOSHcjVFAmCsCJDx+p/T3lEbAY5ydW
juzcPekv2UbX+skFZvhd4Eg020TOqm/7xkaQeh2QCSuw9gn1MxsObI2u+CP+zmkH
hy5LF0Xf1IJDX5zxIvEQEIV5iEYkXIBkSy0zhdYwmG1b1ILHG5Vl3jAd1yhY9rdQ
LdFR+NIpif8aa4+wu1R5X6ij+NuidPcPW8/Yuib4FcjIxAqOpEHvTRoQuBY3OG4o
aIWEOvFvMFDe/Dz8p7YpKPdXO+0iO/XXW6+IlVilLmqC3O7baOk6qcaU2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIrgxMz9EXwUUHAUz1THZVD8SVHFMB8GA1UdIwQY
MBaAFEcxY1J+g1Qtzmk7FtCu3NEm0zGaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnpGalVuNkRWQzNPYVRzVzBLN2MwU2JUTVpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9hYjIzODktOGQzNi00M2ZlLWFmNDIt
OWEzODQxOTY3MTgxLzEvaXVERXpQMFJmQlJRY0JUUFZNZGxVUHhKVWNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9hYjIzODktOGQzNi00M2ZlLWFmNDItOWEzODQxOTY3MTgx
LzEvUnpGalVuNkRWQzNPYVRzVzBLN2MwU2JUTVpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTf4MA0G
CSqGSIb3DQEBCwUAA4IBAQAK211aNNBsOxGGnqXDP+tJ3zxdx9YBakJs5YQTLMjV
6sQNFqKFD0qggq8JOGXXDXUli7ph3KYBMqfYEL3cmxB8fV4v/YOb+yChFcrWAeyq
OhxVViUUo97hDo1pnlcP+EaD8tSrapunDpzELbLzwCBNUDIWFcS4Q9ce+EBSQ3vD
iIICkH1NI29Zd3kaeOeexkF05MhcArK8WXCiTd/aRSuo3tHcbgtrVk9IHRLKjvV6
oHOpUbduI4474EIU+PNephW3Fg1+eKs2fX4eiy70RT0q8YD/PrWP5Er6qMpAI4k4
LzwzgY9R5BxvawoNsKx8Zci3vdVfbkb13zwnX8gYLhh+
-----END CERTIFICATE-----