Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/0db829-6ebe-482a-a412-61fd1df95727/1/F3EQQaS0u0Bp8t-nT_FHt0PFgeg.roa
File:                     F3EQQaS0u0Bp8t-nT_FHt0PFgeg.roa (raw, json)
Hash identifier:          yvbEmWncChjDk9U9IcxH9S48aJ0JdVl3/pgLr/MJm2A=
Subject key identifier:   17:71:10:41:A4:B4:BB:40:69:F2:DF:A7:4F:F1:47:B7:43:C5:81:E8
Certificate issuer:       /CN=097b6035e5717fc93a83e3e3ec817e6607643844
Certificate serial:       018CC56EDE7190776AF0EBA4AFEBB3702F89
Authority key identifier: 09:7B:60:35:E5:71:7F:C9:3A:83:E3:E3:EC:81:7E:66:07:64:38:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXtgNeVxf8k6g-Pj7IF-ZgdkOEQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/0db829-6ebe-482a-a412-61fd1df95727/1/F3EQQaS0u0Bp8t-nT_FHt0PFgeg.roa
Signing time:             Mon 01 Jan 2024 14:30:26 +0000
ROA not before:           Mon 01 Jan 2024 14:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24904
IP address blocks:        185.238.4.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/0db829-6ebe-482a-a412-61fd1df95727/1/CXtgNeVxf8k6g-Pj7IF-ZgdkOEQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/0db829-6ebe-482a-a412-61fd1df95727/1/CXtgNeVxf8k6g-Pj7IF-ZgdkOEQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXtgNeVxf8k6g-Pj7IF-ZgdkOEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:de:71:90:77:6a:f0:eb:a4:af:eb:b3:70:2f:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097b6035e5717fc93a83e3e3ec817e6607643844
        Validity
            Not Before: Jan  1 14:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17711041a4b4bb4069f2dfa74ff147b743c581e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:3c:ba:08:40:bc:8b:c9:30:e2:bd:84:11:0a:
                    ac:de:8d:92:f8:76:f5:64:e9:82:fc:f5:9e:d8:d0:
                    5a:46:3d:d0:14:aa:22:b7:4d:ea:54:00:6b:b8:98:
                    cf:a0:05:7d:21:5a:87:e0:28:11:b4:20:97:4d:94:
                    c3:f4:10:f9:c0:d1:53:40:4b:5f:9f:d2:b5:f2:8c:
                    b9:4a:f8:92:36:27:04:7d:52:0b:6b:10:a6:c8:a7:
                    6b:28:8b:61:d9:25:14:49:16:d0:73:44:2a:19:65:
                    65:8d:1a:78:2c:6f:05:bf:5d:fe:fe:fd:95:e4:93:
                    af:85:c5:0e:ed:89:48:4e:bb:65:7d:b4:f0:ff:ff:
                    77:13:50:44:d9:97:0a:dd:7d:fc:d5:2a:46:92:95:
                    94:ee:39:b6:6d:f1:de:7c:37:b7:df:d7:0d:94:bc:
                    f9:25:0c:1e:c3:ae:84:d1:d9:b6:94:07:fe:a1:9b:
                    38:60:b2:1d:0b:31:8b:ab:c6:49:ee:62:1c:85:63:
                    35:b9:f7:06:29:7e:95:b4:a0:3d:27:1e:e4:ba:03:
                    70:0f:26:33:23:6e:8e:06:74:ac:08:c6:ac:83:be:
                    cb:5f:b0:0c:6e:07:95:32:7e:5c:76:b4:3b:09:50:
                    9a:2b:2c:87:4f:d9:59:cd:8d:6f:87:64:b9:f8:8c:
                    9e:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:71:10:41:A4:B4:BB:40:69:F2:DF:A7:4F:F1:47:B7:43:C5:81:E8
            X509v3 Authority Key Identifier:
                keyid:09:7B:60:35:E5:71:7F:C9:3A:83:E3:E3:EC:81:7E:66:07:64:38:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXtgNeVxf8k6g-Pj7IF-ZgdkOEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/0db829-6ebe-482a-a412-61fd1df95727/1/F3EQQaS0u0Bp8t-nT_FHt0PFgeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/0db829-6ebe-482a-a412-61fd1df95727/1/CXtgNeVxf8k6g-Pj7IF-ZgdkOEQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:9c:cc:ea:59:a8:79:05:b2:63:9d:fd:19:59:6f:32:c6:e7:
         69:a1:99:d3:8a:4a:6e:0b:02:e7:f5:1a:73:c6:17:dc:34:60:
         a2:51:ab:59:bd:96:8b:0f:6d:d6:b5:d0:f4:58:6b:ba:d5:e1:
         49:e2:4d:44:ab:4c:13:3b:e5:f7:9f:e7:1a:89:45:f1:3f:5a:
         76:39:65:23:70:94:67:0a:da:f4:1d:0e:aa:80:8f:67:60:e5:
         66:1e:96:a2:51:28:27:15:f9:c7:cf:51:28:db:12:08:18:76:
         9f:19:ef:43:6e:67:e3:de:64:6a:ea:61:93:7b:12:34:16:0c:
         44:4e:6b:b3:f5:b0:c3:25:d5:d2:59:a3:20:06:03:14:52:61:
         87:c8:15:17:02:a2:87:05:05:73:bd:6a:61:8b:9c:28:a6:cf:
         5c:eb:af:ef:d0:e3:cf:20:a0:dc:9e:dc:45:c9:77:c0:33:06:
         27:d2:e7:aa:85:95:2d:e8:60:fd:72:7b:a0:27:86:64:67:16:
         d5:8d:4c:4a:df:39:24:2e:d1:32:f0:90:ec:83:75:b5:ee:3d:
         03:3d:13:a7:48:ed:67:8a:5b:fe:e2:73:b7:2b:d3:ed:10:0a:
         65:e4:6a:15:ca:8b:c5:64:40:27:7d:37:bc:cb:45:5d:42:95:
         51:71:e5:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbt5xkHdq8Oukr+uzcC+JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5N2I2MDM1ZTU3MTdmYzkzYTgzZTNlM2VjODE3ZTY2MDc2
NDM4NDQwHhcNMjQwMTAxMTQzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzcxMTA0MWE0YjRiYjQwNjlmMmRmYTc0ZmYxNDdiNzQzYzU4MWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDy6CEC8i8kw4r2EEQqs3o2S+Hb1
ZOmC/PWe2NBaRj3QFKoit03qVABruJjPoAV9IVqH4CgRtCCXTZTD9BD5wNFTQEtf
n9K18oy5SviSNicEfVILaxCmyKdrKIth2SUUSRbQc0QqGWVljRp4LG8Fv13+/v2V
5JOvhcUO7YlITrtlfbTw//93E1BE2ZcK3X381SpGkpWU7jm2bfHefDe339cNlLz5
JQwew66E0dm2lAf+oZs4YLIdCzGLq8ZJ7mIchWM1ufcGKX6VtKA9Jx7kugNwDyYz
I26OBnSsCMasg77LX7AMbgeVMn5cdrQ7CVCaKyyHT9lZzY1vh2S5+IyexQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBdxEEGktLtAafLfp0/xR7dDxYHoMB8GA1UdIwQY
MBaAFAl7YDXlcX/JOoPj4+yBfmYHZDhEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1h0Z05lVnhmOGs2Zy1QajdJRi1aZ2RrT0VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8wZGI4MjktNmViZS00ODJhLWE0MTIt
NjFmZDFkZjk1NzI3LzEvRjNFUVFhUzB1MEJwOHQtblRfRkh0MFBGZ2VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8wZGI4MjktNmViZS00ODJhLWE0MTItNjFmZDFkZjk1NzI3
LzEvQ1h0Z05lVnhmOGs2Zy1QajdJRi1aZ2RrT0VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue4EMA0G
CSqGSIb3DQEBCwUAA4IBAQAVnMzqWah5BbJjnf0ZWW8yxudpoZnTikpuCwLn9Rpz
xhfcNGCiUatZvZaLD23WtdD0WGu61eFJ4k1Eq0wTO+X3n+caiUXxP1p2OWUjcJRn
Ctr0HQ6qgI9nYOVmHpaiUSgnFfnHz1Eo2xIIGHafGe9Dbmfj3mRq6mGTexI0FgxE
Tmuz9bDDJdXSWaMgBgMUUmGHyBUXAqKHBQVzvWphi5wops9c66/v0OPPIKDcntxF
yXfAMwYn0ueqhZUt6GD9cnugJ4ZkZxbVjUxK3zkkLtEy8JDsg3W17j0DPROnSO1n
ilv+4nO3K9PtEApl5GoVyovFZEAnfTe8y0VdQpVRceVP
-----END CERTIFICATE-----