Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/7247d5-e283-4b29-acfd-82e1e200504e/1/6sOIdb-WZrvc4BJlq59axqMlgRs.roa
File:                     6sOIdb-WZrvc4BJlq59axqMlgRs.roa (raw, json)
Hash identifier:          IKcJMThRZUrIDHHSZp3Z/kAafV8hEl2TTedufIkFTfw=
Subject key identifier:   EA:C3:88:75:BF:96:66:BB:DC:E0:12:65:AB:9F:5A:C6:A3:25:81:1B
Certificate issuer:       /CN=805c0c9f23763c037bd6884745cf8464d2db663e
Certificate serial:       018CC26D5B69DD3287DCB18703029049F1FD
Authority key identifier: 80:5C:0C:9F:23:76:3C:03:7B:D6:88:47:45:CF:84:64:D2:DB:66:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gFwMnyN2PAN71ohHRc-EZNLbZj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/7247d5-e283-4b29-acfd-82e1e200504e/1/6sOIdb-WZrvc4BJlq59axqMlgRs.roa
Signing time:             Mon 01 Jan 2024 00:29:55 +0000
ROA not before:           Mon 01 Jan 2024 00:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41480
IP address blocks:        185.25.164.0/22 maxlen: 22
                          185.67.24.0/22 maxlen: 22
                          2a00:8120::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/7247d5-e283-4b29-acfd-82e1e200504e/1/gFwMnyN2PAN71ohHRc-EZNLbZj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/7247d5-e283-4b29-acfd-82e1e200504e/1/gFwMnyN2PAN71ohHRc-EZNLbZj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gFwMnyN2PAN71ohHRc-EZNLbZj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 19:02:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:5b:69:dd:32:87:dc:b1:87:03:02:90:49:f1:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=805c0c9f23763c037bd6884745cf8464d2db663e
        Validity
            Not Before: Jan  1 00:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eac38875bf9666bbdce01265ab9f5ac6a325811b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:b8:61:ec:ab:78:e1:d1:46:70:ec:76:5e:c8:
                    cc:ab:65:05:7c:12:b5:eb:df:d0:d5:7b:5d:76:b7:
                    a7:91:51:c2:6e:46:18:00:1e:22:c9:6b:12:0a:78:
                    af:b0:b6:98:c9:6a:13:69:da:23:03:21:42:a9:64:
                    c2:6d:94:c2:b3:08:03:7d:92:59:80:6d:11:f0:e4:
                    a1:79:15:a1:77:a9:ea:6c:42:13:fc:14:ff:b6:f0:
                    e2:43:93:ea:24:c7:27:e7:38:f6:f5:16:7c:5a:a5:
                    69:d8:e2:ef:97:d9:ce:ec:29:9e:37:ab:35:42:1f:
                    17:0b:dc:38:40:a1:67:ea:54:0b:cf:d7:83:f7:91:
                    5d:9d:44:62:de:13:b5:e6:8b:3f:7d:73:98:eb:6f:
                    ef:f1:ec:5c:c3:15:a1:9f:9a:83:4a:ca:35:67:62:
                    78:91:3c:ff:e3:8f:41:f6:52:82:03:bc:f1:fe:6d:
                    da:ca:a2:a3:03:ca:5a:ea:e8:83:6c:ff:bd:bc:6a:
                    25:a2:ca:f7:08:39:8f:ef:18:99:e3:4d:76:b2:71:
                    7f:82:73:78:4b:3c:e1:1b:31:5e:c9:31:90:87:f2:
                    15:c9:98:a0:ee:76:fe:0d:a7:eb:d1:34:57:26:52:
                    2a:05:4f:0e:7e:94:00:c6:5c:23:97:a5:6f:c9:9e:
                    46:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:C3:88:75:BF:96:66:BB:DC:E0:12:65:AB:9F:5A:C6:A3:25:81:1B
            X509v3 Authority Key Identifier:
                keyid:80:5C:0C:9F:23:76:3C:03:7B:D6:88:47:45:CF:84:64:D2:DB:66:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gFwMnyN2PAN71ohHRc-EZNLbZj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/7247d5-e283-4b29-acfd-82e1e200504e/1/6sOIdb-WZrvc4BJlq59axqMlgRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/7247d5-e283-4b29-acfd-82e1e200504e/1/gFwMnyN2PAN71ohHRc-EZNLbZj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.164.0/22
                  185.67.24.0/22
                IPv6:
                  2a00:8120::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:ec:9f:10:2f:61:6b:6c:07:f2:e1:24:34:52:25:bc:d7:43:
         33:46:6e:e0:05:b4:69:80:a8:14:60:31:5d:8b:79:fb:d7:72:
         03:f3:cd:8b:dc:07:5f:a5:c0:3c:a2:5e:d2:ea:8b:69:44:96:
         f3:f3:3d:b8:8b:9f:99:e9:37:85:af:65:94:ed:6e:ab:13:4b:
         17:12:99:39:63:93:b9:e9:bc:6b:2e:1e:ad:dd:4b:63:94:79:
         b3:68:ee:c5:cd:bb:9c:8c:6f:3d:72:b3:df:7b:10:4b:f7:8d:
         27:22:81:1b:5e:3b:79:b1:da:55:13:64:67:7a:eb:83:46:82:
         f1:2c:f4:8f:ea:ef:6a:82:22:01:79:9c:1c:f3:06:82:40:f7:
         d1:44:d8:11:eb:4d:e5:6e:81:31:2a:79:c5:2e:c8:62:21:5f:
         27:27:08:c1:9b:ba:ba:26:be:72:ea:99:23:a3:c9:d5:bd:9c:
         f9:f2:1e:cf:68:49:2f:9f:76:46:43:61:da:87:8a:0d:75:a5:
         0d:3f:67:62:20:e6:6f:75:6d:84:f1:ca:fe:9c:a2:2b:2d:eb:
         ca:48:5f:0c:c0:2a:f2:74:36:61:b0:43:b5:4c:a7:0c:d7:02:
         57:e8:93:a3:74:8f:50:90:98:07:cc:bc:8f:3f:7e:4e:f2:83:
         30:a4:f9:ba
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzCbVtp3TKH3LGHAwKQSfH9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNWMwYzlmMjM3NjNjMDM3YmQ2ODg0NzQ1Y2Y4NDY0ZDJk
YjY2M2UwHhcNMjQwMTAxMDAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWMzODg3NWJmOTY2NmJiZGNlMDEyNjVhYjlmNWFjNmEzMjU4MTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirhh7Kt44dFGcOx2XsjMq2UFfBK1
69/Q1XtddrenkVHCbkYYAB4iyWsSCnivsLaYyWoTadojAyFCqWTCbZTCswgDfZJZ
gG0R8OSheRWhd6nqbEIT/BT/tvDiQ5PqJMcn5zj29RZ8WqVp2OLvl9nO7CmeN6s1
Qh8XC9w4QKFn6lQLz9eD95FdnURi3hO15os/fXOY62/v8excwxWhn5qDSso1Z2J4
kTz/449B9lKCA7zx/m3ayqKjA8pa6uiDbP+9vGolosr3CDmP7xiZ4012snF/gnN4
SzzhGzFeyTGQh/IVyZig7nb+Dafr0TRXJlIqBU8OfpQAxlwjl6VvyZ5GfQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOrDiHW/lma73OASZaufWsajJYEbMB8GA1UdIwQY
MBaAFIBcDJ8jdjwDe9aIR0XPhGTS22Y+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0Z3TW55TjJQQU43MW9oSFJjLUVaTkxiWmo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS83MjQ3ZDUtZTI4My00YjI5LWFjZmQt
ODJlMWUyMDA1MDRlLzEvNnNPSWRiLVdacnZjNEJKbHE1OWF4cU1sZ1JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS83MjQ3ZDUtZTI4My00YjI5LWFjZmQtODJlMWUyMDA1MDRl
LzEvZ0Z3TW55TjJQQU43MW9oSFJjLUVaTkxiWmo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuRmkAwQC
uUMYMA0EAgACMAcDBQAqAIEgMA0GCSqGSIb3DQEBCwUAA4IBAQB97J8QL2FrbAfy
4SQ0UiW810MzRm7gBbRpgKgUYDFdi3n713ID882L3AdfpcA8ol7S6otpRJbz8z24
i5+Z6TeFr2WU7W6rE0sXEpk5Y5O56bxrLh6t3UtjlHmzaO7FzbucjG89crPfexBL
940nIoEbXjt5sdpVE2RneuuDRoLxLPSP6u9qgiIBeZwc8waCQPfRRNgR603lboEx
KnnFLshiIV8nJwjBm7q6Jr5y6pkjo8nVvZz58h7PaEkvn3ZGQ2Hah4oNdaUNP2di
IOZvdW2E8cr+nKIrLevKSF8MwCrydDZhsEO1TKcM1wJX6JOjdI9QkJgHzLyPP35O
8oMwpPm6
-----END CERTIFICATE-----