Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/e7d3de-1845-41f3-907a-9e96af6d6a8f/1/1CXnzfOy47KvPIa6daczh_yfjG8.roa
File:                     1CXnzfOy47KvPIa6daczh_yfjG8.roa (raw, json)
Hash identifier:          HinPgThi413iqbXHQEvOYiXn1T1uWgfpK9/tQdhN4Lk=
Subject key identifier:   D4:25:E7:CD:F3:B2:E3:B2:AF:3C:86:BA:75:A7:33:87:FC:9F:8C:6F
Certificate issuer:       /CN=2c8fa8533dcc820ba1ad6fb2b2f0161010531db9
Certificate serial:       018CC349502F02F903B09045A4EE6C0FAFAC
Authority key identifier: 2C:8F:A8:53:3D:CC:82:0B:A1:AD:6F:B2:B2:F0:16:10:10:53:1D:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LI-oUz3MgguhrW-ysvAWEBBTHbk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/e7d3de-1845-41f3-907a-9e96af6d6a8f/1/1CXnzfOy47KvPIa6daczh_yfjG8.roa
Signing time:             Mon 01 Jan 2024 04:30:10 +0000
ROA not before:           Mon 01 Jan 2024 04:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31727
IP address blocks:        185.113.188.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/e7d3de-1845-41f3-907a-9e96af6d6a8f/1/LI-oUz3MgguhrW-ysvAWEBBTHbk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/e7d3de-1845-41f3-907a-9e96af6d6a8f/1/LI-oUz3MgguhrW-ysvAWEBBTHbk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LI-oUz3MgguhrW-ysvAWEBBTHbk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:50:2f:02:f9:03:b0:90:45:a4:ee:6c:0f:af:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c8fa8533dcc820ba1ad6fb2b2f0161010531db9
        Validity
            Not Before: Jan  1 04:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d425e7cdf3b2e3b2af3c86ba75a73387fc9f8c6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:fa:9f:1d:98:07:b0:34:24:c5:2d:68:b1:49:
                    8f:8a:b4:cc:e0:9a:48:cb:1a:72:de:a7:60:a9:fb:
                    96:87:c9:f9:19:9f:1f:5d:73:9e:5c:7d:2a:c6:95:
                    ae:7b:68:ff:34:e3:43:e1:80:c8:b3:c7:bc:99:f7:
                    3a:a4:70:8f:9b:e3:65:70:d1:c5:5d:c5:6f:8f:73:
                    5d:f7:8f:4e:bd:fc:70:8b:d4:15:3d:7c:b2:9b:09:
                    e7:ec:ad:45:b7:9e:81:aa:19:c8:0b:84:ad:d0:43:
                    06:a2:8c:20:10:27:44:fd:3e:99:a2:e5:8d:04:d1:
                    5c:fc:4c:f8:b2:c4:a4:9e:89:be:35:7b:3f:a4:49:
                    b0:80:63:e2:6a:60:61:95:a6:6a:ac:40:fd:ce:00:
                    80:bc:bd:f8:d2:75:49:9c:2f:1d:2a:8b:ed:72:48:
                    ec:01:83:11:81:2a:95:ba:3b:3f:87:17:c2:d7:92:
                    35:49:08:9c:f5:43:5b:03:7e:9a:42:cf:b7:9f:15:
                    18:84:ad:ba:10:43:a6:cb:96:66:d9:fe:d9:a6:b7:
                    48:22:7c:90:58:e6:44:db:a7:7b:0b:77:3f:40:92:
                    2e:df:b1:94:b4:ae:44:87:42:1d:66:49:65:9d:0e:
                    b4:2d:1b:3b:a3:a7:f4:e6:ad:41:ec:11:39:99:92:
                    c4:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:25:E7:CD:F3:B2:E3:B2:AF:3C:86:BA:75:A7:33:87:FC:9F:8C:6F
            X509v3 Authority Key Identifier:
                keyid:2C:8F:A8:53:3D:CC:82:0B:A1:AD:6F:B2:B2:F0:16:10:10:53:1D:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LI-oUz3MgguhrW-ysvAWEBBTHbk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/e7d3de-1845-41f3-907a-9e96af6d6a8f/1/1CXnzfOy47KvPIa6daczh_yfjG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/e7d3de-1845-41f3-907a-9e96af6d6a8f/1/LI-oUz3MgguhrW-ysvAWEBBTHbk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:6d:6b:29:e7:b9:40:ed:40:5e:57:21:88:66:79:cf:a3:0e:
         64:b9:9f:ab:5d:38:11:d7:87:a5:17:f1:e3:07:eb:96:b3:48:
         e4:a4:26:60:e0:74:db:b5:cb:00:26:5a:2a:90:2a:f0:24:4b:
         ac:00:37:f2:bb:2c:47:be:95:95:2a:8f:32:10:5b:b1:f3:f9:
         bc:bc:95:a5:e8:c7:c7:b7:4c:57:c7:ee:b5:6a:31:2b:99:c4:
         88:bb:cc:11:54:27:d4:bc:f2:a6:54:66:dc:98:ec:47:03:de:
         ea:03:4f:9e:54:c2:d5:90:2a:de:3a:c9:b7:3e:30:bb:09:d5:
         b6:2e:5a:a3:e7:be:6f:b7:c9:d2:28:b3:54:d9:d7:89:b4:e4:
         3c:90:bb:b7:7c:cc:90:b7:4c:18:c3:e5:4a:52:36:c8:61:ec:
         e6:9c:bd:f2:cd:de:45:62:2a:c7:b9:ad:27:20:58:1f:e7:ca:
         c9:40:14:a3:ae:08:c6:2c:9d:70:4c:aa:a2:e1:0c:38:67:a1:
         57:93:48:8a:d8:96:60:04:a2:37:75:55:c6:a0:c4:43:22:61:
         81:29:fe:52:46:23:7a:40:89:83:c9:08:20:ab:64:bc:78:a2:
         3e:a8:68:af:d5:76:f2:3b:4b:25:96:3b:85:c4:87:9e:ad:93:
         7f:36:84:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVAvAvkDsJBFpO5sD6+sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjOGZhODUzM2RjYzgyMGJhMWFkNmZiMmIyZjAxNjEwMTA1
MzFkYjkwHhcNMjQwMTAxMDQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDI1ZTdjZGYzYjJlM2IyYWYzYzg2YmE3NWE3MzM4N2ZjOWY4YzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfqfHZgHsDQkxS1osUmPirTM4JpI
yxpy3qdgqfuWh8n5GZ8fXXOeXH0qxpWue2j/NOND4YDIs8e8mfc6pHCPm+NlcNHF
XcVvj3Nd949Ovfxwi9QVPXyymwnn7K1Ft56BqhnIC4St0EMGoowgECdE/T6ZouWN
BNFc/Ez4ssSknom+NXs/pEmwgGPiamBhlaZqrED9zgCAvL340nVJnC8dKovtckjs
AYMRgSqVujs/hxfC15I1SQic9UNbA36aQs+3nxUYhK26EEOmy5Zm2f7ZprdIInyQ
WOZE26d7C3c/QJIu37GUtK5Eh0IdZkllnQ60LRs7o6f05q1B7BE5mZLEKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQl583zsuOyrzyGunWnM4f8n4xvMB8GA1UdIwQY
MBaAFCyPqFM9zIILoa1vsrLwFhAQUx25MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEktb1V6M01nZ3VoclcteXN2QVdFQkJUSGJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9lN2QzZGUtMTg0NS00MWYzLTkwN2Et
OWU5NmFmNmQ2YThmLzEvMUNYbnpmT3k0N0t2UElhNmRhY3poX3lmakc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9lN2QzZGUtMTg0NS00MWYzLTkwN2EtOWU5NmFmNmQ2YThm
LzEvTEktb1V6M01nZ3VoclcteXN2QVdFQkJUSGJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXG8MA0G
CSqGSIb3DQEBCwUAA4IBAQCQbWsp57lA7UBeVyGIZnnPow5kuZ+rXTgR14elF/Hj
B+uWs0jkpCZg4HTbtcsAJloqkCrwJEusADfyuyxHvpWVKo8yEFux8/m8vJWl6MfH
t0xXx+61ajErmcSIu8wRVCfUvPKmVGbcmOxHA97qA0+eVMLVkCreOsm3PjC7CdW2
Llqj575vt8nSKLNU2deJtOQ8kLu3fMyQt0wYw+VKUjbIYezmnL3yzd5FYirHua0n
IFgf58rJQBSjrgjGLJ1wTKqi4Qw4Z6FXk0iK2JZgBKI3dVXGoMRDImGBKf5SRiN6
QImDyQggq2S8eKI+qGiv1XbyO0slljuFxIeerZN/NoSO
-----END CERTIFICATE-----