Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/mF_Rk_Zp87uZO2fBaWN2TgEj-YM.roa
File:                     mF_Rk_Zp87uZO2fBaWN2TgEj-YM.roa (raw, json)
Hash identifier:          fkxoI9zs9ttOt6gnH/tLrXodZuc6sTLh2ptdeoYN02g=
Subject key identifier:   98:5F:D1:93:F6:69:F3:BB:99:3B:67:C1:69:63:76:4E:01:23:F9:83
Certificate issuer:       /CN=69ca7c17232db063491cfa585203369ffbeb76ed
Certificate serial:       018CC492A5EB6593B3502B07EA6E338AED79
Authority key identifier: 69:CA:7C:17:23:2D:B0:63:49:1C:FA:58:52:03:36:9F:FB:EB:76:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/acp8FyMtsGNJHPpYUgM2n_vrdu0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/mF_Rk_Zp87uZO2fBaWN2TgEj-YM.roa
Signing time:             Mon 01 Jan 2024 10:29:54 +0000
ROA not before:           Mon 01 Jan 2024 10:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57588
IP address blocks:        185.65.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/acp8FyMtsGNJHPpYUgM2n_vrdu0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/acp8FyMtsGNJHPpYUgM2n_vrdu0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/acp8FyMtsGNJHPpYUgM2n_vrdu0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 22:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:a5:eb:65:93:b3:50:2b:07:ea:6e:33:8a:ed:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69ca7c17232db063491cfa585203369ffbeb76ed
        Validity
            Not Before: Jan  1 10:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=985fd193f669f3bb993b67c16963764e0123f983
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:63:67:f8:f5:9d:23:e5:10:2e:f7:75:c3:a9:
                    d4:76:28:a0:59:f3:09:e7:30:8a:94:4c:c8:2f:ff:
                    11:85:82:89:e1:40:03:22:ca:d1:01:7b:a7:28:59:
                    df:c5:90:67:13:4a:8e:fc:80:19:7e:7b:10:36:30:
                    95:8d:cf:f7:f3:8c:fa:82:68:94:ce:34:a6:8d:cf:
                    92:7f:34:a1:06:9e:37:a9:00:6d:dd:ca:09:31:b3:
                    4e:e3:19:75:9c:96:e3:56:7c:ef:7e:b0:e2:fb:2a:
                    86:73:2e:0e:c9:0a:ef:ad:ac:65:b8:4b:c0:5b:fe:
                    8c:d3:c4:8a:65:6b:74:f4:2f:7d:4e:9f:73:6d:7d:
                    f8:69:ae:54:2e:55:51:3d:de:1f:83:5d:82:d0:66:
                    ea:7a:e4:c9:fa:2a:5b:03:03:d9:e5:54:ae:7c:78:
                    e2:a3:b5:93:a5:5a:f0:02:c8:46:14:a3:46:5c:1a:
                    4b:a6:76:23:f8:ee:13:c4:f0:85:44:ec:f2:20:99:
                    6c:1c:c0:6a:01:de:24:9c:ee:c2:a7:c6:31:3f:45:
                    16:cb:a4:6f:a1:cb:3b:be:ac:14:03:a1:b9:a4:55:
                    95:3e:5f:76:4f:da:97:a7:71:32:49:87:bb:ad:1f:
                    3f:36:8a:b1:d5:92:c7:13:0b:3d:8a:64:c8:fe:d4:
                    8a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:5F:D1:93:F6:69:F3:BB:99:3B:67:C1:69:63:76:4E:01:23:F9:83
            X509v3 Authority Key Identifier:
                keyid:69:CA:7C:17:23:2D:B0:63:49:1C:FA:58:52:03:36:9F:FB:EB:76:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/acp8FyMtsGNJHPpYUgM2n_vrdu0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/mF_Rk_Zp87uZO2fBaWN2TgEj-YM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/acp8FyMtsGNJHPpYUgM2n_vrdu0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:26:e6:6a:4d:d7:9a:aa:e6:a3:ba:5c:bd:7b:bc:4e:dc:d0:
         05:24:29:e8:be:16:76:a4:d9:83:fd:0f:d8:70:b5:73:83:0a:
         77:4f:78:e8:75:64:11:58:bc:6f:0d:44:94:38:2c:6b:7e:9e:
         90:d7:b3:e3:73:7b:f4:66:30:e1:fa:d3:70:81:f2:d9:26:fc:
         58:c6:5a:42:14:a8:a2:43:95:a8:16:d7:db:6e:fd:c8:34:f7:
         2d:9e:f0:ae:c0:b8:83:44:31:ea:da:00:99:0a:0b:5d:47:3c:
         26:34:dd:41:78:69:6a:b9:6e:77:0a:0b:4b:ce:3c:af:b9:e7:
         06:8d:51:ca:35:a8:af:c4:24:8d:f3:b9:e7:79:e9:ba:54:da:
         15:e7:07:97:86:f2:62:32:c6:14:9a:6d:24:0c:60:df:0d:ac:
         84:d4:20:8b:84:64:3d:e4:53:ad:24:ca:fa:c3:71:3a:7b:f9:
         d0:e4:0d:d6:71:8e:e1:a6:de:b4:f4:5e:13:92:96:ae:b5:1d:
         e9:9e:60:24:b0:a5:24:ba:a5:b7:e5:3d:b4:f6:22:9d:e2:eb:
         f6:e2:1f:ae:75:b3:b3:7d:2d:4b:08:43:07:c6:91:15:4c:2f:
         43:34:72:ce:5e:cc:ec:f0:b5:ab:89:e5:98:c1:e0:c2:7b:6e:
         1b:7f:4f:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkqXrZZOzUCsH6m4ziu15MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5Y2E3YzE3MjMyZGIwNjM0OTFjZmE1ODUyMDMzNjlmZmJl
Yjc2ZWQwHhcNMjQwMTAxMTAyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODVmZDE5M2Y2NjlmM2JiOTkzYjY3YzE2OTYzNzY0ZTAxMjNmOTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGNn+PWdI+UQLvd1w6nUdiigWfMJ
5zCKlEzIL/8RhYKJ4UADIsrRAXunKFnfxZBnE0qO/IAZfnsQNjCVjc/384z6gmiU
zjSmjc+SfzShBp43qQBt3coJMbNO4xl1nJbjVnzvfrDi+yqGcy4OyQrvraxluEvA
W/6M08SKZWt09C99Tp9zbX34aa5ULlVRPd4fg12C0GbqeuTJ+ipbAwPZ5VSufHji
o7WTpVrwAshGFKNGXBpLpnYj+O4TxPCFROzyIJlsHMBqAd4knO7Cp8YxP0UWy6Rv
ocs7vqwUA6G5pFWVPl92T9qXp3EySYe7rR8/Noqx1ZLHEws9imTI/tSKcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJhf0ZP2afO7mTtnwWljdk4BI/mDMB8GA1UdIwQY
MBaAFGnKfBcjLbBjSRz6WFIDNp/763btMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWNwOEZ5TXRzR05KSFBwWVVnTTJuX3ZyZHUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9iZmI0MjMtZGE2OS00MjY1LTk1ZTUt
ZjQ3YWU3ZGRhZWMwLzEvbUZfUmtfWnA4N3VaTzJmQmFXTjJUZ0VqLVlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9iZmI0MjMtZGE2OS00MjY1LTk1ZTUtZjQ3YWU3ZGRhZWMw
LzEvYWNwOEZ5TXRzR05KSFBwWVVnTTJuX3ZyZHUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUH+MA0G
CSqGSIb3DQEBCwUAA4IBAQATJuZqTdeaquajuly9e7xO3NAFJCnovhZ2pNmD/Q/Y
cLVzgwp3T3jodWQRWLxvDUSUOCxrfp6Q17Pjc3v0ZjDh+tNwgfLZJvxYxlpCFKii
Q5WoFtfbbv3INPctnvCuwLiDRDHq2gCZCgtdRzwmNN1BeGlquW53CgtLzjyvuecG
jVHKNaivxCSN87nneem6VNoV5weXhvJiMsYUmm0kDGDfDayE1CCLhGQ95FOtJMr6
w3E6e/nQ5A3WcY7hpt609F4TkpautR3pnmAksKUkuqW35T209iKd4uv24h+udbOz
fS1LCEMHxpEVTC9DNHLOXszs8LWrieWYweDCe24bf08S
-----END CERTIFICATE-----