Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/2d0b19-0aff-412f-a2fd-21895728ba4e/1/IGJfVzvhS1XNfQJqw7b44W8rh5Q.roa
File:                     IGJfVzvhS1XNfQJqw7b44W8rh5Q.roa (raw, json)
Hash identifier:          ps4BuWOubuNVlVOQpqaTImNMOhN/B2m1xTG8lC4cqCo=
Subject key identifier:   20:62:5F:57:3B:E1:4B:55:CD:7D:02:6A:C3:B6:F8:E1:6F:2B:87:94
Certificate issuer:       /CN=93dc45ffe13f841f188af743bd7dc34ed54805d4
Certificate serial:       019424B3D6A85EEDA814810174312733A180
Authority key identifier: 93:DC:45:FF:E1:3F:84:1F:18:8A:F7:43:BD:7D:C3:4E:D5:48:05:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k9xF_-E_hB8YivdDvX3DTtVIBdQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/2d0b19-0aff-412f-a2fd-21895728ba4e/1/IGJfVzvhS1XNfQJqw7b44W8rh5Q.roa
Signing time:             Thu 02 Jan 2025 01:49:13 +0000
ROA not before:           Thu 02 Jan 2025 01:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206063
IP address blocks:        185.188.0.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/2d0b19-0aff-412f-a2fd-21895728ba4e/1/k9xF_-E_hB8YivdDvX3DTtVIBdQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/2d0b19-0aff-412f-a2fd-21895728ba4e/1/k9xF_-E_hB8YivdDvX3DTtVIBdQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k9xF_-E_hB8YivdDvX3DTtVIBdQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:d6:a8:5e:ed:a8:14:81:01:74:31:27:33:a1:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93dc45ffe13f841f188af743bd7dc34ed54805d4
        Validity
            Not Before: Jan  2 01:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20625f573be14b55cd7d026ac3b6f8e16f2b8794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:27:76:c2:6d:12:fd:43:84:30:ca:20:27:e8:
                    5e:80:e6:94:47:ad:c0:79:28:91:1a:52:85:08:9a:
                    b5:4b:d9:d9:7d:8d:51:2c:a9:91:24:74:f6:8d:41:
                    f4:35:fd:20:eb:6d:e5:69:64:fb:f3:4e:c1:26:ca:
                    f4:55:fc:a6:a2:db:98:db:05:2a:64:2c:9c:b5:af:
                    11:a8:fe:09:7a:62:af:54:7d:49:93:e7:08:d0:53:
                    25:2a:b5:76:7d:db:1a:88:29:0d:22:14:6d:a8:90:
                    c0:76:cc:d7:07:71:e0:24:7d:3f:12:b2:2c:91:3e:
                    e0:24:02:c6:64:9b:88:b0:08:d4:c6:e0:cd:e6:a5:
                    26:76:0a:c4:c3:39:df:1e:1e:67:26:57:8e:c0:dc:
                    66:ea:b0:b4:b2:7c:45:b8:76:01:4f:26:c5:cf:1a:
                    43:17:8f:0d:a9:c4:17:75:a5:21:7e:c2:b2:72:70:
                    a5:da:e6:b9:f2:35:bd:0c:25:2c:c0:ec:00:99:b8:
                    53:37:02:b7:a8:0d:a7:bd:c8:3d:a4:f0:5a:31:d7:
                    a1:48:09:83:8d:a2:81:19:88:f6:34:9b:35:85:63:
                    50:6a:83:1c:01:be:79:06:d0:19:27:4d:5d:80:8a:
                    d0:c6:f8:6f:3e:6c:1f:56:c9:0d:a5:98:71:47:3f:
                    33:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:62:5F:57:3B:E1:4B:55:CD:7D:02:6A:C3:B6:F8:E1:6F:2B:87:94
            X509v3 Authority Key Identifier:
                keyid:93:DC:45:FF:E1:3F:84:1F:18:8A:F7:43:BD:7D:C3:4E:D5:48:05:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k9xF_-E_hB8YivdDvX3DTtVIBdQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/2d0b19-0aff-412f-a2fd-21895728ba4e/1/IGJfVzvhS1XNfQJqw7b44W8rh5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/2d0b19-0aff-412f-a2fd-21895728ba4e/1/k9xF_-E_hB8YivdDvX3DTtVIBdQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:04:e8:54:1c:1f:34:7e:b7:56:b8:de:ce:55:82:43:24:eb:
         db:59:e8:6a:a1:0d:d6:73:67:8d:ed:9c:41:9b:ce:6b:00:bf:
         7f:f3:e6:82:43:cd:4c:ce:e4:dd:e2:a8:d3:58:ce:ba:71:07:
         c7:b0:c8:fe:be:4c:6e:3f:6e:5a:7d:06:fc:5c:f0:da:0f:a8:
         6d:69:b1:03:15:ff:61:3a:0b:69:07:66:6b:7d:15:2e:97:31:
         d5:46:d9:5b:05:c6:fc:41:5e:68:b7:d4:3e:da:a3:84:c6:da:
         c9:4f:50:d3:39:d4:5a:32:38:8e:70:d7:ff:e8:e7:c3:48:41:
         d6:62:29:47:eb:fd:69:47:56:ee:00:3a:af:5c:64:e9:3e:4f:
         69:97:ea:cb:07:e8:53:06:48:5f:2c:bb:f6:29:71:2d:8d:f5:
         33:de:4e:16:22:6d:57:94:c6:8c:0a:8d:3c:ac:13:3b:44:55:
         61:ef:88:e7:4b:d3:12:3b:9d:24:d8:d0:a1:7b:17:fe:4c:d3:
         34:58:a8:15:3e:15:08:07:89:53:6c:bf:5e:ea:94:47:70:d7:
         26:ec:f7:8a:b7:fd:f8:be:66:14:cc:3b:e2:53:f6:f2:96:08:
         8b:74:40:51:cb:d4:dc:75:98:8c:52:e1:03:d0:b4:d5:c6:73:
         63:83:8f:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks9aoXu2oFIEBdDEnM6GAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZGM0NWZmZTEzZjg0MWYxODhhZjc0M2JkN2RjMzRlZDU0
ODA1ZDQwHhcNMjUwMTAyMDE0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDYyNWY1NzNiZTE0YjU1Y2Q3ZDAyNmFjM2I2ZjhlMTZmMmI4Nzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSd2wm0S/UOEMMogJ+hegOaUR63A
eSiRGlKFCJq1S9nZfY1RLKmRJHT2jUH0Nf0g623laWT7807BJsr0VfymotuY2wUq
ZCycta8RqP4JemKvVH1Jk+cI0FMlKrV2fdsaiCkNIhRtqJDAdszXB3HgJH0/ErIs
kT7gJALGZJuIsAjUxuDN5qUmdgrEwznfHh5nJleOwNxm6rC0snxFuHYBTybFzxpD
F48NqcQXdaUhfsKycnCl2ua58jW9DCUswOwAmbhTNwK3qA2nvcg9pPBaMdehSAmD
jaKBGYj2NJs1hWNQaoMcAb55BtAZJ01dgIrQxvhvPmwfVskNpZhxRz8zzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCBiX1c74UtVzX0CasO2+OFvK4eUMB8GA1UdIwQY
MBaAFJPcRf/hP4QfGIr3Q719w07VSAXUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazl4Rl8tRV9oQjhZaXZkRHZYM0RUdFZJQmRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8yZDBiMTktMGFmZi00MTJmLWEyZmQt
MjE4OTU3MjhiYTRlLzEvSUdKZlZ6dmhTMVhOZlFKcXc3YjQ0VzhyaDVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8yZDBiMTktMGFmZi00MTJmLWEyZmQtMjE4OTU3MjhiYTRl
LzEvazl4Rl8tRV9oQjhZaXZkRHZYM0RUdFZJQmRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubwAMA0G
CSqGSIb3DQEBCwUAA4IBAQCSBOhUHB80frdWuN7OVYJDJOvbWehqoQ3Wc2eN7ZxB
m85rAL9/8+aCQ81MzuTd4qjTWM66cQfHsMj+vkxuP25afQb8XPDaD6htabEDFf9h
OgtpB2ZrfRUulzHVRtlbBcb8QV5ot9Q+2qOExtrJT1DTOdRaMjiOcNf/6OfDSEHW
YilH6/1pR1buADqvXGTpPk9pl+rLB+hTBkhfLLv2KXEtjfUz3k4WIm1XlMaMCo08
rBM7RFVh74jnS9MSO50k2NChexf+TNM0WKgVPhUIB4lTbL9e6pRHcNcm7PeKt/34
vmYUzDviU/bylgiLdEBRy9TcdZiMUuED0LTVxnNjg48C
-----END CERTIFICATE-----