Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/F6GbEsOwyyG8o8bV63EAhvgPv20.roa
File:                     F6GbEsOwyyG8o8bV63EAhvgPv20.roa (raw, json)
Hash identifier:          EM9ccbF4wbMzML21gfy8G7ZsIEgbEwrm+BJcQvLh9SE=
Subject key identifier:   17:A1:9B:12:C3:B0:CB:21:BC:A3:C6:D5:EB:71:00:86:F8:0F:BF:6D
Certificate issuer:       /CN=a7c7544e8b482d2311903706eed724049fe385bf
Certificate serial:       01942143CFC2C3BE7E00F7777E8111EAAA9B
Authority key identifier: A7:C7:54:4E:8B:48:2D:23:11:90:37:06:EE:D7:24:04:9F:E3:85:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p8dUTotILSMRkDcG7tckBJ_jhb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/F6GbEsOwyyG8o8bV63EAhvgPv20.roa
Signing time:             Wed 01 Jan 2025 09:47:59 +0000
ROA not before:           Wed 01 Jan 2025 09:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39020
IP address blocks:        185.120.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/p8dUTotILSMRkDcG7tckBJ_jhb8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/p8dUTotILSMRkDcG7tckBJ_jhb8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p8dUTotILSMRkDcG7tckBJ_jhb8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 18:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:cf:c2:c3:be:7e:00:f7:77:7e:81:11:ea:aa:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7c7544e8b482d2311903706eed724049fe385bf
        Validity
            Not Before: Jan  1 09:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17a19b12c3b0cb21bca3c6d5eb710086f80fbf6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:4f:96:5e:47:9b:d4:0c:52:dc:2b:12:4a:9d:
                    76:60:33:63:f0:6d:bd:f8:d4:49:5d:fe:f2:50:e3:
                    f0:e0:16:52:e7:67:5c:e5:d9:f9:82:75:e3:76:58:
                    92:89:f3:fe:23:97:66:55:fb:d9:77:ae:a6:f2:2f:
                    f0:6e:e9:20:8c:ab:1b:2c:dc:58:8f:63:9f:81:1a:
                    61:28:9a:64:d1:a1:78:6b:e2:3f:21:4c:17:13:5b:
                    f0:7c:6c:04:2b:c1:c4:59:9f:1c:07:1b:75:d2:6e:
                    95:26:2c:c9:57:12:49:1b:24:2a:01:13:08:34:7b:
                    70:f7:e7:cc:33:2b:b5:8c:48:90:38:07:3c:11:58:
                    99:c2:68:03:d8:79:98:66:8d:92:14:b7:cd:bb:b7:
                    f5:38:61:7a:b9:68:d9:09:85:a0:72:6e:77:5a:11:
                    26:e9:97:10:a5:1a:66:94:d0:2f:a6:6e:63:d0:5c:
                    ac:85:43:a7:93:96:48:d0:51:5c:b2:9d:30:7f:4f:
                    cc:4d:1f:57:ff:61:aa:b1:f2:83:bd:1f:8a:c2:cd:
                    74:9b:f1:81:d1:fb:02:d7:0b:5b:82:f6:33:99:68:
                    e2:b7:81:1c:96:ee:89:72:92:fb:c3:0c:62:f1:f4:
                    0a:62:b2:02:ee:c0:d1:43:43:7d:0f:47:03:8b:27:
                    78:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:A1:9B:12:C3:B0:CB:21:BC:A3:C6:D5:EB:71:00:86:F8:0F:BF:6D
            X509v3 Authority Key Identifier:
                keyid:A7:C7:54:4E:8B:48:2D:23:11:90:37:06:EE:D7:24:04:9F:E3:85:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p8dUTotILSMRkDcG7tckBJ_jhb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/F6GbEsOwyyG8o8bV63EAhvgPv20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/p8dUTotILSMRkDcG7tckBJ_jhb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:06:36:11:97:d2:e2:7b:57:f6:1b:2c:c8:c6:3e:98:c4:a9:
         c8:f7:c9:2c:43:72:42:a2:2c:a9:bd:7a:c5:0d:20:5c:f1:01:
         1a:5f:28:49:74:cd:ee:01:71:da:4f:f0:d9:2c:fd:61:8c:94:
         d9:aa:61:7a:2d:a3:32:39:f7:67:d0:16:a4:37:7e:9a:f2:86:
         a7:98:4f:68:42:84:b3:41:bd:69:ce:75:a4:dd:0a:0c:c4:1f:
         d5:25:0e:21:7f:da:1a:48:57:64:36:f9:70:11:24:eb:14:96:
         35:41:db:37:d8:33:f8:2c:0b:3f:5e:e3:c8:56:54:5f:90:e1:
         fd:be:70:e5:11:c8:66:b6:20:1d:df:5e:36:1a:4a:9f:ad:ca:
         31:4b:08:80:d3:fd:bc:9c:d6:ec:19:a5:d5:2e:e6:be:29:9d:
         ff:0c:b0:84:a0:85:ea:6a:34:68:6f:95:16:be:11:e2:c8:59:
         cf:d9:5b:e6:36:0c:9b:a7:92:c9:47:76:f4:73:56:b5:0e:50:
         f0:01:5c:9e:75:6e:62:4e:26:40:07:fe:f9:7b:17:a2:0c:4d:
         b7:f2:db:e0:41:8e:81:7a:7a:e7:7d:d8:fd:2a:d0:1d:28:48:
         f9:4e:69:c9:5c:ee:26:a4:a8:4b:83:e5:45:08:21:d5:28:52:
         f8:16:90:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ8/Cw75+APd3foER6qqbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3Yzc1NDRlOGI0ODJkMjMxMTkwMzcwNmVlZDcyNDA0OWZl
Mzg1YmYwHhcNMjUwMTAxMDk0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2ExOWIxMmMzYjBjYjIxYmNhM2M2ZDVlYjcxMDA4NmY4MGZiZjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsU+WXkeb1AxS3CsSSp12YDNj8G29
+NRJXf7yUOPw4BZS52dc5dn5gnXjdliSifP+I5dmVfvZd66m8i/wbukgjKsbLNxY
j2OfgRphKJpk0aF4a+I/IUwXE1vwfGwEK8HEWZ8cBxt10m6VJizJVxJJGyQqARMI
NHtw9+fMMyu1jEiQOAc8EViZwmgD2HmYZo2SFLfNu7f1OGF6uWjZCYWgcm53WhEm
6ZcQpRpmlNAvpm5j0FyshUOnk5ZI0FFcsp0wf0/MTR9X/2GqsfKDvR+Kws10m/GB
0fsC1wtbgvYzmWjit4Eclu6JcpL7wwxi8fQKYrIC7sDRQ0N9D0cDiyd4nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBehmxLDsMshvKPG1etxAIb4D79tMB8GA1UdIwQY
MBaAFKfHVE6LSC0jEZA3Bu7XJASf44W/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDhkVVRvdElMU01Sa0RjRzd0Y2tCSl9qaGI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8yZDU5NjAtYzY2ZC00MmRmLTk1ZDIt
NDA1MjQ1MGM5MGE5LzEvRjZHYkVzT3d5eUc4bzhiVjYzRUFodmdQdjIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8yZDU5NjAtYzY2ZC00MmRmLTk1ZDItNDA1MjQ1MGM5MGE5
LzEvcDhkVVRvdElMU01Sa0RjRzd0Y2tCSl9qaGI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXi2MA0G
CSqGSIb3DQEBCwUAA4IBAQAaBjYRl9Lie1f2GyzIxj6YxKnI98ksQ3JCoiypvXrF
DSBc8QEaXyhJdM3uAXHaT/DZLP1hjJTZqmF6LaMyOfdn0BakN36a8oanmE9oQoSz
Qb1pznWk3QoMxB/VJQ4hf9oaSFdkNvlwESTrFJY1Qds32DP4LAs/XuPIVlRfkOH9
vnDlEchmtiAd3142GkqfrcoxSwiA0/28nNbsGaXVLua+KZ3/DLCEoIXqajRob5UW
vhHiyFnP2VvmNgybp5LJR3b0c1a1DlDwAVyedW5iTiZAB/75exeiDE238tvgQY6B
enrnfdj9KtAdKEj5TmnJXO4mpKhLg+VFCCHVKFL4FpBa
-----END CERTIFICATE-----