Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/K084RyfRCndbjs6w8W5rg18iTnk.roa
File:                     K084RyfRCndbjs6w8W5rg18iTnk.roa (raw, json)
Hash identifier:          zrORFVcsKtH0V7ay4cvTJUFjn1MBnh64WsuVTjYo5kA=
Subject key identifier:   2B:4F:38:47:27:D1:0A:77:5B:8E:CE:B0:F1:6E:6B:83:5F:22:4E:79
Certificate issuer:       /CN=f59d56c52c7733f83be774afa47bbd55d28797ac
Certificate serial:       018CC2DAEFA6F90ACF80BADEF55C8D39B397
Authority key identifier: F5:9D:56:C5:2C:77:33:F8:3B:E7:74:AF:A4:7B:BD:55:D2:87:97:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Z1WxSx3M_g753SvpHu9VdKHl6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/K084RyfRCndbjs6w8W5rg18iTnk.roa
Signing time:             Mon 01 Jan 2024 02:29:37 +0000
ROA not before:           Mon 01 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41227
IP address blocks:        194.34.160.0/24 maxlen: 24
                          194.34.161.0/24 maxlen: 24
                          194.34.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/9Z1WxSx3M_g753SvpHu9VdKHl6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/9Z1WxSx3M_g753SvpHu9VdKHl6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Z1WxSx3M_g753SvpHu9VdKHl6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ef:a6:f9:0a:cf:80:ba:de:f5:5c:8d:39:b3:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f59d56c52c7733f83be774afa47bbd55d28797ac
        Validity
            Not Before: Jan  1 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b4f384727d10a775b8eceb0f16e6b835f224e79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:7a:fe:1f:8f:ff:a6:2c:c3:16:f1:dc:1a:53:
                    de:38:98:bf:b3:b9:49:fa:fd:ce:fc:db:ca:f6:1f:
                    cb:bd:5e:ff:02:9d:fd:77:da:d4:e9:f5:a7:ad:fb:
                    ae:e0:ee:49:44:80:6f:29:1d:41:a4:ee:df:59:b6:
                    55:80:7b:dc:0d:55:10:71:fc:e6:fb:f3:04:04:d2:
                    7e:13:b2:8d:42:01:76:08:de:33:60:f5:d5:ba:e3:
                    d7:d8:fe:55:83:66:8f:67:42:51:9d:48:05:0b:73:
                    da:4c:a7:5c:50:f1:15:22:a9:62:21:dd:15:ec:98:
                    20:67:1a:3f:d2:27:76:3e:01:80:42:a4:34:57:e6:
                    06:28:b4:4d:43:64:c4:1d:05:f2:41:14:fe:3a:f2:
                    05:2b:90:06:fe:d6:d9:ff:0c:99:1a:48:ca:0b:24:
                    4b:82:17:c7:d8:80:d8:0b:89:e9:a1:d0:9a:14:b0:
                    45:07:7a:24:82:53:a2:a4:06:2f:93:aa:fe:02:0e:
                    93:3b:49:b0:cd:43:4f:3e:f2:3d:47:77:4c:f8:91:
                    80:87:c9:cd:6c:ba:db:ef:09:f8:48:26:73:66:8a:
                    88:1e:68:2f:50:db:c7:22:f5:01:7d:74:d1:cc:a7:
                    1b:4d:43:46:d6:c7:12:6e:9d:25:c3:cb:7b:fc:9d:
                    3a:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:4F:38:47:27:D1:0A:77:5B:8E:CE:B0:F1:6E:6B:83:5F:22:4E:79
            X509v3 Authority Key Identifier:
                keyid:F5:9D:56:C5:2C:77:33:F8:3B:E7:74:AF:A4:7B:BD:55:D2:87:97:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Z1WxSx3M_g753SvpHu9VdKHl6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/K084RyfRCndbjs6w8W5rg18iTnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/9Z1WxSx3M_g753SvpHu9VdKHl6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.160.0-194.34.162.255

    Signature Algorithm: sha256WithRSAEncryption
         8b:4b:f9:2c:ae:69:b5:b4:8a:17:3e:9a:68:9a:4c:b0:90:ee:
         a1:62:f9:f1:54:b9:4b:67:8f:57:98:0e:f1:fe:70:b6:dd:4f:
         44:a1:bc:ab:db:ac:1d:18:bd:02:6d:83:0a:c0:85:0b:61:2b:
         fd:fa:17:3a:63:f0:80:c2:36:cf:9c:2f:07:33:f1:98:ee:4a:
         fa:f3:ea:eb:f8:81:15:6e:eb:76:cf:64:f2:a4:b3:ad:6e:66:
         71:56:d6:26:de:a5:8b:fd:30:48:40:4b:81:54:de:64:e6:71:
         24:3b:71:48:dc:24:81:84:b3:b6:6c:71:33:2c:c3:97:9e:2f:
         a2:02:8b:39:08:c0:56:42:a0:1b:ff:3a:7d:e1:48:49:0f:59:
         74:b7:71:aa:65:7d:b8:bc:b1:7c:5c:59:b2:1b:6d:e6:ac:51:
         69:fa:46:95:c5:7d:5b:ab:56:f2:45:52:ca:0f:17:7b:f9:f1:
         22:e0:56:83:6e:5b:9a:2a:db:f6:90:0e:9f:cd:df:7c:0f:f9:
         c9:d4:d7:f0:a7:8e:3c:3a:7f:56:c9:49:85:25:57:42:7d:cb:
         36:f7:05:75:46:34:f1:6b:02:ed:c0:82:cf:04:5a:20:4c:39:
         78:f3:6e:5d:62:9a:6f:e9:e3:4a:15:e6:95:6a:94:df:43:72:
         d9:45:f8:1e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzC2u+m+QrPgLre9VyNObOXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1OWQ1NmM1MmM3NzMzZjgzYmU3NzRhZmE0N2JiZDU1ZDI4
Nzk3YWMwHhcNMjQwMTAxMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjRmMzg0NzI3ZDEwYTc3NWI4ZWNlYjBmMTZlNmI4MzVmMjI0ZTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknr+H4//pizDFvHcGlPeOJi/s7lJ
+v3O/NvK9h/LvV7/Ap39d9rU6fWnrfuu4O5JRIBvKR1BpO7fWbZVgHvcDVUQcfzm
+/MEBNJ+E7KNQgF2CN4zYPXVuuPX2P5Vg2aPZ0JRnUgFC3PaTKdcUPEVIqliId0V
7JggZxo/0id2PgGAQqQ0V+YGKLRNQ2TEHQXyQRT+OvIFK5AG/tbZ/wyZGkjKCyRL
ghfH2IDYC4npodCaFLBFB3okglOipAYvk6r+Ag6TO0mwzUNPPvI9R3dM+JGAh8nN
bLrb7wn4SCZzZoqIHmgvUNvHIvUBfXTRzKcbTUNG1scSbp0lw8t7/J06JQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCtPOEcn0Qp3W47OsPFua4NfIk55MB8GA1UdIwQY
MBaAFPWdVsUsdzP4O+d0r6R7vVXSh5esMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVoxV3hTeDNNX2c3NTNTdnBIdTlWZEtIbDZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9jYzEwMTMtNWRjYi00ZWJjLWI3OWUt
NWMwNjdiOGI5MWE1LzEvSzA4NFJ5ZlJDbmRianM2dzhXNXJnMThpVG5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9jYzEwMTMtNWRjYi00ZWJjLWI3OWUtNWMwNjdiOGI5MWE1
LzEvOVoxV3hTeDNNX2c3NTNTdnBIdTlWZEtIbDZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAXCIqAD
BADCIqIwDQYJKoZIhvcNAQELBQADggEBAItL+SyuabW0ihc+mmiaTLCQ7qFi+fFU
uUtnj1eYDvH+cLbdT0ShvKvbrB0YvQJtgwrAhQthK/36Fzpj8IDCNs+cLwcz8Zju
Svrz6uv4gRVu63bPZPKks61uZnFW1ibepYv9MEhAS4FU3mTmcSQ7cUjcJIGEs7Zs
cTMsw5eeL6ICizkIwFZCoBv/On3hSEkPWXS3caplfbi8sXxcWbIbbeasUWn6RpXF
fVurVvJFUsoPF3v58SLgVoNuW5oq2/aQDp/N33wP+cnU1/Cnjjw6f1bJSYUlV0J9
yzb3BXVGNPFrAu3Ags8EWiBMOXjzbl1imm/p40oV5pVqlN9DctlF+B4=
-----END CERTIFICATE-----