Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/7aedad-b4cf-469c-aebf-cae6a709d14a/1/fxJVyVPUMbwk_o8J-tP7CmxSBFc.roa
File:                     fxJVyVPUMbwk_o8J-tP7CmxSBFc.roa (raw, json)
Hash identifier:          tL4lk8ZUZwMNk/QwshRzFaRtS1mYlNwDPNwO5p0kHCc=
Subject key identifier:   7F:12:55:C9:53:D4:31:BC:24:FE:8F:09:FA:D3:FB:0A:6C:52:04:57
Certificate issuer:       /CN=18e937c103db046f22553ef99438fa2959240da5
Certificate serial:       018CC7273F8DD69A3AF1B36A18C30B9F670A
Authority key identifier: 18:E9:37:C1:03:DB:04:6F:22:55:3E:F9:94:38:FA:29:59:24:0D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GOk3wQPbBG8iVT75lDj6KVkkDaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/7aedad-b4cf-469c-aebf-cae6a709d14a/1/fxJVyVPUMbwk_o8J-tP7CmxSBFc.roa
Signing time:             Mon 01 Jan 2024 22:31:27 +0000
ROA not before:           Mon 01 Jan 2024 22:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46489
IP address blocks:        185.42.204.0/22 maxlen: 24
                          2a01:62e0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/7aedad-b4cf-469c-aebf-cae6a709d14a/1/GOk3wQPbBG8iVT75lDj6KVkkDaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/7aedad-b4cf-469c-aebf-cae6a709d14a/1/GOk3wQPbBG8iVT75lDj6KVkkDaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GOk3wQPbBG8iVT75lDj6KVkkDaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3f:8d:d6:9a:3a:f1:b3:6a:18:c3:0b:9f:67:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18e937c103db046f22553ef99438fa2959240da5
        Validity
            Not Before: Jan  1 22:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f1255c953d431bc24fe8f09fad3fb0a6c520457
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:04:bb:32:9a:a6:b3:8f:46:b8:0d:9a:c1:ad:
                    25:ec:41:25:e1:7b:34:2e:53:f2:66:c8:aa:66:1e:
                    43:2c:ff:62:50:9c:d6:3f:e6:55:f1:b0:6d:72:9c:
                    f3:82:cd:f0:f3:2d:14:34:2e:e2:ae:54:4c:37:24:
                    90:52:16:74:1d:5f:5e:92:94:aa:1c:84:7e:f4:15:
                    14:5d:83:cb:aa:95:bc:6e:da:16:0b:aa:15:3f:57:
                    75:62:db:45:d9:46:47:a8:f6:93:08:e1:ae:8c:df:
                    1e:38:24:9e:b9:68:ea:3c:08:36:f1:c2:4b:76:70:
                    05:dc:10:33:05:53:71:65:6c:5d:fb:8c:01:af:47:
                    6b:b5:0b:c5:0c:97:43:46:cd:ee:28:fa:b6:60:73:
                    4c:8c:9b:88:a2:85:52:22:b4:a8:27:ac:e8:3f:9e:
                    d2:b8:e2:27:cb:31:4a:64:23:34:5c:37:bf:09:a6:
                    f1:0e:15:61:3b:bd:83:16:ef:9a:79:05:51:2f:60:
                    2e:a4:0b:76:ea:c0:1b:37:08:15:97:98:b8:ed:69:
                    d0:98:e1:7c:30:2b:48:c7:49:83:04:f2:ff:de:1a:
                    e8:e6:f7:ac:d4:68:68:88:04:05:b4:68:e4:b5:21:
                    24:1f:d5:59:3b:69:7f:97:e3:0f:6a:90:60:2f:c9:
                    33:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:12:55:C9:53:D4:31:BC:24:FE:8F:09:FA:D3:FB:0A:6C:52:04:57
            X509v3 Authority Key Identifier:
                keyid:18:E9:37:C1:03:DB:04:6F:22:55:3E:F9:94:38:FA:29:59:24:0D:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GOk3wQPbBG8iVT75lDj6KVkkDaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/7aedad-b4cf-469c-aebf-cae6a709d14a/1/fxJVyVPUMbwk_o8J-tP7CmxSBFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/7aedad-b4cf-469c-aebf-cae6a709d14a/1/GOk3wQPbBG8iVT75lDj6KVkkDaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.42.204.0/22
                IPv6:
                  2a01:62e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         ae:74:b3:dd:c9:00:8f:92:ed:5f:36:5b:ca:43:27:10:a9:3b:
         18:84:d5:71:5f:0c:f7:e5:51:06:1f:f4:6a:16:da:31:75:2e:
         68:d4:13:d0:a3:ea:38:da:93:4f:a7:9f:8c:87:79:db:0b:ae:
         a7:b1:83:d2:de:c5:76:cf:f6:2a:3a:66:75:df:6d:a6:9f:c5:
         60:49:46:c8:b2:67:e8:46:5d:64:8b:a8:3d:90:cc:f6:6e:48:
         e8:60:e2:6a:11:b5:d3:95:0b:b7:24:54:ec:59:62:21:66:72:
         fa:57:32:08:fa:bd:94:65:e5:fb:92:a6:db:e9:00:05:f7:c6:
         23:a2:af:93:db:bb:e0:86:a3:83:7c:b1:68:ef:d6:2e:6b:22:
         66:8a:1d:f4:08:74:99:c4:5a:ce:08:9b:38:f8:5a:ca:dc:28:
         ed:db:09:f7:19:66:02:72:c6:d7:67:51:49:8e:21:c8:40:c6:
         15:8a:7f:ca:80:a4:33:f6:38:27:69:e6:36:d5:e1:7b:f1:5d:
         a8:ff:2f:4b:b2:dd:ad:48:b9:65:bc:65:e3:13:d8:08:bb:b2:
         34:36:f3:cd:54:c0:8d:de:27:db:23:56:ba:15:ed:11:19:5f:
         e0:b5:b3:dc:1c:9f:86:6a:3b:33:b9:70:1f:af:91:fd:ee:ee:
         7a:5d:92:ae
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJz+N1po68bNqGMMLn2cKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4ZTkzN2MxMDNkYjA0NmYyMjU1M2VmOTk0MzhmYTI5NTky
NDBkYTUwHhcNMjQwMTAxMjIzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjEyNTVjOTUzZDQzMWJjMjRmZThmMDlmYWQzZmIwYTZjNTIwNDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQS7Mpqms49GuA2awa0l7EEl4Xs0
LlPyZsiqZh5DLP9iUJzWP+ZV8bBtcpzzgs3w8y0UNC7irlRMNySQUhZ0HV9ekpSq
HIR+9BUUXYPLqpW8btoWC6oVP1d1YttF2UZHqPaTCOGujN8eOCSeuWjqPAg28cJL
dnAF3BAzBVNxZWxd+4wBr0drtQvFDJdDRs3uKPq2YHNMjJuIooVSIrSoJ6zoP57S
uOInyzFKZCM0XDe/CabxDhVhO72DFu+aeQVRL2AupAt26sAbNwgVl5i47WnQmOF8
MCtIx0mDBPL/3hro5ves1GhoiAQFtGjktSEkH9VZO2l/l+MPapBgL8kzYwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH8SVclT1DG8JP6PCfrT+wpsUgRXMB8GA1UdIwQY
MBaAFBjpN8ED2wRvIlU++ZQ4+ilZJA2lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR09rM3dRUGJCRzhpVlQ3NWxEajZLVmtrRGFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83YWVkYWQtYjRjZi00NjljLWFlYmYt
Y2FlNmE3MDlkMTRhLzEvZnhKVnlWUFVNYndrX284Si10UDdDbXhTQkZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83YWVkYWQtYjRjZi00NjljLWFlYmYtY2FlNmE3MDlkMTRh
LzEvR09rM3dRUGJCRzhpVlQ3NWxEajZLVmtrRGFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSrMMA0E
AgACMAcDBQAqAWLgMA0GCSqGSIb3DQEBCwUAA4IBAQCudLPdyQCPku1fNlvKQycQ
qTsYhNVxXwz35VEGH/RqFtoxdS5o1BPQo+o42pNPp5+Mh3nbC66nsYPS3sV2z/Yq
OmZ1322mn8VgSUbIsmfoRl1ki6g9kMz2bkjoYOJqEbXTlQu3JFTsWWIhZnL6VzII
+r2UZeX7kqbb6QAF98Yjoq+T27vghqODfLFo79YuayJmih30CHSZxFrOCJs4+FrK
3Cjt2wn3GWYCcsbXZ1FJjiHIQMYVin/KgKQz9jgnaeY21eF78V2o/y9Lst2tSLll
vGXjE9gIu7I0NvPNVMCN3ifbI1a6Fe0RGV/gtbPcHJ+GajszuXAfr5H97u56XZKu
-----END CERTIFICATE-----