Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/9dd8ae-4afc-44c1-9bd0-c532195eef49/1/IpfRYquYBREJuGGIMVW0xT4GPrc.roa
File:                     IpfRYquYBREJuGGIMVW0xT4GPrc.roa (raw, json)
Hash identifier:          zTv66mY2oJacfg5TXhHzQ4eLqggjjXUiUNc2CTfy1Tk=
Subject key identifier:   22:97:D1:62:AB:98:05:11:09:B8:61:88:31:55:B4:C5:3E:06:3E:B7
Certificate issuer:       /CN=b4a7d05482b84d3bb604f099bcaf9e7ed346889a
Certificate serial:       018CC86FAB8288BA8915A88FDA87AF4F6390
Authority key identifier: B4:A7:D0:54:82:B8:4D:3B:B6:04:F0:99:BC:AF:9E:7E:D3:46:88:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tKfQVIK4TTu2BPCZvK-eftNGiJo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/9dd8ae-4afc-44c1-9bd0-c532195eef49/1/IpfRYquYBREJuGGIMVW0xT4GPrc.roa
Signing time:             Tue 02 Jan 2024 04:30:10 +0000
ROA not before:           Tue 02 Jan 2024 04:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48629
IP address blocks:        185.86.161.0/24 maxlen: 24
                          185.86.160.0/24 maxlen: 24
                          185.86.163.0/24 maxlen: 24
                          185.86.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/9dd8ae-4afc-44c1-9bd0-c532195eef49/1/tKfQVIK4TTu2BPCZvK-eftNGiJo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/9dd8ae-4afc-44c1-9bd0-c532195eef49/1/tKfQVIK4TTu2BPCZvK-eftNGiJo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tKfQVIK4TTu2BPCZvK-eftNGiJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:ab:82:88:ba:89:15:a8:8f:da:87:af:4f:63:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4a7d05482b84d3bb604f099bcaf9e7ed346889a
        Validity
            Not Before: Jan  2 04:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2297d162ab98051109b861883155b4c53e063eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:3c:2c:66:69:f9:0f:f8:74:4e:99:90:38:6d:
                    03:28:87:5b:6d:38:44:b3:6f:17:39:00:50:e7:53:
                    62:85:26:9c:52:2f:0b:7d:88:d4:13:6b:1f:70:65:
                    a3:0b:72:c5:3f:85:99:33:cc:c6:c3:9f:11:c7:16:
                    e6:cd:ef:2e:b9:07:b4:ac:14:7b:31:2a:be:67:c6:
                    17:45:4a:05:cc:98:1f:0f:16:c8:1c:0e:de:c1:71:
                    58:2f:ed:e2:66:23:32:73:32:39:19:4a:0e:09:c4:
                    e1:7c:5e:10:fd:3c:26:27:6a:2f:1e:63:05:6b:db:
                    f3:71:b0:64:10:47:0e:b6:1e:3d:bd:ee:42:b9:a9:
                    46:bc:f4:f9:d0:41:64:9e:78:29:9c:f8:2f:8b:1a:
                    72:46:24:2a:e5:ee:1d:b9:9f:46:0d:4b:47:0f:d9:
                    dd:ce:3f:44:9b:a3:01:14:c1:b2:31:7c:eb:4e:7b:
                    c7:c3:4d:04:05:76:7f:0d:3c:47:b7:a0:8a:fb:4b:
                    55:0f:56:12:17:5c:2f:62:40:fd:51:74:66:de:a6:
                    35:1b:3d:84:da:51:a0:ed:4d:e4:da:b7:db:9b:eb:
                    d1:fa:85:7e:63:98:84:8d:c9:04:c7:e4:85:26:91:
                    b2:24:4f:c8:e7:6c:af:c5:85:26:52:07:5b:1a:86:
                    3f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:97:D1:62:AB:98:05:11:09:B8:61:88:31:55:B4:C5:3E:06:3E:B7
            X509v3 Authority Key Identifier:
                keyid:B4:A7:D0:54:82:B8:4D:3B:B6:04:F0:99:BC:AF:9E:7E:D3:46:88:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tKfQVIK4TTu2BPCZvK-eftNGiJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/9dd8ae-4afc-44c1-9bd0-c532195eef49/1/IpfRYquYBREJuGGIMVW0xT4GPrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/9dd8ae-4afc-44c1-9bd0-c532195eef49/1/tKfQVIK4TTu2BPCZvK-eftNGiJo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:a7:30:3a:4e:cd:80:38:10:d1:be:dc:68:4b:69:15:61:cf:
         be:69:54:66:ae:03:4d:6c:fd:b0:f7:4c:1b:21:79:e5:c8:c0:
         86:ba:e7:9a:46:e0:f0:7f:81:88:cd:4f:64:be:13:b8:40:1d:
         ac:01:d6:9a:22:c5:d1:b0:96:8d:8f:7a:f7:a2:c2:e1:6f:74:
         7e:b5:30:41:5c:8a:5b:c8:8c:46:a2:97:0d:47:9c:cd:f7:d5:
         83:c7:2b:f1:de:f9:87:c9:56:9e:b1:52:51:95:26:e9:c3:17:
         44:d9:d3:58:e7:ef:a7:91:c3:51:ac:ad:98:32:4a:0d:ec:85:
         20:a1:be:8f:b7:d8:14:4c:6d:b1:56:27:1c:bd:0b:bd:d1:32:
         35:b8:be:7a:47:8b:aa:00:00:00:11:6c:8c:35:25:34:7c:a6:
         f7:f7:22:cd:ef:1b:cc:92:16:78:03:30:75:c0:d3:7b:67:ed:
         d8:95:9f:23:60:6d:8d:c4:95:da:86:ac:50:44:a3:22:55:65:
         da:ca:35:85:34:34:12:4f:7b:f1:c4:37:2d:d4:15:c0:1e:aa:
         3c:2c:ad:12:f2:a1:54:ea:8a:7a:9f:66:59:da:bd:99:5d:0c:
         32:58:79:05:9c:62:45:92:ea:4e:a9:18:e8:0b:34:fb:b2:8f:
         de:14:70:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb6uCiLqJFaiP2oevT2OQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0YTdkMDU0ODJiODRkM2JiNjA0ZjA5OWJjYWY5ZTdlZDM0
Njg4OWEwHhcNMjQwMTAyMDQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjk3ZDE2MmFiOTgwNTExMDliODYxODgzMTU1YjRjNTNlMDYzZWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzwsZmn5D/h0TpmQOG0DKIdbbThE
s28XOQBQ51NihSacUi8LfYjUE2sfcGWjC3LFP4WZM8zGw58Rxxbmze8uuQe0rBR7
MSq+Z8YXRUoFzJgfDxbIHA7ewXFYL+3iZiMyczI5GUoOCcThfF4Q/TwmJ2ovHmMF
a9vzcbBkEEcOth49ve5CualGvPT50EFknngpnPgvixpyRiQq5e4duZ9GDUtHD9nd
zj9Em6MBFMGyMXzrTnvHw00EBXZ/DTxHt6CK+0tVD1YSF1wvYkD9UXRm3qY1Gz2E
2lGg7U3k2rfbm+vR+oV+Y5iEjckEx+SFJpGyJE/I52yvxYUmUgdbGoY/UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKX0WKrmAURCbhhiDFVtMU+Bj63MB8GA1UdIwQY
MBaAFLSn0FSCuE07tgTwmbyvnn7TRoiaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEtmUVZJSzRUVHUyQlBDWnZLLWVmdE5HaUpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC85ZGQ4YWUtNGFmYy00NGMxLTliZDAt
YzUzMjE5NWVlZjQ5LzEvSXBmUllxdVlCUkVKdUdHSU1WVzB4VDRHUHJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC85ZGQ4YWUtNGFmYy00NGMxLTliZDAtYzUzMjE5NWVlZjQ5
LzEvdEtmUVZJSzRUVHUyQlBDWnZLLWVmdE5HaUpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVagMA0G
CSqGSIb3DQEBCwUAA4IBAQCNpzA6Ts2AOBDRvtxoS2kVYc++aVRmrgNNbP2w90wb
IXnlyMCGuueaRuDwf4GIzU9kvhO4QB2sAdaaIsXRsJaNj3r3osLhb3R+tTBBXIpb
yIxGopcNR5zN99WDxyvx3vmHyVaesVJRlSbpwxdE2dNY5++nkcNRrK2YMkoN7IUg
ob6Pt9gUTG2xViccvQu90TI1uL56R4uqAAAAEWyMNSU0fKb39yLN7xvMkhZ4AzB1
wNN7Z+3YlZ8jYG2NxJXahqxQRKMiVWXayjWFNDQST3vxxDct1BXAHqo8LK0S8qFU
6op6n2ZZ2r2ZXQwyWHkFnGJFkupOqRjoCzT7so/eFHBO
-----END CERTIFICATE-----