Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/1U_gzucFnwJ1TzyAAKyc3yp0aOE.roa
File:                     1U_gzucFnwJ1TzyAAKyc3yp0aOE.roa (raw, json)
Hash identifier:          MOPOprHXjFq6WdtFGveX184Dya0eUms+6UumixugL3o=
Subject key identifier:   D5:4F:E0:CE:E7:05:9F:02:75:4F:3C:80:00:AC:9C:DF:2A:74:68:E1
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018ED683837B78B7C83D6ECD42816C8C1E04
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/1U_gzucFnwJ1TzyAAKyc3yp0aOE.roa
Signing time:             Sat 13 Apr 2024 08:12:06 +0000
ROA not before:           Sat 13 Apr 2024 08:12:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41500
IP address blocks:        185.17.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d6:83:83:7b:78:b7:c8:3d:6e:cd:42:81:6c:8c:1e:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Apr 13 08:12:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d54fe0cee7059f02754f3c8000ac9cdf2a7468e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ae:96:52:bf:e9:f7:34:bc:e6:ec:e8:6c:f3:
                    b4:3c:4b:80:57:b4:20:7e:e8:23:dc:83:f8:13:b3:
                    3d:ed:74:47:f0:c7:91:53:36:51:82:4b:e4:99:b7:
                    2a:4c:8c:68:31:4a:16:3c:f1:e9:e2:3e:40:46:bc:
                    d4:fb:66:6f:95:05:fa:f5:c7:3f:09:72:70:a9:4d:
                    88:22:8e:ba:8d:7f:76:93:b1:89:46:ab:e3:e8:b8:
                    77:4a:62:8b:dd:9c:16:50:b8:8b:77:9f:51:70:09:
                    78:54:d8:88:f9:06:c4:4a:1c:d8:10:91:04:41:4d:
                    f4:4e:07:d3:7a:de:37:be:11:fc:77:f9:00:45:f7:
                    1e:04:23:cd:06:c3:e2:a2:ac:b1:06:5e:35:6f:f3:
                    b4:db:94:0c:16:e2:3d:3b:98:61:13:69:d0:3e:56:
                    57:e6:25:ed:23:a1:39:93:97:87:79:e4:69:8e:b0:
                    12:81:ad:06:e5:2c:c2:9d:e3:6d:68:e6:8c:e8:cb:
                    93:c0:f5:0f:b5:4a:eb:98:5f:c1:3f:03:91:89:fa:
                    8e:32:83:8a:2a:ac:cc:65:00:1f:c2:d3:8a:d4:63:
                    3f:ab:3c:46:33:16:bd:40:e7:0a:1e:00:9d:35:76:
                    87:93:22:f3:b1:d8:69:2c:44:ff:52:c8:9c:2f:d8:
                    60:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:4F:E0:CE:E7:05:9F:02:75:4F:3C:80:00:AC:9C:DF:2A:74:68:E1
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/1U_gzucFnwJ1TzyAAKyc3yp0aOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:24:b0:28:18:fa:8e:dd:9f:a4:ad:44:72:5e:4c:49:42:c4:
         1d:df:33:d7:f7:b1:bb:57:7d:44:aa:27:f9:59:a2:8f:3b:79:
         ae:33:28:ad:2b:2b:1f:c2:0c:16:55:a6:9f:97:31:31:65:e0:
         bc:b5:be:94:10:11:c1:a2:71:dd:f5:75:90:e4:93:43:84:50:
         ce:5d:ca:b5:89:9d:7e:6f:45:4d:9c:75:3f:ab:bc:07:27:2e:
         61:02:e2:f0:51:cf:60:d7:8d:b5:61:5d:94:3d:e7:c0:e9:1a:
         08:a7:44:c7:c5:49:49:30:8d:e5:b6:4e:2a:17:7b:ed:71:10:
         fa:c9:ea:82:f8:f1:5b:26:63:ac:b5:69:03:40:78:62:9d:30:
         82:07:8d:ea:e9:94:08:0e:ee:37:7c:59:c2:bf:55:09:a5:de:
         c6:c5:de:7d:fa:98:d9:1c:c8:0c:79:32:f5:33:25:21:43:43:
         a2:87:48:20:70:6c:d5:2a:8f:04:44:ff:94:a8:fc:75:2f:59:
         49:83:87:0d:50:01:93:38:92:71:76:67:3f:ea:1b:cb:50:0d:
         90:ea:60:46:42:fe:92:ac:8a:c2:d2:61:4d:d0:5f:ca:74:19:
         80:cd:69:56:15:21:21:96:11:35:95:42:41:d1:58:c6:3d:6d:
         83:de:0b:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7Wg4N7eLfIPW7NQoFsjB4EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwNDEzMDgxMjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTRmZTBjZWU3MDU5ZjAyNzU0ZjNjODAwMGFjOWNkZjJhNzQ2OGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo66WUr/p9zS85uzobPO0PEuAV7Qg
fugj3IP4E7M97XRH8MeRUzZRgkvkmbcqTIxoMUoWPPHp4j5ARrzU+2ZvlQX69cc/
CXJwqU2IIo66jX92k7GJRqvj6Lh3SmKL3ZwWULiLd59RcAl4VNiI+QbEShzYEJEE
QU30TgfTet43vhH8d/kARfceBCPNBsPioqyxBl41b/O025QMFuI9O5hhE2nQPlZX
5iXtI6E5k5eHeeRpjrASga0G5SzCneNtaOaM6MuTwPUPtUrrmF/BPwORifqOMoOK
KqzMZQAfwtOK1GM/qzxGMxa9QOcKHgCdNXaHkyLzsdhpLET/UsicL9hgawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNVP4M7nBZ8CdU88gACsnN8qdGjhMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvMVVfZ3p1Y0Zud0oxVHp5QUFLeWMzeXAwYU9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRFDMA0G
CSqGSIb3DQEBCwUAA4IBAQC2JLAoGPqO3Z+krURyXkxJQsQd3zPX97G7V31Eqif5
WaKPO3muMyitKysfwgwWVaaflzExZeC8tb6UEBHBonHd9XWQ5JNDhFDOXcq1iZ1+
b0VNnHU/q7wHJy5hAuLwUc9g1421YV2UPefA6RoIp0THxUlJMI3ltk4qF3vtcRD6
yeqC+PFbJmOstWkDQHhinTCCB43q6ZQIDu43fFnCv1UJpd7Gxd59+pjZHMgMeTL1
MyUhQ0Oih0ggcGzVKo8ERP+UqPx1L1lJg4cNUAGTOJJxdmc/6hvLUA2Q6mBGQv6S
rIrC0mFN0F/KdBmAzWlWFSEhlhE1lUJB0VjGPW2D3gs4
-----END CERTIFICATE-----