Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/1-dQHk1iIpoMzKoeZ_7pejuiXWiU.roa
File:                     1-dQHk1iIpoMzKoeZ_7pejuiXWiU.roa (raw, json)
Hash identifier:          cwK6rxIkMMWiVtsKoPIA+TLmDofLM9LbzNOUarub0No=
Subject key identifier:   F9:D4:07:93:58:88:A6:83:33:2A:87:99:FF:BA:5E:8E:E8:97:5A:25
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       0191B8FBE98D1697BE51F085F6FBE400E3A8
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/1-dQHk1iIpoMzKoeZ_7pejuiXWiU.roa
Signing time:             Tue 03 Sep 2024 17:43:22 +0000
ROA not before:           Tue 03 Sep 2024 17:43:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39113
IP address blocks:        85.8.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b8:fb:e9:8d:16:97:be:51:f0:85:f6:fb:e4:00:e3:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Sep  3 17:43:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9d407935888a683332a8799ffba5e8ee8975a25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f4:cb:66:71:3a:d9:df:be:6c:7f:2a:e5:8c:
                    7b:6d:ff:18:d9:0b:31:3d:08:48:90:5f:ca:5d:c7:
                    88:c2:74:b0:b8:ed:9d:5e:f4:d6:77:a5:18:ae:e1:
                    69:57:35:fa:be:01:37:ac:98:a7:8f:ab:b8:a5:13:
                    66:31:43:c1:a2:82:96:9a:57:29:f2:ca:25:e9:7b:
                    21:ed:ce:4d:8d:93:2a:f7:aa:9e:3a:1d:83:29:0a:
                    f1:23:d1:01:97:a2:94:61:af:5b:2c:32:3f:9d:eb:
                    5f:50:4f:21:aa:36:53:af:c1:73:9e:c6:34:0b:a9:
                    de:23:f2:5d:ca:c3:b4:36:75:95:5c:8d:77:0d:d5:
                    e2:54:65:5c:3b:9b:01:1f:08:2b:36:58:50:86:5a:
                    20:a9:76:84:9d:f2:9e:d8:c7:aa:b0:cd:e5:02:27:
                    d5:9c:b7:39:14:c3:53:02:48:e6:68:b0:93:47:ec:
                    6e:4f:9e:2a:27:c4:0e:d9:aa:4f:91:1e:95:94:90:
                    47:c2:cd:57:04:4a:13:d3:32:6d:45:cf:bd:64:ff:
                    53:a7:e4:20:8d:d7:68:31:f0:94:db:49:a6:d7:bd:
                    12:8d:78:a2:4d:38:a7:98:a0:61:e5:2e:7c:c4:af:
                    19:ac:ab:f6:08:91:52:95:50:cc:6e:0c:17:79:17:
                    6e:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:D4:07:93:58:88:A6:83:33:2A:87:99:FF:BA:5E:8E:E8:97:5A:25
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/1-dQHk1iIpoMzKoeZ_7pejuiXWiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.8.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:1d:72:07:55:42:f8:da:57:d4:16:25:70:ab:9a:7f:66:e7:
         ee:00:80:27:69:a1:f4:71:f8:14:18:be:f4:b3:ca:68:12:f6:
         79:c9:cc:b2:88:09:df:0f:47:84:98:b1:b5:61:52:8f:f7:b2:
         2d:29:19:6c:99:39:16:61:3e:3f:62:da:68:2f:b9:3d:56:28:
         f2:0a:75:56:e2:e5:ae:c9:b7:02:5a:40:86:cc:f2:81:1e:9f:
         4d:ec:cb:31:9e:9b:f8:69:51:4d:7d:cd:0a:6f:6e:74:7a:65:
         4d:df:2e:cf:6f:1d:68:93:79:20:13:bb:11:29:76:e6:e1:11:
         b5:c5:be:87:22:4f:c0:92:9f:0d:3b:c0:67:ec:44:0a:61:e2:
         a2:82:da:9c:6b:77:a7:05:1c:61:c8:c6:c9:f8:6d:2d:29:d6:
         52:ae:b8:c9:ef:15:10:1c:b7:27:b2:fd:88:6e:9c:c1:1e:57:
         35:7f:e6:de:a0:0d:49:1f:8a:2d:8b:d4:6a:15:52:09:ed:e9:
         c5:d3:10:a9:54:08:08:45:34:b2:ff:ee:37:14:fa:d6:f3:b5:
         cc:28:17:54:da:62:75:23:5a:98:56:72:cd:9b:f4:09:ce:be:
         2d:07:5e:cf:82:ac:d8:bb:0b:99:84:f5:33:33:e0:1a:45:39:
         46:3a:19:09
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZG4++mNFpe+UfCF9vvkAOOoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwOTAzMTc0MzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWQ0MDc5MzU4ODhhNjgzMzMyYTg3OTlmZmJhNWU4ZWU4OTc1YTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvTLZnE62d++bH8q5Yx7bf8Y2Qsx
PQhIkF/KXceIwnSwuO2dXvTWd6UYruFpVzX6vgE3rJinj6u4pRNmMUPBooKWmlcp
8sol6Xsh7c5NjZMq96qeOh2DKQrxI9EBl6KUYa9bLDI/netfUE8hqjZTr8FznsY0
C6neI/JdysO0NnWVXI13DdXiVGVcO5sBHwgrNlhQhlogqXaEnfKe2MeqsM3lAifV
nLc5FMNTAkjmaLCTR+xuT54qJ8QO2apPkR6VlJBHws1XBEoT0zJtRc+9ZP9Tp+Qg
jddoMfCU20mm170SjXiiTTinmKBh5S58xK8ZrKv2CJFSlVDMbgwXeRdu9QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPnUB5NYiKaDMyqHmf+6Xo7ol1olMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvMS1kUUhrMWlJcG9NektvZVpfN3BlanVpWFdpVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjUvOTk5Yjk3LWM3MzEtNDE5Mi04NWYxLTU3MzcwMWM4NDgz
My8xL1lpTGh3cVV4VXpTMmJZRDNqVnRRdEM1SUM1dy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFUIujAN
BgkqhkiG9w0BAQsFAAOCAQEAJx1yB1VC+NpX1BYlcKuaf2bn7gCAJ2mh9HH4FBi+
9LPKaBL2ecnMsogJ3w9HhJixtWFSj/eyLSkZbJk5FmE+P2LaaC+5PVYo8gp1VuLl
rsm3AlpAhszygR6fTezLMZ6b+GlRTX3NCm9udHplTd8uz28daJN5IBO7ESl25uER
tcW+hyJPwJKfDTvAZ+xECmHiooLanGt3pwUcYcjGyfhtLSnWUq64ye8VEBy3J7L9
iG6cwR5XNX/m3qANSR+KLYvUahVSCe3pxdMQqVQICEU0sv/uNxT61vO1zCgXVNpi
dSNamFZyzZv0Cc6+LQdez4Ks2LsLmYT1MzPgGkU5RjoZCQ==
-----END CERTIFICATE-----