Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/e7fe5a-b626-4a32-a1cc-a327b8b56ed6/1/i5Ie_zGCuQoT2fC7ai1PTDdmXME.roa
File:                     i5Ie_zGCuQoT2fC7ai1PTDdmXME.roa (raw, json)
Hash identifier:          zjt6Q96cpd/320YaYWpibPfXwnykJzxTAnsjPICgl2Q=
Subject key identifier:   8B:92:1E:FF:31:82:B9:0A:13:D9:F0:BB:6A:2D:4F:4C:37:66:5C:C1
Certificate issuer:       /CN=1e0c47ba799a060733383b8a4db36e84b62d315d
Certificate serial:       018CC56E231620C0A28DF335E4150370A481
Authority key identifier: 1E:0C:47:BA:79:9A:06:07:33:38:3B:8A:4D:B3:6E:84:B6:2D:31:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HgxHunmaBgczODuKTbNuhLYtMV0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/e7fe5a-b626-4a32-a1cc-a327b8b56ed6/1/i5Ie_zGCuQoT2fC7ai1PTDdmXME.roa
Signing time:             Mon 01 Jan 2024 14:29:38 +0000
ROA not before:           Mon 01 Jan 2024 14:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212842
IP address blocks:        185.38.100.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/e7fe5a-b626-4a32-a1cc-a327b8b56ed6/1/HgxHunmaBgczODuKTbNuhLYtMV0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/e7fe5a-b626-4a32-a1cc-a327b8b56ed6/1/HgxHunmaBgczODuKTbNuhLYtMV0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HgxHunmaBgczODuKTbNuhLYtMV0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:23:16:20:c0:a2:8d:f3:35:e4:15:03:70:a4:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e0c47ba799a060733383b8a4db36e84b62d315d
        Validity
            Not Before: Jan  1 14:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b921eff3182b90a13d9f0bb6a2d4f4c37665cc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:11:72:e0:da:4c:ef:b4:fb:5b:3a:a2:9e:c8:
                    d9:e6:be:52:23:73:31:b7:74:34:86:fc:0c:28:fd:
                    92:96:43:3b:44:61:35:e4:0a:7b:b5:a0:6d:e5:f1:
                    93:31:e1:86:c4:c1:0e:a0:62:36:9e:a0:fb:75:d0:
                    f6:94:b8:04:e9:b2:01:86:db:14:ef:df:93:e3:ae:
                    93:08:16:ce:be:4a:fb:e8:74:90:79:c3:cf:c3:4d:
                    7f:14:a2:b8:6f:67:8a:ac:01:72:d2:b4:25:00:b7:
                    cd:fa:a7:15:7d:22:3f:db:0c:27:6c:3e:1f:8d:81:
                    ca:65:32:35:b7:29:62:ad:d8:cc:6c:69:3f:a7:01:
                    9e:a8:a4:43:8d:ae:76:42:16:29:30:cb:c4:6b:fc:
                    46:48:aa:93:66:f1:c9:88:1b:7d:61:03:85:29:b3:
                    1f:29:0f:8c:6f:ac:33:9a:ad:f5:26:04:15:d7:a0:
                    cb:c8:28:1a:be:87:15:de:a4:cb:50:55:2f:64:2d:
                    7e:1d:6e:27:ff:f6:46:a1:3f:3e:1b:2a:c7:7f:b5:
                    af:10:1e:a9:08:a2:2e:e4:d0:b8:ee:85:5e:13:0b:
                    70:83:20:57:f2:0b:49:e5:96:5d:c2:d0:9b:df:7f:
                    16:f9:93:85:e8:d9:c3:6c:98:d7:3d:ff:4c:90:b5:
                    bd:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:92:1E:FF:31:82:B9:0A:13:D9:F0:BB:6A:2D:4F:4C:37:66:5C:C1
            X509v3 Authority Key Identifier:
                keyid:1E:0C:47:BA:79:9A:06:07:33:38:3B:8A:4D:B3:6E:84:B6:2D:31:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HgxHunmaBgczODuKTbNuhLYtMV0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/e7fe5a-b626-4a32-a1cc-a327b8b56ed6/1/i5Ie_zGCuQoT2fC7ai1PTDdmXME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/e7fe5a-b626-4a32-a1cc-a327b8b56ed6/1/HgxHunmaBgczODuKTbNuhLYtMV0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.38.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:d2:01:c7:4c:64:f1:d3:59:17:87:25:1a:90:e4:ff:53:cc:
         98:8c:d5:85:93:01:b9:09:bb:8d:e8:01:67:99:e7:d7:46:1a:
         31:16:ee:2e:4c:ed:58:c4:a5:ce:d1:cf:85:43:3b:4c:be:d7:
         5f:5c:d6:a9:c9:53:ca:07:49:09:d8:86:31:aa:a4:8b:46:b2:
         6b:3e:29:52:78:a7:bf:b1:b7:a4:68:c8:f6:9f:e2:c6:76:af:
         13:ee:50:b2:70:96:4c:31:4a:21:fc:ed:83:f1:b1:5e:19:2f:
         68:ac:13:14:98:8a:2c:ae:33:54:b3:1c:11:bf:ac:96:dd:3f:
         ce:c2:e0:8b:33:48:09:ef:da:71:32:a5:28:7e:a0:7b:70:09:
         2d:50:fa:f1:7f:ff:a5:84:1b:4f:cb:11:06:e4:e1:65:28:ea:
         2b:7c:c7:13:f9:1c:39:e6:68:04:b5:eb:10:12:f5:2d:76:04:
         dc:78:77:48:98:f6:7f:0c:6a:58:34:be:e0:0a:16:ef:71:f3:
         4f:93:88:a7:46:d6:10:23:a1:97:9c:49:af:5e:97:dc:f8:23:
         4e:bc:09:f4:11:5a:b0:95:8e:66:47:ae:34:41:6e:c9:9d:89:
         86:ed:78:51:ef:df:60:47:21:37:a5:45:db:cd:c2:6c:6d:3a:
         d2:64:7c:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbiMWIMCijfM15BUDcKSBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMGM0N2JhNzk5YTA2MDczMzM4M2I4YTRkYjM2ZTg0YjYy
ZDMxNWQwHhcNMjQwMTAxMTQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjkyMWVmZjMxODJiOTBhMTNkOWYwYmI2YTJkNGY0YzM3NjY1Y2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBFy4NpM77T7WzqinsjZ5r5SI3Mx
t3Q0hvwMKP2SlkM7RGE15Ap7taBt5fGTMeGGxMEOoGI2nqD7ddD2lLgE6bIBhtsU
79+T466TCBbOvkr76HSQecPPw01/FKK4b2eKrAFy0rQlALfN+qcVfSI/2wwnbD4f
jYHKZTI1tylirdjMbGk/pwGeqKRDja52QhYpMMvEa/xGSKqTZvHJiBt9YQOFKbMf
KQ+Mb6wzmq31JgQV16DLyCgavocV3qTLUFUvZC1+HW4n//ZGoT8+GyrHf7WvEB6p
CKIu5NC47oVeEwtwgyBX8gtJ5ZZdwtCb338W+ZOF6NnDbJjXPf9MkLW9qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuSHv8xgrkKE9nwu2otT0w3ZlzBMB8GA1UdIwQY
MBaAFB4MR7p5mgYHMzg7ik2zboS2LTFdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGd4SHVubWFCZ2N6T0R1S1RiTnVoTFl0TVYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9lN2ZlNWEtYjYyNi00YTMyLWExY2Mt
YTMyN2I4YjU2ZWQ2LzEvaTVJZV96R0N1UW9UMmZDN2FpMVBURGRtWE1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9lN2ZlNWEtYjYyNi00YTMyLWExY2MtYTMyN2I4YjU2ZWQ2
LzEvSGd4SHVubWFCZ2N6T0R1S1RiTnVoTFl0TVYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSZkMA0G
CSqGSIb3DQEBCwUAA4IBAQAp0gHHTGTx01kXhyUakOT/U8yYjNWFkwG5CbuN6AFn
mefXRhoxFu4uTO1YxKXO0c+FQztMvtdfXNapyVPKB0kJ2IYxqqSLRrJrPilSeKe/
sbekaMj2n+LGdq8T7lCycJZMMUoh/O2D8bFeGS9orBMUmIosrjNUsxwRv6yW3T/O
wuCLM0gJ79pxMqUofqB7cAktUPrxf/+lhBtPyxEG5OFlKOorfMcT+Rw55mgEtesQ
EvUtdgTceHdImPZ/DGpYNL7gChbvcfNPk4inRtYQI6GXnEmvXpfc+CNOvAn0EVqw
lY5mR640QW7JnYmG7XhR799gRyE3pUXbzcJsbTrSZHyb
-----END CERTIFICATE-----