Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c0d463-a174-4f5d-b4ee-96967fcd42e9/1/sughfFlqcCV0eYYRqzKFUZEjzmY.roa
File:                     sughfFlqcCV0eYYRqzKFUZEjzmY.roa (raw, json)
Hash identifier:          Qn/+FBt1PL+wiYWDPKcpXnP/UI5K3coCedtdzZovE/Y=
Subject key identifier:   B2:E8:21:7C:59:6A:70:25:74:79:86:11:AB:32:85:51:91:23:CE:66
Certificate issuer:       /CN=e6fc17bea555b6d38321f94028e515fba4fa74dc
Certificate serial:       018CC80161C448F01B217975A431478F4381
Authority key identifier: E6:FC:17:BE:A5:55:B6:D3:83:21:F9:40:28:E5:15:FB:A4:FA:74:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5vwXvqVVttODIflAKOUV-6T6dNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/c0d463-a174-4f5d-b4ee-96967fcd42e9/1/sughfFlqcCV0eYYRqzKFUZEjzmY.roa
Signing time:             Tue 02 Jan 2024 02:29:42 +0000
ROA not before:           Tue 02 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205889
IP address blocks:        185.135.71.0/24 maxlen: 24
                          185.135.68.0/24 maxlen: 24
                          185.135.69.0/24 maxlen: 24
                          185.135.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/c0d463-a174-4f5d-b4ee-96967fcd42e9/1/5vwXvqVVttODIflAKOUV-6T6dNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/c0d463-a174-4f5d-b4ee-96967fcd42e9/1/5vwXvqVVttODIflAKOUV-6T6dNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5vwXvqVVttODIflAKOUV-6T6dNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 17:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:61:c4:48:f0:1b:21:79:75:a4:31:47:8f:43:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6fc17bea555b6d38321f94028e515fba4fa74dc
        Validity
            Not Before: Jan  2 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2e8217c596a702574798611ab3285519123ce66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:8f:b9:76:f8:a9:b7:10:e4:8b:0a:bd:33:f5:
                    3a:89:a9:72:7d:59:19:d0:de:1b:42:90:bc:c9:e1:
                    47:87:15:d1:d1:2e:a6:32:ac:83:61:90:33:0a:ab:
                    08:78:62:cd:d9:eb:93:73:d6:e3:5a:21:ad:17:63:
                    4b:65:a9:3b:40:77:50:0c:97:39:98:b3:f5:c4:94:
                    a3:85:5e:cf:3c:10:fd:e1:cb:85:eb:e7:ad:c6:70:
                    8d:8b:02:89:d4:b2:e6:80:57:0b:da:bc:95:2e:fd:
                    88:d4:da:91:fc:06:6b:7a:c5:09:86:81:cf:d9:65:
                    68:83:f0:f6:eb:98:72:6f:1c:5f:ed:11:0c:ab:03:
                    b1:f7:39:06:09:6b:86:82:55:fe:93:27:e3:ff:8a:
                    98:1f:9a:9b:af:7b:ea:52:76:90:70:a3:10:95:e4:
                    7c:6f:d0:d5:e1:8f:a8:b4:ee:5c:6d:6c:72:fb:f7:
                    25:27:41:5e:92:ef:8c:55:31:46:68:11:26:54:37:
                    73:5a:d8:f2:fc:77:f1:94:fb:33:d6:f3:f4:ff:f8:
                    6a:2f:e5:09:4c:00:b4:7e:76:dc:e6:ec:ee:55:49:
                    73:bc:2c:68:3f:d0:f1:36:a6:a9:78:ef:16:01:a3:
                    34:79:31:8a:10:63:d7:9a:6e:ac:af:47:71:62:06:
                    24:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:E8:21:7C:59:6A:70:25:74:79:86:11:AB:32:85:51:91:23:CE:66
            X509v3 Authority Key Identifier:
                keyid:E6:FC:17:BE:A5:55:B6:D3:83:21:F9:40:28:E5:15:FB:A4:FA:74:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5vwXvqVVttODIflAKOUV-6T6dNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c0d463-a174-4f5d-b4ee-96967fcd42e9/1/sughfFlqcCV0eYYRqzKFUZEjzmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c0d463-a174-4f5d-b4ee-96967fcd42e9/1/5vwXvqVVttODIflAKOUV-6T6dNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:f7:d7:ab:82:65:3b:81:cb:95:50:fb:bd:1a:f1:ab:15:9b:
         06:59:24:b1:3b:ed:7d:6c:e4:da:bc:fa:d9:2d:a0:1b:66:93:
         f8:ee:3a:00:d3:c0:0a:d1:fd:ec:45:f1:70:2f:f1:32:fe:b7:
         9a:03:53:54:62:9f:d6:89:47:cc:eb:de:1d:5b:d0:7a:02:29:
         d0:f2:92:9b:72:c0:e0:f6:77:ac:da:57:fc:b0:04:86:c2:43:
         89:a5:3f:7c:33:b9:c9:e0:24:72:74:3f:2c:c2:c4:de:24:d7:
         3b:21:9f:31:af:3a:f2:d5:50:c9:ee:b5:df:e3:1e:cd:50:73:
         68:fb:ec:29:22:9d:ea:23:c2:fd:a9:51:09:e2:e9:e0:04:2e:
         9e:3b:a8:7d:7e:14:ee:e8:15:19:13:ae:1c:fb:a9:01:c0:37:
         58:35:b4:a0:a8:53:18:65:44:77:5e:b9:5e:10:91:a5:81:1f:
         63:d0:5d:ee:02:1a:b3:82:91:ce:ae:9a:66:f4:e8:a2:d2:ed:
         c6:eb:ff:5a:08:88:a9:38:c8:7b:b5:2d:7c:e7:08:f7:0c:a1:
         ab:40:78:8b:5f:13:5f:f3:9c:9e:18:e5:3f:93:4e:88:2f:b5:
         d1:e9:33:f8:bf:6e:99:fb:f5:37:e2:6b:17:e2:c7:74:2a:63:
         24:4c:59:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAWHESPAbIXl1pDFHj0OBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2ZmMxN2JlYTU1NWI2ZDM4MzIxZjk0MDI4ZTUxNWZiYTRm
YTc0ZGMwHhcNMjQwMTAyMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmU4MjE3YzU5NmE3MDI1NzQ3OTg2MTFhYjMyODU1MTkxMjNjZTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjY+5dviptxDkiwq9M/U6ialyfVkZ
0N4bQpC8yeFHhxXR0S6mMqyDYZAzCqsIeGLN2euTc9bjWiGtF2NLZak7QHdQDJc5
mLP1xJSjhV7PPBD94cuF6+etxnCNiwKJ1LLmgFcL2ryVLv2I1NqR/AZresUJhoHP
2WVog/D265hybxxf7REMqwOx9zkGCWuGglX+kyfj/4qYH5qbr3vqUnaQcKMQleR8
b9DV4Y+otO5cbWxy+/clJ0Feku+MVTFGaBEmVDdzWtjy/HfxlPsz1vP0//hqL+UJ
TAC0fnbc5uzuVUlzvCxoP9DxNqapeO8WAaM0eTGKEGPXmm6sr0dxYgYkSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLLoIXxZanAldHmGEasyhVGRI85mMB8GA1UdIwQY
MBaAFOb8F76lVbbTgyH5QCjlFfuk+nTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXZ3WHZxVlZ0dE9ESWZsQUtPVVYtNlQ2ZE53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMGQ0NjMtYTE3NC00ZjVkLWI0ZWUt
OTY5NjdmY2Q0MmU5LzEvc3VnaGZGbHFjQ1YwZVlZUnF6S0ZVWkVqem1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMGQ0NjMtYTE3NC00ZjVkLWI0ZWUtOTY5NjdmY2Q0MmU5
LzEvNXZ3WHZxVlZ0dE9ESWZsQUtPVVYtNlQ2ZE53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYdEMA0G
CSqGSIb3DQEBCwUAA4IBAQAy99ergmU7gcuVUPu9GvGrFZsGWSSxO+19bOTavPrZ
LaAbZpP47joA08AK0f3sRfFwL/Ey/reaA1NUYp/WiUfM694dW9B6AinQ8pKbcsDg
9nes2lf8sASGwkOJpT98M7nJ4CRydD8swsTeJNc7IZ8xrzry1VDJ7rXf4x7NUHNo
++wpIp3qI8L9qVEJ4ungBC6eO6h9fhTu6BUZE64c+6kBwDdYNbSgqFMYZUR3Xrle
EJGlgR9j0F3uAhqzgpHOrppm9Oii0u3G6/9aCIipOMh7tS185wj3DKGrQHiLXxNf
85yeGOU/k06IL7XR6TP4v26Z+/U34msX4sd0KmMkTFkK
-----END CERTIFICATE-----