Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/85b40d-e900-4d9f-af05-316c7a9cd6b6/1/9IMJ2fe9C69Vxmu6QCrqyUvQZ9Q.roa
File:                     9IMJ2fe9C69Vxmu6QCrqyUvQZ9Q.roa (raw, json)
Hash identifier:          7phUsk2BIW0ZHHBnUPMHFFxHXb878juhNAA3cgN6CqY=
Subject key identifier:   F4:83:09:D9:F7:BD:0B:AF:55:C6:6B:BA:40:2A:EA:C9:4B:D0:67:D4
Certificate issuer:       /CN=2211f0403e97465a01dd145bc1507be565710d4e
Certificate serial:       018CC3B6B944F8B773E97DFB1788C34D11B0
Authority key identifier: 22:11:F0:40:3E:97:46:5A:01:DD:14:5B:C1:50:7B:E5:65:71:0D:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IhHwQD6XRloB3RRbwVB75WVxDU4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/85b40d-e900-4d9f-af05-316c7a9cd6b6/1/9IMJ2fe9C69Vxmu6QCrqyUvQZ9Q.roa
Signing time:             Mon 01 Jan 2024 06:29:41 +0000
ROA not before:           Mon 01 Jan 2024 06:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.230.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/85b40d-e900-4d9f-af05-316c7a9cd6b6/1/IhHwQD6XRloB3RRbwVB75WVxDU4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/85b40d-e900-4d9f-af05-316c7a9cd6b6/1/IhHwQD6XRloB3RRbwVB75WVxDU4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IhHwQD6XRloB3RRbwVB75WVxDU4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b9:44:f8:b7:73:e9:7d:fb:17:88:c3:4d:11:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2211f0403e97465a01dd145bc1507be565710d4e
        Validity
            Not Before: Jan  1 06:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f48309d9f7bd0baf55c66bba402aeac94bd067d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:72:8e:9e:6a:f3:ca:b8:86:58:a8:18:b6:1e:
                    85:8c:38:1e:1d:e0:bb:17:00:6b:bc:e7:0f:07:f1:
                    a3:39:5b:67:51:10:26:f7:be:91:5f:c6:93:97:65:
                    34:aa:a5:30:e8:c4:3d:f3:93:69:db:5a:2f:79:e2:
                    15:aa:fe:ca:81:ae:a8:55:29:d3:af:f9:7d:18:0e:
                    b5:d5:74:b9:d1:dd:b2:a9:74:45:9f:f3:b8:79:e8:
                    32:ce:7f:88:45:35:c8:6d:e4:59:43:29:1e:3b:4e:
                    ad:51:42:de:97:13:64:08:e6:7f:8c:17:45:64:eb:
                    ed:87:95:37:38:ee:32:b5:a1:c0:8e:e7:d8:0a:36:
                    6e:32:0d:26:5e:ee:a2:9c:39:16:d7:5b:de:af:37:
                    ff:b6:37:40:5a:be:62:80:62:5f:35:82:d4:2d:4e:
                    b2:f4:2b:76:c5:48:e4:90:e0:58:32:47:c0:c2:de:
                    e9:7e:51:23:1e:49:db:37:61:dc:fc:98:60:fb:b2:
                    97:b9:1d:55:0d:ef:8d:62:ba:21:54:31:ae:87:07:
                    69:30:0d:1d:bf:32:f0:a5:2a:2e:82:00:2f:74:e7:
                    f1:ef:6a:ad:69:eb:99:91:0e:ab:d0:aa:a7:fa:0c:
                    5e:5a:81:d9:45:2a:4c:ce:f6:92:09:d8:5f:03:c1:
                    a8:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:83:09:D9:F7:BD:0B:AF:55:C6:6B:BA:40:2A:EA:C9:4B:D0:67:D4
            X509v3 Authority Key Identifier:
                keyid:22:11:F0:40:3E:97:46:5A:01:DD:14:5B:C1:50:7B:E5:65:71:0D:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IhHwQD6XRloB3RRbwVB75WVxDU4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/85b40d-e900-4d9f-af05-316c7a9cd6b6/1/9IMJ2fe9C69Vxmu6QCrqyUvQZ9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/85b40d-e900-4d9f-af05-316c7a9cd6b6/1/IhHwQD6XRloB3RRbwVB75WVxDU4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:d8:25:5c:e0:52:7c:b4:e9:b8:53:05:63:f9:7e:a3:b1:2a:
         3a:af:d1:e4:12:3c:38:61:55:59:79:f0:d9:66:1a:bd:97:19:
         5f:8b:a8:c8:b6:ff:24:bf:fb:3e:3d:3d:b2:04:ed:b1:cc:b0:
         ef:e7:88:f4:d3:46:f3:b5:35:72:85:88:a7:1e:ac:39:cb:42:
         b0:84:17:a2:4f:5e:4f:dc:bf:8c:73:f1:4a:f5:38:18:ea:85:
         82:76:e8:0a:6e:25:d4:77:98:f4:0c:ec:5b:87:6b:28:b2:96:
         5d:c4:f1:46:d9:c0:3d:45:ce:3a:67:75:0d:1f:54:38:a7:a7:
         aa:34:f2:28:c6:15:07:cd:9f:9c:84:c4:e1:ff:e1:2a:ef:59:
         fd:0f:f9:42:01:f9:6b:ce:1e:b7:a6:83:ea:50:d9:fb:02:d8:
         87:6b:86:f9:a7:00:83:c2:68:9f:25:2a:a5:21:31:f0:30:47:
         6f:6f:fc:90:6a:5c:91:37:f9:7e:0e:2d:fd:d4:f3:90:8a:73:
         e0:b2:e3:b8:aa:c8:eb:48:0a:42:04:d5:b5:49:2b:55:47:f5:
         0c:0b:fc:19:87:7e:18:d3:1c:b1:ac:a0:2d:ca:0a:ee:b7:2d:
         20:27:3e:d8:7c:5a:53:9d:76:64:9e:98:b5:37:67:28:38:55:
         eb:f5:4e:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtrlE+Ldz6X37F4jDTRGwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMTFmMDQwM2U5NzQ2NWEwMWRkMTQ1YmMxNTA3YmU1NjU3
MTBkNGUwHhcNMjQwMTAxMDYyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDgzMDlkOWY3YmQwYmFmNTVjNjZiYmE0MDJhZWFjOTRiZDA2N2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnKOnmrzyriGWKgYth6FjDgeHeC7
FwBrvOcPB/GjOVtnURAm976RX8aTl2U0qqUw6MQ985Np21oveeIVqv7Kga6oVSnT
r/l9GA611XS50d2yqXRFn/O4eegyzn+IRTXIbeRZQykeO06tUULelxNkCOZ/jBdF
ZOvth5U3OO4ytaHAjufYCjZuMg0mXu6inDkW11verzf/tjdAWr5igGJfNYLULU6y
9Ct2xUjkkOBYMkfAwt7pflEjHknbN2Hc/Jhg+7KXuR1VDe+NYrohVDGuhwdpMA0d
vzLwpSouggAvdOfx72qtaeuZkQ6r0Kqn+gxeWoHZRSpMzvaSCdhfA8GoNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPSDCdn3vQuvVcZrukAq6slL0GfUMB8GA1UdIwQY
MBaAFCIR8EA+l0ZaAd0UW8FQe+VlcQ1OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWhId1FENlhSbG9CM1JSYndWQjc1V1Z4RFU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS84NWI0MGQtZTkwMC00ZDlmLWFmMDUt
MzE2YzdhOWNkNmI2LzEvOUlNSjJmZTlDNjlWeG11NlFDcnF5VXZRWjlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS84NWI0MGQtZTkwMC00ZDlmLWFmMDUtMzE2YzdhOWNkNmI2
LzEvSWhId1FENlhSbG9CM1JSYndWQjc1V1Z4RFU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueZoMA0G
CSqGSIb3DQEBCwUAA4IBAQAJ2CVc4FJ8tOm4UwVj+X6jsSo6r9HkEjw4YVVZefDZ
Zhq9lxlfi6jItv8kv/s+PT2yBO2xzLDv54j000bztTVyhYinHqw5y0KwhBeiT15P
3L+Mc/FK9TgY6oWCdugKbiXUd5j0DOxbh2sospZdxPFG2cA9Rc46Z3UNH1Q4p6eq
NPIoxhUHzZ+chMTh/+Eq71n9D/lCAflrzh63poPqUNn7AtiHa4b5pwCDwmifJSql
ITHwMEdvb/yQalyRN/l+Di391POQinPgsuO4qsjrSApCBNW1SStVR/UMC/wZh34Y
0xyxrKAtygruty0gJz7YfFpTnXZknpi1N2coOFXr9U6M
-----END CERTIFICATE-----