Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/85b40d-e900-4d9f-af05-316c7a9cd6b6/1/V4pYpCQHCCvTWlN38fj1bcu6M-4.roa
File:                     V4pYpCQHCCvTWlN38fj1bcu6M-4.roa (raw, json)
Hash identifier:          VRQKBm8WQBGigDkWRKbwtcIKQ6UVG2ZoBdf+7fFlfI4=
Subject key identifier:   57:8A:58:A4:24:07:08:2B:D3:5A:53:77:F1:F8:F5:6D:CB:BA:33:EE
Certificate issuer:       /CN=2211f0403e97465a01dd145bc1507be565710d4e
Certificate serial:       018CC3B6B9A3C193035C9B5321440B97FD9A
Authority key identifier: 22:11:F0:40:3E:97:46:5A:01:DD:14:5B:C1:50:7B:E5:65:71:0D:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IhHwQD6XRloB3RRbwVB75WVxDU4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/85b40d-e900-4d9f-af05-316c7a9cd6b6/1/V4pYpCQHCCvTWlN38fj1bcu6M-4.roa
Signing time:             Mon 01 Jan 2024 06:29:41 +0000
ROA not before:           Mon 01 Jan 2024 06:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.230.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/85b40d-e900-4d9f-af05-316c7a9cd6b6/1/IhHwQD6XRloB3RRbwVB75WVxDU4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/85b40d-e900-4d9f-af05-316c7a9cd6b6/1/IhHwQD6XRloB3RRbwVB75WVxDU4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IhHwQD6XRloB3RRbwVB75WVxDU4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b9:a3:c1:93:03:5c:9b:53:21:44:0b:97:fd:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2211f0403e97465a01dd145bc1507be565710d4e
        Validity
            Not Before: Jan  1 06:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=578a58a42407082bd35a5377f1f8f56dcbba33ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:86:bd:30:07:34:7a:85:62:e9:fe:19:34:9a:
                    81:91:24:9b:2e:13:09:0c:bb:8d:c3:03:f3:bc:b4:
                    5b:8e:94:07:3e:2c:b4:bd:fc:b8:e4:7d:61:85:26:
                    c1:ef:fc:9f:06:c3:a0:8e:6b:a5:38:80:5e:4d:51:
                    7c:41:07:e8:ae:7f:de:18:59:65:ec:44:1d:b8:e7:
                    35:07:db:e8:eb:07:ea:65:95:09:7b:ab:db:6c:99:
                    52:d8:3c:57:15:6f:4e:2a:ea:8d:13:3f:ce:b4:22:
                    e8:23:4d:84:67:fc:e6:b7:45:9d:76:9f:2e:1b:0f:
                    20:a6:81:42:db:84:4b:6d:23:9e:6b:4e:17:32:35:
                    43:06:d6:f4:46:ac:a7:66:87:f7:f2:eb:61:b2:14:
                    5c:ed:9c:f7:68:e8:fa:58:70:1f:c0:67:da:95:dc:
                    ed:50:fa:21:12:75:9a:b6:da:5b:38:31:f8:0a:75:
                    e3:7d:b8:61:44:b8:48:54:ff:44:2a:e4:b6:09:be:
                    68:ab:a2:26:99:0b:c4:b6:c0:ac:6f:51:c4:f5:ea:
                    ee:29:83:a7:ba:8e:8b:f5:98:a1:09:03:1e:a2:3c:
                    40:55:81:b9:15:4d:3d:65:6d:f7:de:aa:d3:3b:5a:
                    26:53:5b:1e:82:2c:d3:b7:22:4c:e0:ee:e9:88:bb:
                    91:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:8A:58:A4:24:07:08:2B:D3:5A:53:77:F1:F8:F5:6D:CB:BA:33:EE
            X509v3 Authority Key Identifier:
                keyid:22:11:F0:40:3E:97:46:5A:01:DD:14:5B:C1:50:7B:E5:65:71:0D:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IhHwQD6XRloB3RRbwVB75WVxDU4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/85b40d-e900-4d9f-af05-316c7a9cd6b6/1/V4pYpCQHCCvTWlN38fj1bcu6M-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/85b40d-e900-4d9f-af05-316c7a9cd6b6/1/IhHwQD6XRloB3RRbwVB75WVxDU4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:d1:bc:92:cf:90:39:bf:c1:6d:39:5b:bc:45:06:4c:69:ec:
         29:b0:ef:49:26:52:71:db:b0:fc:da:d0:18:f7:87:ec:bc:68:
         61:9f:35:d4:05:62:90:08:0f:80:79:1d:71:b1:f3:ad:c7:89:
         37:60:f0:77:2b:61:c2:59:02:db:d0:bb:63:0e:6b:7c:b4:13:
         36:e0:15:30:65:66:e3:55:25:c7:d6:e8:90:46:c0:75:a7:c2:
         69:60:96:56:e7:32:81:f3:93:e9:9c:3f:fd:01:1f:b8:84:1a:
         56:47:04:dc:24:6b:d8:bc:01:a9:45:d2:1e:d8:5e:4d:1f:d2:
         78:74:1f:12:a9:cf:ca:1a:b4:2d:59:51:75:25:67:bb:2f:6d:
         2e:47:d6:31:82:28:54:8c:f0:02:3c:88:74:7c:e7:0e:24:74:
         95:f3:30:d2:db:84:1c:de:eb:17:c0:6b:2d:a1:0d:51:e2:07:
         a3:24:00:4e:31:2d:1a:0e:5d:21:bf:9f:54:4d:c2:34:b6:a0:
         65:96:23:19:e8:a3:46:05:b2:dc:87:6e:8e:9e:5f:6b:47:f0:
         a8:19:1e:ec:2a:98:e5:48:6a:fc:d9:97:47:bd:54:d1:c0:17:
         eb:8d:e9:84:08:ab:18:81:49:72:b1:df:09:69:63:98:fd:ee:
         99:fe:16:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtrmjwZMDXJtTIUQLl/2aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMTFmMDQwM2U5NzQ2NWEwMWRkMTQ1YmMxNTA3YmU1NjU3
MTBkNGUwHhcNMjQwMTAxMDYyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzhhNThhNDI0MDcwODJiZDM1YTUzNzdmMWY4ZjU2ZGNiYmEzM2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAroa9MAc0eoVi6f4ZNJqBkSSbLhMJ
DLuNwwPzvLRbjpQHPiy0vfy45H1hhSbB7/yfBsOgjmulOIBeTVF8QQforn/eGFll
7EQduOc1B9vo6wfqZZUJe6vbbJlS2DxXFW9OKuqNEz/OtCLoI02EZ/zmt0Wddp8u
Gw8gpoFC24RLbSOea04XMjVDBtb0RqynZof38uthshRc7Zz3aOj6WHAfwGfaldzt
UPohEnWattpbODH4CnXjfbhhRLhIVP9EKuS2Cb5oq6ImmQvEtsCsb1HE9eruKYOn
uo6L9ZihCQMeojxAVYG5FU09ZW333qrTO1omU1segizTtyJM4O7piLuRWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFeKWKQkBwgr01pTd/H49W3LujPuMB8GA1UdIwQY
MBaAFCIR8EA+l0ZaAd0UW8FQe+VlcQ1OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWhId1FENlhSbG9CM1JSYndWQjc1V1Z4RFU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS84NWI0MGQtZTkwMC00ZDlmLWFmMDUt
MzE2YzdhOWNkNmI2LzEvVjRwWXBDUUhDQ3ZUV2xOMzhmajFiY3U2TS00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS84NWI0MGQtZTkwMC00ZDlmLWFmMDUtMzE2YzdhOWNkNmI2
LzEvSWhId1FENlhSbG9CM1JSYndWQjc1V1Z4RFU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueZoMA0G
CSqGSIb3DQEBCwUAA4IBAQAt0bySz5A5v8FtOVu8RQZMaewpsO9JJlJx27D82tAY
94fsvGhhnzXUBWKQCA+AeR1xsfOtx4k3YPB3K2HCWQLb0LtjDmt8tBM24BUwZWbj
VSXH1uiQRsB1p8JpYJZW5zKB85PpnD/9AR+4hBpWRwTcJGvYvAGpRdIe2F5NH9J4
dB8Sqc/KGrQtWVF1JWe7L20uR9YxgihUjPACPIh0fOcOJHSV8zDS24Qc3usXwGst
oQ1R4gejJABOMS0aDl0hv59UTcI0tqBlliMZ6KNGBbLch26Onl9rR/CoGR7sKpjl
SGr82ZdHvVTRwBfrjemECKsYgUlysd8JaWOY/e6Z/hal
-----END CERTIFICATE-----