Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/5247b3-6067-436d-ae19-cba722ecb2db/1/IsJ0c25oEMcq2hs62WVn3JnR5kc.roa
File:                     IsJ0c25oEMcq2hs62WVn3JnR5kc.roa (raw, json)
Hash identifier:          FVZnWTpWqx/hdTsogFHC4HE54Isaap3vLQprMcgXpZE=
Subject key identifier:   22:C2:74:73:6E:68:10:C7:2A:DA:1B:3A:D9:65:67:DC:99:D1:E6:47
Certificate issuer:       /CN=acfbbca852b957385909f6bd288cdf363f218b06
Certificate serial:       019426D98F15D825455DC47A6780F2DE90CC
Authority key identifier: AC:FB:BC:A8:52:B9:57:38:59:09:F6:BD:28:8C:DF:36:3F:21:8B:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rPu8qFK5VzhZCfa9KIzfNj8hiwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/5247b3-6067-436d-ae19-cba722ecb2db/1/IsJ0c25oEMcq2hs62WVn3JnR5kc.roa
Signing time:             Thu 02 Jan 2025 11:49:39 +0000
ROA not before:           Thu 02 Jan 2025 11:49:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203901
IP address blocks:        185.101.28.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/5247b3-6067-436d-ae19-cba722ecb2db/1/rPu8qFK5VzhZCfa9KIzfNj8hiwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/5247b3-6067-436d-ae19-cba722ecb2db/1/rPu8qFK5VzhZCfa9KIzfNj8hiwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rPu8qFK5VzhZCfa9KIzfNj8hiwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:8f:15:d8:25:45:5d:c4:7a:67:80:f2:de:90:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=acfbbca852b957385909f6bd288cdf363f218b06
        Validity
            Not Before: Jan  2 11:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22c274736e6810c72ada1b3ad96567dc99d1e647
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:4e:4f:c4:be:da:2f:70:06:5e:d9:eb:a9:6b:
                    bf:ae:38:7a:28:c5:5a:2d:bd:91:c6:e6:6d:44:8f:
                    1d:10:9e:96:94:ed:83:73:d5:83:bd:bd:45:bc:2b:
                    f3:ff:d9:28:02:8c:79:e2:2e:6d:c4:f8:a2:7a:29:
                    1b:de:97:5b:7b:10:1f:13:33:b1:93:f2:e4:e9:29:
                    7c:0e:b9:21:d1:e8:21:e1:04:f7:db:b3:b1:4d:f3:
                    29:78:55:79:f2:08:ba:96:2c:66:b0:18:01:22:14:
                    fe:bb:02:09:92:32:d7:80:26:fc:a0:fb:3a:c0:dd:
                    32:b6:6a:ea:e1:21:de:f8:c9:c8:37:4e:05:d9:fa:
                    13:e9:07:f9:8a:3e:8e:24:9b:d5:8f:db:b7:d7:e9:
                    62:f5:e5:9e:a7:cb:04:11:0b:58:ce:3c:29:95:d9:
                    c3:73:12:95:bd:c2:d5:26:15:5d:c6:72:55:8a:8e:
                    bb:9f:c6:2d:fc:2a:43:13:c3:79:79:7c:db:00:14:
                    f9:40:03:1d:0c:5d:f7:45:b8:bb:4a:ec:f8:d2:d8:
                    ae:d2:fb:60:0c:f9:b7:2f:8a:3f:5e:6e:36:d0:59:
                    6d:46:1d:75:ae:54:8a:8d:4b:ff:af:c2:20:ec:f7:
                    b7:59:5d:4e:bd:c3:39:79:95:89:80:42:d0:eb:f2:
                    f7:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:C2:74:73:6E:68:10:C7:2A:DA:1B:3A:D9:65:67:DC:99:D1:E6:47
            X509v3 Authority Key Identifier:
                keyid:AC:FB:BC:A8:52:B9:57:38:59:09:F6:BD:28:8C:DF:36:3F:21:8B:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rPu8qFK5VzhZCfa9KIzfNj8hiwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/5247b3-6067-436d-ae19-cba722ecb2db/1/IsJ0c25oEMcq2hs62WVn3JnR5kc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/5247b3-6067-436d-ae19-cba722ecb2db/1/rPu8qFK5VzhZCfa9KIzfNj8hiwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:c4:79:8b:b4:d3:ef:57:75:80:bc:97:c2:84:15:e7:78:2a:
         f7:8f:68:f3:02:8a:dd:68:82:7c:5c:2a:96:42:2c:9b:6a:ce:
         7d:95:28:f0:2a:a1:e8:1e:c1:f6:c4:47:0f:68:ab:13:60:da:
         3f:c0:d7:a7:1b:23:38:81:3b:4a:49:14:78:c3:c0:49:d0:14:
         91:b4:78:67:71:76:47:c5:65:cc:da:61:ee:05:25:29:91:82:
         c3:e7:30:47:6b:35:c0:db:22:39:0d:94:ef:b2:7d:e8:58:7a:
         1d:0b:c9:15:be:eb:2b:ea:c4:c9:6b:e7:0c:e2:b3:dd:02:12:
         c5:fa:73:a8:30:1c:a1:89:50:73:46:77:3f:d5:79:b2:56:ce:
         b5:fd:e1:c4:3d:9e:7f:40:86:db:35:4b:f3:76:11:60:14:24:
         64:94:3b:63:3c:6d:b4:1f:1a:29:1e:d7:5b:7b:a5:9c:d1:47:
         dd:6f:5c:d7:0f:b3:ae:46:d9:df:ab:71:52:90:09:f6:22:dc:
         ab:f9:c7:02:5b:f0:52:70:27:b6:15:47:0f:b1:0a:0e:fc:c2:
         6b:15:7d:98:65:63:8d:b3:30:fa:b1:ed:48:17:ed:06:af:dd:
         81:2b:26:b4:9c:ee:1a:65:eb:9d:70:5d:9d:50:76:4d:ce:be:
         58:68:de:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2Y8V2CVFXcR6Z4Dy3pDMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjZmJiY2E4NTJiOTU3Mzg1OTA5ZjZiZDI4OGNkZjM2M2Yy
MThiMDYwHhcNMjUwMTAyMTE0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmMyNzQ3MzZlNjgxMGM3MmFkYTFiM2FkOTY1NjdkYzk5ZDFlNjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw05PxL7aL3AGXtnrqWu/rjh6KMVa
Lb2RxuZtRI8dEJ6WlO2Dc9WDvb1FvCvz/9koAox54i5txPiieikb3pdbexAfEzOx
k/Lk6Sl8Drkh0egh4QT327OxTfMpeFV58gi6lixmsBgBIhT+uwIJkjLXgCb8oPs6
wN0ytmrq4SHe+MnIN04F2foT6Qf5ij6OJJvVj9u31+li9eWep8sEEQtYzjwpldnD
cxKVvcLVJhVdxnJVio67n8Yt/CpDE8N5eXzbABT5QAMdDF33Rbi7Suz40tiu0vtg
DPm3L4o/Xm420FltRh11rlSKjUv/r8Ig7Pe3WV1OvcM5eZWJgELQ6/L3awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCLCdHNuaBDHKtobOtllZ9yZ0eZHMB8GA1UdIwQY
MBaAFKz7vKhSuVc4WQn2vSiM3zY/IYsGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclB1OHFGSzVWemhaQ2ZhOUtJemZOajhoaXdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS81MjQ3YjMtNjA2Ny00MzZkLWFlMTkt
Y2JhNzIyZWNiMmRiLzEvSXNKMGMyNW9FTWNxMmhzNjJXVm4zSm5SNWtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS81MjQ3YjMtNjA2Ny00MzZkLWFlMTktY2JhNzIyZWNiMmRi
LzEvclB1OHFGSzVWemhaQ2ZhOUtJemZOajhoaXdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWUcMA0G
CSqGSIb3DQEBCwUAA4IBAQBHxHmLtNPvV3WAvJfChBXneCr3j2jzAordaIJ8XCqW
Qiybas59lSjwKqHoHsH2xEcPaKsTYNo/wNenGyM4gTtKSRR4w8BJ0BSRtHhncXZH
xWXM2mHuBSUpkYLD5zBHazXA2yI5DZTvsn3oWHodC8kVvusr6sTJa+cM4rPdAhLF
+nOoMByhiVBzRnc/1XmyVs61/eHEPZ5/QIbbNUvzdhFgFCRklDtjPG20HxopHtdb
e6Wc0Ufdb1zXD7OuRtnfq3FSkAn2Ityr+ccCW/BScCe2FUcPsQoO/MJrFX2YZWON
szD6se1IF+0Gr92BKya0nO4aZeudcF2dUHZNzr5YaN6U
-----END CERTIFICATE-----