Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/97SmY25z5BLHRkHcMPX-k5s4IL4.roa
File:                     97SmY25z5BLHRkHcMPX-k5s4IL4.roa (raw, json)
Hash identifier:          gaeub3zxuFrpPZZ9lflWbFxg/sfB7OZ7+3zMKW3Rcag=
Subject key identifier:   F7:B4:A6:63:6E:73:E4:12:C7:46:41:DC:30:F5:FE:93:9B:38:20:BE
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801D5D29ADDFD7386816F5BAF35B000
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/97SmY25z5BLHRkHcMPX-k5s4IL4.roa
Signing time:             Tue 02 Jan 2024 02:30:12 +0000
ROA not before:           Tue 02 Jan 2024 02:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34549
IP address blocks:        185.222.218.0/24 maxlen: 24
                          2a09:0:13::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:d5:d2:9a:dd:fd:73:86:81:6f:5b:af:35:b0:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7b4a6636e73e412c74641dc30f5fe939b3820be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:90:95:ac:8c:20:19:20:29:fe:7a:68:b6:bb:
                    90:e2:0d:08:2b:9d:cc:b9:55:2a:d4:b2:28:7e:8f:
                    17:60:1b:04:4b:0b:48:23:b7:8e:ce:e6:ba:1b:ce:
                    f4:e0:84:4f:01:ab:18:8f:85:cd:e2:a2:f9:40:6b:
                    98:d0:ce:f0:4b:e4:cd:e3:44:dc:d1:b0:d8:41:87:
                    fe:30:83:7f:f4:a6:bd:93:c2:4a:e9:4e:76:15:aa:
                    13:87:dd:8a:2a:1b:8d:dc:bc:de:18:63:32:4f:dc:
                    8c:ee:aa:43:06:9a:48:d3:f9:0a:ff:1b:01:79:79:
                    67:5d:66:22:d9:06:57:ef:94:87:39:e1:e9:97:0a:
                    48:b6:ab:fc:1d:73:c1:93:b3:b7:c2:ff:42:bb:23:
                    2e:44:fb:ad:01:2e:4e:15:02:36:2a:0d:da:19:fd:
                    53:9e:db:b5:21:a7:fc:84:89:7c:e5:91:16:15:ab:
                    ed:0c:5b:e1:f5:5d:11:11:dd:53:05:3c:28:0a:4b:
                    34:04:ab:53:07:8a:85:2a:4c:46:aa:36:94:94:d9:
                    d0:4e:4c:51:ed:17:24:86:fe:a0:6b:25:a7:f9:e2:
                    ae:0f:fe:08:8b:81:73:db:d6:35:aa:bb:35:2f:c8:
                    f9:47:d3:84:89:1e:90:bf:68:d1:11:cf:0c:3a:9c:
                    c9:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:B4:A6:63:6E:73:E4:12:C7:46:41:DC:30:F5:FE:93:9B:38:20:BE
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/97SmY25z5BLHRkHcMPX-k5s4IL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.218.0/24
                IPv6:
                  2a09:0:13::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:a8:fc:31:c4:ff:ae:82:8f:d6:fe:25:c8:33:57:90:01:32:
         73:ea:17:7b:cd:1e:b0:7d:21:e0:a8:18:44:97:a6:80:88:71:
         90:b9:4c:b4:24:da:02:2a:64:f0:11:9b:49:fe:f9:f3:e7:d1:
         5c:2b:3e:f7:98:1f:99:95:ee:f9:33:ac:59:16:34:32:56:82:
         d1:62:99:19:5d:c0:99:3b:53:a0:05:6f:0d:63:36:8e:5d:8e:
         a7:f1:cc:80:59:d9:73:ab:78:f4:ea:29:48:c5:4d:d2:98:69:
         fe:8f:3a:39:dd:39:d9:00:f8:73:1c:b2:b2:64:76:56:85:1c:
         6c:79:f2:a7:f5:95:9c:0d:2a:dc:04:48:d4:81:81:9d:76:3c:
         2b:bd:29:cf:20:ab:dc:ab:7e:a7:49:de:5e:4b:b7:61:52:72:
         8b:0e:12:2f:ad:8b:cf:a4:8c:df:f8:38:b8:ea:f7:f6:3c:e2:
         c8:3f:6b:28:76:f7:13:9a:49:b5:f7:e2:e0:71:26:ef:53:a8:
         05:69:d5:5f:75:c6:9b:bd:1d:0b:14:5f:36:be:94:3d:a5:23:
         62:54:b5:9a:76:56:e5:39:81:09:f3:a6:cc:69:29:ca:8d:6c:
         0d:15:f4:cf:b4:b6:8a:97:b4:d8:b0:13:3a:4d:ce:26:f6:34:
         90:fc:d9:d3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAdXSmt39c4aBb1uvNbAAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2I0YTY2MzZlNzNlNDEyYzc0NjQxZGMzMGY1ZmU5MzliMzgyMGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJCVrIwgGSAp/npotruQ4g0IK53M
uVUq1LIofo8XYBsESwtII7eOzua6G8704IRPAasYj4XN4qL5QGuY0M7wS+TN40Tc
0bDYQYf+MIN/9Ka9k8JK6U52FaoTh92KKhuN3LzeGGMyT9yM7qpDBppI0/kK/xsB
eXlnXWYi2QZX75SHOeHplwpItqv8HXPBk7O3wv9CuyMuRPutAS5OFQI2Kg3aGf1T
ntu1Iaf8hIl85ZEWFavtDFvh9V0REd1TBTwoCks0BKtTB4qFKkxGqjaUlNnQTkxR
7Rckhv6gayWn+eKuD/4Ii4Fz29Y1qrs1L8j5R9OEiR6Qv2jREc8MOpzJ7wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPe0pmNuc+QSx0ZB3DD1/pObOCC+MB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvOTdTbVkyNXo1QkxIUmtIY01QWC1rNXM0SUw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAud7aMA8E
AgACMAkDBwAqCQAAABMwDQYJKoZIhvcNAQELBQADggEBABeo/DHE/66Cj9b+Jcgz
V5ABMnPqF3vNHrB9IeCoGESXpoCIcZC5TLQk2gIqZPARm0n++fPn0VwrPveYH5mV
7vkzrFkWNDJWgtFimRldwJk7U6AFbw1jNo5djqfxzIBZ2XOrePTqKUjFTdKYaf6P
OjndOdkA+HMcsrJkdlaFHGx58qf1lZwNKtwESNSBgZ12PCu9Kc8gq9yrfqdJ3l5L
t2FScosOEi+ti8+kjN/4OLjq9/Y84sg/ayh29xOaSbX34uBxJu9TqAVp1V91xpu9
HQsUXza+lD2lI2JUtZp2VuU5gQnzpsxpKcqNbA0V9M+0toqXtNiwEzpNzib2NJD8
2dM=
-----END CERTIFICATE-----