Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/65420c-f5e2-4d29-b503-6529751b2b01/1/KcZ5KvPQJwKERZVTZ---hUpk9jU.roa
File:                     KcZ5KvPQJwKERZVTZ---hUpk9jU.roa (raw, json)
Hash identifier:          5EqFIytwVbKkNt1jOIucWTD3axgMX3HNrJHzmLfmTbo=
Subject key identifier:   29:C6:79:2A:F3:D0:27:02:84:45:95:53:67:EF:BE:85:4A:64:F6:35
Certificate issuer:       /CN=918ef823bb041ea3ac7c8936c750b6018137e2cd
Certificate serial:       018CCA2BC6A1EA52BB040543EA5ADB9E889C
Authority key identifier: 91:8E:F8:23:BB:04:1E:A3:AC:7C:89:36:C7:50:B6:01:81:37:E2:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kY74I7sEHqOsfIk2x1C2AYE34s0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/65420c-f5e2-4d29-b503-6529751b2b01/1/KcZ5KvPQJwKERZVTZ---hUpk9jU.roa
Signing time:             Tue 02 Jan 2024 12:35:15 +0000
ROA not before:           Tue 02 Jan 2024 12:35:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6908
IP address blocks:        185.4.116.0/22 maxlen: 24
                          185.4.116.0/24 maxlen: 24
                          185.4.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/65420c-f5e2-4d29-b503-6529751b2b01/1/kY74I7sEHqOsfIk2x1C2AYE34s0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/65420c-f5e2-4d29-b503-6529751b2b01/1/kY74I7sEHqOsfIk2x1C2AYE34s0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kY74I7sEHqOsfIk2x1C2AYE34s0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:c6:a1:ea:52:bb:04:05:43:ea:5a:db:9e:88:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=918ef823bb041ea3ac7c8936c750b6018137e2cd
        Validity
            Not Before: Jan  2 12:35:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29c6792af3d027028445955367efbe854a64f635
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:54:a0:42:0f:55:42:4f:3d:dd:ef:6d:df:3d:
                    3a:94:97:94:53:36:5b:28:ce:5e:2d:f9:47:ce:1e:
                    a1:9d:f1:d3:46:2d:00:ab:8c:ab:9c:8a:83:bd:d3:
                    00:a9:80:9e:7c:09:c3:69:15:e7:63:9c:d7:f8:e9:
                    26:c5:58:06:e5:55:ff:16:c9:9d:8b:05:73:64:3f:
                    43:f7:03:c1:1b:7a:a1:1b:b2:18:51:1e:e3:54:56:
                    44:a7:6a:e7:f7:2b:c5:51:51:bb:a6:40:48:f8:f0:
                    f1:23:fe:cd:68:aa:c8:c4:d2:22:c8:50:05:ce:58:
                    ef:59:a7:81:3d:ab:6b:3d:da:2c:c8:93:9c:db:fc:
                    be:58:96:73:a2:69:f9:9e:b0:c4:98:bd:fa:09:8a:
                    92:8c:d5:d7:30:bc:7c:2f:4c:7a:74:52:a5:0a:e8:
                    34:6a:5e:f0:ce:4f:e5:bf:9a:9d:d1:09:0d:77:35:
                    05:18:53:53:98:c0:11:27:e5:73:1e:fb:df:1d:57:
                    a9:09:4e:5b:06:ce:90:7a:4e:dc:70:3f:5a:06:2a:
                    69:1b:1b:09:c8:66:ca:aa:0d:19:99:e4:5e:d6:98:
                    77:26:83:b7:53:ca:79:1f:35:de:d1:7e:6f:7d:3d:
                    84:d3:aa:83:bb:2d:08:ac:db:1a:f7:4b:a3:50:f2:
                    16:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:C6:79:2A:F3:D0:27:02:84:45:95:53:67:EF:BE:85:4A:64:F6:35
            X509v3 Authority Key Identifier:
                keyid:91:8E:F8:23:BB:04:1E:A3:AC:7C:89:36:C7:50:B6:01:81:37:E2:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kY74I7sEHqOsfIk2x1C2AYE34s0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/65420c-f5e2-4d29-b503-6529751b2b01/1/KcZ5KvPQJwKERZVTZ---hUpk9jU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/65420c-f5e2-4d29-b503-6529751b2b01/1/kY74I7sEHqOsfIk2x1C2AYE34s0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.4.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:05:6d:47:62:c2:ee:4d:b7:2c:e1:d0:f0:47:41:a0:0d:aa:
         90:c2:0b:89:22:a5:f7:65:01:f4:75:b8:57:a2:32:4e:aa:4f:
         7b:a2:a9:c6:7b:52:39:5c:0a:aa:48:ec:d3:0f:fb:d9:d5:c8:
         d8:96:a1:79:a2:c7:07:c7:03:cc:b1:09:8d:f2:7f:b6:fa:83:
         91:48:4f:02:0c:c4:73:9b:e6:7e:da:39:ca:ce:61:ce:5f:e9:
         86:8a:8d:ed:50:d3:ae:06:92:f3:1e:b0:9f:27:0e:38:97:e8:
         7e:33:d2:ca:e9:6e:9f:bb:63:a8:ce:50:c1:82:a8:32:2e:6e:
         67:56:4f:f8:bb:68:4e:12:23:53:48:a1:2c:26:04:98:0b:ee:
         e7:a1:b2:69:cc:39:ff:e8:5a:08:a5:35:28:51:09:b2:3c:d3:
         36:42:c6:dd:3f:21:6c:c6:36:52:e4:e1:a0:48:15:62:e3:7a:
         13:11:89:3a:bf:fb:00:a6:2a:bc:a6:a5:3c:42:a6:55:d1:28:
         6c:ee:12:80:f5:f5:2f:c7:bb:3d:54:c1:04:73:fd:dc:fb:6c:
         77:98:ec:31:03:f6:da:a8:d1:71:f1:f6:15:3b:1f:89:93:2e:
         ae:d3:04:5a:77:4c:b7:d1:da:2b:50:70:2b:5a:72:0a:1e:53:
         19:ba:7b:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK8ah6lK7BAVD6lrbnoicMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxOGVmODIzYmIwNDFlYTNhYzdjODkzNmM3NTBiNjAxODEz
N2UyY2QwHhcNMjQwMTAyMTIzNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWM2NzkyYWYzZDAyNzAyODQ0NTk1NTM2N2VmYmU4NTRhNjRmNjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVSgQg9VQk893e9t3z06lJeUUzZb
KM5eLflHzh6hnfHTRi0Aq4yrnIqDvdMAqYCefAnDaRXnY5zX+OkmxVgG5VX/Fsmd
iwVzZD9D9wPBG3qhG7IYUR7jVFZEp2rn9yvFUVG7pkBI+PDxI/7NaKrIxNIiyFAF
zljvWaeBPatrPdosyJOc2/y+WJZzomn5nrDEmL36CYqSjNXXMLx8L0x6dFKlCug0
al7wzk/lv5qd0QkNdzUFGFNTmMARJ+VzHvvfHVepCU5bBs6Qek7ccD9aBippGxsJ
yGbKqg0ZmeRe1ph3JoO3U8p5HzXe0X5vfT2E06qDuy0IrNsa90ujUPIW2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCnGeSrz0CcChEWVU2fvvoVKZPY1MB8GA1UdIwQY
MBaAFJGO+CO7BB6jrHyJNsdQtgGBN+LNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1k3NEk3c0VIcU9zZklrMngxQzJBWUUzNHMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS82NTQyMGMtZjVlMi00ZDI5LWI1MDMt
NjUyOTc1MWIyYjAxLzEvS2NaNUt2UFFKd0tFUlpWVFotLS1oVXBrOWpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS82NTQyMGMtZjVlMi00ZDI5LWI1MDMtNjUyOTc1MWIyYjAx
LzEva1k3NEk3c0VIcU9zZklrMngxQzJBWUUzNHMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQR0MA0G
CSqGSIb3DQEBCwUAA4IBAQAIBW1HYsLuTbcs4dDwR0GgDaqQwguJIqX3ZQH0dbhX
ojJOqk97oqnGe1I5XAqqSOzTD/vZ1cjYlqF5oscHxwPMsQmN8n+2+oORSE8CDMRz
m+Z+2jnKzmHOX+mGio3tUNOuBpLzHrCfJw44l+h+M9LK6W6fu2OozlDBgqgyLm5n
Vk/4u2hOEiNTSKEsJgSYC+7nobJpzDn/6FoIpTUoUQmyPNM2QsbdPyFsxjZS5OGg
SBVi43oTEYk6v/sApiq8pqU8QqZV0Shs7hKA9fUvx7s9VMEEc/3c+2x3mOwxA/ba
qNFx8fYVOx+Jky6u0wRad0y30dorUHArWnIKHlMZunti
-----END CERTIFICATE-----