Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/1-LS3iqtix69S-3S4TFbGy0z1d68.roa
File:                     1-LS3iqtix69S-3S4TFbGy0z1d68.roa (raw, json)
Hash identifier:          N8vzq7XXbUvIEOPV5PgBDK8tKQLBtiJWSnV4UQYkKV0=
Subject key identifier:   F8:B4:B7:8A:AB:62:C7:AF:52:FB:74:B8:4C:56:C6:CB:4C:F5:77:AF
Certificate issuer:       /CN=e4c86da3f483246518d368034bc86113906a55a3
Certificate serial:       01929BA0753B6C54A71DA7B27F3568D5C077
Authority key identifier: E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/1-LS3iqtix69S-3S4TFbGy0z1d68.roa
Signing time:             Thu 17 Oct 2024 17:57:17 +0000
ROA not before:           Thu 17 Oct 2024 17:57:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        185.10.122.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9b:a0:75:3b:6c:54:a7:1d:a7:b2:7f:35:68:d5:c0:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4c86da3f483246518d368034bc86113906a55a3
        Validity
            Not Before: Oct 17 17:57:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8b4b78aab62c7af52fb74b84c56c6cb4cf577af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:39:82:d0:7f:94:01:9b:cf:d4:45:6e:ab:95:
                    7c:2b:c7:4e:9e:bb:20:4e:b3:bc:43:62:b3:44:0c:
                    e7:60:13:77:c4:0f:e4:fd:4e:8b:af:e0:3f:fb:99:
                    ec:7d:97:44:1f:aa:44:23:46:94:20:7a:72:62:9e:
                    b2:62:02:cb:3f:d7:d8:f1:d1:6a:c6:1c:83:95:7b:
                    0a:6d:dd:6f:71:4e:d7:b1:1d:eb:03:1e:b5:6e:13:
                    d9:39:37:12:bc:9f:f3:17:99:2a:4d:5d:5f:98:8b:
                    29:8c:24:73:de:e0:b3:66:3c:d3:15:79:11:f3:2a:
                    5a:4a:1c:ba:04:97:8d:90:b7:b6:fe:dd:1e:41:18:
                    af:36:7c:80:0c:e0:f0:01:83:49:bd:a9:fa:c4:4d:
                    ff:d2:c1:82:78:7f:dd:e1:c7:86:23:fc:f0:d8:a6:
                    13:0d:a5:30:8c:fa:aa:26:b9:6f:5f:5e:57:a5:8a:
                    e1:26:b7:b3:02:2b:83:77:96:a3:d7:9f:ad:9e:e2:
                    5b:77:68:66:9c:c6:0e:fe:a0:3f:3f:79:49:b4:d0:
                    a0:f3:50:0b:fd:70:3f:08:1f:e6:33:19:60:10:86:
                    b5:19:f7:87:55:75:3c:d1:e2:8b:9d:c5:0d:7d:86:
                    e1:f8:6c:b9:25:41:be:16:a3:67:74:72:46:d8:78:
                    d2:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:B4:B7:8A:AB:62:C7:AF:52:FB:74:B8:4C:56:C6:CB:4C:F5:77:AF
            X509v3 Authority Key Identifier:
                keyid:E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/1-LS3iqtix69S-3S4TFbGy0z1d68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.10.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b8:0e:33:62:c5:a4:34:47:0f:bd:72:73:06:d5:bf:40:a6:02:
         be:9a:fe:59:1f:43:16:86:69:47:18:c0:cb:fe:f4:f8:ea:ff:
         0f:0d:6d:21:b5:88:9c:7b:20:b1:cd:25:d8:77:5a:25:51:87:
         95:07:1f:b0:10:40:62:2c:14:f4:86:18:7f:e3:14:0c:96:09:
         42:04:74:61:e5:41:01:a2:b1:32:a8:60:b1:c3:8a:a3:6c:2d:
         9e:a0:ba:30:c0:19:95:00:cf:75:83:35:88:97:99:d6:24:ce:
         8d:56:c3:2f:8d:62:58:f8:84:31:ec:75:41:74:b1:48:a3:fb:
         fe:27:93:84:d7:88:8b:2b:88:22:47:73:cf:98:a1:05:5b:e0:
         7f:d0:7a:4c:8e:ad:f0:a1:c1:5e:c5:03:2c:02:b5:5a:c8:91:
         b7:e0:80:7e:98:07:1e:66:a3:74:d1:da:75:56:e6:94:46:05:
         4f:99:29:e7:47:dd:be:de:2b:3e:5c:70:ea:f0:4e:e9:c3:96:
         b8:68:bf:99:d2:28:27:2c:49:40:a4:65:1f:6c:11:f7:77:0c:
         c1:6e:41:8f:e7:be:49:59:00:b3:89:11:3d:ee:30:95:0e:8d:
         c5:8d:f1:94:b0:4b:8b:6d:6c:16:87:21:bd:cd:c6:bb:ec:37:
         24:ee:35:d7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZKboHU7bFSnHaeyfzVo1cB3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0Yzg2ZGEzZjQ4MzI0NjUxOGQzNjgwMzRiYzg2MTEzOTA2
YTU1YTMwHhcNMjQxMDE3MTc1NzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGI0Yjc4YWFiNjJjN2FmNTJmYjc0Yjg0YzU2YzZjYjRjZjU3N2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzmC0H+UAZvP1EVuq5V8K8dOnrsg
TrO8Q2KzRAznYBN3xA/k/U6Lr+A/+5nsfZdEH6pEI0aUIHpyYp6yYgLLP9fY8dFq
xhyDlXsKbd1vcU7XsR3rAx61bhPZOTcSvJ/zF5kqTV1fmIspjCRz3uCzZjzTFXkR
8ypaShy6BJeNkLe2/t0eQRivNnyADODwAYNJvan6xE3/0sGCeH/d4ceGI/zw2KYT
DaUwjPqqJrlvX15XpYrhJrezAiuDd5aj15+tnuJbd2hmnMYO/qA/P3lJtNCg81AL
/XA/CB/mMxlgEIa1GfeHVXU80eKLncUNfYbh+Gy5JUG+FqNndHJG2HjSkQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPi0t4qrYsevUvt0uExWxstM9XevMB8GA1UdIwQY
MBaAFOTIbaP0gyRlGNNoA0vIYROQalWjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTct
YzUxMWEzZTkxMmI2LzEvMS1MUzNpcXRpeDY5Uy0zUzRURmJHeTB6MWQ2OC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODkvYjRlNTAzLTU3NGItNDU2NS05MjE3LWM1MTFhM2U5MTJi
Ni8xLzVNaHRvX1NESkdVWTAyZ0RTOGhoRTVCcVZhTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbkKejAN
BgkqhkiG9w0BAQsFAAOCAQEAuA4zYsWkNEcPvXJzBtW/QKYCvpr+WR9DFoZpRxjA
y/70+Or/Dw1tIbWInHsgsc0l2HdaJVGHlQcfsBBAYiwU9IYYf+MUDJYJQgR0YeVB
AaKxMqhgscOKo2wtnqC6MMAZlQDPdYM1iJeZ1iTOjVbDL41iWPiEMex1QXSxSKP7
/ieThNeIiyuIIkdzz5ihBVvgf9B6TI6t8KHBXsUDLAK1WsiRt+CAfpgHHmajdNHa
dVbmlEYFT5kp50fdvt4rPlxw6vBO6cOWuGi/mdIoJyxJQKRlH2wR93cMwW5Bj+e+
SVkAs4kRPe4wlQ6NxY3xlLBLi21sFochvc3Gu+w3JO411w==
-----END CERTIFICATE-----