Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/a06a67-d4dc-458e-abe6-4bb1fd0375f2/1/IiYvSOYnZ1xLI8k0OrXgmjLBw5c.roa
File:                     IiYvSOYnZ1xLI8k0OrXgmjLBw5c.roa (raw, json)
Hash identifier:          pGgvcj8CA7JWUh9LrVD122WL8FS9b3qOxDel88sShFo=
Subject key identifier:   22:26:2F:48:E6:27:67:5C:4B:23:C9:34:3A:B5:E0:9A:32:C1:C3:97
Certificate issuer:       /CN=6f353d185fc1eb4d0704a4b4a890f98b8b4fef83
Certificate serial:       018CC64A544B3481D81138F9C50B9FDBE3A4
Authority key identifier: 6F:35:3D:18:5F:C1:EB:4D:07:04:A4:B4:A8:90:F9:8B:8B:4F:EF:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bzU9GF_B600HBKS0qJD5i4tP74M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/a06a67-d4dc-458e-abe6-4bb1fd0375f2/1/IiYvSOYnZ1xLI8k0OrXgmjLBw5c.roa
Signing time:             Mon 01 Jan 2024 18:30:09 +0000
ROA not before:           Mon 01 Jan 2024 18:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6696
IP address blocks:        194.1.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/a06a67-d4dc-458e-abe6-4bb1fd0375f2/1/bzU9GF_B600HBKS0qJD5i4tP74M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/a06a67-d4dc-458e-abe6-4bb1fd0375f2/1/bzU9GF_B600HBKS0qJD5i4tP74M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bzU9GF_B600HBKS0qJD5i4tP74M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:54:4b:34:81:d8:11:38:f9:c5:0b:9f:db:e3:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f353d185fc1eb4d0704a4b4a890f98b8b4fef83
        Validity
            Not Before: Jan  1 18:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22262f48e627675c4b23c9343ab5e09a32c1c397
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:6b:d5:0f:08:8b:09:b4:af:67:79:24:e8:ec:
                    9c:ab:27:e9:0e:f8:7f:75:99:30:ab:e7:d1:f8:24:
                    75:97:98:86:ab:5e:2e:74:f4:25:88:32:5d:92:34:
                    35:98:d3:ec:ed:7a:eb:58:4b:a5:00:0c:4b:87:78:
                    cc:00:b0:e8:0c:95:d0:14:8f:85:36:80:25:cb:50:
                    b6:8f:a0:db:f9:9e:c0:73:5b:42:fc:bd:f9:9e:d6:
                    ed:56:74:5b:fb:92:d8:be:ac:92:52:40:d7:b5:6c:
                    d7:ec:c5:58:40:d1:7c:30:d8:fa:19:90:2f:97:e8:
                    81:e6:2b:4b:02:63:c0:92:06:7a:6a:31:b7:a0:2e:
                    fe:28:d0:ca:06:c7:d8:34:0f:f9:34:1b:c5:01:73:
                    79:8e:30:29:c7:97:a8:ed:3f:95:3a:3f:18:73:cc:
                    74:12:08:7e:e2:31:65:fd:12:0e:3e:6a:a3:eb:de:
                    d5:a3:64:ff:e2:ef:34:a3:60:4e:09:d9:cd:56:3d:
                    f0:7c:50:a9:12:68:b5:25:9b:14:de:30:a9:26:69:
                    46:8c:ce:1f:8b:4e:53:38:36:15:ff:52:87:fb:ee:
                    10:c9:eb:75:d6:57:3b:5b:00:0e:5c:37:79:5a:1c:
                    7a:c4:e9:9b:04:ea:71:a4:b1:50:b6:77:c2:aa:50:
                    04:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:26:2F:48:E6:27:67:5C:4B:23:C9:34:3A:B5:E0:9A:32:C1:C3:97
            X509v3 Authority Key Identifier:
                keyid:6F:35:3D:18:5F:C1:EB:4D:07:04:A4:B4:A8:90:F9:8B:8B:4F:EF:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bzU9GF_B600HBKS0qJD5i4tP74M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/a06a67-d4dc-458e-abe6-4bb1fd0375f2/1/IiYvSOYnZ1xLI8k0OrXgmjLBw5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/a06a67-d4dc-458e-abe6-4bb1fd0375f2/1/bzU9GF_B600HBKS0qJD5i4tP74M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.1.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:2a:0b:d1:37:27:10:ff:36:6f:c4:03:78:a7:27:7c:37:01:
         81:f3:59:17:2b:9e:5b:39:0a:e2:a8:ac:ea:4b:93:63:d7:a8:
         65:80:0e:0d:0e:ca:c9:ca:57:ef:f7:d4:d4:15:44:e0:b1:26:
         70:4e:01:08:5f:40:7e:e0:4b:3a:31:7d:25:47:f7:af:cd:ca:
         f4:d4:a2:45:79:9e:81:fc:bf:35:40:2a:cf:2c:76:3f:e0:8f:
         2d:e5:16:7c:28:71:ee:09:8d:6b:bc:7a:00:52:78:c1:2a:a4:
         6e:e1:11:01:77:95:4d:dc:35:db:c0:67:e9:50:69:b7:9e:92:
         8b:ee:08:42:67:e8:9a:38:58:4b:ce:2d:8c:e7:9f:8d:b9:5d:
         01:5c:1c:d6:95:a2:28:6a:52:66:41:a8:45:7d:da:47:37:2f:
         6a:70:3b:b6:dd:64:ad:ba:e9:54:37:9e:09:7b:27:78:e8:cc:
         4b:f1:44:93:8c:e2:5c:c0:75:4a:06:2a:d2:b9:80:c9:8c:d2:
         cc:0f:08:3a:28:86:fd:4a:c8:85:ac:9e:d7:e7:a5:46:b3:ad:
         0e:a9:d1:47:e2:c6:75:5a:55:7f:b6:3b:2b:ef:76:bc:ec:5f:
         34:47:e7:c0:7d:22:f1:d0:36:30:fb:07:68:c6:c0:f4:a8:7a:
         46:c4:ff:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSlRLNIHYETj5xQuf2+OkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMzUzZDE4NWZjMWViNGQwNzA0YTRiNGE4OTBmOThiOGI0
ZmVmODMwHhcNMjQwMTAxMTgzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjI2MmY0OGU2Mjc2NzVjNGIyM2M5MzQzYWI1ZTA5YTMyYzFjMzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlWvVDwiLCbSvZ3kk6OycqyfpDvh/
dZkwq+fR+CR1l5iGq14udPQliDJdkjQ1mNPs7XrrWEulAAxLh3jMALDoDJXQFI+F
NoAly1C2j6Db+Z7Ac1tC/L35ntbtVnRb+5LYvqySUkDXtWzX7MVYQNF8MNj6GZAv
l+iB5itLAmPAkgZ6ajG3oC7+KNDKBsfYNA/5NBvFAXN5jjApx5eo7T+VOj8Yc8x0
Egh+4jFl/RIOPmqj697Vo2T/4u80o2BOCdnNVj3wfFCpEmi1JZsU3jCpJmlGjM4f
i05TODYV/1KH++4Qyet11lc7WwAOXDd5Whx6xOmbBOpxpLFQtnfCqlAEOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCImL0jmJ2dcSyPJNDq14JoywcOXMB8GA1UdIwQY
MBaAFG81PRhfwetNBwSktKiQ+YuLT++DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnpVOUdGX0I2MDBIQktTMHFKRDVpNHRQNzRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9hMDZhNjctZDRkYy00NThlLWFiZTYt
NGJiMWZkMDM3NWYyLzEvSWlZdlNPWW5aMXhMSThrME9yWGdtakxCdzVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9hMDZhNjctZDRkYy00NThlLWFiZTYtNGJiMWZkMDM3NWYy
LzEvYnpVOUdGX0I2MDBIQktTMHFKRDVpNHRQNzRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgHNMA0G
CSqGSIb3DQEBCwUAA4IBAQAHKgvRNycQ/zZvxAN4pyd8NwGB81kXK55bOQriqKzq
S5Nj16hlgA4NDsrJylfv99TUFUTgsSZwTgEIX0B+4Es6MX0lR/evzcr01KJFeZ6B
/L81QCrPLHY/4I8t5RZ8KHHuCY1rvHoAUnjBKqRu4REBd5VN3DXbwGfpUGm3npKL
7ghCZ+iaOFhLzi2M55+NuV0BXBzWlaIoalJmQahFfdpHNy9qcDu23WStuulUN54J
eyd46MxL8USTjOJcwHVKBirSuYDJjNLMDwg6KIb9SsiFrJ7X56VGs60OqdFH4sZ1
WlV/tjsr73a87F80R+fAfSLx0DYw+wdoxsD0qHpGxP/l
-----END CERTIFICATE-----