Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/d9f482-135e-47f6-9317-6785ada527c1/1/1-gFeIgFO3WvSnKETjmsdxxMCs48.roa
File:                     1-gFeIgFO3WvSnKETjmsdxxMCs48.roa (raw, json)
Hash identifier:          3H/bj7omMD+LbLTDnDNzQTXnoRyuY6jhaDqRz6EhTVo=
Subject key identifier:   FA:01:5E:22:01:4E:DD:6B:D2:9C:A1:13:8E:6B:1D:C7:13:02:B3:8F
Certificate issuer:       /CN=90a02705006532ef33a0064f875a100923509fd5
Certificate serial:       018CC5DC3176FA809C61BAF1F010F727C0EA
Authority key identifier: 90:A0:27:05:00:65:32:EF:33:A0:06:4F:87:5A:10:09:23:50:9F:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kKAnBQBlMu8zoAZPh1oQCSNQn9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/d9f482-135e-47f6-9317-6785ada527c1/1/1-gFeIgFO3WvSnKETjmsdxxMCs48.roa
Signing time:             Mon 01 Jan 2024 16:29:51 +0000
ROA not before:           Mon 01 Jan 2024 16:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198380
IP address blocks:        185.154.236.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/d9f482-135e-47f6-9317-6785ada527c1/1/kKAnBQBlMu8zoAZPh1oQCSNQn9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/d9f482-135e-47f6-9317-6785ada527c1/1/kKAnBQBlMu8zoAZPh1oQCSNQn9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kKAnBQBlMu8zoAZPh1oQCSNQn9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:31:76:fa:80:9c:61:ba:f1:f0:10:f7:27:c0:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90a02705006532ef33a0064f875a100923509fd5
        Validity
            Not Before: Jan  1 16:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa015e22014edd6bd29ca1138e6b1dc71302b38f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ac:49:af:da:88:f6:9e:4e:b4:fc:42:8a:62:
                    5f:4b:47:20:d2:cb:e5:2b:04:53:fa:2d:f8:74:77:
                    d7:7b:64:ef:72:ed:76:07:7f:a1:0c:c3:2d:cf:78:
                    f3:82:a2:db:71:1e:e7:ee:bc:3e:a4:80:c2:fb:49:
                    6f:d4:70:db:d6:13:4b:21:67:2b:95:ae:d5:8e:c5:
                    ea:e4:81:31:db:5e:c7:4e:53:d0:44:c6:bb:a4:03:
                    1b:be:6d:1d:15:f7:98:58:c8:a3:24:6e:23:8b:88:
                    8f:0a:ea:20:6e:33:58:ba:84:6b:e8:02:93:07:29:
                    c7:46:09:72:2d:90:af:ba:41:3e:a3:ff:35:e5:c0:
                    cb:d4:c0:3e:92:71:d2:0a:94:1d:3a:3f:d5:bb:43:
                    72:cd:ea:8c:9d:ee:41:ee:b2:b5:de:30:fe:b8:d6:
                    68:34:04:d9:a7:60:2d:31:08:69:3c:98:dc:f0:62:
                    59:2f:0b:8f:66:68:b3:df:97:46:4f:b5:69:52:f2:
                    2b:d8:f2:e2:a1:a4:f2:f6:b6:44:17:22:c6:7e:ec:
                    62:2d:a7:41:79:cb:a2:aa:03:dd:c2:05:ce:a4:39:
                    7b:0d:20:b3:e8:72:f5:0d:4c:99:fb:45:38:4f:72:
                    ad:07:01:c4:b9:25:6d:b5:96:62:0d:66:df:5f:53:
                    08:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:01:5E:22:01:4E:DD:6B:D2:9C:A1:13:8E:6B:1D:C7:13:02:B3:8F
            X509v3 Authority Key Identifier:
                keyid:90:A0:27:05:00:65:32:EF:33:A0:06:4F:87:5A:10:09:23:50:9F:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kKAnBQBlMu8zoAZPh1oQCSNQn9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/d9f482-135e-47f6-9317-6785ada527c1/1/1-gFeIgFO3WvSnKETjmsdxxMCs48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/d9f482-135e-47f6-9317-6785ada527c1/1/kKAnBQBlMu8zoAZPh1oQCSNQn9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:f7:e0:6c:bc:28:69:63:4f:e5:36:2c:ab:ef:f6:28:b1:bc:
         6b:9b:2e:80:4c:db:e3:6f:72:94:a0:e0:3e:59:82:a8:c8:dd:
         c4:5a:50:27:81:6b:83:85:dc:ea:66:15:d5:39:88:48:b6:31:
         35:53:16:d7:b0:ad:c7:01:af:b3:a8:2c:22:b9:7d:95:de:d8:
         89:70:6e:48:3e:e1:98:fb:79:b2:7d:52:03:8a:2a:8d:81:81:
         1b:5a:d9:91:bf:43:b0:17:52:48:83:e7:67:2f:b2:ab:51:23:
         12:e2:44:35:ee:2e:8c:56:3a:ed:4b:3e:5b:6d:e5:90:4c:5b:
         14:e0:02:a9:ea:b2:3d:80:63:ab:ed:3a:4c:c7:92:5a:6e:82:
         b2:46:a0:e5:b2:73:c2:a4:e2:c6:18:72:f8:ba:9b:85:5d:ab:
         93:96:c3:f7:17:94:ba:57:c5:cc:eb:92:71:a1:f6:e7:f8:5b:
         c9:08:2d:ce:9b:e5:98:cf:f1:94:34:64:bf:10:87:87:34:67:
         62:11:41:91:9e:f5:29:62:77:23:cd:53:57:c2:54:29:3c:59:
         9b:e8:5f:84:74:89:8d:16:a3:c0:cb:7b:d0:1d:8e:0c:35:74:
         e3:b3:c9:d8:f5:ad:be:3b:85:8f:b7:9e:54:e0:f8:d8:fb:94:
         e6:77:24:0e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzF3DF2+oCcYbrx8BD3J8DqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwYTAyNzA1MDA2NTMyZWYzM2EwMDY0Zjg3NWExMDA5MjM1
MDlmZDUwHhcNMjQwMTAxMTYyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTAxNWUyMjAxNGVkZDZiZDI5Y2ExMTM4ZTZiMWRjNzEzMDJiMzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6xJr9qI9p5OtPxCimJfS0cg0svl
KwRT+i34dHfXe2Tvcu12B3+hDMMtz3jzgqLbcR7n7rw+pIDC+0lv1HDb1hNLIWcr
la7VjsXq5IEx217HTlPQRMa7pAMbvm0dFfeYWMijJG4ji4iPCuogbjNYuoRr6AKT
BynHRglyLZCvukE+o/815cDL1MA+knHSCpQdOj/Vu0NyzeqMne5B7rK13jD+uNZo
NATZp2AtMQhpPJjc8GJZLwuPZmiz35dGT7VpUvIr2PLioaTy9rZEFyLGfuxiLadB
ecuiqgPdwgXOpDl7DSCz6HL1DUyZ+0U4T3KtBwHEuSVttZZiDWbfX1MIZwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPoBXiIBTt1r0pyhE45rHccTArOPMB8GA1UdIwQY
MBaAFJCgJwUAZTLvM6AGT4daEAkjUJ/VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0tBbkJRQmxNdTh6b0FaUGgxb1FDU05RbjlVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9kOWY0ODItMTM1ZS00N2Y2LTkzMTct
Njc4NWFkYTUyN2MxLzEvMS1nRmVJZ0ZPM1d2U25LRVRqbXNkeHhNQ3M0OC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTAvZDlmNDgyLTEzNWUtNDdmNi05MzE3LTY3ODVhZGE1Mjdj
MS8xL2tLQW5CUUJsTXU4em9BWlBoMW9RQ1NOUW45VS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArma7DAN
BgkqhkiG9w0BAQsFAAOCAQEAI/fgbLwoaWNP5TYsq+/2KLG8a5sugEzb429ylKDg
PlmCqMjdxFpQJ4Frg4Xc6mYV1TmISLYxNVMW17CtxwGvs6gsIrl9ld7YiXBuSD7h
mPt5sn1SA4oqjYGBG1rZkb9DsBdSSIPnZy+yq1EjEuJENe4ujFY67Us+W23lkExb
FOACqeqyPYBjq+06TMeSWm6Cskag5bJzwqTixhhy+LqbhV2rk5bD9xeUulfFzOuS
caH25/hbyQgtzpvlmM/xlDRkvxCHhzRnYhFBkZ71KWJ3I81TV8JUKTxZm+hfhHSJ
jRajwMt70B2ODDV047PJ2PWtvjuFj7eeVOD42PuU5nckDg==
-----END CERTIFICATE-----