Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/07Qch0_-FKuJ1vgtSIutct_utqU.roa
File:                     07Qch0_-FKuJ1vgtSIutct_utqU.roa (raw, json)
Hash identifier:          DSItPpgRBIU40OVS2xt+LFLXvDzK3CjmAtT6WojT2UQ=
Subject key identifier:   D3:B4:1C:87:4F:FE:14:AB:89:D6:F8:2D:48:8B:AD:72:DF:EE:B6:A5
Certificate issuer:       /CN=fa2e72abf7b1728fda6aa0b0413d8854812ea361
Certificate serial:       018CC2DAFFBB78BCE2F8FBC87DCD01F61519
Authority key identifier: FA:2E:72:AB:F7:B1:72:8F:DA:6A:A0:B0:41:3D:88:54:81:2E:A3:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-i5yq_exco_aaqCwQT2IVIEuo2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/07Qch0_-FKuJ1vgtSIutct_utqU.roa
Signing time:             Mon 01 Jan 2024 02:29:41 +0000
ROA not before:           Mon 01 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24961
IP address blocks:        185.231.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/1-i5yq_exco_aaqCwQT2IVIEuo2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/1-i5yq_exco_aaqCwQT2IVIEuo2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-i5yq_exco_aaqCwQT2IVIEuo2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ff:bb:78:bc:e2:f8:fb:c8:7d:cd:01:f6:15:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa2e72abf7b1728fda6aa0b0413d8854812ea361
        Validity
            Not Before: Jan  1 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3b41c874ffe14ab89d6f82d488bad72dfeeb6a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:a8:b3:91:30:3f:52:7d:8b:79:4f:22:63:81:
                    a9:f1:7d:9e:04:03:f4:84:d4:fd:f8:63:de:7c:2e:
                    5d:ba:34:f1:63:99:97:0a:32:81:58:32:33:24:2f:
                    0d:4d:46:6d:2c:85:c2:cd:86:1a:65:1b:8d:ae:2d:
                    58:66:6b:74:f0:a7:c1:3c:0b:f5:7e:29:de:55:12:
                    23:51:df:ad:3f:ec:09:9e:ec:31:08:1f:58:25:fa:
                    42:b7:18:07:be:54:20:78:d2:79:e8:73:78:00:46:
                    34:4d:4f:9f:65:a1:72:57:0d:1b:e9:ce:43:a3:81:
                    69:95:ae:d3:44:70:c5:81:b7:07:af:d9:fa:cf:d3:
                    75:ba:a9:89:b6:96:54:25:b2:a5:d8:dc:10:42:13:
                    95:57:31:95:75:2f:20:78:33:3a:2d:87:5c:81:08:
                    47:bf:2d:85:a3:20:82:76:92:20:97:7f:f9:5e:10:
                    28:76:fe:8e:47:c3:77:da:bf:ac:8b:ee:1b:f5:81:
                    f9:b5:1a:19:04:23:07:4f:2d:cd:e3:f7:ca:e5:9c:
                    44:bd:aa:90:59:69:77:a9:12:7b:09:17:3e:1a:ed:
                    b5:7c:a3:c8:48:fd:93:74:9d:f9:d0:08:ac:7f:d3:
                    62:26:94:39:ba:a5:0b:ff:56:76:41:57:c8:d3:2a:
                    f2:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:B4:1C:87:4F:FE:14:AB:89:D6:F8:2D:48:8B:AD:72:DF:EE:B6:A5
            X509v3 Authority Key Identifier:
                keyid:FA:2E:72:AB:F7:B1:72:8F:DA:6A:A0:B0:41:3D:88:54:81:2E:A3:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-i5yq_exco_aaqCwQT2IVIEuo2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/07Qch0_-FKuJ1vgtSIutct_utqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/1-i5yq_exco_aaqCwQT2IVIEuo2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:ef:39:05:73:2e:40:92:b7:02:1f:8c:8c:a7:f4:d7:24:a7:
         59:d6:98:aa:08:64:8b:8d:19:92:ba:c0:3e:8a:c5:fb:a7:93:
         ea:ef:1b:99:75:e8:4e:68:de:33:c4:ba:d1:a8:56:11:8b:5d:
         cc:78:53:79:d9:cf:30:27:ad:d1:02:44:1a:94:4a:59:86:2c:
         65:60:69:b9:cf:44:fb:60:e3:1b:fc:20:32:a0:49:90:6e:98:
         9a:5f:60:69:8f:f3:f2:2d:40:84:da:6b:8f:c6:79:c9:a4:6f:
         29:df:be:46:00:17:ed:cb:68:0b:c8:56:36:c6:f9:60:94:61:
         c6:27:d1:d9:20:1b:cd:1c:bf:2c:06:6f:fc:b1:05:5a:3b:24:
         5f:c9:3d:25:88:1e:9c:09:94:3c:2f:59:0a:15:4e:e6:62:bd:
         94:7f:14:3e:ef:96:a8:1d:6a:3d:cf:80:c9:10:c2:2b:ce:23:
         85:14:2e:71:cc:15:58:85:b1:9b:4c:9e:03:00:00:21:af:94:
         be:01:6d:93:db:4e:0d:87:c3:d7:a0:03:ff:83:b5:03:2f:c3:
         04:24:48:e6:5c:b0:dc:25:5c:4f:15:75:6a:61:7f:e7:84:6a:
         23:45:64:ef:0f:24:33:47:13:ae:71:f8:26:40:4f:ee:df:4b:
         75:e9:cb:82
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzC2v+7eLzi+PvIfc0B9hUZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhMmU3MmFiZjdiMTcyOGZkYTZhYTBiMDQxM2Q4ODU0ODEy
ZWEzNjEwHhcNMjQwMTAxMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2I0MWM4NzRmZmUxNGFiODlkNmY4MmQ0ODhiYWQ3MmRmZWViNmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2qizkTA/Un2LeU8iY4Gp8X2eBAP0
hNT9+GPefC5dujTxY5mXCjKBWDIzJC8NTUZtLIXCzYYaZRuNri1YZmt08KfBPAv1
fineVRIjUd+tP+wJnuwxCB9YJfpCtxgHvlQgeNJ56HN4AEY0TU+fZaFyVw0b6c5D
o4Fpla7TRHDFgbcHr9n6z9N1uqmJtpZUJbKl2NwQQhOVVzGVdS8geDM6LYdcgQhH
vy2FoyCCdpIgl3/5XhAodv6OR8N32r+si+4b9YH5tRoZBCMHTy3N4/fK5ZxEvaqQ
WWl3qRJ7CRc+Gu21fKPISP2TdJ350Aisf9NiJpQ5uqUL/1Z2QVfI0yrydwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNO0HIdP/hSridb4LUiLrXLf7ralMB8GA1UdIwQY
MBaAFPoucqv3sXKP2mqgsEE9iFSBLqNhMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1pNXlxX2V4Y29fYWFxQ3dRVDJJVklFdW8yRS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWMvZjYxNTkxLTdjYTgtNGE5YS04OTlm
LWEzNjZkYTI1MWE4My8xLzA3UWNoMF8tRkt1SjF2Z3RTSXV0Y3RfdXRxVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOWMvZjYxNTkxLTdjYTgtNGE5YS04OTlmLWEzNjZkYTI1MWE4
My8xLzEtaTV5cV9leGNvX2FhcUN3UVQySVZJRXVvMkUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC559ww
DQYJKoZIhvcNAQELBQADggEBAD7vOQVzLkCStwIfjIyn9Nckp1nWmKoIZIuNGZK6
wD6Kxfunk+rvG5l16E5o3jPEutGoVhGLXcx4U3nZzzAnrdECRBqUSlmGLGVgabnP
RPtg4xv8IDKgSZBumJpfYGmP8/ItQITaa4/GecmkbynfvkYAF+3LaAvIVjbG+WCU
YcYn0dkgG80cvywGb/yxBVo7JF/JPSWIHpwJlDwvWQoVTuZivZR/FD7vlqgdaj3P
gMkQwivOI4UULnHMFViFsZtMngMAACGvlL4BbZPbTg2Hw9egA/+DtQMvwwQkSOZc
sNwlXE8VdWphf+eEaiNFZO8PJDNHE65x+CZAT+7fS3Xpy4I=
-----END CERTIFICATE-----