Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/9vHrqQ9e6Tk0PoHoqRwnWYOs6TQ.roa
File:                     9vHrqQ9e6Tk0PoHoqRwnWYOs6TQ.roa (raw, json)
Hash identifier:          Rtagawwq1eAQVgDt0Tz4oz4Q1TjQ01SF2sdkaVR8AtM=
Subject key identifier:   F6:F1:EB:A9:0F:5E:E9:39:34:3E:81:E8:A9:1C:27:59:83:AC:E9:34
Certificate issuer:       /CN=a45ded68e2260321bca39e8465b49c25d58a56e6
Certificate serial:       018CD5D88D335DC552C8B0954C85DF426D76
Authority key identifier: A4:5D:ED:68:E2:26:03:21:BC:A3:9E:84:65:B4:9C:25:D5:8A:56:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pF3taOImAyG8o56EZbScJdWKVuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/9vHrqQ9e6Tk0PoHoqRwnWYOs6TQ.roa
Signing time:             Thu 04 Jan 2024 18:59:48 +0000
ROA not before:           Thu 04 Jan 2024 18:59:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        185.253.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/pF3taOImAyG8o56EZbScJdWKVuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/pF3taOImAyG8o56EZbScJdWKVuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pF3taOImAyG8o56EZbScJdWKVuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d5:d8:8d:33:5d:c5:52:c8:b0:95:4c:85:df:42:6d:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a45ded68e2260321bca39e8465b49c25d58a56e6
        Validity
            Not Before: Jan  4 18:59:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6f1eba90f5ee939343e81e8a91c275983ace934
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:9a:3f:47:d2:21:7b:d4:59:f1:47:55:a1:5c:
                    d8:ef:80:38:37:cc:34:17:5c:2c:c4:88:51:0a:bd:
                    fd:50:4a:2c:52:c3:e3:2c:fc:d9:ef:3b:d2:4a:21:
                    86:8c:82:c2:57:ae:95:83:cd:ab:7b:bd:8d:a6:a5:
                    64:11:78:fd:70:c0:01:57:c5:10:42:1d:99:d3:15:
                    98:4b:2d:53:95:d6:82:f4:3e:86:c2:5d:bf:f1:00:
                    73:9d:65:96:99:18:76:65:02:a8:c4:d1:9f:87:2f:
                    cc:2b:94:b7:72:b0:ad:fb:e5:ee:b1:cd:b1:32:aa:
                    8c:60:35:72:ba:da:d5:bf:c8:87:46:bb:53:d8:ff:
                    35:18:d4:2f:e7:55:d1:62:4e:a4:9a:13:b7:a4:ec:
                    58:6c:d2:55:fc:49:e2:74:cc:f8:82:d3:b2:28:c7:
                    cb:f5:90:36:db:9a:c6:02:41:72:41:0c:58:82:a4:
                    2e:66:39:6f:ef:a4:c0:43:0f:53:d6:bd:72:7e:f9:
                    f6:d1:23:cd:d0:79:7e:e1:7b:2e:f8:04:39:87:1d:
                    cb:e4:6c:7d:13:ae:dc:7d:4f:c3:11:26:d6:41:95:
                    1f:0f:92:65:e6:e0:9c:6c:3f:ba:07:92:18:09:7b:
                    64:49:f3:fc:b3:97:45:5b:da:e3:85:bc:7f:49:b1:
                    ed:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:F1:EB:A9:0F:5E:E9:39:34:3E:81:E8:A9:1C:27:59:83:AC:E9:34
            X509v3 Authority Key Identifier:
                keyid:A4:5D:ED:68:E2:26:03:21:BC:A3:9E:84:65:B4:9C:25:D5:8A:56:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pF3taOImAyG8o56EZbScJdWKVuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/9vHrqQ9e6Tk0PoHoqRwnWYOs6TQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/e4af0a-a170-4ca3-ab57-54853c47661f/1/pF3taOImAyG8o56EZbScJdWKVuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:28:1f:d2:5d:4f:8b:b7:70:04:e9:63:21:b2:f7:2c:bf:17:
         59:3b:5b:c2:cd:a0:2d:54:7a:fe:d9:81:b7:8b:a8:09:38:4b:
         f2:27:87:c3:28:92:8c:84:9e:50:06:79:43:3f:55:13:b7:dc:
         cb:46:07:f2:7e:34:36:32:9d:3a:c0:f9:c2:d5:e1:6d:1d:c0:
         86:18:d6:db:10:01:e1:4a:25:c8:1c:94:2a:c3:0c:38:24:15:
         c7:d4:47:84:34:f6:11:26:96:b2:ff:4a:b2:6a:96:1a:19:c4:
         cf:7c:e7:26:2a:7e:db:33:78:24:55:13:e0:bb:f1:4d:11:43:
         c9:da:33:d5:86:3f:e0:72:75:fb:ee:15:61:bb:17:56:2d:1b:
         63:c1:7a:51:ff:df:3a:84:84:82:b3:be:a6:bf:d5:2a:55:c5:
         48:fa:d0:d4:90:4f:2e:4f:c9:5d:e2:7f:2a:bf:82:30:1d:b2:
         62:32:91:94:fd:67:9c:28:97:0c:29:ff:b0:ad:49:07:4d:90:
         cb:76:97:6b:fd:ba:a2:2e:30:f1:a6:2e:3a:23:a0:40:6e:6e:
         29:dc:21:06:3b:51:17:d8:00:ef:bf:b1:5d:45:39:be:e5:b9:
         6c:72:ea:c2:42:6e:20:62:d4:4b:f8:1d:ad:c2:8e:41:85:c6:
         d2:cf:86:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzV2I0zXcVSyLCVTIXfQm12MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0NWRlZDY4ZTIyNjAzMjFiY2EzOWU4NDY1YjQ5YzI1ZDU4
YTU2ZTYwHhcNMjQwMTA0MTg1OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmYxZWJhOTBmNWVlOTM5MzQzZTgxZThhOTFjMjc1OTgzYWNlOTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpo/R9Ihe9RZ8UdVoVzY74A4N8w0
F1wsxIhRCr39UEosUsPjLPzZ7zvSSiGGjILCV66Vg82re72NpqVkEXj9cMABV8UQ
Qh2Z0xWYSy1TldaC9D6Gwl2/8QBznWWWmRh2ZQKoxNGfhy/MK5S3crCt++Xusc2x
MqqMYDVyutrVv8iHRrtT2P81GNQv51XRYk6kmhO3pOxYbNJV/EnidMz4gtOyKMfL
9ZA225rGAkFyQQxYgqQuZjlv76TAQw9T1r1yfvn20SPN0Hl+4Xsu+AQ5hx3L5Gx9
E67cfU/DESbWQZUfD5Jl5uCcbD+6B5IYCXtkSfP8s5dFW9rjhbx/SbHtjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPbx66kPXuk5ND6B6KkcJ1mDrOk0MB8GA1UdIwQY
MBaAFKRd7WjiJgMhvKOehGW0nCXVilbmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEYzdGFPSW1BeUc4bzU2RVpiU2NKZFdLVnVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9lNGFmMGEtYTE3MC00Y2EzLWFiNTct
NTQ4NTNjNDc2NjFmLzEvOXZIcnFROWU2VGswUG9Ib3FSd25XWU9zNlRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9lNGFmMGEtYTE3MC00Y2EzLWFiNTctNTQ4NTNjNDc2NjFm
LzEvcEYzdGFPSW1BeUc4bzU2RVpiU2NKZFdLVnVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf0BMA0G
CSqGSIb3DQEBCwUAA4IBAQAeKB/SXU+Lt3AE6WMhsvcsvxdZO1vCzaAtVHr+2YG3
i6gJOEvyJ4fDKJKMhJ5QBnlDP1UTt9zLRgfyfjQ2Mp06wPnC1eFtHcCGGNbbEAHh
SiXIHJQqwww4JBXH1EeENPYRJpay/0qyapYaGcTPfOcmKn7bM3gkVRPgu/FNEUPJ
2jPVhj/gcnX77hVhuxdWLRtjwXpR/986hISCs76mv9UqVcVI+tDUkE8uT8ld4n8q
v4IwHbJiMpGU/WecKJcMKf+wrUkHTZDLdpdr/bqiLjDxpi46I6BAbm4p3CEGO1EX
2ADvv7FdRTm+5blscurCQm4gYtRL+B2two5BhcbSz4bn
-----END CERTIFICATE-----