Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/d4f83d-fb53-424f-851d-c0d062a75354/1/fX7tsdDBtr6iiMXhBpnT6kk_bNc.roa
File:                     fX7tsdDBtr6iiMXhBpnT6kk_bNc.roa (raw, json)
Hash identifier:          s2Ca0GomO6izkxhjdxlRiK+bN8/xixxMnMMXV0TBTy0=
Subject key identifier:   7D:7E:ED:B1:D0:C1:B6:BE:A2:88:C5:E1:06:99:D3:EA:49:3F:6C:D7
Certificate issuer:       /CN=e52d8b5cba7c2d2b8af046eb7f310105ac0c09ac
Certificate serial:       0190A6C34AC78B318C38D0CDFF010165EF44
Authority key identifier: E5:2D:8B:5C:BA:7C:2D:2B:8A:F0:46:EB:7F:31:01:05:AC:0C:09:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5S2LXLp8LSuK8EbrfzEBBawMCaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/d4f83d-fb53-424f-851d-c0d062a75354/1/fX7tsdDBtr6iiMXhBpnT6kk_bNc.roa
Signing time:             Fri 12 Jul 2024 11:45:34 +0000
ROA not before:           Fri 12 Jul 2024 11:45:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206564
IP address blocks:        185.59.248.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/d4f83d-fb53-424f-851d-c0d062a75354/1/5S2LXLp8LSuK8EbrfzEBBawMCaw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/d4f83d-fb53-424f-851d-c0d062a75354/1/5S2LXLp8LSuK8EbrfzEBBawMCaw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5S2LXLp8LSuK8EbrfzEBBawMCaw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 17:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a6:c3:4a:c7:8b:31:8c:38:d0:cd:ff:01:01:65:ef:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e52d8b5cba7c2d2b8af046eb7f310105ac0c09ac
        Validity
            Not Before: Jul 12 11:45:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d7eedb1d0c1b6bea288c5e10699d3ea493f6cd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:51:07:13:c1:0f:76:66:c2:71:a5:ae:a9:d5:
                    5e:9b:d7:f2:9b:db:12:90:5f:94:b6:e4:ad:e4:08:
                    b9:50:58:48:c8:f2:75:2d:71:0f:a1:6f:9b:46:09:
                    77:00:94:79:6f:8f:07:88:f3:05:2f:a2:41:49:65:
                    86:8a:24:10:dc:63:75:a5:ff:08:13:4e:26:6a:b5:
                    88:e3:1f:d9:1b:eb:32:23:80:c7:f9:06:77:e5:57:
                    90:0d:55:0f:6e:21:96:f8:95:dd:a8:d4:0e:db:7c:
                    f6:54:c6:cb:9a:b3:78:f1:23:e1:96:5b:d2:98:f4:
                    90:3e:84:f3:98:a0:e6:db:96:58:e5:68:d2:f3:9e:
                    be:ae:5f:96:bc:f0:af:0e:28:26:88:57:e3:25:49:
                    2c:89:6c:41:03:8c:f1:26:53:7c:0b:1e:de:70:e2:
                    37:1f:df:76:a2:42:5b:e8:f0:b6:48:9d:57:3a:9a:
                    47:5a:7e:5e:f2:29:ae:fa:fd:fb:a2:6a:d6:e8:16:
                    e8:09:4f:7c:4b:da:7a:b3:fa:19:c6:50:50:82:cf:
                    32:7f:bf:41:50:93:42:e9:fc:1d:3d:44:d4:2f:4d:
                    e6:49:79:16:4e:69:be:a7:b2:7e:69:f3:b4:af:e4:
                    45:b9:d7:9c:0a:63:83:ae:f9:b2:37:f8:5f:e5:ff:
                    1e:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:7E:ED:B1:D0:C1:B6:BE:A2:88:C5:E1:06:99:D3:EA:49:3F:6C:D7
            X509v3 Authority Key Identifier:
                keyid:E5:2D:8B:5C:BA:7C:2D:2B:8A:F0:46:EB:7F:31:01:05:AC:0C:09:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5S2LXLp8LSuK8EbrfzEBBawMCaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/d4f83d-fb53-424f-851d-c0d062a75354/1/fX7tsdDBtr6iiMXhBpnT6kk_bNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/d4f83d-fb53-424f-851d-c0d062a75354/1/5S2LXLp8LSuK8EbrfzEBBawMCaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.59.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:da:ab:58:79:04:7c:3f:9c:af:80:ae:83:b7:66:bf:ae:75:
         66:b9:61:90:57:5a:d2:4f:02:f1:c1:25:4e:02:a4:e0:ca:e8:
         dd:f6:13:c3:24:05:2c:d6:12:ea:a4:98:cf:f5:1d:09:6c:56:
         08:c0:56:8e:50:b6:e1:bf:25:01:84:62:6e:3b:29:d9:7d:8d:
         b0:b5:bd:60:11:49:aa:fe:8e:b1:e8:83:9c:9a:b6:9a:92:26:
         b3:05:17:3d:21:ef:23:4c:82:8b:43:30:61:e7:47:97:57:36:
         5d:f4:e9:eb:b9:72:65:05:11:4b:d3:bb:1f:0a:c2:30:ee:55:
         d7:e8:19:fc:8b:17:f8:3e:13:2e:b6:2a:7a:17:50:3f:08:c4:
         97:a8:34:8c:47:06:b1:ea:0a:10:04:62:47:23:c3:8c:ce:d2:
         83:b0:94:73:35:58:71:b1:78:25:bd:84:fe:52:32:cd:8b:ee:
         af:ff:17:b2:40:e2:21:02:2e:ee:f9:8e:31:73:61:6d:24:eb:
         b5:3d:a9:3e:ae:68:15:14:93:11:53:9f:b1:4b:98:f5:d2:5d:
         81:f9:f4:62:c0:ce:c7:ab:c4:b9:33:ce:da:22:04:cd:4b:1b:
         68:e2:5d:60:7e:b3:91:61:4f:56:42:e8:4a:fb:76:43:08:95:
         05:45:70:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCmw0rHizGMONDN/wEBZe9EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MmQ4YjVjYmE3YzJkMmI4YWYwNDZlYjdmMzEwMTA1YWMw
YzA5YWMwHhcNMjQwNzEyMTE0NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDdlZWRiMWQwYzFiNmJlYTI4OGM1ZTEwNjk5ZDNlYTQ5M2Y2Y2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVEHE8EPdmbCcaWuqdVem9fym9sS
kF+UtuSt5Ai5UFhIyPJ1LXEPoW+bRgl3AJR5b48HiPMFL6JBSWWGiiQQ3GN1pf8I
E04marWI4x/ZG+syI4DH+QZ35VeQDVUPbiGW+JXdqNQO23z2VMbLmrN48SPhllvS
mPSQPoTzmKDm25ZY5WjS856+rl+WvPCvDigmiFfjJUksiWxBA4zxJlN8Cx7ecOI3
H992okJb6PC2SJ1XOppHWn5e8imu+v37omrW6BboCU98S9p6s/oZxlBQgs8yf79B
UJNC6fwdPUTUL03mSXkWTmm+p7J+afO0r+RFudecCmODrvmyN/hf5f8eQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH1+7bHQwba+oojF4QaZ0+pJP2zXMB8GA1UdIwQY
MBaAFOUti1y6fC0rivBG638xAQWsDAmsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVMyTFhMcDhMU3VLOEVicmZ6RUJCYXdNQ2F3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9kNGY4M2QtZmI1My00MjRmLTg1MWQt
YzBkMDYyYTc1MzU0LzEvZlg3dHNkREJ0cjZpaU1YaEJwblQ2a2tfYk5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9kNGY4M2QtZmI1My00MjRmLTg1MWQtYzBkMDYyYTc1MzU0
LzEvNVMyTFhMcDhMU3VLOEVicmZ6RUJCYXdNQ2F3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTv4MA0G
CSqGSIb3DQEBCwUAA4IBAQA72qtYeQR8P5yvgK6Dt2a/rnVmuWGQV1rSTwLxwSVO
AqTgyujd9hPDJAUs1hLqpJjP9R0JbFYIwFaOULbhvyUBhGJuOynZfY2wtb1gEUmq
/o6x6IOcmraakiazBRc9Ie8jTIKLQzBh50eXVzZd9OnruXJlBRFL07sfCsIw7lXX
6Bn8ixf4PhMutip6F1A/CMSXqDSMRwax6goQBGJHI8OMztKDsJRzNVhxsXglvYT+
UjLNi+6v/xeyQOIhAi7u+Y4xc2FtJOu1Pak+rmgVFJMRU5+xS5j10l2B+fRiwM7H
q8S5M87aIgTNSxto4l1gfrORYU9WQuhK+3ZDCJUFRXAh
-----END CERTIFICATE-----