Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/andsUsUw_l79UqZo2W-SIw0vqMc.roa
File:                     andsUsUw_l79UqZo2W-SIw0vqMc.roa (raw, json)
Hash identifier:          quvDIU8m3FYG+oQi/w5r2Bl75BMCEpCZlskGM1JEsJM=
Subject key identifier:   6A:77:6C:52:C5:30:FE:5E:FD:52:A6:68:D9:6F:92:23:0D:2F:A8:C7
Certificate issuer:       /CN=c0fbd5876613edc56e0f5de468cce5eb2885ff29
Certificate serial:       018CC8DF2A0D02311F861A2F76E347DB90C0
Authority key identifier: C0:FB:D5:87:66:13:ED:C5:6E:0F:5D:E4:68:CC:E5:EB:28:85:FF:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wPvVh2YT7cVuD13kaMzl6yiF_yk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/andsUsUw_l79UqZo2W-SIw0vqMc.roa
Signing time:             Tue 02 Jan 2024 06:31:57 +0000
ROA not before:           Tue 02 Jan 2024 06:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46484
IP address blocks:        185.212.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/wPvVh2YT7cVuD13kaMzl6yiF_yk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/wPvVh2YT7cVuD13kaMzl6yiF_yk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wPvVh2YT7cVuD13kaMzl6yiF_yk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:2a:0d:02:31:1f:86:1a:2f:76:e3:47:db:90:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0fbd5876613edc56e0f5de468cce5eb2885ff29
        Validity
            Not Before: Jan  2 06:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a776c52c530fe5efd52a668d96f92230d2fa8c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:88:be:0b:62:7b:41:4c:9b:f6:51:28:c9:e3:
                    2a:5c:6c:63:8c:b7:a2:9b:ed:51:ed:2a:d5:99:33:
                    91:45:12:f3:d8:3e:33:5e:22:c3:0d:ef:6e:75:91:
                    99:55:e9:c5:8e:6f:23:cc:91:a9:eb:38:2f:79:5c:
                    09:0c:ce:45:dc:a3:f5:4a:ca:6f:86:81:68:39:7c:
                    e7:56:de:24:85:63:ac:d4:06:8a:44:6b:8c:80:55:
                    ac:80:66:30:e3:1b:43:04:02:98:c2:a6:b9:6a:d5:
                    14:c1:3e:04:73:50:a8:1e:f3:8c:a9:45:02:e3:e2:
                    47:05:6e:96:e3:89:95:6d:e7:0c:b2:2a:0f:0f:f7:
                    4a:81:b0:2e:88:f3:45:c9:90:e4:10:40:5d:d9:3a:
                    83:3d:74:3b:a8:71:cd:90:74:f1:b1:a2:99:d5:a3:
                    79:84:d0:84:16:9e:58:01:7d:0e:92:b2:51:7c:a5:
                    f8:08:9d:04:3b:43:50:b7:90:5d:a7:4b:6a:f7:40:
                    01:ec:e2:88:d2:1e:9b:38:30:cf:64:fd:63:4e:04:
                    d2:e6:d9:7b:9d:4d:fc:3e:84:27:b9:1b:92:5c:f5:
                    04:f5:22:6f:66:65:1f:ca:85:cb:de:f3:a9:6d:24:
                    c1:c6:03:eb:21:72:f4:82:88:9e:90:1c:4d:77:37:
                    b4:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:77:6C:52:C5:30:FE:5E:FD:52:A6:68:D9:6F:92:23:0D:2F:A8:C7
            X509v3 Authority Key Identifier:
                keyid:C0:FB:D5:87:66:13:ED:C5:6E:0F:5D:E4:68:CC:E5:EB:28:85:FF:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wPvVh2YT7cVuD13kaMzl6yiF_yk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/andsUsUw_l79UqZo2W-SIw0vqMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/wPvVh2YT7cVuD13kaMzl6yiF_yk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:37:9e:0d:fe:c2:e6:50:cb:9a:9b:32:24:91:4d:02:98:d0:
         fe:ec:c0:41:52:c5:e1:a2:a0:74:2c:b8:19:ad:40:4c:d3:49:
         12:75:61:ac:63:e6:21:b5:0c:45:17:ca:0b:ac:3c:b1:f9:d4:
         b5:ef:2c:74:2c:bb:ec:df:ea:8d:5e:9a:ab:d4:60:71:8a:08:
         46:f2:d6:9c:ff:35:d8:a1:16:88:93:99:ee:e4:d8:e9:d6:48:
         3d:2b:04:e8:f2:dd:3f:5a:8b:3f:08:32:af:4e:b5:64:60:7f:
         6b:6e:5f:27:19:1d:89:72:36:b7:5b:e5:40:cb:90:b3:68:2f:
         cf:9e:fc:e6:82:b4:38:a3:13:65:49:d2:ac:e5:50:d0:10:57:
         a9:b0:94:a8:0a:81:fe:da:ca:f0:5e:1b:36:14:3e:b2:57:0b:
         e0:f7:10:58:26:01:55:b7:7a:a3:d4:67:2b:ff:30:e5:32:40:
         d9:c2:0d:4f:87:73:d8:d3:53:c6:da:38:d8:db:56:a2:0b:90:
         3a:7d:a2:e7:f6:28:24:47:a7:76:b2:fd:1c:c9:10:3f:88:c5:
         6c:f1:e3:08:09:77:bd:9d:0f:fe:5c:64:23:48:a5:ab:c7:f7:
         f8:66:22:55:bf:60:30:d0:a4:2d:fb:a2:5d:46:d7:0c:6a:06:
         b6:93:00:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3yoNAjEfhhovduNH25DAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZmJkNTg3NjYxM2VkYzU2ZTBmNWRlNDY4Y2NlNWViMjg4
NWZmMjkwHhcNMjQwMTAyMDYzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTc3NmM1MmM1MzBmZTVlZmQ1MmE2NjhkOTZmOTIyMzBkMmZhOGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoi+C2J7QUyb9lEoyeMqXGxjjLei
m+1R7SrVmTORRRLz2D4zXiLDDe9udZGZVenFjm8jzJGp6zgveVwJDM5F3KP1Sspv
hoFoOXznVt4khWOs1AaKRGuMgFWsgGYw4xtDBAKYwqa5atUUwT4Ec1CoHvOMqUUC
4+JHBW6W44mVbecMsioPD/dKgbAuiPNFyZDkEEBd2TqDPXQ7qHHNkHTxsaKZ1aN5
hNCEFp5YAX0OkrJRfKX4CJ0EO0NQt5Bdp0tq90AB7OKI0h6bODDPZP1jTgTS5tl7
nU38PoQnuRuSXPUE9SJvZmUfyoXL3vOpbSTBxgPrIXL0goiekBxNdze0YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGp3bFLFMP5e/VKmaNlvkiMNL6jHMB8GA1UdIwQY
MBaAFMD71YdmE+3Fbg9d5GjM5esohf8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1B2VmgyWVQ3Y1Z1RDEza2FNemw2eWlGX3lrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8wMWViYzItODRkMC00YWUzLWEyYzIt
YTNiNmJlNGE5ZTliLzEvYW5kc1VzVXdfbDc5VXFabzJXLVNJdzB2cU1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8wMWViYzItODRkMC00YWUzLWEyYzItYTNiNmJlNGE5ZTli
LzEvd1B2VmgyWVQ3Y1Z1RDEza2FNemw2eWlGX3lrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudRoMA0G
CSqGSIb3DQEBCwUAA4IBAQAjN54N/sLmUMuamzIkkU0CmND+7MBBUsXhoqB0LLgZ
rUBM00kSdWGsY+YhtQxFF8oLrDyx+dS17yx0LLvs3+qNXpqr1GBxighG8tac/zXY
oRaIk5nu5Njp1kg9KwTo8t0/Wos/CDKvTrVkYH9rbl8nGR2Jcja3W+VAy5CzaC/P
nvzmgrQ4oxNlSdKs5VDQEFepsJSoCoH+2srwXhs2FD6yVwvg9xBYJgFVt3qj1Gcr
/zDlMkDZwg1Ph3PY01PG2jjY21aiC5A6faLn9igkR6d2sv0cyRA/iMVs8eMICXe9
nQ/+XGQjSKWrx/f4ZiJVv2Aw0KQt+6JdRtcMaga2kwDL
-----END CERTIFICATE-----