Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/d45531-d6c8-4dce-b606-85c855227b23/1/fStSr8whhQDwyaEfM4RRvU0IeMg.roa
File:                     fStSr8whhQDwyaEfM4RRvU0IeMg.roa (raw, json)
Hash identifier:          szYaihN9bjgKPFXW3d+P+jisRCID6TE/FRZN00XvOI8=
Subject key identifier:   7D:2B:52:AF:CC:21:85:00:F0:C9:A1:1F:33:84:51:BD:4D:08:78:C8
Certificate issuer:       /CN=f69527a06a035cbcaecf00daca2fd88399cf9d12
Certificate serial:       018CC26D5F3D28BA53FB3B5AAD1158703697
Authority key identifier: F6:95:27:A0:6A:03:5C:BC:AE:CF:00:DA:CA:2F:D8:83:99:CF:9D:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9pUnoGoDXLyuzwDayi_Yg5nPnRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/d45531-d6c8-4dce-b606-85c855227b23/1/fStSr8whhQDwyaEfM4RRvU0IeMg.roa
Signing time:             Mon 01 Jan 2024 00:29:56 +0000
ROA not before:           Mon 01 Jan 2024 00:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44407
IP address blocks:        185.235.104.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/d45531-d6c8-4dce-b606-85c855227b23/1/9pUnoGoDXLyuzwDayi_Yg5nPnRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/d45531-d6c8-4dce-b606-85c855227b23/1/9pUnoGoDXLyuzwDayi_Yg5nPnRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9pUnoGoDXLyuzwDayi_Yg5nPnRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 16:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:5f:3d:28:ba:53:fb:3b:5a:ad:11:58:70:36:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f69527a06a035cbcaecf00daca2fd88399cf9d12
        Validity
            Not Before: Jan  1 00:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d2b52afcc218500f0c9a11f338451bd4d0878c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:29:1b:9a:0f:d0:c3:5a:3e:7d:2a:a8:4f:2e:
                    97:3a:4b:9a:92:c8:c0:2a:49:22:e2:d7:8a:f7:98:
                    dd:5e:39:8d:66:9e:28:93:51:94:21:94:14:85:2a:
                    1f:20:51:6f:d5:09:dc:06:05:ce:bd:8f:b2:28:4b:
                    1a:31:73:9a:5b:96:db:a2:c2:55:d9:9a:b1:c2:44:
                    a9:5f:47:91:c8:c5:31:59:89:28:ca:c5:a8:da:7c:
                    9b:39:49:c1:e2:99:4e:2e:eb:ec:07:8a:e6:d4:6c:
                    93:b9:96:a3:c7:c7:88:e4:f7:29:b3:7a:11:44:18:
                    71:7c:a6:3c:00:32:d8:2c:18:7a:c9:40:d5:b9:1f:
                    83:43:36:8e:c4:56:db:48:8e:07:e9:d6:21:bc:50:
                    c4:ef:02:05:fa:1a:f4:9a:46:64:cb:98:7e:53:30:
                    8e:c7:8c:c9:4e:86:1d:ca:47:c0:41:6d:67:1e:6c:
                    6d:cd:f7:2b:62:a9:4d:a2:1d:36:63:d7:93:a2:4b:
                    ac:1a:57:85:1b:27:ef:54:99:1d:2d:25:f7:98:92:
                    79:88:88:7a:a4:d0:78:c9:5b:43:d4:eb:04:32:e2:
                    a3:29:ce:4e:d8:62:67:a6:04:67:6e:cd:ad:2b:88:
                    d6:16:31:5c:2c:4a:ed:89:66:be:de:f7:6f:b3:ac:
                    87:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:2B:52:AF:CC:21:85:00:F0:C9:A1:1F:33:84:51:BD:4D:08:78:C8
            X509v3 Authority Key Identifier:
                keyid:F6:95:27:A0:6A:03:5C:BC:AE:CF:00:DA:CA:2F:D8:83:99:CF:9D:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9pUnoGoDXLyuzwDayi_Yg5nPnRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/d45531-d6c8-4dce-b606-85c855227b23/1/fStSr8whhQDwyaEfM4RRvU0IeMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/d45531-d6c8-4dce-b606-85c855227b23/1/9pUnoGoDXLyuzwDayi_Yg5nPnRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:54:c6:07:cc:b7:f8:1c:3e:ed:11:4b:47:fd:1d:b3:4b:40:
         0f:17:7f:63:f6:ea:49:52:02:dc:63:ba:70:4f:3d:ec:22:d2:
         ed:eb:fc:d3:4f:22:f8:e6:10:77:f6:ca:c0:f3:b9:42:42:fb:
         70:32:3e:67:1e:39:39:3f:4e:d2:8e:42:d0:8f:55:16:b1:18:
         d5:0e:f5:88:cb:42:3c:58:15:5a:41:29:07:b9:15:0e:b0:a9:
         c7:85:56:1f:59:15:82:ad:43:93:6d:ea:f5:c5:33:06:d8:5d:
         70:02:8f:a4:b4:56:cc:9d:a5:cd:ea:d5:c4:04:17:d8:e7:22:
         bc:cf:e8:15:e0:26:ee:dd:a8:53:d1:a4:1d:47:25:05:f6:9a:
         cc:0d:4a:9b:4c:32:0a:cd:f3:0c:09:a6:5e:89:ed:85:aa:3e:
         30:0e:32:af:68:74:4c:ee:26:98:48:a4:30:4d:69:54:4e:c3:
         38:6f:bb:28:63:37:97:1c:fa:2e:bc:d2:04:c1:ac:5f:d3:fb:
         98:c1:42:b9:8a:d3:66:fe:e3:bd:db:ba:8a:e6:1f:ba:e3:25:
         d1:8b:3d:ec:03:ec:57:5a:94:6d:07:02:4a:4c:f2:f7:7d:a3:
         f8:81:25:92:49:ca:d8:01:92:6c:9d:12:10:88:d6:7f:5c:7a:
         7f:c2:31:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbV89KLpT+ztarRFYcDaXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2OTUyN2EwNmEwMzVjYmNhZWNmMDBkYWNhMmZkODgzOTlj
ZjlkMTIwHhcNMjQwMTAxMDAyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDJiNTJhZmNjMjE4NTAwZjBjOWExMWYzMzg0NTFiZDRkMDg3OGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoykbmg/Qw1o+fSqoTy6XOkuaksjA
Kkki4teK95jdXjmNZp4ok1GUIZQUhSofIFFv1QncBgXOvY+yKEsaMXOaW5bbosJV
2ZqxwkSpX0eRyMUxWYkoysWo2nybOUnB4plOLuvsB4rm1GyTuZajx8eI5Pcps3oR
RBhxfKY8ADLYLBh6yUDVuR+DQzaOxFbbSI4H6dYhvFDE7wIF+hr0mkZky5h+UzCO
x4zJToYdykfAQW1nHmxtzfcrYqlNoh02Y9eTokusGleFGyfvVJkdLSX3mJJ5iIh6
pNB4yVtD1OsEMuKjKc5O2GJnpgRnbs2tK4jWFjFcLErtiWa+3vdvs6yHTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH0rUq/MIYUA8MmhHzOEUb1NCHjIMB8GA1UdIwQY
MBaAFPaVJ6BqA1y8rs8A2sov2IOZz50SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXBVbm9Hb0RYTHl1endEYXlpX1lnNW5QblJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9kNDU1MzEtZDZjOC00ZGNlLWI2MDYt
ODVjODU1MjI3YjIzLzEvZlN0U3I4d2hoUUR3eWFFZk00UlJ2VTBJZU1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9kNDU1MzEtZDZjOC00ZGNlLWI2MDYtODVjODU1MjI3YjIz
LzEvOXBVbm9Hb0RYTHl1endEYXlpX1lnNW5QblJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuetoMA0G
CSqGSIb3DQEBCwUAA4IBAQAcVMYHzLf4HD7tEUtH/R2zS0APF39j9upJUgLcY7pw
Tz3sItLt6/zTTyL45hB39srA87lCQvtwMj5nHjk5P07SjkLQj1UWsRjVDvWIy0I8
WBVaQSkHuRUOsKnHhVYfWRWCrUOTber1xTMG2F1wAo+ktFbMnaXN6tXEBBfY5yK8
z+gV4Cbu3ahT0aQdRyUF9prMDUqbTDIKzfMMCaZeie2Fqj4wDjKvaHRM7iaYSKQw
TWlUTsM4b7soYzeXHPouvNIEwaxf0/uYwUK5itNm/uO927qK5h+64yXRiz3sA+xX
WpRtBwJKTPL3faP4gSWSScrYAZJsnRIQiNZ/XHp/wjGF
-----END CERTIFICATE-----