Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/465c40-6718-4ea9-91e5-912047153e01/1/RIhnVHQE0B-wN59aERJhpyBud1g.roa
File:                     RIhnVHQE0B-wN59aERJhpyBud1g.roa (raw, json)
Hash identifier:          IKZziLMEvqJNcBm1ZPyDrdLqXA5iF6VHI8ZpQCQkgW4=
Subject key identifier:   44:88:67:54:74:04:D0:1F:B0:37:9F:5A:11:12:61:A7:20:6E:77:58
Certificate issuer:       /CN=b135377901a7871d3bff7a70277a2f4e2fc0e277
Certificate serial:       018DF75A535519789C8214DB41474DB99AF9
Authority key identifier: B1:35:37:79:01:A7:87:1D:3B:FF:7A:70:27:7A:2F:4E:2F:C0:E2:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sTU3eQGnhx07_3pwJ3ovTi_A4nc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/465c40-6718-4ea9-91e5-912047153e01/1/RIhnVHQE0B-wN59aERJhpyBud1g.roa
Signing time:             Fri 01 Mar 2024 00:11:48 +0000
ROA not before:           Fri 01 Mar 2024 00:11:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215833
IP address blocks:        185.104.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/465c40-6718-4ea9-91e5-912047153e01/1/sTU3eQGnhx07_3pwJ3ovTi_A4nc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/465c40-6718-4ea9-91e5-912047153e01/1/sTU3eQGnhx07_3pwJ3ovTi_A4nc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sTU3eQGnhx07_3pwJ3ovTi_A4nc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f7:5a:53:55:19:78:9c:82:14:db:41:47:4d:b9:9a:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b135377901a7871d3bff7a70277a2f4e2fc0e277
        Validity
            Not Before: Mar  1 00:11:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=448867547404d01fb0379f5a111261a7206e7758
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b4:60:19:37:d4:e0:b1:71:7d:d7:5f:ae:de:
                    e6:bf:a8:d1:d3:57:b4:1c:02:6d:40:ea:02:b8:aa:
                    97:11:f7:25:87:b4:e3:c4:e5:00:d1:d2:14:f1:75:
                    ea:90:28:0d:bd:cb:5e:72:ec:3d:76:0e:32:8c:e3:
                    0b:e8:92:cf:ee:a6:93:d6:56:24:60:17:20:f3:e6:
                    39:37:ee:94:d5:62:60:f4:f5:20:0d:d6:13:c2:c6:
                    0d:cb:e4:3c:0b:86:9e:b6:c2:00:55:10:3a:84:5f:
                    be:7e:c1:9b:a0:2f:ba:b7:2b:9c:fe:f5:5b:d2:6b:
                    71:87:0e:6c:1f:99:c5:c5:a1:5a:58:10:34:fb:59:
                    cd:25:1a:13:0a:de:5b:4b:17:cc:4a:3a:a1:6a:35:
                    6e:e3:97:8c:4d:31:1b:f3:bb:8b:0e:5b:3d:fd:4f:
                    74:45:96:3d:e1:d8:79:5e:0a:4e:f4:bc:a3:7d:61:
                    fa:2b:7c:e6:a0:d1:1d:25:a1:c9:ab:bb:73:01:54:
                    d2:98:8c:0b:2a:03:92:2a:52:74:e1:76:21:ab:44:
                    e2:db:c5:e6:92:d2:e4:9d:c9:ae:8f:16:a8:81:55:
                    c6:d5:3b:c5:6a:fc:42:d7:9b:43:54:ea:00:01:cb:
                    ee:ef:8f:4c:09:34:0b:bf:60:fa:05:26:3b:d3:9a:
                    2d:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:88:67:54:74:04:D0:1F:B0:37:9F:5A:11:12:61:A7:20:6E:77:58
            X509v3 Authority Key Identifier:
                keyid:B1:35:37:79:01:A7:87:1D:3B:FF:7A:70:27:7A:2F:4E:2F:C0:E2:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sTU3eQGnhx07_3pwJ3ovTi_A4nc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/465c40-6718-4ea9-91e5-912047153e01/1/RIhnVHQE0B-wN59aERJhpyBud1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/465c40-6718-4ea9-91e5-912047153e01/1/sTU3eQGnhx07_3pwJ3ovTi_A4nc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:1a:ee:b0:bd:7c:bf:0b:8d:bc:f2:2d:59:e6:c8:79:cf:55:
         18:9a:9e:e6:f6:11:80:d0:56:72:b4:7c:7d:58:74:69:ad:f8:
         46:40:ff:84:a5:73:7e:87:66:56:f6:cb:47:2e:c0:75:bb:ea:
         a9:ef:e8:40:06:2e:48:d4:a9:17:a1:72:c4:52:68:e1:5f:8f:
         b4:9f:56:a1:c4:c4:7e:8a:5b:00:c0:3e:1c:32:ba:65:60:ec:
         00:f3:75:91:3a:4c:9a:4c:cb:eb:af:74:22:8d:b9:1c:23:ab:
         a3:ba:e4:e1:18:2d:ac:4b:d9:d0:bb:36:f5:2c:a4:58:29:b6:
         38:68:24:bc:15:b8:3f:23:0b:f5:07:74:ca:fb:06:f8:24:7a:
         6b:94:af:f7:e5:ae:10:98:18:1c:bd:a4:de:c1:94:68:33:84:
         3a:cd:84:f6:3c:89:3d:0d:ef:82:7c:26:b8:a3:68:6b:4e:3b:
         62:89:6f:20:23:df:22:95:85:ac:3c:e8:02:c1:b9:6d:71:3f:
         de:cb:a1:02:2a:a5:0b:1f:d0:5e:ba:6d:b0:91:e0:98:fc:a1:
         e9:75:71:eb:f3:f3:34:da:52:62:b7:be:ee:9a:71:e3:a7:20:
         a7:c5:1a:d0:ef:59:2a:e1:23:be:e6:02:48:4c:3d:39:bd:b2:
         bc:cd:af:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY33WlNVGXicghTbQUdNuZr5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMzUzNzc5MDFhNzg3MWQzYmZmN2E3MDI3N2EyZjRlMmZj
MGUyNzcwHhcNMjQwMzAxMDAxMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDg4Njc1NDc0MDRkMDFmYjAzNzlmNWExMTEyNjFhNzIwNmU3NzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7RgGTfU4LFxfddfrt7mv6jR01e0
HAJtQOoCuKqXEfclh7TjxOUA0dIU8XXqkCgNvctecuw9dg4yjOML6JLP7qaT1lYk
YBcg8+Y5N+6U1WJg9PUgDdYTwsYNy+Q8C4aetsIAVRA6hF++fsGboC+6tyuc/vVb
0mtxhw5sH5nFxaFaWBA0+1nNJRoTCt5bSxfMSjqhajVu45eMTTEb87uLDls9/U90
RZY94dh5XgpO9LyjfWH6K3zmoNEdJaHJq7tzAVTSmIwLKgOSKlJ04XYhq0Ti28Xm
ktLkncmujxaogVXG1TvFavxC15tDVOoAAcvu749MCTQLv2D6BSY705otcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESIZ1R0BNAfsDefWhESYacgbndYMB8GA1UdIwQY
MBaAFLE1N3kBp4cdO/96cCd6L04vwOJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1RVM2VRR25oeDA3XzNwd0ozb3ZUaV9BNG5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi80NjVjNDAtNjcxOC00ZWE5LTkxZTUt
OTEyMDQ3MTUzZTAxLzEvUkloblZIUUUwQi13TjU5YUVSSmhweUJ1ZDFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi80NjVjNDAtNjcxOC00ZWE5LTkxZTUtOTEyMDQ3MTUzZTAx
LzEvc1RVM2VRR25oeDA3XzNwd0ozb3ZUaV9BNG5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWh7MA0G
CSqGSIb3DQEBCwUAA4IBAQAiGu6wvXy/C4288i1Z5sh5z1UYmp7m9hGA0FZytHx9
WHRprfhGQP+EpXN+h2ZW9stHLsB1u+qp7+hABi5I1KkXoXLEUmjhX4+0n1ahxMR+
ilsAwD4cMrplYOwA83WROkyaTMvrr3QijbkcI6ujuuThGC2sS9nQuzb1LKRYKbY4
aCS8Fbg/Iwv1B3TK+wb4JHprlK/35a4QmBgcvaTewZRoM4Q6zYT2PIk9De+CfCa4
o2hrTjtiiW8gI98ilYWsPOgCwbltcT/ey6ECKqULH9Beum2wkeCY/KHpdXHr8/M0
2lJit77umnHjpyCnxRrQ71kq4SO+5gJITD05vbK8za+9
-----END CERTIFICATE-----