Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/fd30a8-c0bf-414f-aba7-b1651a64f35e/1/AhQWXJsIhk8vz-YI5jFlI_zdLQA.roa
File:                     AhQWXJsIhk8vz-YI5jFlI_zdLQA.roa (raw, json)
Hash identifier:          DnUZ8YoZiDHPJX1FP64CJAzB96LgoUPOS3FOKB70URw=
Subject key identifier:   02:14:16:5C:9B:08:86:4F:2F:CF:E6:08:E6:31:65:23:FC:DD:2D:00
Certificate issuer:       /CN=f3443f5b5c78d68e739d4fa6feafdd243b052a4b
Certificate serial:       018CC87123FFEA9068EEAA564F34D345FF05
Authority key identifier: F3:44:3F:5B:5C:78:D6:8E:73:9D:4F:A6:FE:AF:DD:24:3B:05:2A:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/80Q_W1x41o5znU-m_q_dJDsFKks.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/fd30a8-c0bf-414f-aba7-b1651a64f35e/1/AhQWXJsIhk8vz-YI5jFlI_zdLQA.roa
Signing time:             Tue 02 Jan 2024 04:31:47 +0000
ROA not before:           Tue 02 Jan 2024 04:31:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31452
IP address blocks:        185.7.8.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/fd30a8-c0bf-414f-aba7-b1651a64f35e/1/80Q_W1x41o5znU-m_q_dJDsFKks.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/fd30a8-c0bf-414f-aba7-b1651a64f35e/1/80Q_W1x41o5znU-m_q_dJDsFKks.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/80Q_W1x41o5znU-m_q_dJDsFKks.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:23:ff:ea:90:68:ee:aa:56:4f:34:d3:45:ff:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3443f5b5c78d68e739d4fa6feafdd243b052a4b
        Validity
            Not Before: Jan  2 04:31:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0214165c9b08864f2fcfe608e6316523fcdd2d00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:db:a2:75:7d:ae:9e:5c:d3:29:c4:03:77:73:
                    fd:17:d1:3a:c5:1e:5f:b6:d7:cc:4a:5f:6d:7f:38:
                    e4:ee:3e:83:bb:40:fd:97:65:30:95:87:b7:c7:c7:
                    85:d5:d8:a0:99:26:11:50:51:5e:71:19:6c:65:60:
                    94:d4:42:fd:5c:ba:fa:a9:83:89:4a:02:11:46:14:
                    65:a9:fc:53:42:65:98:43:46:98:98:b6:4c:24:65:
                    c5:a5:df:d7:07:19:cf:0a:8d:a6:89:dc:e8:4c:bb:
                    8d:de:25:73:fb:40:60:69:ab:4c:01:d6:4f:a6:11:
                    82:2a:e1:47:4f:0e:c9:56:aa:7d:95:fb:b7:fb:d2:
                    59:82:db:cf:68:b3:8a:1c:af:58:35:cc:a5:21:05:
                    c6:44:b5:1b:2f:68:83:e6:4d:b3:e1:78:51:c0:11:
                    f8:89:f3:ba:ab:e8:b5:7a:db:6b:d2:52:15:08:82:
                    69:a8:c1:f7:e3:69:ce:53:94:05:44:e5:10:01:97:
                    1c:84:d8:34:4b:51:54:0e:cf:60:a4:ad:39:7e:35:
                    69:bb:fb:38:d9:3b:61:36:f5:c9:f1:41:00:ec:25:
                    75:e3:3e:96:24:7e:12:56:e4:4f:ea:04:be:2a:27:
                    0d:1a:2d:d4:df:27:7d:c0:9e:49:df:a0:f5:ed:4f:
                    6b:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:14:16:5C:9B:08:86:4F:2F:CF:E6:08:E6:31:65:23:FC:DD:2D:00
            X509v3 Authority Key Identifier:
                keyid:F3:44:3F:5B:5C:78:D6:8E:73:9D:4F:A6:FE:AF:DD:24:3B:05:2A:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/80Q_W1x41o5znU-m_q_dJDsFKks.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/fd30a8-c0bf-414f-aba7-b1651a64f35e/1/AhQWXJsIhk8vz-YI5jFlI_zdLQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/fd30a8-c0bf-414f-aba7-b1651a64f35e/1/80Q_W1x41o5znU-m_q_dJDsFKks.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:c0:6a:76:49:7b:1e:c4:23:59:7d:db:b2:d1:14:08:54:45:
         7f:ca:da:aa:ea:bc:d6:13:3a:41:2d:e7:c6:90:2e:3b:4a:0b:
         fc:a1:a1:36:6b:c8:bc:8a:ef:58:94:68:d4:4b:3c:cc:c1:81:
         4a:91:3b:6a:16:7e:14:f6:02:c7:28:4c:07:29:78:31:a0:d4:
         1d:73:df:13:a8:13:b6:d7:cd:7e:29:64:e4:9d:8d:a8:4d:0f:
         2f:e0:0d:1f:b5:0c:d1:d3:a2:2d:aa:54:49:f6:45:e9:83:23:
         f0:f0:b7:70:e6:7b:27:71:74:f2:81:e6:e4:a7:b4:d0:be:7f:
         52:79:89:e8:51:a2:47:fa:10:f6:79:5b:70:f1:e4:8e:37:70:
         53:c6:33:ea:d2:0b:93:dd:90:ba:b3:05:46:55:88:19:bc:53:
         75:c7:57:b0:03:cb:d1:af:98:6e:a6:e9:d8:69:43:bf:a1:81:
         db:d8:8e:e6:08:d7:68:26:e6:e8:23:96:57:98:5d:66:c7:d1:
         00:15:a7:a7:22:0b:3f:2d:e8:1d:06:3d:35:29:eb:16:6d:e7:
         90:30:2d:2f:cf:10:36:43:9a:c0:fe:b8:44:6d:5b:a3:a9:e9:
         00:00:eb:dc:c2:f0:d2:fb:61:38:88:7c:a3:c3:54:d8:ae:01:
         9f:35:67:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcSP/6pBo7qpWTzTTRf8FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNDQzZjViNWM3OGQ2OGU3MzlkNGZhNmZlYWZkZDI0M2Iw
NTJhNGIwHhcNMjQwMTAyMDQzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjE0MTY1YzliMDg4NjRmMmZjZmU2MDhlNjMxNjUyM2ZjZGQyZDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktuidX2unlzTKcQDd3P9F9E6xR5f
ttfMSl9tfzjk7j6Du0D9l2UwlYe3x8eF1digmSYRUFFecRlsZWCU1EL9XLr6qYOJ
SgIRRhRlqfxTQmWYQ0aYmLZMJGXFpd/XBxnPCo2midzoTLuN3iVz+0BgaatMAdZP
phGCKuFHTw7JVqp9lfu3+9JZgtvPaLOKHK9YNcylIQXGRLUbL2iD5k2z4XhRwBH4
ifO6q+i1ettr0lIVCIJpqMH342nOU5QFROUQAZcchNg0S1FUDs9gpK05fjVpu/s4
2TthNvXJ8UEA7CV14z6WJH4SVuRP6gS+KicNGi3U3yd9wJ5J36D17U9rhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAIUFlybCIZPL8/mCOYxZSP83S0AMB8GA1UdIwQY
MBaAFPNEP1tceNaOc51Ppv6v3SQ7BSpLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODBRX1cxeDQxbzV6blUtbV9xX2RKRHNGS2tzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9mZDMwYTgtYzBiZi00MTRmLWFiYTct
YjE2NTFhNjRmMzVlLzEvQWhRV1hKc0loazh2ei1ZSTVqRmxJX3pkTFFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9mZDMwYTgtYzBiZi00MTRmLWFiYTctYjE2NTFhNjRmMzVl
LzEvODBRX1cxeDQxbzV6blUtbV9xX2RKRHNGS2tzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQcIMA0G
CSqGSIb3DQEBCwUAA4IBAQCLwGp2SXsexCNZfduy0RQIVEV/ytqq6rzWEzpBLefG
kC47Sgv8oaE2a8i8iu9YlGjUSzzMwYFKkTtqFn4U9gLHKEwHKXgxoNQdc98TqBO2
181+KWTknY2oTQ8v4A0ftQzR06ItqlRJ9kXpgyPw8Ldw5nsncXTygebkp7TQvn9S
eYnoUaJH+hD2eVtw8eSON3BTxjPq0guT3ZC6swVGVYgZvFN1x1ewA8vRr5hupunY
aUO/oYHb2I7mCNdoJuboI5ZXmF1mx9EAFaenIgs/LegdBj01KesWbeeQMC0vzxA2
Q5rA/rhEbVujqekAAOvcwvDS+2E4iHyjw1TYrgGfNWfk
-----END CERTIFICATE-----