Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/1-53nb8uuLZRvSiK8uA3pZh22ojQ.roa
File:                     1-53nb8uuLZRvSiK8uA3pZh22ojQ.roa (raw, json)
Hash identifier:          GNThijVasvM/pzOxZgB2pBwKaSEDu9vr+vSJkwB+rOs=
Subject key identifier:   FB:9D:E7:6F:CB:AE:2D:94:6F:4A:22:BC:B8:0D:E9:66:1D:B6:A2:34
Certificate issuer:       /CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
Certificate serial:       018CC794E29EF68011D4519CB37700691130
Authority key identifier: 32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/1-53nb8uuLZRvSiK8uA3pZh22ojQ.roa
Signing time:             Tue 02 Jan 2024 00:31:12 +0000
ROA not before:           Tue 02 Jan 2024 00:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201882
IP address blocks:        185.73.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 21:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:e2:9e:f6:80:11:d4:51:9c:b3:77:00:69:11:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
        Validity
            Not Before: Jan  2 00:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb9de76fcbae2d946f4a22bcb80de9661db6a234
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:93:d1:29:e1:c9:bc:22:f8:ad:77:6f:f4:f8:
                    dd:99:fe:dc:0b:f6:42:d2:2a:dd:af:78:d7:10:b0:
                    f0:82:22:c3:ac:6a:37:03:b3:bb:68:c8:01:44:80:
                    1f:a7:0f:63:7a:d2:6c:7d:3e:7c:b6:27:ed:f6:69:
                    65:4c:5b:48:7d:23:32:4c:d0:d3:f9:73:b4:d9:57:
                    5d:02:30:9b:62:83:cd:41:46:b6:51:2e:48:8e:70:
                    6a:77:d8:fd:11:12:37:5c:db:04:1d:ce:9e:39:7b:
                    be:a7:d4:40:be:ef:70:14:53:e2:0e:38:69:9d:17:
                    06:d1:76:e4:cd:d9:b5:7d:0c:a1:e9:ea:ca:4f:15:
                    17:22:cb:60:c0:59:bc:c2:73:a4:ef:06:c2:aa:9d:
                    56:47:15:48:4c:6b:fc:f6:25:f1:3d:de:27:cf:7c:
                    18:4a:cc:b8:6f:46:4b:56:ba:3e:a2:ce:3e:8d:ac:
                    b6:6f:17:40:d0:38:b7:ef:7d:29:af:da:da:16:78:
                    3e:16:e0:f4:9e:4e:71:00:37:47:21:9a:4e:b6:07:
                    59:52:e7:ea:a3:45:16:11:19:94:b0:e5:64:58:5c:
                    ea:00:c5:54:30:af:ad:a4:67:c0:7b:77:5b:c3:17:
                    f8:e7:f3:22:db:44:f4:94:4b:e6:5e:2d:14:da:9f:
                    36:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:9D:E7:6F:CB:AE:2D:94:6F:4A:22:BC:B8:0D:E9:66:1D:B6:A2:34
            X509v3 Authority Key Identifier:
                keyid:32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/1-53nb8uuLZRvSiK8uA3pZh22ojQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d6:81:49:59:94:87:07:81:20:de:1a:11:05:23:34:64:fc:8c:
         51:5d:2a:41:82:30:4a:66:4e:03:1a:35:7f:2b:85:c9:bd:ee:
         a6:e0:7f:5a:fe:e7:09:5c:69:ef:48:80:5a:3c:e1:ed:ab:c1:
         be:ca:ea:f2:d9:8e:27:ee:1d:73:3e:b7:8c:0e:d3:55:95:06:
         e3:df:18:91:57:e5:92:15:a5:8c:95:47:3e:ee:5f:94:42:5e:
         11:94:6a:39:8c:e1:76:46:69:ed:f4:06:3c:6c:04:30:38:ba:
         77:58:64:43:7b:fa:54:11:3e:fe:a3:07:05:bc:fb:d6:0a:e6:
         1f:4e:85:7e:c8:f7:01:f0:ac:8f:d1:bb:1f:91:3a:3c:2b:a1:
         8b:e9:09:0b:eb:23:97:b2:15:b1:d5:01:5e:cf:99:e6:ae:b9:
         cc:34:51:7d:60:c2:9a:e2:21:13:9d:43:35:46:30:cd:2c:d7:
         13:d2:bc:38:df:fe:b7:36:fd:b7:48:ef:b3:a2:c2:61:7b:0a:
         ac:fe:0f:ea:37:31:cc:bc:8a:5b:7e:3c:38:5c:4b:a2:f5:a2:
         ad:4c:e3:da:05:67:6a:95:80:0e:1b:e4:06:a8:52:9d:44:30:
         de:50:a6:fe:af:cd:d3:cd:b5:a4:04:b8:a4:6d:aa:09:9a:c5:
         cd:6f:ca:fc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHlOKe9oAR1FGcs3cAaREwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNDc0YWM3Y2E4NWUwOWMyZDQ4YjMzZTdiZjY2ZjhlZDc2
NGRlMGYwHhcNMjQwMTAyMDAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjlkZTc2ZmNiYWUyZDk0NmY0YTIyYmNiODBkZTk2NjFkYjZhMjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZPRKeHJvCL4rXdv9Pjdmf7cC/ZC
0irdr3jXELDwgiLDrGo3A7O7aMgBRIAfpw9jetJsfT58tift9mllTFtIfSMyTNDT
+XO02VddAjCbYoPNQUa2US5IjnBqd9j9ERI3XNsEHc6eOXu+p9RAvu9wFFPiDjhp
nRcG0Xbkzdm1fQyh6erKTxUXIstgwFm8wnOk7wbCqp1WRxVITGv89iXxPd4nz3wY
Ssy4b0ZLVro+os4+jay2bxdA0Di3730pr9raFng+FuD0nk5xADdHIZpOtgdZUufq
o0UWERmUsOVkWFzqAMVUMK+tpGfAe3dbwxf45/Mi20T0lEvmXi0U2p82DwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPud52/Lri2Ub0oivLgN6WYdtqI0MB8GA1UdIwQY
MBaAFDJHSsfKheCcLUizPnv2b47XZN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzkt
MTJlYzIyYzljNWEyLzEvMS01M25iOHV1TFpSdlNpSzh1QTNwWmgyMm9qUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmQvMWZkMGE2LTQ1MTctNGEwYi1iM2M5LTEyZWMyMmM5YzVh
Mi8xL01rZEt4OHFGNEp3dFNMTS1lX1p2anRkazNnOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlJ8zAN
BgkqhkiG9w0BAQsFAAOCAQEA1oFJWZSHB4Eg3hoRBSM0ZPyMUV0qQYIwSmZOAxo1
fyuFyb3upuB/Wv7nCVxp70iAWjzh7avBvsrq8tmOJ+4dcz63jA7TVZUG498YkVfl
khWljJVHPu5flEJeEZRqOYzhdkZp7fQGPGwEMDi6d1hkQ3v6VBE+/qMHBbz71grm
H06Ffsj3AfCsj9G7H5E6PCuhi+kJC+sjl7IVsdUBXs+Z5q65zDRRfWDCmuIhE51D
NUYwzSzXE9K8ON/+tzb9t0jvs6LCYXsKrP4P6jcxzLyKW348OFxLovWirUzj2gVn
apWADhvkBqhSnUQw3lCm/q/N0821pAS4pG2qCZrFzW/K/A==
-----END CERTIFICATE-----