Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/kfLmdfEy7T-dLhF2navkMAbln8k.roa
File:                     kfLmdfEy7T-dLhF2navkMAbln8k.roa (raw, json)
Hash identifier:          mfIEn4Iqw44LteuZ7yPYNMhVVCxaimQsg9hOE7yh84M=
Subject key identifier:   91:F2:E6:75:F1:32:ED:3F:9D:2E:11:76:9D:AB:E4:30:06:E5:9F:C9
Certificate issuer:       /CN=f5346d3edbec6da72780722c0a41abeea63661d8
Certificate serial:       018DE4F0463E0DCD60164B1E5C5709A45939
Authority key identifier: F5:34:6D:3E:DB:EC:6D:A7:27:80:72:2C:0A:41:AB:EE:A6:36:61:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9TRtPtvsbacngHIsCkGr7qY2Ydg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/kfLmdfEy7T-dLhF2navkMAbln8k.roa
Signing time:             Mon 26 Feb 2024 10:22:48 +0000
ROA not before:           Mon 26 Feb 2024 10:22:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60044
IP address blocks:        185.57.216.0/22 maxlen: 24
                          2a04:dec0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/9TRtPtvsbacngHIsCkGr7qY2Ydg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/9TRtPtvsbacngHIsCkGr7qY2Ydg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9TRtPtvsbacngHIsCkGr7qY2Ydg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e4:f0:46:3e:0d:cd:60:16:4b:1e:5c:57:09:a4:59:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5346d3edbec6da72780722c0a41abeea63661d8
        Validity
            Not Before: Feb 26 10:22:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91f2e675f132ed3f9d2e11769dabe43006e59fc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f5:cf:ab:df:0e:28:99:98:e8:e3:a1:cf:a1:
                    b0:c5:bf:45:a3:b4:ee:41:a5:2c:83:10:27:9f:32:
                    f0:72:b4:d2:95:3d:d6:15:c2:62:a4:44:36:a2:92:
                    da:a3:f7:0c:a1:7a:8f:0b:9a:69:30:3a:1b:a7:13:
                    8f:86:6b:dd:f4:d9:72:92:51:82:97:23:7e:6e:b4:
                    c3:6d:05:d6:5b:88:76:8a:4f:bc:41:fd:11:05:df:
                    cc:7e:6c:3f:13:92:0c:0f:b4:a9:96:7f:8e:c2:d0:
                    26:80:6a:47:bf:c5:36:9a:4a:28:07:d0:d5:d1:3e:
                    90:7f:14:95:43:f1:a2:9c:46:5e:45:24:13:08:3a:
                    d2:ed:07:ea:66:09:70:4a:42:6d:01:e2:fc:e0:f3:
                    6e:8d:a8:9d:f8:94:aa:ee:a6:e4:38:da:0e:e0:73:
                    a3:f3:1c:53:fe:4d:75:f9:e3:b6:da:d5:d5:a7:e6:
                    13:d2:ad:78:c2:e9:73:85:a0:96:79:6f:c9:1f:e3:
                    42:ba:69:08:a6:83:f1:1f:04:3d:d8:8d:f9:0a:c0:
                    00:a2:ef:e4:ad:51:83:fa:45:0c:f7:a7:0c:e9:f7:
                    b2:a6:9b:60:63:7c:bd:2e:20:ed:66:7c:b6:f3:52:
                    8e:7a:0f:d1:2f:c6:2a:c3:74:5e:d2:cc:38:14:e9:
                    c1:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:F2:E6:75:F1:32:ED:3F:9D:2E:11:76:9D:AB:E4:30:06:E5:9F:C9
            X509v3 Authority Key Identifier:
                keyid:F5:34:6D:3E:DB:EC:6D:A7:27:80:72:2C:0A:41:AB:EE:A6:36:61:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9TRtPtvsbacngHIsCkGr7qY2Ydg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/kfLmdfEy7T-dLhF2navkMAbln8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/9TRtPtvsbacngHIsCkGr7qY2Ydg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.216.0/22
                IPv6:
                  2a04:dec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5f:05:8f:2f:a9:30:29:c8:20:69:00:7c:ee:eb:4f:92:25:05:
         61:48:90:3b:5a:dd:c5:7b:f4:8c:e2:5e:1c:ea:ec:a7:9b:c4:
         05:81:e4:3f:5c:07:db:c9:1e:06:a2:af:b4:5a:55:f8:48:c3:
         8b:f5:ea:16:6b:18:e1:9d:da:07:85:a4:d8:87:c9:5b:64:71:
         1f:84:05:24:bd:77:a6:b6:2a:6b:14:d0:22:d7:e4:04:e3:ae:
         15:13:fe:01:da:bb:2b:98:fe:54:7d:b7:84:b6:2d:18:1c:b4:
         3e:6a:fc:17:ee:d9:b0:44:38:e2:69:9c:10:c5:5e:07:c2:e1:
         90:6a:9d:a5:c2:54:76:7c:53:be:db:bd:ed:58:1c:03:b6:0a:
         3b:87:1c:b3:42:1d:20:23:33:f0:46:f4:5f:40:58:e3:ae:68:
         d9:bc:ba:77:9a:8a:3c:4b:f5:b6:88:0d:61:38:94:50:8e:16:
         2b:7c:86:ba:85:76:b5:65:2e:65:b5:c0:9c:75:6d:0a:d6:83:
         d8:b7:e1:34:ff:c2:ff:90:ae:d7:8b:8e:c3:e4:6c:75:0f:b3:
         53:75:47:f9:28:b1:d1:2b:28:3c:74:e2:9f:e2:aa:b7:7f:dc:
         66:c2:9f:95:80:50:97:34:20:30:e2:27:7b:b0:4a:fb:36:7e:
         d3:78:9e:f2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY3k8EY+Dc1gFkseXFcJpFk5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MzQ2ZDNlZGJlYzZkYTcyNzgwNzIyYzBhNDFhYmVlYTYz
NjYxZDgwHhcNMjQwMjI2MTAyMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWYyZTY3NWYxMzJlZDNmOWQyZTExNzY5ZGFiZTQzMDA2ZTU5ZmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfXPq98OKJmY6OOhz6Gwxb9Fo7Tu
QaUsgxAnnzLwcrTSlT3WFcJipEQ2opLao/cMoXqPC5ppMDobpxOPhmvd9NlyklGC
lyN+brTDbQXWW4h2ik+8Qf0RBd/Mfmw/E5IMD7Spln+OwtAmgGpHv8U2mkooB9DV
0T6QfxSVQ/GinEZeRSQTCDrS7QfqZglwSkJtAeL84PNujaid+JSq7qbkONoO4HOj
8xxT/k11+eO22tXVp+YT0q14wulzhaCWeW/JH+NCumkIpoPxHwQ92I35CsAAou/k
rVGD+kUM96cM6feypptgY3y9LiDtZny281KOeg/RL8Yqw3Re0sw4FOnBvwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJHy5nXxMu0/nS4Rdp2r5DAG5Z/JMB8GA1UdIwQY
MBaAFPU0bT7b7G2nJ4ByLApBq+6mNmHYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVRSdFB0dnNiYWNuZ0hJc0NrR3I3cVkyWWRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9iZTgwNjQtOWUxMS00NjFhLTkzNmQt
ZmE3MGJkOTBlODk0LzEva2ZMbWRmRXk3VC1kTGhGMm5hdmtNQWJsbjhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9iZTgwNjQtOWUxMS00NjFhLTkzNmQtZmE3MGJkOTBlODk0
LzEvOVRSdFB0dnNiYWNuZ0hJc0NrR3I3cVkyWWRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTnYMA0E
AgACMAcDBQMqBN7AMA0GCSqGSIb3DQEBCwUAA4IBAQBfBY8vqTApyCBpAHzu60+S
JQVhSJA7Wt3Fe/SM4l4c6uynm8QFgeQ/XAfbyR4Goq+0WlX4SMOL9eoWaxjhndoH
haTYh8lbZHEfhAUkvXemtiprFNAi1+QE464VE/4B2rsrmP5UfbeEti0YHLQ+avwX
7tmwRDjiaZwQxV4HwuGQap2lwlR2fFO+273tWBwDtgo7hxyzQh0gIzPwRvRfQFjj
rmjZvLp3moo8S/W2iA1hOJRQjhYrfIa6hXa1ZS5ltcCcdW0K1oPYt+E0/8L/kK7X
i47D5Gx1D7NTdUf5KLHRKyg8dOKf4qq3f9xmwp+VgFCXNCAw4id7sEr7Nn7TeJ7y
-----END CERTIFICATE-----