Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/fWtzFGk8X8TPZKlaxbRkRZL5qX0.roa
File:                     fWtzFGk8X8TPZKlaxbRkRZL5qX0.roa (raw, json)
Hash identifier:          kczb4JsHB1+Xk+MuEf0cxa8ff9v0betAGUVhnpBGMJI=
Subject key identifier:   7D:6B:73:14:69:3C:5F:C4:CF:64:A9:5A:C5:B4:64:45:92:F9:A9:7D
Certificate issuer:       /CN=ffdec4a46a6e6e4f9a92d0ba2e0b3ab5658be1bd
Certificate serial:       018CC94CDCABFF5C95EE221ADB5C4C31028B
Authority key identifier: FF:DE:C4:A4:6A:6E:6E:4F:9A:92:D0:BA:2E:0B:3A:B5:65:8B:E1:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/fWtzFGk8X8TPZKlaxbRkRZL5qX0.roa
Signing time:             Tue 02 Jan 2024 08:31:46 +0000
ROA not before:           Tue 02 Jan 2024 08:31:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31708
IP address blocks:        185.42.220.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:dc:ab:ff:5c:95:ee:22:1a:db:5c:4c:31:02:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffdec4a46a6e6e4f9a92d0ba2e0b3ab5658be1bd
        Validity
            Not Before: Jan  2 08:31:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d6b7314693c5fc4cf64a95ac5b4644592f9a97d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:52:91:53:12:71:2e:29:a7:eb:80:a2:40:01:
                    43:07:7f:59:66:8f:58:4d:24:55:b8:0b:2c:11:5e:
                    97:e2:7a:fb:20:4a:0f:8a:f6:f4:f9:cb:20:2d:43:
                    d2:07:20:4b:26:de:c3:df:3a:45:f9:88:f8:ad:6f:
                    58:86:86:98:85:70:f1:82:f7:8d:f5:01:2a:7c:5f:
                    7e:88:a9:ac:b4:30:b7:46:d4:10:d4:63:93:07:bc:
                    8d:25:d9:01:97:df:23:4c:a6:68:ac:7c:0e:7e:1e:
                    c4:75:e1:dd:b9:f1:a3:ae:42:f2:ce:34:73:cc:bd:
                    9c:b2:30:5d:46:ad:d9:01:d7:b7:8c:cb:20:c7:59:
                    a5:65:73:16:17:06:fd:6d:ed:83:df:a6:72:30:d6:
                    d3:ba:08:54:93:b7:1e:26:b3:12:c9:95:d3:0c:34:
                    9f:3a:e9:db:d5:fc:85:99:bc:c2:98:52:50:bb:0f:
                    1b:7c:88:81:3a:06:6b:b1:48:71:75:92:b7:a4:d0:
                    e7:f8:74:d1:1e:42:fb:58:8b:a3:a0:3d:64:67:0e:
                    9a:72:34:a3:91:c3:e0:24:e9:fe:eb:4e:03:16:bd:
                    50:4d:c0:c9:84:98:17:26:64:48:75:6d:97:d0:93:
                    32:ca:79:4f:89:bc:62:92:b4:0f:20:ac:1d:e5:fd:
                    94:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:6B:73:14:69:3C:5F:C4:CF:64:A9:5A:C5:B4:64:45:92:F9:A9:7D
            X509v3 Authority Key Identifier:
                keyid:FF:DE:C4:A4:6A:6E:6E:4F:9A:92:D0:BA:2E:0B:3A:B5:65:8B:E1:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/fWtzFGk8X8TPZKlaxbRkRZL5qX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.42.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:62:59:a3:6b:17:a5:d8:28:33:38:1b:12:31:5e:6d:5e:45:
         22:9e:38:bb:1d:c1:ff:b9:e7:b9:96:83:c2:0c:1f:13:45:d4:
         f7:a5:e9:74:0e:b9:84:95:27:e0:7f:38:96:16:07:e6:9b:9d:
         80:e2:f3:0c:9f:3a:9b:02:31:4f:2f:25:96:ff:02:3e:e2:f2:
         ae:40:23:ad:9c:c7:5b:6d:64:ad:7d:b2:32:47:7f:43:e8:08:
         4c:00:2a:1e:0d:47:6d:14:d2:e3:b9:a9:4f:79:3d:a3:e1:19:
         b3:7d:4a:a0:c2:a9:1b:3c:b1:71:1c:d7:42:5e:88:bc:b3:e4:
         aa:0d:aa:02:1a:45:65:02:14:85:56:20:2f:84:d9:ad:db:1d:
         ab:98:27:eb:0c:e5:1b:ff:d6:71:a3:22:cf:cf:48:fd:13:12:
         fd:67:67:5e:30:a9:df:a3:ef:23:bf:86:33:dc:87:75:fc:32:
         9a:1c:ee:fc:af:84:5a:bb:55:46:2f:20:94:7d:ee:ab:f8:4e:
         65:d5:4a:fc:e1:ce:9f:f3:d8:46:89:32:1a:5d:b9:1b:4e:2d:
         e8:33:2f:69:19:ac:3a:5b:7a:4f:4c:a8:db:d2:7c:b0:97:31:
         90:21:a5:94:93:af:ec:cb:b2:68:df:fc:ac:27:64:c9:bf:0f:
         64:af:04:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTNyr/1yV7iIa21xMMQKLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGVjNGE0NmE2ZTZlNGY5YTkyZDBiYTJlMGIzYWI1NjU4
YmUxYmQwHhcNMjQwMTAyMDgzMTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDZiNzMxNDY5M2M1ZmM0Y2Y2NGE5NWFjNWI0NjQ0NTkyZjlhOTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVKRUxJxLimn64CiQAFDB39ZZo9Y
TSRVuAssEV6X4nr7IEoPivb0+csgLUPSByBLJt7D3zpF+Yj4rW9YhoaYhXDxgveN
9QEqfF9+iKmstDC3RtQQ1GOTB7yNJdkBl98jTKZorHwOfh7EdeHdufGjrkLyzjRz
zL2csjBdRq3ZAde3jMsgx1mlZXMWFwb9be2D36ZyMNbTughUk7ceJrMSyZXTDDSf
Ounb1fyFmbzCmFJQuw8bfIiBOgZrsUhxdZK3pNDn+HTRHkL7WIujoD1kZw6acjSj
kcPgJOn+604DFr1QTcDJhJgXJmRIdW2X0JMyynlPibxikrQPIKwd5f2UTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH1rcxRpPF/Ez2SpWsW0ZEWS+al9MB8GA1UdIwQY
MBaAFP/exKRqbm5PmpLQui4LOrVli+G9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzk3RXBHcHViay1ha3RDNkxnczZ0V1dMNGIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8xMWU1YjMtNDNhYS00Mjc5LTk0NDEt
N2U4YzZkNGQ5YmVmLzEvZld0ekZHazhYOFRQWktsYXhiUmtSWkw1cVgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8xMWU1YjMtNDNhYS00Mjc5LTk0NDEtN2U4YzZkNGQ5YmVm
LzEvXzk3RXBHcHViay1ha3RDNkxnczZ0V1dMNGIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSrcMA0G
CSqGSIb3DQEBCwUAA4IBAQAnYlmjaxel2CgzOBsSMV5tXkUinji7HcH/uee5loPC
DB8TRdT3pel0DrmElSfgfziWFgfmm52A4vMMnzqbAjFPLyWW/wI+4vKuQCOtnMdb
bWStfbIyR39D6AhMACoeDUdtFNLjualPeT2j4RmzfUqgwqkbPLFxHNdCXoi8s+Sq
DaoCGkVlAhSFViAvhNmt2x2rmCfrDOUb/9ZxoyLPz0j9ExL9Z2deMKnfo+8jv4Yz
3Id1/DKaHO78r4Rau1VGLyCUfe6r+E5l1Ur84c6f89hGiTIaXbkbTi3oMy9pGaw6
W3pPTKjb0nywlzGQIaWUk6/sy7Jo3/ysJ2TJvw9krwTw
-----END CERTIFICATE-----