Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/01KS5uMs3cnU9harwyeC_zwCipk.roa
File:                     01KS5uMs3cnU9harwyeC_zwCipk.roa (raw, json)
Hash identifier:          KJ/OiKBP2rp6rWGqfAA+U/nJUfYDdRVj7eFLE/jhN7U=
Subject key identifier:   D3:52:92:E6:E3:2C:DD:C9:D4:F6:16:AB:C3:27:82:FF:3C:02:8A:99
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFAB316E5623FB5FB747157D281021
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/01KS5uMs3cnU9harwyeC_zwCipk.roa
Signing time:             Tue 02 Jan 2024 06:32:30 +0000
ROA not before:           Tue 02 Jan 2024 06:32:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207064
IP address blocks:        185.125.48.0/24 maxlen: 24
                          185.125.48.0/23 maxlen: 23
                          185.125.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:ab:31:6e:56:23:fb:5f:b7:47:15:7d:28:10:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d35292e6e32cddc9d4f616abc32782ff3c028a99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0d:57:13:7d:39:f3:e3:62:b3:44:47:f3:09:
                    50:3b:0f:6f:22:49:95:4c:9b:21:54:d0:bf:42:34:
                    80:dd:fd:f4:c4:d7:07:9f:34:16:b8:1d:52:04:23:
                    b1:67:4e:cb:71:44:3c:94:96:71:a6:a0:af:fc:85:
                    28:16:81:11:a6:c7:9f:e2:ad:7d:33:2d:c5:a5:4f:
                    26:e6:52:c5:0d:6f:de:25:5a:ad:9f:5a:9a:43:1f:
                    31:cc:63:75:22:42:aa:4d:a2:59:22:dd:1c:4c:1a:
                    71:c6:e2:fa:1d:93:9f:06:53:83:f5:6f:61:e2:89:
                    2f:2c:6a:83:1a:cc:85:74:93:a1:c9:a1:b7:17:bb:
                    cc:06:5f:53:fb:72:00:a4:b3:a5:f9:3b:50:31:36:
                    a1:e3:99:4e:a5:83:4a:53:8f:85:88:88:4c:0f:03:
                    58:8d:98:22:c9:38:47:55:00:37:a1:32:f2:0a:32:
                    31:d3:c4:fc:b9:f2:67:37:30:ab:5d:d4:b7:e5:f3:
                    22:f2:1a:69:f3:6e:a0:1b:ca:9e:01:82:a3:ba:d7:
                    c3:74:53:d7:45:d8:b0:c5:a2:82:7b:40:ea:93:1d:
                    ac:1e:bd:e4:ba:de:d4:41:39:a8:ed:ab:2b:5a:25:
                    39:7f:a7:5f:f1:70:e1:17:73:24:08:0a:75:c4:2b:
                    a8:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:52:92:E6:E3:2C:DD:C9:D4:F6:16:AB:C3:27:82:FF:3C:02:8A:99
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/01KS5uMs3cnU9harwyeC_zwCipk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:f7:51:31:ee:34:88:ee:60:30:82:30:33:7b:1f:01:8d:16:
         f0:1e:8a:14:11:d0:4a:2e:93:d5:42:97:be:1b:f7:7d:6a:74:
         74:38:84:95:51:09:53:6b:a5:02:63:a5:e7:06:86:3b:83:ca:
         e0:86:92:bc:6a:59:be:77:62:c2:27:c8:6a:09:21:eb:e9:6f:
         20:f7:c0:e2:60:38:3a:cc:3e:a6:87:58:a9:69:89:10:41:71:
         42:51:1c:89:fe:fa:52:ce:42:85:0c:a8:57:86:8d:ae:75:ec:
         93:38:36:22:8b:57:25:fb:1a:f5:ff:64:e3:96:5e:bd:4c:eb:
         f4:7e:38:52:8e:62:c1:ac:bb:91:24:2e:48:e8:0e:46:b2:a8:
         34:f4:0e:83:24:83:b8:ef:4e:80:54:72:3a:ff:8e:69:69:12:
         45:63:5e:9a:5a:04:70:b7:58:92:5b:78:b4:f3:5e:6a:85:f4:
         4c:7a:2e:d3:e7:ef:da:dd:8a:2f:87:60:d0:c3:87:ce:c2:29:
         7e:dc:04:3c:da:3b:0a:d6:28:64:74:9e:0c:7d:18:45:5f:b0:
         3a:04:6c:2a:8e:3d:3a:43:95:96:a3:43:5b:f3:3d:a3:24:01:
         6f:2a:7f:66:86:ef:74:53:a8:5e:cb:51:7d:a9:79:df:6b:57:
         3c:2c:ca:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36sxblYj+1+3RxV9KBAhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzUyOTJlNmUzMmNkZGM5ZDRmNjE2YWJjMzI3ODJmZjNjMDI4YTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqw1XE3058+Nis0RH8wlQOw9vIkmV
TJshVNC/QjSA3f30xNcHnzQWuB1SBCOxZ07LcUQ8lJZxpqCv/IUoFoERpsef4q19
My3FpU8m5lLFDW/eJVqtn1qaQx8xzGN1IkKqTaJZIt0cTBpxxuL6HZOfBlOD9W9h
4okvLGqDGsyFdJOhyaG3F7vMBl9T+3IApLOl+TtQMTah45lOpYNKU4+FiIhMDwNY
jZgiyThHVQA3oTLyCjIx08T8ufJnNzCrXdS35fMi8hpp826gG8qeAYKjutfDdFPX
RdiwxaKCe0Dqkx2sHr3kut7UQTmo7asrWiU5f6df8XDhF3MkCAp1xCuoFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNSkubjLN3J1PYWq8Mngv88AoqZMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvMDFLUzV1TXMzY25VOWhhcnd5ZUNfendDaXBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuX0wMA0G
CSqGSIb3DQEBCwUAA4IBAQA291Ex7jSI7mAwgjAzex8BjRbwHooUEdBKLpPVQpe+
G/d9anR0OISVUQlTa6UCY6XnBoY7g8rghpK8alm+d2LCJ8hqCSHr6W8g98DiYDg6
zD6mh1ipaYkQQXFCURyJ/vpSzkKFDKhXho2udeyTODYii1cl+xr1/2Tjll69TOv0
fjhSjmLBrLuRJC5I6A5Gsqg09A6DJIO4706AVHI6/45paRJFY16aWgRwt1iSW3i0
815qhfRMei7T5+/a3Yovh2DQw4fOwil+3AQ82jsK1ihkdJ4MfRhFX7A6BGwqjj06
Q5WWo0Nb8z2jJAFvKn9mhu90U6hey1F9qXnfa1c8LMqw
-----END CERTIFICATE-----