Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/XdZyonCMcR6mez5ZrPHF3F-SreA.roa
File:                     XdZyonCMcR6mez5ZrPHF3F-SreA.roa (raw, json)
Hash identifier:          BKCqmVP8Pn99EQka4Q98Dv3OoaTgOWTGlbOWg8DL8BU=
Subject key identifier:   5D:D6:72:A2:70:8C:71:1E:A6:7B:3E:59:AC:F1:C5:DC:5F:92:AD:E0
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFB4119B7E0D962058EB63572DF759
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/XdZyonCMcR6mez5ZrPHF3F-SreA.roa
Signing time:             Tue 02 Jan 2024 06:32:32 +0000
ROA not before:           Tue 02 Jan 2024 06:32:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215997
IP address blocks:        185.244.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 10:21:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:b4:11:9b:7e:0d:96:20:58:eb:63:57:2d:f7:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5dd672a2708c711ea67b3e59acf1c5dc5f92ade0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:f9:74:c1:e3:53:96:b5:1c:95:76:3c:66:55:
                    45:d1:a0:ee:0f:50:96:64:98:f2:c8:2d:1c:27:47:
                    ef:f6:e8:a4:e3:5e:16:92:c8:54:fb:ae:69:04:18:
                    eb:67:46:3e:6d:b6:c8:ae:b2:51:7c:f7:c0:af:d1:
                    21:3e:2b:81:1f:b6:76:67:ce:36:8d:4d:4a:a5:0a:
                    46:e3:be:b5:4a:f5:f3:e8:77:9d:8f:3d:03:6b:f8:
                    c5:8b:db:c9:1c:e7:4f:0b:94:ce:5c:18:32:fd:3c:
                    b8:1a:92:db:df:b9:f3:cc:32:77:26:10:55:91:09:
                    2f:c0:64:0e:db:b4:92:53:7a:9c:39:ee:12:ee:b6:
                    e6:7b:f6:46:4b:0f:c1:cc:24:ab:97:60:52:c9:c4:
                    02:84:3b:4e:bc:22:9b:81:ec:ae:cb:d3:5a:29:9f:
                    c2:d1:9b:fa:bc:a6:24:db:19:41:79:77:ab:75:fe:
                    5a:f9:ab:09:17:a4:01:e9:f4:77:4b:47:8b:38:1c:
                    a9:33:ce:13:d2:96:58:44:ce:17:0c:1c:87:3f:11:
                    9e:56:52:29:c6:cf:88:80:47:d3:ac:e0:55:ab:af:
                    31:a3:84:81:d8:02:ae:aa:37:c6:0a:d9:d1:24:6d:
                    d7:54:3f:00:f6:de:de:bb:65:e3:e0:1d:74:20:3c:
                    39:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:D6:72:A2:70:8C:71:1E:A6:7B:3E:59:AC:F1:C5:DC:5F:92:AD:E0
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/XdZyonCMcR6mez5ZrPHF3F-SreA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:a5:42:6e:d4:1f:c4:86:c7:b8:13:72:84:5b:3c:c7:45:c2:
         c2:7c:60:b5:ff:6e:bf:b7:d6:c5:a9:64:08:af:f5:7b:39:82:
         19:e8:79:e4:5c:7a:c6:d7:db:49:fd:d3:1e:dc:64:d4:b0:fb:
         ef:9d:62:b1:82:72:aa:e1:c2:6f:e2:d7:70:90:59:ce:c2:f8:
         8f:46:a6:d2:fd:58:23:8f:d8:7f:a4:e6:24:67:2b:60:8e:84:
         ce:64:91:bb:79:7f:e5:54:f2:d8:db:bb:6f:91:2a:29:5e:99:
         f0:12:df:d4:9c:32:fb:87:04:bb:cd:89:dd:46:2e:a9:7d:ed:
         84:19:ee:a4:24:00:3b:9e:6c:b0:16:7d:1f:70:11:36:d6:5f:
         02:09:ec:cd:dc:ef:a0:3e:cb:56:4e:c4:25:66:ff:67:de:bf:
         26:bf:82:50:28:40:3d:1e:59:91:5a:34:5f:cf:83:96:1c:f9:
         bc:52:8c:7f:7b:58:2d:f9:00:fd:8c:ff:b8:36:c6:03:f0:c5:
         4d:8f:81:cc:c7:5f:81:e2:8f:e5:12:59:55:0b:54:7e:6e:ba:
         f3:81:90:e9:60:13:8d:ad:df:e4:f6:41:a7:4f:06:40:bc:54:
         94:71:68:8a:0c:cd:2c:3a:17:38:26:dd:f5:97:2f:27:75:6a:
         b7:3b:b2:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI37QRm34NliBY62NXLfdZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGQ2NzJhMjcwOGM3MTFlYTY3YjNlNTlhY2YxYzVkYzVmOTJhZGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPl0weNTlrUclXY8ZlVF0aDuD1CW
ZJjyyC0cJ0fv9uik414WkshU+65pBBjrZ0Y+bbbIrrJRfPfAr9EhPiuBH7Z2Z842
jU1KpQpG4761SvXz6Hedjz0Da/jFi9vJHOdPC5TOXBgy/Ty4GpLb37nzzDJ3JhBV
kQkvwGQO27SSU3qcOe4S7rbme/ZGSw/BzCSrl2BSycQChDtOvCKbgeyuy9NaKZ/C
0Zv6vKYk2xlBeXerdf5a+asJF6QB6fR3S0eLOBypM84T0pZYRM4XDByHPxGeVlIp
xs+IgEfTrOBVq68xo4SB2AKuqjfGCtnRJG3XVD8A9t7eu2Xj4B10IDw5NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF3WcqJwjHEepns+Wazxxdxfkq3gMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvWGRaeW9uQ01jUjZtZXo1WnJQSEYzRi1TcmVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufSuMA0G
CSqGSIb3DQEBCwUAA4IBAQBLpUJu1B/Ehse4E3KEWzzHRcLCfGC1/26/t9bFqWQI
r/V7OYIZ6HnkXHrG19tJ/dMe3GTUsPvvnWKxgnKq4cJv4tdwkFnOwviPRqbS/Vgj
j9h/pOYkZytgjoTOZJG7eX/lVPLY27tvkSopXpnwEt/UnDL7hwS7zYndRi6pfe2E
Ge6kJAA7nmywFn0fcBE21l8CCezN3O+gPstWTsQlZv9n3r8mv4JQKEA9HlmRWjRf
z4OWHPm8Uox/e1gt+QD9jP+4NsYD8MVNj4HMx1+B4o/lEllVC1R+brrzgZDpYBON
rd/k9kGnTwZAvFSUcWiKDM0sOhc4Jt31ly8ndWq3O7L9
-----END CERTIFICATE-----