Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/gFk8f-xMGUlCiDPB3S2AXVQ_vEw.roa
File:                     gFk8f-xMGUlCiDPB3S2AXVQ_vEw.roa (raw, json)
Hash identifier:          Df1qI2UvmTbsSqHieSICNZcLSroTOccZtr1s6E270YM=
Subject key identifier:   80:59:3C:7F:EC:4C:19:49:42:88:33:C1:DD:2D:80:5D:54:3F:BC:4C
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DF3DDA6050544C1967E3895A6B0F0
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/gFk8f-xMGUlCiDPB3S2AXVQ_vEw.roa
Signing time:             Mon 01 Jan 2024 14:29:26 +0000
ROA not before:           Mon 01 Jan 2024 14:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206179
IP address blocks:        185.68.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f3:dd:a6:05:05:44:c1:96:7e:38:95:a6:b0:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80593c7fec4c1949428833c1dd2d805d543fbc4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:a2:8c:c6:86:e7:92:4d:d7:c1:76:55:52:3e:
                    1d:3c:22:35:64:6c:5c:b0:f5:1e:dd:8a:32:39:24:
                    d1:9f:22:e6:31:a3:73:b5:85:c9:6a:9b:d0:cf:b1:
                    ca:67:79:61:b3:85:e6:3b:4f:78:65:21:e5:f8:0a:
                    c9:fb:cc:8a:62:d4:3c:6c:e2:1d:f9:77:d6:9d:c2:
                    a0:4f:5b:a7:64:34:0e:61:87:b0:71:aa:f1:b5:d8:
                    12:14:ee:99:52:a4:ef:fc:3e:ac:7e:12:b8:dd:5e:
                    b8:22:6f:10:f1:bf:1d:3b:c7:f9:11:f8:f0:99:7a:
                    40:24:ef:2c:9a:3c:f5:94:b3:b3:18:72:cc:6d:0a:
                    e8:fd:e9:9a:37:eb:3e:84:a3:b8:3a:9b:19:8c:ec:
                    98:04:74:36:9a:9f:85:37:d9:ee:d1:dc:7c:c4:93:
                    34:1f:1d:91:de:da:c6:b0:55:a2:42:a7:57:fc:a9:
                    af:6f:bf:d7:58:5c:fc:2d:f0:0f:c5:ce:27:87:06:
                    a3:98:b0:77:6b:33:db:44:d9:f3:9a:92:e2:9b:55:
                    c5:4c:9c:3a:3e:3e:ac:1a:25:b2:51:86:b6:f0:b0:
                    fe:33:83:89:0e:8c:a5:f1:30:61:2f:f9:74:1f:1a:
                    52:21:63:12:7d:e6:ba:e9:4a:f8:e0:c9:b1:fe:83:
                    bb:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:59:3C:7F:EC:4C:19:49:42:88:33:C1:DD:2D:80:5D:54:3F:BC:4C
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/gFk8f-xMGUlCiDPB3S2AXVQ_vEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.68.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:78:6a:4f:0b:ec:2b:97:b1:bd:9f:76:e7:42:17:36:cc:98:
         f9:3c:d0:04:11:99:1d:eb:a6:bb:a2:f0:76:86:18:f1:ed:d4:
         ee:36:24:96:ba:5b:71:0b:2d:e4:8b:e9:7e:e5:42:52:f6:28:
         86:11:40:d5:41:d6:3c:90:fb:1b:ce:6a:fd:29:6e:2e:49:09:
         99:45:31:21:e2:16:52:d4:df:58:c2:b4:82:8b:52:df:dd:35:
         7b:98:f4:41:6e:0e:9f:11:cc:94:cf:e8:41:01:98:6c:b1:4a:
         65:64:d1:e4:bd:39:1b:79:dd:fe:69:ca:f8:3e:0f:00:96:2d:
         36:96:ed:eb:db:3f:8c:0a:85:55:5d:2c:59:fb:53:1b:3e:29:
         63:3a:3c:33:9d:fa:a1:24:9b:64:be:23:b5:09:43:3e:27:d2:
         5a:7c:22:70:ed:dc:6d:38:82:64:ed:1f:91:7c:c0:d5:c1:7a:
         56:7f:5d:9b:33:62:e6:d1:7e:f1:d4:45:37:ec:17:44:60:24:
         a0:8e:04:60:a3:57:1d:ce:5d:cd:b8:72:cd:8b:8b:dd:6b:1d:
         58:9a:1d:52:89:e8:ac:e5:8f:7e:a4:7f:da:59:c7:4b:01:3d:
         a6:87:c3:07:26:90:5e:c4:77:17:0c:9b:90:79:e5:78:24:85:
         10:ea:74:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbfPdpgUFRMGWfjiVprDwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDU5M2M3ZmVjNGMxOTQ5NDI4ODMzYzFkZDJkODA1ZDU0M2ZiYzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qKMxobnkk3XwXZVUj4dPCI1ZGxc
sPUe3YoyOSTRnyLmMaNztYXJapvQz7HKZ3lhs4XmO094ZSHl+ArJ+8yKYtQ8bOId
+XfWncKgT1unZDQOYYewcarxtdgSFO6ZUqTv/D6sfhK43V64Im8Q8b8dO8f5Efjw
mXpAJO8smjz1lLOzGHLMbQro/emaN+s+hKO4OpsZjOyYBHQ2mp+FN9nu0dx8xJM0
Hx2R3trGsFWiQqdX/Kmvb7/XWFz8LfAPxc4nhwajmLB3azPbRNnzmpLim1XFTJw6
Pj6sGiWyUYa28LD+M4OJDoyl8TBhL/l0HxpSIWMSfea66Ur44Mmx/oO7qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIBZPH/sTBlJQogzwd0tgF1UP7xMMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvZ0ZrOGYteE1HVWxDaURQQjNTMkFYVlFfdkV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUSQMA0G
CSqGSIb3DQEBCwUAA4IBAQBzeGpPC+wrl7G9n3bnQhc2zJj5PNAEEZkd66a7ovB2
hhjx7dTuNiSWultxCy3ki+l+5UJS9iiGEUDVQdY8kPsbzmr9KW4uSQmZRTEh4hZS
1N9YwrSCi1Lf3TV7mPRBbg6fEcyUz+hBAZhssUplZNHkvTkbed3+acr4Pg8Ali02
lu3r2z+MCoVVXSxZ+1MbPiljOjwznfqhJJtkviO1CUM+J9JafCJw7dxtOIJk7R+R
fMDVwXpWf12bM2Lm0X7x1EU37BdEYCSgjgRgo1cdzl3NuHLNi4vdax1Ymh1Sieis
5Y9+pH/aWcdLAT2mh8MHJpBexHcXDJuQeeV4JIUQ6nSg
-----END CERTIFICATE-----