Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/G4ydL2aRJyGS0YG9xnE9kmJOT7k.roa
File:                     G4ydL2aRJyGS0YG9xnE9kmJOT7k.roa (raw, json)
Hash identifier:          64kxsEfPfyxxfW5LFXtFWO6bkgXMtJ7UPbG0jdoWbIc=
Subject key identifier:   1B:8C:9D:2F:66:91:27:21:92:D1:81:BD:C6:71:3D:92:62:4E:4F:B9
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DAD055FDC10CF776C07565EB06A2BD
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/G4ydL2aRJyGS0YG9xnE9kmJOT7k.roa
Signing time:             Mon 01 Jan 2024 02:29:29 +0000
ROA not before:           Mon 01 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205537
IP address blocks:        185.214.204.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d0:55:fd:c1:0c:f7:76:c0:75:65:eb:06:a2:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b8c9d2f6691272192d181bdc6713d92624e4fb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:02:bb:65:43:53:d2:dc:6f:88:fa:57:51:b4:
                    3b:72:d4:22:30:b3:50:6b:42:83:17:f7:6a:b5:ae:
                    15:ed:64:1b:9c:0a:e4:0d:d5:7d:e3:a1:e1:13:b9:
                    95:a5:52:0a:e5:fc:b9:55:b2:34:77:bc:74:ed:29:
                    15:6c:29:9a:2f:58:59:07:00:13:ce:e0:61:34:2f:
                    80:5d:05:a1:09:d6:db:d2:ae:c8:d4:bb:b4:31:a3:
                    0f:e8:99:a2:6e:50:d1:c6:73:05:69:f8:c1:c7:f6:
                    3d:29:c3:f3:a7:04:ad:3b:63:d7:fc:e0:7b:6f:b9:
                    1f:6a:40:17:06:c0:d8:51:b5:1f:1f:69:e1:bf:c6:
                    44:95:3f:6a:45:46:71:ed:c3:45:ac:82:f5:3d:fa:
                    82:83:7a:01:1c:7c:6b:ff:53:ec:9d:2c:16:7f:d0:
                    2e:a2:ff:c0:c2:fe:3f:a2:91:b5:27:91:e5:38:86:
                    d1:74:02:ec:52:ab:8b:b0:41:a9:67:68:1c:9b:8c:
                    87:d4:ce:af:9e:f0:e7:61:53:8a:61:4b:81:cb:be:
                    26:7b:b3:61:f4:06:86:fa:88:5a:1c:01:75:3b:4e:
                    e2:4a:df:ff:55:8a:94:10:f4:4a:50:0c:d2:05:aa:
                    b3:55:e1:70:52:c3:5d:9b:07:b6:4d:3b:b8:1f:f0:
                    26:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:8C:9D:2F:66:91:27:21:92:D1:81:BD:C6:71:3D:92:62:4E:4F:B9
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/G4ydL2aRJyGS0YG9xnE9kmJOT7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         56:c3:14:3a:28:9f:17:55:9f:3b:86:63:71:35:81:0d:23:13:
         5a:b1:3c:08:d1:87:c4:37:d9:21:dc:ce:1c:ef:23:2f:ee:95:
         78:2d:d0:5c:85:51:9a:c3:5f:02:bc:5b:13:a2:dc:43:bc:a2:
         ef:2d:af:16:50:c7:bf:9a:e2:5e:20:84:a8:52:e6:35:b6:43:
         ad:06:95:89:eb:95:03:83:3a:17:c0:77:db:8f:f7:a2:65:ca:
         3b:21:10:f7:05:c4:a4:ad:33:29:28:42:48:02:a1:23:54:33:
         83:1f:bb:be:10:1c:07:bd:26:d8:07:a2:7d:47:0d:31:db:5f:
         70:05:e8:99:71:3f:4c:70:e5:d6:67:00:38:5e:ba:3c:75:fa:
         b9:37:09:9d:51:d3:6e:0f:c5:c9:ca:63:ba:d3:27:7b:da:18:
         f3:cd:65:5e:86:61:93:6f:a2:21:f5:49:14:6f:bd:f2:c8:ec:
         0f:4c:d8:9f:80:39:fb:29:86:7e:33:3b:a4:a1:89:ba:58:24:
         48:38:37:71:c4:ce:e5:c9:7f:f2:41:1f:4d:ed:9b:ca:0c:e7:
         b9:e1:af:68:0f:2d:e7:7a:d2:1a:7f:ed:2f:85:b7:88:42:8b:
         8e:fa:92:4c:22:b5:3a:0f:f6:44:1a:b1:57:28:de:38:53:1f:
         39:b7:82:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tBV/cEM93bAdWXrBqK9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjhjOWQyZjY2OTEyNzIxOTJkMTgxYmRjNjcxM2Q5MjYyNGU0ZmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowK7ZUNT0txviPpXUbQ7ctQiMLNQ
a0KDF/dqta4V7WQbnArkDdV946HhE7mVpVIK5fy5VbI0d7x07SkVbCmaL1hZBwAT
zuBhNC+AXQWhCdbb0q7I1Lu0MaMP6JmiblDRxnMFafjBx/Y9KcPzpwStO2PX/OB7
b7kfakAXBsDYUbUfH2nhv8ZElT9qRUZx7cNFrIL1PfqCg3oBHHxr/1PsnSwWf9Au
ov/Awv4/opG1J5HlOIbRdALsUquLsEGpZ2gcm4yH1M6vnvDnYVOKYUuBy74me7Nh
9AaG+ohaHAF1O07iSt//VYqUEPRKUAzSBaqzVeFwUsNdmwe2TTu4H/AmtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBuMnS9mkSchktGBvcZxPZJiTk+5MB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvRzR5ZEwyYVJKeUdTMFlHOXhuRTlrbUpPVDdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudbMMA0G
CSqGSIb3DQEBCwUAA4IBAQBWwxQ6KJ8XVZ87hmNxNYENIxNasTwI0YfEN9kh3M4c
7yMv7pV4LdBchVGaw18CvFsTotxDvKLvLa8WUMe/muJeIISoUuY1tkOtBpWJ65UD
gzoXwHfbj/eiZco7IRD3BcSkrTMpKEJIAqEjVDODH7u+EBwHvSbYB6J9Rw0x219w
BeiZcT9McOXWZwA4Xro8dfq5NwmdUdNuD8XJymO60yd72hjzzWVehmGTb6Ih9UkU
b73yyOwPTNifgDn7KYZ+MzukoYm6WCRIODdxxM7lyX/yQR9N7ZvKDOe54a9oDy3n
etIaf+0vhbeIQouO+pJMIrU6D/ZEGrFXKN44Ux85t4ID
-----END CERTIFICATE-----