Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/KcEyXD35TjMdS8xLhHHTGSoq7Rs.roa
File:                     KcEyXD35TjMdS8xLhHHTGSoq7Rs.roa (raw, json)
Hash identifier:          qa2gv3N+M0qhLik/xGKywuaIngUxsX+EoiF45ip4yYY=
Subject key identifier:   29:C1:32:5C:3D:F9:4E:33:1D:4B:CC:4B:84:71:D3:19:2A:2A:ED:1B
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DACFDC5EB15B2197C5D2568E1529AF
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/KcEyXD35TjMdS8xLhHHTGSoq7Rs.roa
Signing time:             Mon 01 Jan 2024 02:29:29 +0000
ROA not before:           Mon 01 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205512
IP address blocks:        185.93.120.0/22 maxlen: 24
                          185.120.44.0/22 maxlen: 24
                          2a06:8f40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 04:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:cf:dc:5e:b1:5b:21:97:c5:d2:56:8e:15:29:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29c1325c3df94e331d4bcc4b8471d3192a2aed1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e8:20:93:37:7d:eb:b3:2f:00:ed:88:c8:2e:
                    8e:d5:bf:af:c7:4c:66:1d:d5:71:95:44:b7:83:82:
                    99:5d:e4:af:27:59:f2:d7:b7:ad:4c:0b:84:69:e8:
                    09:fc:9f:5e:80:51:04:34:73:24:02:70:2b:c1:01:
                    74:ee:3a:10:53:1a:e6:3d:18:3a:de:59:d5:d9:46:
                    69:fd:9e:9b:b5:e9:fc:98:8c:9e:4f:b5:94:33:2f:
                    30:35:4a:dd:5d:4c:cc:57:93:71:45:d6:3b:84:dc:
                    a8:09:ff:49:63:b9:cb:9a:7c:72:5e:50:02:9b:35:
                    04:2d:f2:f9:17:2f:1e:d5:a2:25:bb:19:9b:20:76:
                    b4:80:4a:74:a4:bb:85:22:1c:d1:6f:13:d2:67:17:
                    3d:3b:7a:76:75:1e:ae:c2:d2:e2:69:db:b1:3a:02:
                    3a:05:3e:6b:44:5a:c4:25:91:c4:37:59:6b:38:88:
                    83:21:90:b3:af:56:32:f3:70:71:6f:5a:21:92:78:
                    cd:b5:0a:0a:f4:30:cc:3b:c0:b0:bb:64:62:19:8b:
                    ad:a1:93:38:ad:d9:89:72:34:02:87:a6:28:c1:69:
                    e5:3c:8f:86:60:2d:65:0e:83:59:83:90:90:18:61:
                    81:68:d2:c2:e5:74:75:eb:ed:a9:66:9a:2e:c2:4f:
                    9e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:C1:32:5C:3D:F9:4E:33:1D:4B:CC:4B:84:71:D3:19:2A:2A:ED:1B
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/KcEyXD35TjMdS8xLhHHTGSoq7Rs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.120.0/22
                  185.120.44.0/22
                IPv6:
                  2a06:8f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         8f:b6:5f:f1:9b:9a:3a:2a:93:af:54:20:92:1c:01:14:4f:72:
         af:1c:44:67:f7:1d:ce:63:4b:50:3d:54:82:70:5c:0a:cd:88:
         fa:c6:84:04:35:af:13:0b:06:08:24:c6:47:29:93:8c:88:42:
         4c:3e:bf:f9:37:ea:07:49:ec:78:55:f6:dc:93:a8:a6:d6:36:
         c6:50:52:11:37:c4:08:24:75:fb:f1:77:3b:b3:cb:c6:e3:4f:
         05:83:29:79:25:8e:07:bb:ce:0e:ad:c0:cd:8f:1f:71:4c:69:
         df:55:85:5d:9b:d3:f5:a3:2f:0c:1d:bd:25:fe:f6:8c:85:44:
         1b:67:de:76:bb:c4:a4:0a:72:11:49:d0:5f:03:c2:15:1c:18:
         6e:c7:50:eb:0e:83:4f:8f:19:7a:1d:f1:a4:de:be:e3:ba:d4:
         bf:f2:bf:61:3d:f7:f0:2b:6b:cc:dc:f1:7c:a7:14:a2:26:17:
         65:ce:c4:9d:11:ef:da:00:b6:01:b6:e0:2c:fd:74:7b:12:4a:
         f9:56:ea:48:89:15:0e:ef:99:c2:f0:87:91:d7:ca:13:3f:74:
         13:77:3b:f9:86:f8:a2:b9:91:fe:31:89:a5:e2:5a:1f:8b:7a:
         78:d3:81:f2:e6:b9:2d:db:36:8a:19:87:cb:cd:fb:a9:5a:03:
         af:04:0c:65
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzC2s/cXrFbIZfF0laOFSmvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWMxMzI1YzNkZjk0ZTMzMWQ0YmNjNGI4NDcxZDMxOTJhMmFlZDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOggkzd967MvAO2IyC6O1b+vx0xm
HdVxlUS3g4KZXeSvJ1ny17etTAuEaegJ/J9egFEENHMkAnArwQF07joQUxrmPRg6
3lnV2UZp/Z6bten8mIyeT7WUMy8wNUrdXUzMV5NxRdY7hNyoCf9JY7nLmnxyXlAC
mzUELfL5Fy8e1aIluxmbIHa0gEp0pLuFIhzRbxPSZxc9O3p2dR6uwtLiaduxOgI6
BT5rRFrEJZHEN1lrOIiDIZCzr1Yy83Bxb1ohknjNtQoK9DDMO8Cwu2RiGYutoZM4
rdmJcjQCh6YowWnlPI+GYC1lDoNZg5CQGGGBaNLC5XR16+2pZpouwk+eKwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCnBMlw9+U4zHUvMS4Rx0xkqKu0bMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvS2NFeVhEMzVUak1kUzh4TGhISFRHU29xN1JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuV14AwQC
uXgsMA0EAgACMAcDBQMqBo9AMA0GCSqGSIb3DQEBCwUAA4IBAQCPtl/xm5o6KpOv
VCCSHAEUT3KvHERn9x3OY0tQPVSCcFwKzYj6xoQENa8TCwYIJMZHKZOMiEJMPr/5
N+oHSex4Vfbck6im1jbGUFIRN8QIJHX78Xc7s8vG408Fgyl5JY4Hu84OrcDNjx9x
TGnfVYVdm9P1oy8MHb0l/vaMhUQbZ952u8SkCnIRSdBfA8IVHBhux1DrDoNPjxl6
HfGk3r7jutS/8r9hPffwK2vM3PF8pxSiJhdlzsSdEe/aALYBtuAs/XR7Ekr5VupI
iRUO75nC8IeR18oTP3QTdzv5hviiuZH+MYml4lofi3p404Hy5rkt2zaKGYfLzfup
WgOvBAxl
-----END CERTIFICATE-----