Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/iQh1XKDotf12MOujEnlTod6Es58.roa
File:                     iQh1XKDotf12MOujEnlTod6Es58.roa (raw, json)
Hash identifier:          NkB0fc9hr1y04lDlJjJKDj+xkVmlCy/oyNDY06zplf4=
Subject key identifier:   89:08:75:5C:A0:E8:B5:FD:76:30:EB:A3:12:79:53:A1:DE:84:B3:9F
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01910D09FFE015FECE7604ABBD2BCB28EDA3
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/iQh1XKDotf12MOujEnlTod6Es58.roa
Signing time:             Thu 01 Aug 2024 08:24:04 +0000
ROA not before:           Thu 01 Aug 2024 08:24:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200290
IP address blocks:        185.171.104.0/22 maxlen: 24
                          185.251.212.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:0d:09:ff:e0:15:fe:ce:76:04:ab:bd:2b:cb:28:ed:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Aug  1 08:24:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8908755ca0e8b5fd7630eba3127953a1de84b39f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f3:27:6c:0d:21:e3:ca:a3:0f:4b:70:1f:80:
                    37:a4:0d:a1:1d:a1:c0:6f:c8:71:61:1d:3a:78:0d:
                    3c:15:06:7f:97:cb:33:5c:de:a5:49:e2:f4:ad:89:
                    98:57:cc:2c:6e:45:a2:2c:d1:fa:1a:20:e2:80:05:
                    a1:da:cd:ac:39:ae:fc:88:8f:2d:62:5f:00:5b:ab:
                    5e:2c:c3:5e:5b:54:1d:4c:9c:01:bb:f2:34:ba:98:
                    7a:62:67:01:0e:45:79:02:49:ed:56:e1:f2:2a:c7:
                    1e:43:ce:c8:37:81:c4:2c:a9:77:53:3d:e9:8b:ca:
                    2b:c6:04:ca:ab:5b:47:a9:8d:be:fc:1f:29:9a:57:
                    ed:c6:05:7f:b2:55:08:b4:ff:4f:28:e5:dc:4a:62:
                    f6:11:a4:76:35:e1:37:cd:e1:0d:e8:73:ea:92:ef:
                    d1:4a:cd:c4:ee:ee:d4:59:e5:2c:66:66:4c:ec:50:
                    62:dc:e7:d1:35:31:9f:24:ca:47:9c:2f:7f:23:4e:
                    ec:d4:79:48:f8:47:a8:70:e3:a0:76:5d:e8:2a:c9:
                    21:bc:f3:9a:39:69:43:95:41:26:d7:53:56:36:b9:
                    31:c1:1f:f8:9d:30:42:fc:81:05:5a:a8:4c:75:72:
                    8b:c1:85:2d:24:d9:6d:44:46:d7:92:f9:fd:11:65:
                    12:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:08:75:5C:A0:E8:B5:FD:76:30:EB:A3:12:79:53:A1:DE:84:B3:9F
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/iQh1XKDotf12MOujEnlTod6Es58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.104.0/22
                  185.251.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:a1:f1:1c:0b:ec:26:09:63:aa:bc:d7:cb:9d:21:5f:4e:29:
         8b:0b:2c:5e:9e:27:5d:ab:7c:3d:b3:13:4b:6e:6f:33:13:6e:
         13:c7:19:e5:f7:83:23:55:e6:60:7b:8b:9b:4e:80:04:25:47:
         4c:e8:69:f5:cb:dd:5e:80:f6:16:36:28:24:a0:9c:ec:57:a0:
         1d:ab:29:a7:5b:76:3a:98:27:70:a3:91:62:c4:55:d2:90:af:
         fd:0b:88:69:1e:a9:8b:99:0e:f7:0b:6d:6b:7e:9a:37:00:5e:
         02:97:ed:03:e4:95:26:43:07:22:ec:78:bf:20:9b:0e:da:ca:
         c5:7c:bf:76:7e:b4:d7:9b:79:b0:09:60:29:41:d7:8b:26:0d:
         87:ea:67:74:2c:c5:71:9b:61:1f:df:7b:22:b4:64:6e:33:66:
         ed:7d:da:8c:b6:97:9f:43:6e:25:42:d3:ea:3d:39:b8:5b:f5:
         ef:ca:b5:16:ae:92:2f:8d:e2:b6:a5:61:72:3a:65:70:2e:3a:
         bf:5b:c6:0c:c9:5b:40:84:35:07:3f:08:a3:e8:c6:2a:29:2f:
         fb:b6:e7:f1:0b:2b:12:0c:ba:ef:4a:96:41:d2:e2:b8:0c:4f:
         77:9e:40:88:9b:91:a6:59:33:09:2e:7b:b0:6b:12:3c:b4:18:
         9b:77:65:a3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZENCf/gFf7OdgSrvSvLKO2jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwODAxMDgyNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTA4NzU1Y2EwZThiNWZkNzYzMGViYTMxMjc5NTNhMWRlODRiMzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPMnbA0h48qjD0twH4A3pA2hHaHA
b8hxYR06eA08FQZ/l8szXN6lSeL0rYmYV8wsbkWiLNH6GiDigAWh2s2sOa78iI8t
Yl8AW6teLMNeW1QdTJwBu/I0uph6YmcBDkV5AkntVuHyKsceQ87IN4HELKl3Uz3p
i8orxgTKq1tHqY2+/B8pmlftxgV/slUItP9PKOXcSmL2EaR2NeE3zeEN6HPqku/R
Ss3E7u7UWeUsZmZM7FBi3OfRNTGfJMpHnC9/I07s1HlI+EeocOOgdl3oKskhvPOa
OWlDlUEm11NWNrkxwR/4nTBC/IEFWqhMdXKLwYUtJNltREbXkvn9EWUSSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIkIdVyg6LX9djDroxJ5U6HehLOfMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvaVFoMVhLRG90ZjEyTU91akVubFRvZDZFczU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuatoAwQC
ufvUMA0GCSqGSIb3DQEBCwUAA4IBAQA0ofEcC+wmCWOqvNfLnSFfTimLCyxenidd
q3w9sxNLbm8zE24Txxnl94MjVeZge4ubToAEJUdM6Gn1y91egPYWNigkoJzsV6Ad
qymnW3Y6mCdwo5FixFXSkK/9C4hpHqmLmQ73C21rfpo3AF4Cl+0D5JUmQwci7Hi/
IJsO2srFfL92frTXm3mwCWApQdeLJg2H6md0LMVxm2Ef33sitGRuM2btfdqMtpef
Q24lQtPqPTm4W/XvyrUWrpIvjeK2pWFyOmVwLjq/W8YMyVtAhDUHPwij6MYqKS/7
tufxCysSDLrvSpZB0uK4DE93nkCIm5GmWTMJLnuwaxI8tBibd2Wj
-----END CERTIFICATE-----