Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/fmPhHMWBysTjcHAN98MDdaSD24g.roa
File:                     fmPhHMWBysTjcHAN98MDdaSD24g.roa (raw, json)
Hash identifier:          4s4jAd0xXJ1YfRR8mJAGxi3eg/Nl9i+8dSb5xHY/Ex0=
Subject key identifier:   7E:63:E1:1C:C5:81:CA:C4:E3:70:70:0D:F7:C3:03:75:A4:83:DB:88
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0192F6D281490CB75BF65B3336EDB55E20BD
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/fmPhHMWBysTjcHAN98MDdaSD24g.roa
Signing time:             Mon 04 Nov 2024 10:57:23 +0000
ROA not before:           Mon 04 Nov 2024 10:57:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        185.220.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f6:d2:81:49:0c:b7:5b:f6:5b:33:36:ed:b5:5e:20:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov  4 10:57:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e63e11cc581cac4e370700df7c30375a483db88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7f:76:07:78:5c:34:49:29:3a:e4:a7:e3:80:
                    9e:37:73:ff:95:a9:30:f0:89:39:40:0e:5f:02:7a:
                    91:71:f0:9e:da:9b:a9:1d:f1:da:34:b9:78:3a:88:
                    6f:f4:7d:91:37:cf:c3:b1:b1:c8:37:75:db:83:99:
                    cd:c8:b9:76:b3:5f:7b:b5:b6:f9:d8:98:10:18:0f:
                    78:4a:8e:e9:c3:8c:38:f4:de:65:49:0b:67:16:bc:
                    1c:51:63:bb:78:58:42:1a:76:5e:15:92:59:1d:66:
                    f3:79:cd:c9:f5:e2:b5:10:e4:25:16:e9:5d:c7:d8:
                    e4:2c:62:32:f4:05:00:d9:83:39:81:cd:13:e2:96:
                    11:db:5f:4e:43:b2:b0:73:ef:d4:e1:af:ee:1c:ad:
                    a4:d3:db:fa:97:a2:44:65:d6:18:a0:5a:c8:54:db:
                    da:52:32:f8:cf:3a:92:d6:56:79:dc:b1:1b:7e:cb:
                    b3:4a:39:08:1b:a6:d2:49:1c:50:b8:db:0b:9d:bf:
                    57:bd:43:56:61:92:19:c9:03:64:38:d2:36:bb:8d:
                    8c:bd:0e:2a:0a:cd:54:7c:42:da:92:1d:4f:6f:9c:
                    15:5e:27:f8:d2:cf:9b:be:99:cc:bf:ca:ab:b8:75:
                    d0:35:af:ec:fe:f2:b8:28:ee:6a:54:fe:dc:b1:d5:
                    dd:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:63:E1:1C:C5:81:CA:C4:E3:70:70:0D:F7:C3:03:75:A4:83:DB:88
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/fmPhHMWBysTjcHAN98MDdaSD24g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:68:6f:46:1d:07:e1:00:86:21:30:0a:53:a8:5e:a8:33:6e:
         76:99:76:6a:5a:14:4a:6d:3e:64:e2:1b:08:eb:f1:33:f5:a4:
         20:6c:36:86:05:d8:43:8c:c1:34:56:e0:2a:75:67:6b:c1:04:
         70:cb:61:cb:a9:0e:7b:a2:64:79:7e:e6:9c:2f:d8:b6:bf:9d:
         c5:82:cd:04:91:c8:1f:d2:4b:f3:6a:ef:7b:6b:3f:a4:db:60:
         12:7f:87:1c:71:14:af:d9:a6:eb:35:07:d9:9f:62:fb:ad:56:
         64:69:32:ae:f9:95:ff:fe:0e:cd:a7:ee:2a:b8:a6:2e:4e:c0:
         0a:8d:f7:e9:e9:27:c5:5b:16:76:7b:06:c0:04:c1:52:3a:3e:
         c6:fe:3c:e6:b9:78:8e:0d:f8:5f:d9:86:d6:71:b1:33:3b:3b:
         6a:2c:fb:b9:55:33:22:32:35:81:c5:a2:cf:39:b0:ee:a0:36:
         f8:4b:0c:27:ee:7b:b1:7c:a8:10:31:b0:87:13:e2:6a:ff:57:
         15:36:08:78:4c:a5:8a:f5:1a:32:3f:88:8e:8b:35:9b:1c:09:
         1f:9c:97:2a:70:ff:0e:88:ab:a2:d3:bd:9a:1f:39:9f:ca:e1:
         05:f2:33:23:15:a9:d6:60:3f:40:eb:06:eb:da:71:5d:54:94:
         ac:37:50:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZL20oFJDLdb9lszNu21XiC9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQxMTA0MTA1NzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTYzZTExY2M1ODFjYWM0ZTM3MDcwMGRmN2MzMDM3NWE0ODNkYjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvn92B3hcNEkpOuSn44CeN3P/lakw
8Ik5QA5fAnqRcfCe2pupHfHaNLl4Oohv9H2RN8/DsbHIN3Xbg5nNyLl2s197tbb5
2JgQGA94So7pw4w49N5lSQtnFrwcUWO7eFhCGnZeFZJZHWbzec3J9eK1EOQlFuld
x9jkLGIy9AUA2YM5gc0T4pYR219OQ7Kwc+/U4a/uHK2k09v6l6JEZdYYoFrIVNva
UjL4zzqS1lZ53LEbfsuzSjkIG6bSSRxQuNsLnb9XvUNWYZIZyQNkONI2u42MvQ4q
Cs1UfELakh1Pb5wVXif40s+bvpnMv8qruHXQNa/s/vK4KO5qVP7csdXdvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH5j4RzFgcrE43BwDffDA3Wkg9uIMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvZm1QaEhNV0J5c1RqY0hBTjk4TURkYVNEMjRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudz5MA0G
CSqGSIb3DQEBCwUAA4IBAQATaG9GHQfhAIYhMApTqF6oM252mXZqWhRKbT5k4hsI
6/Ez9aQgbDaGBdhDjME0VuAqdWdrwQRwy2HLqQ57omR5fuacL9i2v53Fgs0Ekcgf
0kvzau97az+k22ASf4cccRSv2abrNQfZn2L7rVZkaTKu+ZX//g7Np+4quKYuTsAK
jffp6SfFWxZ2ewbABMFSOj7G/jzmuXiODfhf2YbWcbEzOztqLPu5VTMiMjWBxaLP
ObDuoDb4Swwn7nuxfKgQMbCHE+Jq/1cVNgh4TKWK9RoyP4iOizWbHAkfnJcqcP8O
iKui072aHzmfyuEF8jMjFanWYD9A6wbr2nFdVJSsN1Bx
-----END CERTIFICATE-----