Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/iCTXErKZBdaodHFQ7EbPBCIl3CM.roa
File:                     iCTXErKZBdaodHFQ7EbPBCIl3CM.roa (raw, json)
Hash identifier:          4Q5GZaTSYRS2qhvrvuo5kW0BrINtdJRjd271hhYl4QY=
Subject key identifier:   88:24:D7:12:B2:99:05:D6:A8:74:71:50:EC:46:CF:04:22:25:DC:23
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8026ED66191CB5AAC0596C2C88F764A
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/iCTXErKZBdaodHFQ7EbPBCIl3CM.roa
Signing time:             Tue 02 Jan 2024 02:30:51 +0000
ROA not before:           Tue 02 Jan 2024 02:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12874
IP address blocks:        185.223.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:6e:d6:61:91:cb:5a:ac:05:96:c2:c8:8f:76:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8824d712b29905d6a8747150ec46cf042225dc23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:7d:11:e2:0d:b7:ba:fb:91:77:37:8c:a4:66:
                    a3:f5:3b:9e:2d:e3:d5:99:b3:45:f3:7c:4b:9f:08:
                    ad:0f:ee:19:30:23:5d:d5:8b:03:23:6e:99:a8:e6:
                    ad:01:f7:0b:36:ab:a8:d0:24:71:db:05:3e:83:94:
                    43:3e:63:ce:c1:d6:d9:f5:99:72:9b:14:fc:53:ee:
                    73:48:a7:7e:b0:77:6e:6f:a2:7d:97:a3:a1:b3:b9:
                    09:45:22:4a:e0:e4:03:cf:a4:06:93:fc:a9:eb:b7:
                    d0:9e:bc:50:3f:ac:42:e3:20:f4:d9:59:b9:d3:2e:
                    5d:27:9f:a0:fc:60:f7:c8:f3:ed:91:06:c0:67:e4:
                    38:0b:7e:05:89:30:25:a6:21:8b:12:59:83:58:60:
                    02:17:b8:e2:96:21:ef:7a:eb:df:6c:a2:2f:54:88:
                    eb:db:43:7c:3c:a4:55:cb:b7:71:57:e9:e6:2a:70:
                    6d:17:78:9b:86:c4:fe:c8:c7:0d:2d:a6:84:2a:0e:
                    16:77:e1:fc:19:5e:f2:c3:f4:11:a1:8c:5b:3b:2c:
                    2d:2f:d0:09:2d:3d:7e:fa:1b:ec:e5:99:77:7d:2e:
                    4a:85:f9:db:c6:9c:a0:b3:08:36:e6:90:39:30:06:
                    59:1a:52:87:e3:7f:9c:3b:fb:50:c5:44:54:cb:c7:
                    cf:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:24:D7:12:B2:99:05:D6:A8:74:71:50:EC:46:CF:04:22:25:DC:23
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/iCTXErKZBdaodHFQ7EbPBCIl3CM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:08:98:5c:6d:8c:c6:af:2e:82:a3:bd:e7:a6:19:5c:34:1f:
         28:41:c5:81:c6:de:64:cb:65:6d:01:a7:47:ca:b8:ea:8e:bd:
         ac:06:99:57:72:c7:a4:07:66:fc:21:b8:79:b8:72:49:ae:a3:
         26:84:45:6e:b9:9c:cd:1f:df:49:b5:54:1f:e9:09:53:69:8f:
         a2:27:a3:a9:4d:86:80:51:9c:f7:2f:c1:2b:f8:e5:92:92:bf:
         55:92:7e:79:a6:59:13:87:c7:08:8d:63:a7:2c:7f:00:1a:d4:
         b1:76:ff:0a:69:f4:9b:57:a7:53:00:e0:9b:b3:90:03:43:ba:
         89:cf:55:5e:a8:c2:20:0b:90:66:5d:40:2f:ac:55:5e:a4:38:
         9c:2c:34:31:1d:70:3a:ec:40:b3:80:be:64:39:e4:20:6e:89:
         e7:92:e2:a1:54:e5:04:6e:d7:05:f9:b4:7d:62:8b:86:39:45:
         4c:b9:77:68:d6:23:5f:75:6d:02:85:d6:b8:fa:8b:25:93:c8:
         f0:5d:d8:88:13:f4:97:da:4a:11:f0:0d:50:9a:bd:0d:fb:f3:
         3c:0d:c8:b4:4c:f3:c2:4f:c3:ae:05:1f:c8:da:0c:66:3f:4c:
         a6:6f:6b:c3:ee:20:e7:40:1c:0f:41:2c:ae:85:22:0d:45:0e:
         0c:1e:a3:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAm7WYZHLWqwFlsLIj3ZKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODI0ZDcxMmIyOTkwNWQ2YTg3NDcxNTBlYzQ2Y2YwNDIyMjVkYzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtn0R4g23uvuRdzeMpGaj9TueLePV
mbNF83xLnwitD+4ZMCNd1YsDI26ZqOatAfcLNquo0CRx2wU+g5RDPmPOwdbZ9Zly
mxT8U+5zSKd+sHdub6J9l6Ohs7kJRSJK4OQDz6QGk/yp67fQnrxQP6xC4yD02Vm5
0y5dJ5+g/GD3yPPtkQbAZ+Q4C34FiTAlpiGLElmDWGACF7jiliHveuvfbKIvVIjr
20N8PKRVy7dxV+nmKnBtF3ibhsT+yMcNLaaEKg4Wd+H8GV7yw/QRoYxbOywtL9AJ
LT1++hvs5Zl3fS5Khfnbxpygswg25pA5MAZZGlKH43+cO/tQxURUy8fPcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIgk1xKymQXWqHRxUOxGzwQiJdwjMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvaUNUWEVyS1pCZGFvZEhGUTdFYlBCQ0lsM0NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud+ZMA0G
CSqGSIb3DQEBCwUAA4IBAQCBCJhcbYzGry6Co73nphlcNB8oQcWBxt5ky2VtAadH
yrjqjr2sBplXcsekB2b8Ibh5uHJJrqMmhEVuuZzNH99JtVQf6QlTaY+iJ6OpTYaA
UZz3L8Er+OWSkr9Vkn55plkTh8cIjWOnLH8AGtSxdv8KafSbV6dTAOCbs5ADQ7qJ
z1VeqMIgC5BmXUAvrFVepDicLDQxHXA67ECzgL5kOeQgbonnkuKhVOUEbtcF+bR9
YouGOUVMuXdo1iNfdW0Chda4+oslk8jwXdiIE/SX2koR8A1Qmr0N+/M8Dci0TPPC
T8OuBR/I2gxmP0ymb2vD7iDnQBwPQSyuhSINRQ4MHqP7
-----END CERTIFICATE-----