Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/iJFT5orVv1YnEvMKMWF-5fGLNF8.roa
File:                     iJFT5orVv1YnEvMKMWF-5fGLNF8.roa (raw, json)
Hash identifier:          Zwh7eLTYvq2QZB9GDvogBd8V5LP9tIWTPejhzd03udM=
Subject key identifier:   88:91:53:E6:8A:D5:BF:56:27:12:F3:0A:31:61:7E:E5:F1:8B:34:5F
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B62A14C9C7C7CB639B088C25405C1
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/iJFT5orVv1YnEvMKMWF-5fGLNF8.roa
Signing time:             Tue 02 Jan 2024 12:34:50 +0000
ROA not before:           Tue 02 Jan 2024 12:34:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206479
IP address blocks:        185.120.22.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:62:a1:4c:9c:7c:7c:b6:39:b0:88:c2:54:05:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=889153e68ad5bf562712f30a31617ee5f18b345f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:9c:fb:07:c7:b0:32:37:07:1d:6b:12:85:46:
                    cf:39:17:0d:db:99:ce:83:d7:54:67:32:5c:ae:57:
                    a6:7c:4d:e9:dc:44:6d:75:46:e6:a4:7b:33:02:25:
                    fc:c1:8c:00:ee:27:8f:1f:3f:8b:ed:6b:a9:11:e0:
                    b6:fb:30:ff:42:bb:55:a1:80:19:b7:47:6e:f8:3c:
                    0d:88:17:c5:ca:f1:2d:ff:df:17:0b:eb:bb:88:e7:
                    80:42:28:71:d8:5d:26:5f:cc:b6:f3:d7:9d:f1:2f:
                    81:72:bf:db:cd:2e:8a:99:85:9f:59:4b:7e:26:82:
                    01:ea:79:42:ef:fb:93:d4:29:b5:13:8f:69:fc:83:
                    d5:0b:32:9e:6c:66:b5:c1:32:1f:e3:3a:33:38:f0:
                    d2:f0:c3:84:ec:ef:31:27:1d:3d:dd:a6:78:14:96:
                    71:37:a2:1a:77:b4:71:36:f0:8c:09:de:e0:3f:9c:
                    98:96:65:d2:06:44:b3:7e:04:7b:ed:5d:7a:f5:14:
                    9e:f1:7b:57:01:d5:4f:d2:46:36:86:1b:d8:d2:09:
                    53:84:5b:2c:01:a8:ad:09:43:8d:37:51:85:74:69:
                    99:eb:e9:9c:9f:db:9c:72:8b:48:85:6e:e1:c4:a6:
                    d9:c9:7a:05:51:f2:dd:f4:99:01:41:63:5c:7a:c5:
                    e6:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:91:53:E6:8A:D5:BF:56:27:12:F3:0A:31:61:7E:E5:F1:8B:34:5F
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/iJFT5orVv1YnEvMKMWF-5fGLNF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:1e:ee:04:0f:c4:57:b0:9b:03:09:ae:bb:3d:1f:34:8a:7b:
         f4:20:e4:4f:6b:34:a1:bc:cf:31:d1:19:79:fa:1b:b3:24:f3:
         67:a9:bb:05:6c:25:19:2e:05:da:e6:81:c2:26:31:1d:0f:b3:
         c6:b2:25:0d:e7:69:a4:aa:22:ff:8f:cc:2d:1a:9a:9f:6e:f7:
         f2:a6:d4:cd:01:0e:12:e9:a0:a8:99:ca:9d:1a:44:58:f2:7e:
         f8:24:eb:73:6a:3c:2a:7a:f6:78:c3:5e:15:44:ae:7f:44:40:
         e0:68:9f:93:f7:6e:3e:13:91:85:a1:61:db:8d:b9:36:0f:6b:
         6d:bf:c2:72:81:9e:d4:e9:e8:a3:61:d0:57:02:56:ef:1e:6a:
         f4:1f:d7:1f:38:ea:d9:69:50:2f:3f:8e:b3:10:81:e7:63:5e:
         3d:b2:7b:9d:36:8f:a3:05:5b:cb:53:be:d1:5e:67:ae:2f:9e:
         c7:6d:3a:f4:32:03:9e:d2:75:99:ad:a3:79:97:ca:ca:bf:bc:
         2c:0c:bd:2f:97:45:25:c9:1f:a1:4f:7c:ac:1f:86:9f:b9:2f:
         29:70:bb:50:e3:4e:79:a4:0d:0e:56:15:34:64:74:1e:23:13:
         74:73:c4:b0:ab:d5:e0:62:14:eb:ab:69:cf:51:9b:cd:e5:bf:
         65:b8:db:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK2KhTJx8fLY5sIjCVAXBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODkxNTNlNjhhZDViZjU2MjcxMmYzMGEzMTYxN2VlNWYxOGIzNDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgZz7B8ewMjcHHWsShUbPORcN25nO
g9dUZzJcrlemfE3p3ERtdUbmpHszAiX8wYwA7iePHz+L7WupEeC2+zD/QrtVoYAZ
t0du+DwNiBfFyvEt/98XC+u7iOeAQihx2F0mX8y289ed8S+Bcr/bzS6KmYWfWUt+
JoIB6nlC7/uT1Cm1E49p/IPVCzKebGa1wTIf4zozOPDS8MOE7O8xJx093aZ4FJZx
N6Iad7RxNvCMCd7gP5yYlmXSBkSzfgR77V169RSe8XtXAdVP0kY2hhvY0glThFss
AaitCUONN1GFdGmZ6+mcn9uccotIhW7hxKbZyXoFUfLd9JkBQWNcesXmnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIiRU+aK1b9WJxLzCjFhfuXxizRfMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvaUpGVDVvclZ2MVluRXZNS01XRi01ZkdMTkY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXgWMA0G
CSqGSIb3DQEBCwUAA4IBAQDCHu4ED8RXsJsDCa67PR80inv0IORPazShvM8x0Rl5
+huzJPNnqbsFbCUZLgXa5oHCJjEdD7PGsiUN52mkqiL/j8wtGpqfbvfyptTNAQ4S
6aComcqdGkRY8n74JOtzajwqevZ4w14VRK5/REDgaJ+T924+E5GFoWHbjbk2D2tt
v8JygZ7U6eijYdBXAlbvHmr0H9cfOOrZaVAvP46zEIHnY149snudNo+jBVvLU77R
XmeuL57HbTr0MgOe0nWZraN5l8rKv7wsDL0vl0UlyR+hT3ysH4afuS8pcLtQ4055
pA0OVhU0ZHQeIxN0c8Swq9XgYhTrq2nPUZvN5b9luNtA
-----END CERTIFICATE-----