Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/19c76f-2f67-421c-84ae-dd549f3b83bf/1/_UQd9zXZ_Of09HTLTdYX7CRYhac.roa
File:                     _UQd9zXZ_Of09HTLTdYX7CRYhac.roa (raw, json)
Hash identifier:          pup7dpmtZYcrkw4NNP63/X2GlX6DV+IKsejnB10EZkA=
Subject key identifier:   FD:44:1D:F7:35:D9:FC:E7:F4:F4:74:CB:4D:D6:17:EC:24:58:85:A7
Certificate issuer:       /CN=2450bfbf798faeaa7d6a36058d013e24d4bb1d9d
Certificate serial:       018CC42504031E4834F548806DF5D6232E65
Authority key identifier: 24:50:BF:BF:79:8F:AE:AA:7D:6A:36:05:8D:01:3E:24:D4:BB:1D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFC_v3mPrqp9ajYFjQE-JNS7HZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/19c76f-2f67-421c-84ae-dd549f3b83bf/1/_UQd9zXZ_Of09HTLTdYX7CRYhac.roa
Signing time:             Mon 01 Jan 2024 08:30:09 +0000
ROA not before:           Mon 01 Jan 2024 08:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.75.60.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/19c76f-2f67-421c-84ae-dd549f3b83bf/1/JFC_v3mPrqp9ajYFjQE-JNS7HZ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/19c76f-2f67-421c-84ae-dd549f3b83bf/1/JFC_v3mPrqp9ajYFjQE-JNS7HZ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFC_v3mPrqp9ajYFjQE-JNS7HZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:04:03:1e:48:34:f5:48:80:6d:f5:d6:23:2e:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2450bfbf798faeaa7d6a36058d013e24d4bb1d9d
        Validity
            Not Before: Jan  1 08:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd441df735d9fce7f4f474cb4dd617ec245885a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d2:1b:16:7e:c3:a8:47:05:c1:d1:06:08:25:
                    3e:55:b5:16:34:16:19:16:da:64:45:3a:f7:ef:2e:
                    21:08:47:1d:69:bb:22:46:26:7f:41:6f:ad:d1:80:
                    88:a4:89:86:87:fc:59:b4:a0:9e:cd:43:9b:09:18:
                    bb:9e:50:0e:55:82:62:56:e1:cd:10:fb:ff:82:95:
                    c2:19:96:42:bd:e3:c8:f6:c7:80:01:e9:be:c4:14:
                    94:8c:56:81:48:f2:0c:cd:93:e3:10:74:50:91:cd:
                    68:64:fa:30:7f:cc:d8:ec:89:ab:c4:3e:df:23:73:
                    13:52:ec:ae:d6:75:9c:64:60:bc:f4:09:65:cb:f4:
                    95:9a:12:16:81:7b:a4:dc:70:ef:7e:68:23:6c:bf:
                    46:7c:7c:53:8e:eb:5c:c6:96:c8:f9:ff:01:a6:22:
                    68:f3:bb:f2:ca:bf:8e:ce:01:14:33:e2:3a:3d:4d:
                    f0:b1:43:5f:10:59:44:fa:b2:ef:66:fd:48:75:4d:
                    90:e0:17:68:7e:7e:fd:68:aa:39:14:53:0c:1d:46:
                    c1:00:ad:9b:d8:16:91:82:e8:b0:d4:41:07:90:88:
                    5c:ca:bd:19:3e:98:a2:c6:98:c5:07:07:c7:ba:56:
                    df:14:3f:f9:37:c7:f9:fa:bf:59:48:51:71:51:de:
                    dc:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:44:1D:F7:35:D9:FC:E7:F4:F4:74:CB:4D:D6:17:EC:24:58:85:A7
            X509v3 Authority Key Identifier:
                keyid:24:50:BF:BF:79:8F:AE:AA:7D:6A:36:05:8D:01:3E:24:D4:BB:1D:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFC_v3mPrqp9ajYFjQE-JNS7HZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/19c76f-2f67-421c-84ae-dd549f3b83bf/1/_UQd9zXZ_Of09HTLTdYX7CRYhac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/19c76f-2f67-421c-84ae-dd549f3b83bf/1/JFC_v3mPrqp9ajYFjQE-JNS7HZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:13:f4:c0:ca:4c:16:45:ab:25:62:5e:49:3f:a0:6d:84:cb:
         6a:f9:82:be:93:73:97:fd:ae:ea:f8:64:d6:ea:2d:d4:db:14:
         9d:5a:c6:b4:c4:a5:ab:1a:3b:d3:3e:b9:08:86:96:cb:ff:f8:
         dc:4b:9e:6d:55:0b:0c:76:85:06:5a:b0:95:8d:da:14:ed:81:
         fe:b7:53:d0:9a:43:94:2f:71:41:1f:37:15:21:42:6f:a0:da:
         89:53:70:86:60:bf:e5:27:ad:44:ee:be:e5:2d:42:64:bf:1d:
         95:8e:8e:44:81:dc:bc:0c:80:9e:bd:dc:7d:72:85:38:35:1f:
         9b:7b:f9:5c:29:74:71:b4:96:00:57:fb:1b:5b:0d:ff:36:8a:
         ac:eb:f6:a6:01:f1:f0:4f:44:6a:07:91:6a:b9:2b:3f:7e:6e:
         41:98:a7:66:c0:ab:7e:c0:c2:66:a5:2f:37:30:75:b0:1a:48:
         de:d0:17:c8:6f:4b:f3:39:ac:57:b1:d2:2d:4e:01:4c:bf:1f:
         09:74:2e:e4:bf:4a:fb:b8:30:f0:11:66:81:bc:70:8f:29:bc:
         03:4c:4b:b1:ed:20:db:ff:fd:fc:98:49:32:6c:09:85:29:6b:
         99:73:d4:aa:47:cc:d7:de:a0:0a:d8:5e:50:ff:11:5c:04:cb:
         17:a1:25:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJQQDHkg09UiAbfXWIy5lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTBiZmJmNzk4ZmFlYWE3ZDZhMzYwNThkMDEzZTI0ZDRi
YjFkOWQwHhcNMjQwMTAxMDgzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDQ0MWRmNzM1ZDlmY2U3ZjRmNDc0Y2I0ZGQ2MTdlYzI0NTg4NWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9IbFn7DqEcFwdEGCCU+VbUWNBYZ
FtpkRTr37y4hCEcdabsiRiZ/QW+t0YCIpImGh/xZtKCezUObCRi7nlAOVYJiVuHN
EPv/gpXCGZZCvePI9seAAem+xBSUjFaBSPIMzZPjEHRQkc1oZPowf8zY7ImrxD7f
I3MTUuyu1nWcZGC89Ally/SVmhIWgXuk3HDvfmgjbL9GfHxTjutcxpbI+f8BpiJo
87vyyr+OzgEUM+I6PU3wsUNfEFlE+rLvZv1IdU2Q4Bdofn79aKo5FFMMHUbBAK2b
2BaRguiw1EEHkIhcyr0ZPpiixpjFBwfHulbfFD/5N8f5+r9ZSFFxUd7cRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1EHfc12fzn9PR0y03WF+wkWIWnMB8GA1UdIwQY
MBaAFCRQv795j66qfWo2BY0BPiTUux2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZDX3YzbVBycXA5YWpZRmpRRS1KTlM3SFowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8xOWM3NmYtMmY2Ny00MjFjLTg0YWUt
ZGQ1NDlmM2I4M2JmLzEvX1VRZDl6WFpfT2YwOUhUTFRkWVg3Q1JZaGFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8xOWM3NmYtMmY2Ny00MjFjLTg0YWUtZGQ1NDlmM2I4M2Jm
LzEvSkZDX3YzbVBycXA5YWpZRmpRRS1KTlM3SFowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUs8MA0G
CSqGSIb3DQEBCwUAA4IBAQABE/TAykwWRaslYl5JP6BthMtq+YK+k3OX/a7q+GTW
6i3U2xSdWsa0xKWrGjvTPrkIhpbL//jcS55tVQsMdoUGWrCVjdoU7YH+t1PQmkOU
L3FBHzcVIUJvoNqJU3CGYL/lJ61E7r7lLUJkvx2Vjo5Egdy8DICevdx9coU4NR+b
e/lcKXRxtJYAV/sbWw3/Noqs6/amAfHwT0RqB5FquSs/fm5BmKdmwKt+wMJmpS83
MHWwGkje0BfIb0vzOaxXsdItTgFMvx8JdC7kv0r7uDDwEWaBvHCPKbwDTEux7SDb
//38mEkybAmFKWuZc9SqR8zX3qAK2F5Q/xFcBMsXoSXR
-----END CERTIFICATE-----