Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/28bd13-8a3b-4550-9700-f0f93cca2479/1/_KDWrJgS7BW3dpIoIEtIxsV6EqM.roa
File:                     _KDWrJgS7BW3dpIoIEtIxsV6EqM.roa (raw, json)
Hash identifier:          zJicu/iUMQRCLK9jy1MJGws0OsXOUUFcG4QbkcHkRGs=
Subject key identifier:   FC:A0:D6:AC:98:12:EC:15:B7:76:92:28:20:4B:48:C6:C5:7A:12:A3
Certificate issuer:       /CN=f4f430d0805f42ffa3bcd0c0b7c550805117923a
Certificate serial:       018CC6B7FA5B94FD95B1831C6B071DB98570
Authority key identifier: F4:F4:30:D0:80:5F:42:FF:A3:BC:D0:C0:B7:C5:50:80:51:17:92:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9PQw0IBfQv-jvNDAt8VQgFEXkjo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/28bd13-8a3b-4550-9700-f0f93cca2479/1/_KDWrJgS7BW3dpIoIEtIxsV6EqM.roa
Signing time:             Mon 01 Jan 2024 20:29:55 +0000
ROA not before:           Mon 01 Jan 2024 20:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200480
IP address blocks:        185.105.240.0/24 maxlen: 24
                          185.105.240.0/22 maxlen: 22
                          2a06:38c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/28bd13-8a3b-4550-9700-f0f93cca2479/1/9PQw0IBfQv-jvNDAt8VQgFEXkjo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/28bd13-8a3b-4550-9700-f0f93cca2479/1/9PQw0IBfQv-jvNDAt8VQgFEXkjo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9PQw0IBfQv-jvNDAt8VQgFEXkjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:fa:5b:94:fd:95:b1:83:1c:6b:07:1d:b9:85:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4f430d0805f42ffa3bcd0c0b7c550805117923a
        Validity
            Not Before: Jan  1 20:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fca0d6ac9812ec15b7769228204b48c6c57a12a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:9f:5e:3b:a1:c6:e4:21:d3:55:a0:da:fe:e3:
                    95:47:d9:f3:a7:d8:92:15:b3:12:b9:a1:91:69:02:
                    43:e2:6c:db:c6:0e:db:ee:0e:12:dc:c4:af:50:82:
                    cd:72:29:e1:2f:8e:ce:97:0b:f9:c5:2c:8f:ea:76:
                    c8:e6:7c:88:18:5e:b2:de:8c:dd:02:8b:64:fc:cf:
                    c6:90:df:be:75:c9:de:7a:42:a5:cf:98:67:0f:3e:
                    f4:a8:71:b7:1a:e8:33:db:1e:76:52:b4:f3:0a:7e:
                    9c:64:55:54:64:55:4e:ea:69:8f:77:e1:5a:d3:2c:
                    51:b8:7f:bc:bc:73:03:b3:45:3f:cf:19:3e:ce:b9:
                    d4:c2:8f:04:5b:7f:69:b5:f7:2c:69:03:38:25:ac:
                    09:6f:c7:ef:54:f0:22:cf:ea:b0:8a:a6:c2:bf:bf:
                    55:67:b5:bd:cd:45:b0:35:a8:e2:8f:54:4b:63:41:
                    d8:c2:2a:f6:8d:74:e9:e0:49:40:40:98:9f:fc:2a:
                    17:6b:05:78:27:0a:22:2f:a4:74:b6:a4:06:85:59:
                    b5:49:0e:dc:27:b5:8b:e9:57:0d:03:93:12:37:f6:
                    23:c7:c4:6a:9e:e6:c2:be:e5:99:01:8e:a7:7e:fc:
                    96:86:80:65:08:9f:90:2a:95:f2:bf:19:f5:c9:bd:
                    e0:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:A0:D6:AC:98:12:EC:15:B7:76:92:28:20:4B:48:C6:C5:7A:12:A3
            X509v3 Authority Key Identifier:
                keyid:F4:F4:30:D0:80:5F:42:FF:A3:BC:D0:C0:B7:C5:50:80:51:17:92:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9PQw0IBfQv-jvNDAt8VQgFEXkjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/28bd13-8a3b-4550-9700-f0f93cca2479/1/_KDWrJgS7BW3dpIoIEtIxsV6EqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/28bd13-8a3b-4550-9700-f0f93cca2479/1/9PQw0IBfQv-jvNDAt8VQgFEXkjo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.240.0/22
                IPv6:
                  2a06:38c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:79:29:14:1e:dd:ad:a4:df:29:78:2e:fd:35:00:b3:e8:24:
         cb:df:f3:8a:84:e2:62:04:30:c3:fd:94:f2:06:30:c1:c1:14:
         1e:a0:d4:d1:8f:42:5b:f8:f0:1f:c6:0a:5b:43:5b:7a:78:8c:
         d2:ce:63:59:c7:0f:45:7c:85:ea:7f:14:16:54:08:66:b9:36:
         d5:31:56:1c:93:59:c7:1b:ee:28:06:d3:58:82:d3:c7:2c:a1:
         17:f1:15:d9:d8:f7:5b:35:6a:6d:f9:a7:90:5a:94:49:db:8a:
         bb:45:b5:dc:3e:c4:56:0b:15:de:8c:8e:ca:90:f8:1e:9f:0b:
         22:a3:70:29:f9:6c:6e:91:81:3d:1d:1a:94:ce:7f:39:14:88:
         69:f1:6f:3f:69:e2:62:78:65:69:d2:93:77:db:14:43:de:84:
         2d:e5:f9:70:0c:46:90:d1:87:00:fc:ab:cc:18:64:ae:61:7e:
         a9:ee:df:13:59:f8:3d:0b:a6:ea:5b:ce:9b:6e:d4:30:ab:65:
         46:1f:2a:47:f8:ba:02:fe:19:f8:1e:57:51:6f:83:ea:0c:3b:
         2b:bd:fa:47:ca:12:6a:82:e9:20:c9:d1:5b:9d:b5:9d:32:ae:
         90:0a:2b:2f:e7:ee:75:dd:4e:af:76:28:21:0c:00:b8:38:5e:
         99:96:cc:02
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt/pblP2VsYMcawcduYVwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZjQzMGQwODA1ZjQyZmZhM2JjZDBjMGI3YzU1MDgwNTEx
NzkyM2EwHhcNMjQwMTAxMjAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2EwZDZhYzk4MTJlYzE1Yjc3NjkyMjgyMDRiNDhjNmM1N2ExMmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhp9eO6HG5CHTVaDa/uOVR9nzp9iS
FbMSuaGRaQJD4mzbxg7b7g4S3MSvUILNcinhL47Olwv5xSyP6nbI5nyIGF6y3ozd
Aotk/M/GkN++dcneekKlz5hnDz70qHG3Gugz2x52UrTzCn6cZFVUZFVO6mmPd+Fa
0yxRuH+8vHMDs0U/zxk+zrnUwo8EW39ptfcsaQM4JawJb8fvVPAiz+qwiqbCv79V
Z7W9zUWwNajij1RLY0HYwir2jXTp4ElAQJif/CoXawV4JwoiL6R0tqQGhVm1SQ7c
J7WL6VcNA5MSN/Yjx8RqnubCvuWZAY6nfvyWhoBlCJ+QKpXyvxn1yb3gZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPyg1qyYEuwVt3aSKCBLSMbFehKjMB8GA1UdIwQY
MBaAFPT0MNCAX0L/o7zQwLfFUIBRF5I6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVBRdzBJQmZRdi1qdk5EQXQ4VlFnRkVYa2pvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8yOGJkMTMtOGEzYi00NTUwLTk3MDAt
ZjBmOTNjY2EyNDc5LzEvX0tEV3JKZ1M3QlczZHBJb0lFdEl4c1Y2RXFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8yOGJkMTMtOGEzYi00NTUwLTk3MDAtZjBmOTNjY2EyNDc5
LzEvOVBRdzBJQmZRdi1qdk5EQXQ4VlFnRkVYa2pvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWnwMA0E
AgACMAcDBQMqBjjAMA0GCSqGSIb3DQEBCwUAA4IBAQBveSkUHt2tpN8peC79NQCz
6CTL3/OKhOJiBDDD/ZTyBjDBwRQeoNTRj0Jb+PAfxgpbQ1t6eIzSzmNZxw9FfIXq
fxQWVAhmuTbVMVYck1nHG+4oBtNYgtPHLKEX8RXZ2PdbNWpt+aeQWpRJ24q7RbXc
PsRWCxXejI7KkPgenwsio3Ap+WxukYE9HRqUzn85FIhp8W8/aeJieGVp0pN32xRD
3oQt5flwDEaQ0YcA/KvMGGSuYX6p7t8TWfg9C6bqW86bbtQwq2VGHypH+LoC/hn4
HldRb4PqDDsrvfpHyhJqgukgydFbnbWdMq6QCisv5+513U6vdighDAC4OF6ZlswC
-----END CERTIFICATE-----