Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/KA1t2qI4Iuks-q6_GU8MPbqgTFk.roa
File:                     KA1t2qI4Iuks-q6_GU8MPbqgTFk.roa (raw, json)
Hash identifier:          cxUcF6onkZSGgGZNAlNNLact16oI6Patwv6xM3CFYW4=
Subject key identifier:   28:0D:6D:DA:A2:38:22:E9:2C:FA:AE:BF:19:4F:0C:3D:BA:A0:4C:59
Certificate issuer:       /CN=e4be8efec1fb03d8af979af1cba13a0845a7b0ba
Certificate serial:       018DC1A2B4468BD8811FCEFEABF4605C3411
Authority key identifier: E4:BE:8E:FE:C1:FB:03:D8:AF:97:9A:F1:CB:A1:3A:08:45:A7:B0:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5L6O_sH7A9ivl5rxy6E6CEWnsLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/KA1t2qI4Iuks-q6_GU8MPbqgTFk.roa
Signing time:             Mon 19 Feb 2024 13:51:22 +0000
ROA not before:           Mon 19 Feb 2024 13:51:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41959
IP address blocks:        185.125.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/5L6O_sH7A9ivl5rxy6E6CEWnsLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/5L6O_sH7A9ivl5rxy6E6CEWnsLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5L6O_sH7A9ivl5rxy6E6CEWnsLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:a2:b4:46:8b:d8:81:1f:ce:fe:ab:f4:60:5c:34:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4be8efec1fb03d8af979af1cba13a0845a7b0ba
        Validity
            Not Before: Feb 19 13:51:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=280d6ddaa23822e92cfaaebf194f0c3dbaa04c59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:03:ec:58:72:3d:cf:9a:cc:84:f6:d3:18:68:
                    4c:39:31:90:d5:5d:1f:c3:88:0c:61:60:9f:01:2f:
                    a5:94:88:c0:0a:76:fe:b6:33:56:64:36:7f:62:47:
                    58:03:52:b1:39:43:8c:b6:96:9c:32:7d:2b:39:0f:
                    7b:6c:83:b4:28:dc:21:bb:41:9a:31:af:f4:7c:94:
                    cb:82:ac:72:86:f8:23:cd:97:43:15:4a:a7:02:31:
                    ed:89:66:13:c9:0f:b5:9b:fd:69:39:0c:43:d0:ec:
                    86:21:2c:23:14:e6:3f:c2:f6:c6:cc:5c:8e:66:4d:
                    fc:b3:c8:24:04:d0:c1:bb:80:55:64:7e:7c:4a:53:
                    99:94:f1:08:0e:cc:31:7e:fc:54:37:ca:c1:88:dc:
                    9b:2c:43:18:e6:d7:d6:d8:bb:2d:c0:bc:9f:e9:51:
                    72:12:f1:eb:dd:fa:0d:d8:6d:27:ec:34:c5:72:48:
                    f3:af:ef:22:5f:e5:3a:e2:38:9c:b3:60:be:20:44:
                    a4:0f:25:6d:1c:cd:1b:7f:56:b7:e9:b3:63:01:d7:
                    2c:e6:cc:0f:66:68:d6:70:14:8e:fc:61:ef:e2:a6:
                    4f:d0:80:61:85:28:b0:98:da:1a:b0:86:89:6b:36:
                    ef:2e:09:41:5f:14:c0:32:74:18:f2:76:24:fc:62:
                    2e:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:0D:6D:DA:A2:38:22:E9:2C:FA:AE:BF:19:4F:0C:3D:BA:A0:4C:59
            X509v3 Authority Key Identifier:
                keyid:E4:BE:8E:FE:C1:FB:03:D8:AF:97:9A:F1:CB:A1:3A:08:45:A7:B0:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5L6O_sH7A9ivl5rxy6E6CEWnsLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/KA1t2qI4Iuks-q6_GU8MPbqgTFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/5L6O_sH7A9ivl5rxy6E6CEWnsLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:93:30:9c:b7:76:24:01:ef:b1:56:54:7c:95:d1:82:16:8c:
         e1:b7:55:88:47:3a:76:b8:ba:2d:cf:56:5b:7b:b8:52:51:76:
         a2:64:3f:7d:db:d4:fd:5c:bc:9c:61:b4:6f:af:c2:e7:91:4f:
         b9:cc:4b:dc:6c:4c:8c:41:57:94:ae:1f:33:ee:74:c2:70:8c:
         a5:20:4b:de:6c:18:3a:ac:a9:d5:1c:a3:7b:50:19:a5:aa:db:
         42:4a:9b:81:28:8d:61:23:a7:10:43:1c:6d:45:73:3f:e0:51:
         78:71:ef:22:b9:ee:8e:67:6b:13:d9:f4:8c:9f:ab:7a:e7:ef:
         2c:ca:61:8a:ab:21:e0:2f:d8:ae:84:c2:a9:1e:d7:16:82:48:
         04:a3:c5:0b:e9:47:e0:40:aa:93:4d:29:cc:15:88:e3:39:05:
         59:1b:e3:3d:d1:23:ce:40:91:db:f8:d8:59:53:92:aa:19:2f:
         97:1d:3d:b9:44:f5:8f:33:94:b8:14:a1:56:a1:63:c9:c5:e2:
         11:cc:15:b4:12:b3:b6:82:5b:01:af:9a:51:02:09:da:36:4b:
         95:f1:75:9a:89:91:76:e7:05:18:e0:26:bc:f4:4c:61:70:97:
         62:6b:d0:bf:12:b2:c1:bc:b5:fe:f8:42:cf:c6:04:16:26:4c:
         91:ea:91:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3BorRGi9iBH87+q/RgXDQRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YmU4ZWZlYzFmYjAzZDhhZjk3OWFmMWNiYTEzYTA4NDVh
N2IwYmEwHhcNMjQwMjE5MTM1MTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODBkNmRkYWEyMzgyMmU5MmNmYWFlYmYxOTRmMGMzZGJhYTA0YzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQPsWHI9z5rMhPbTGGhMOTGQ1V0f
w4gMYWCfAS+llIjACnb+tjNWZDZ/YkdYA1KxOUOMtpacMn0rOQ97bIO0KNwhu0Ga
Ma/0fJTLgqxyhvgjzZdDFUqnAjHtiWYTyQ+1m/1pOQxD0OyGISwjFOY/wvbGzFyO
Zk38s8gkBNDBu4BVZH58SlOZlPEIDswxfvxUN8rBiNybLEMY5tfW2LstwLyf6VFy
EvHr3foN2G0n7DTFckjzr+8iX+U64jics2C+IESkDyVtHM0bf1a36bNjAdcs5swP
ZmjWcBSO/GHv4qZP0IBhhSiwmNoasIaJazbvLglBXxTAMnQY8nYk/GIumwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCgNbdqiOCLpLPquvxlPDD26oExZMB8GA1UdIwQY
MBaAFOS+jv7B+wPYr5ea8cuhOghFp7C6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUw2T19zSDdBOWl2bDVyeHk2RTZDRVduc0xvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wZjlmMDItYzJhZC00ZWM4LWI0ZDUt
ZGZiZmEzZmNmMDIxLzEvS0ExdDJxSTRJdWtzLXE2X0dVOE1QYnFnVEZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wZjlmMDItYzJhZC00ZWM4LWI0ZDUtZGZiZmEzZmNmMDIx
LzEvNUw2T19zSDdBOWl2bDVyeHk2RTZDRVduc0xvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX0GMA0G
CSqGSIb3DQEBCwUAA4IBAQBPkzCct3YkAe+xVlR8ldGCFozht1WIRzp2uLotz1Zb
e7hSUXaiZD9929T9XLycYbRvr8LnkU+5zEvcbEyMQVeUrh8z7nTCcIylIEvebBg6
rKnVHKN7UBmlqttCSpuBKI1hI6cQQxxtRXM/4FF4ce8iue6OZ2sT2fSMn6t65+8s
ymGKqyHgL9iuhMKpHtcWgkgEo8UL6UfgQKqTTSnMFYjjOQVZG+M90SPOQJHb+NhZ
U5KqGS+XHT25RPWPM5S4FKFWoWPJxeIRzBW0ErO2glsBr5pRAgnaNkuV8XWaiZF2
5wUY4Ca89ExhcJdia9C/ErLBvLX++ELPxgQWJkyR6pFc
-----END CERTIFICATE-----