Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/1BNIV5NkRTj5CjNR6dxPoCeqQLk.roa
File:                     1BNIV5NkRTj5CjNR6dxPoCeqQLk.roa (raw, json)
Hash identifier:          OQ1K1b23vvC31SAfUJDSqdcbbcqYisms5QfhHvMan2s=
Subject key identifier:   D4:13:48:57:93:64:45:38:F9:0A:33:51:E9:DC:4F:A0:27:AA:40:B9
Certificate issuer:       /CN=acb54bcc49291a1f32b7cead4f296882d0531492
Certificate serial:       018CC4935F6B1DA75DC61EF3DB002E29629E
Authority key identifier: AC:B5:4B:CC:49:29:1A:1F:32:B7:CE:AD:4F:29:68:82:D0:53:14:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rLVLzEkpGh8yt86tTylogtBTFJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/1BNIV5NkRTj5CjNR6dxPoCeqQLk.roa
Signing time:             Mon 01 Jan 2024 10:30:41 +0000
ROA not before:           Mon 01 Jan 2024 10:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198011
IP address blocks:        185.105.76.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/rLVLzEkpGh8yt86tTylogtBTFJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/rLVLzEkpGh8yt86tTylogtBTFJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rLVLzEkpGh8yt86tTylogtBTFJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:5f:6b:1d:a7:5d:c6:1e:f3:db:00:2e:29:62:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=acb54bcc49291a1f32b7cead4f296882d0531492
        Validity
            Not Before: Jan  1 10:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d413485793644538f90a3351e9dc4fa027aa40b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:4e:b7:68:c2:03:78:85:8b:e9:8f:84:63:0e:
                    fb:d8:75:05:74:e4:08:24:12:67:43:6a:db:67:76:
                    02:b6:2c:83:c8:11:27:04:5d:f2:0f:76:55:47:cd:
                    51:75:ee:34:d3:a9:0d:65:55:24:9a:6e:ff:fd:18:
                    7a:58:91:28:9c:c3:57:db:c2:3f:88:88:ac:db:88:
                    97:d1:3d:01:fd:68:38:3e:b7:8b:09:02:c4:c5:e5:
                    a3:67:b4:3a:47:9f:de:d1:e6:0b:c6:ba:ea:03:2a:
                    6a:a6:e1:14:89:94:2e:b9:d6:13:e7:b4:ed:56:11:
                    ff:ad:4f:04:ec:5b:cb:7b:37:57:68:a3:54:49:2b:
                    82:89:3a:fa:7c:13:c0:7d:68:45:3a:ea:bf:00:5b:
                    e5:de:60:49:55:90:ce:3a:50:07:af:86:a4:43:af:
                    46:1e:be:e9:1f:7a:45:fd:3d:2b:36:9c:ec:dc:d8:
                    f8:c6:b4:47:bb:95:6f:6c:4b:99:95:67:5c:03:34:
                    ad:a9:33:22:c5:65:ae:cc:6e:0a:b1:52:1b:d7:c8:
                    92:55:8f:69:2c:d5:c2:97:b0:6e:20:f7:3d:22:6b:
                    28:a3:62:14:fc:3c:60:4c:0b:44:2a:4f:46:d3:3a:
                    06:ae:56:ac:b5:79:19:82:fb:05:48:c4:8a:28:40:
                    d4:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:13:48:57:93:64:45:38:F9:0A:33:51:E9:DC:4F:A0:27:AA:40:B9
            X509v3 Authority Key Identifier:
                keyid:AC:B5:4B:CC:49:29:1A:1F:32:B7:CE:AD:4F:29:68:82:D0:53:14:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rLVLzEkpGh8yt86tTylogtBTFJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/1BNIV5NkRTj5CjNR6dxPoCeqQLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/rLVLzEkpGh8yt86tTylogtBTFJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:ef:6a:28:87:60:00:e0:18:90:77:a0:69:48:98:8d:de:22:
         f0:bb:74:2c:1b:6f:90:0e:dd:83:4f:27:6e:62:12:de:51:fa:
         b0:2d:5c:83:7d:0c:6e:0e:30:0d:f6:db:87:b4:66:6a:a1:16:
         cc:cd:b5:1e:90:12:5a:e5:de:59:bb:61:94:83:dc:1d:a1:4b:
         21:61:36:8a:73:42:f8:63:36:9e:6f:50:bb:17:cf:24:4b:e7:
         7b:03:0a:a5:38:3a:94:7e:f3:e8:02:7e:1c:c0:15:eb:d7:0a:
         a8:bd:5c:5a:8c:fc:8d:91:ec:53:17:4c:77:6f:50:53:cb:5e:
         88:cc:d0:25:6f:c6:67:dc:74:e2:c7:6f:7c:c8:fe:15:9c:1b:
         e8:9d:81:df:5c:1d:1d:e6:fc:5d:4b:17:8d:b3:cc:46:ae:ca:
         9d:3d:8f:6c:db:00:95:30:72:c6:ae:c5:77:74:0d:38:21:39:
         85:83:a9:b0:0d:b2:5e:b7:99:d2:c5:9b:9a:9c:5f:10:ce:80:
         33:8f:6e:69:ac:3f:74:56:87:f5:8c:34:20:ef:2f:58:42:07:
         c5:b2:56:e7:3b:6c:76:c8:17:aa:7a:a0:ce:37:df:65:76:b0:
         2d:e1:17:ec:2a:96:90:e0:ac:1a:a4:e3:48:af:49:61:cb:9e:
         0c:48:3d:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk19rHaddxh7z2wAuKWKeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYjU0YmNjNDkyOTFhMWYzMmI3Y2VhZDRmMjk2ODgyZDA1
MzE0OTIwHhcNMjQwMTAxMTAzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDEzNDg1NzkzNjQ0NTM4ZjkwYTMzNTFlOWRjNGZhMDI3YWE0MGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsk63aMIDeIWL6Y+EYw772HUFdOQI
JBJnQ2rbZ3YCtiyDyBEnBF3yD3ZVR81Rde4006kNZVUkmm7//Rh6WJEonMNX28I/
iIis24iX0T0B/Wg4PreLCQLExeWjZ7Q6R5/e0eYLxrrqAypqpuEUiZQuudYT57Tt
VhH/rU8E7FvLezdXaKNUSSuCiTr6fBPAfWhFOuq/AFvl3mBJVZDOOlAHr4akQ69G
Hr7pH3pF/T0rNpzs3Nj4xrRHu5VvbEuZlWdcAzStqTMixWWuzG4KsVIb18iSVY9p
LNXCl7BuIPc9Imsoo2IU/DxgTAtEKk9G0zoGrlastXkZgvsFSMSKKEDUuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQTSFeTZEU4+QozUencT6AnqkC5MB8GA1UdIwQY
MBaAFKy1S8xJKRofMrfOrU8paILQUxSSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckxWTHpFa3BHaDh5dDg2dFR5bG9ndEJURkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jZDJiZGQtZDNjNC00ZDYwLWIwOTYt
YWYzYTY4NWQ1NzlmLzEvMUJOSVY1TmtSVGo1Q2pOUjZkeFBvQ2VxUUxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jZDJiZGQtZDNjNC00ZDYwLWIwOTYtYWYzYTY4NWQ1Nzlm
LzEvckxWTHpFa3BHaDh5dDg2dFR5bG9ndEJURkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWlMMA0G
CSqGSIb3DQEBCwUAA4IBAQCd72ooh2AA4BiQd6BpSJiN3iLwu3QsG2+QDt2DTydu
YhLeUfqwLVyDfQxuDjAN9tuHtGZqoRbMzbUekBJa5d5Zu2GUg9wdoUshYTaKc0L4
Yzaeb1C7F88kS+d7AwqlODqUfvPoAn4cwBXr1wqovVxajPyNkexTF0x3b1BTy16I
zNAlb8Zn3HTix298yP4VnBvonYHfXB0d5vxdSxeNs8xGrsqdPY9s2wCVMHLGrsV3
dA04ITmFg6mwDbJet5nSxZuanF8QzoAzj25prD90Vof1jDQg7y9YQgfFslbnO2x2
yBeqeqDON99ldrAt4RfsKpaQ4KwapONIr0lhy54MSD37
-----END CERTIFICATE-----