Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/27911b-064f-4d62-ba1c-e6626af759b7/1/_4z2Fbz1XY77iryEzJN0-45KEiY.roa
File:                     _4z2Fbz1XY77iryEzJN0-45KEiY.roa (raw, json)
Hash identifier:          zfmB6x/OB0Ko9cjpJyu0pynpZqk4yFgcDebq4/139yo=
Subject key identifier:   FF:8C:F6:15:BC:F5:5D:8E:FB:8A:BC:84:CC:93:74:FB:8E:4A:12:26
Certificate issuer:       /CN=59602e4b08594c5caffbeb50d1e0a9d470eb92e5
Certificate serial:       018CC49364753F24E45900DCD958E55CBAA5
Authority key identifier: 59:60:2E:4B:08:59:4C:5C:AF:FB:EB:50:D1:E0:A9:D4:70:EB:92:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WWAuSwhZTFyv--tQ0eCp1HDrkuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/27911b-064f-4d62-ba1c-e6626af759b7/1/_4z2Fbz1XY77iryEzJN0-45KEiY.roa
Signing time:             Mon 01 Jan 2024 10:30:43 +0000
ROA not before:           Mon 01 Jan 2024 10:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56923
IP address blocks:        185.200.16.0/22 maxlen: 22
                          185.200.17.0/24 maxlen: 24
                          185.200.16.0/24 maxlen: 24
                          185.200.18.0/24 maxlen: 24
                          185.200.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/27911b-064f-4d62-ba1c-e6626af759b7/1/WWAuSwhZTFyv--tQ0eCp1HDrkuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/27911b-064f-4d62-ba1c-e6626af759b7/1/WWAuSwhZTFyv--tQ0eCp1HDrkuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WWAuSwhZTFyv--tQ0eCp1HDrkuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:64:75:3f:24:e4:59:00:dc:d9:58:e5:5c:ba:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59602e4b08594c5caffbeb50d1e0a9d470eb92e5
        Validity
            Not Before: Jan  1 10:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff8cf615bcf55d8efb8abc84cc9374fb8e4a1226
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b2:18:7b:00:fb:dd:71:50:08:dd:5b:54:d5:
                    cf:93:af:d1:a7:f8:e3:5b:6f:ab:b0:00:15:74:f3:
                    62:41:b8:ed:93:0a:99:a5:c7:dd:3a:5a:a3:5d:d0:
                    0a:bd:d4:9b:79:46:15:af:81:22:e3:67:34:2f:31:
                    1f:8d:09:c8:55:a2:39:9f:02:1f:33:b6:f6:b4:15:
                    b2:04:83:3e:d8:45:5a:e4:3e:7c:fe:ef:29:e7:38:
                    fe:97:ca:7f:31:e3:d2:2e:95:ba:cf:a6:9e:3c:78:
                    64:c2:c9:62:3d:e9:8b:3b:65:91:e4:a4:b9:59:3b:
                    eb:4c:a2:35:57:ac:0c:fe:5c:7e:93:1d:88:6b:56:
                    ff:93:8f:01:bb:ca:df:b0:a2:03:1d:e7:a3:05:07:
                    31:58:4d:0c:7c:7a:af:a4:0f:39:63:04:3c:a0:b6:
                    0c:72:b7:0d:81:a3:33:d3:0f:b3:0f:94:5f:93:4d:
                    52:03:e8:5c:f3:76:36:97:5f:9c:c5:87:43:29:29:
                    0d:c5:5b:c4:51:67:46:13:bb:5d:f6:7a:5d:f2:93:
                    15:64:4b:a4:b1:25:4a:4e:dd:f3:a8:b9:87:7e:dc:
                    26:b0:d1:ef:df:84:40:df:66:90:54:9f:67:a0:e0:
                    9e:ca:70:de:f3:7b:d9:74:12:c4:71:27:4c:8b:4b:
                    af:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:8C:F6:15:BC:F5:5D:8E:FB:8A:BC:84:CC:93:74:FB:8E:4A:12:26
            X509v3 Authority Key Identifier:
                keyid:59:60:2E:4B:08:59:4C:5C:AF:FB:EB:50:D1:E0:A9:D4:70:EB:92:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WWAuSwhZTFyv--tQ0eCp1HDrkuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/27911b-064f-4d62-ba1c-e6626af759b7/1/_4z2Fbz1XY77iryEzJN0-45KEiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/27911b-064f-4d62-ba1c-e6626af759b7/1/WWAuSwhZTFyv--tQ0eCp1HDrkuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6f:32:ae:19:80:0f:f3:92:30:75:0d:c8:bc:f6:bb:2b:0d:0c:
         37:a2:bd:ff:d6:6c:6b:1f:5c:f0:f0:90:84:aa:8e:10:e6:af:
         f8:83:cc:ee:c1:14:49:27:ae:22:44:6c:cf:76:31:49:06:ec:
         6a:ff:e5:27:dc:9f:c2:21:9e:56:ed:cf:47:d4:64:89:b0:e7:
         17:f4:a5:9c:3c:6e:38:c7:fe:3f:ee:88:fa:16:b0:d3:5e:ad:
         74:8c:ba:ca:26:43:5b:72:39:d4:64:f5:ab:92:0e:0b:62:77:
         92:ff:a6:0f:19:89:d1:82:09:f4:81:a5:57:94:64:e5:c2:c9:
         5b:3c:4f:54:0b:5a:e6:78:f6:3e:15:b6:30:fb:4a:43:a4:a7:
         19:c8:d2:38:16:fb:d3:71:65:33:96:cd:41:49:f8:db:a4:e0:
         2f:3e:fb:47:fe:99:d8:5f:05:8b:3c:2e:3e:41:48:75:a2:d6:
         6b:59:2a:16:bb:87:f2:13:f5:f4:b6:bf:fd:11:12:c5:d7:88:
         35:85:52:93:8d:2c:7b:95:80:70:c3:19:00:1c:d8:c4:39:d6:
         d1:58:94:c3:09:cd:1c:66:47:ff:98:df:23:59:55:78:62:c3:
         8a:db:dc:71:ba:f8:93:45:56:be:7c:52:69:6b:a2:3f:49:d4:
         ea:1d:c2:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk2R1PyTkWQDc2VjlXLqlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NjAyZTRiMDg1OTRjNWNhZmZiZWI1MGQxZTBhOWQ0NzBl
YjkyZTUwHhcNMjQwMTAxMTAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjhjZjYxNWJjZjU1ZDhlZmI4YWJjODRjYzkzNzRmYjhlNGExMjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbIYewD73XFQCN1bVNXPk6/Rp/jj
W2+rsAAVdPNiQbjtkwqZpcfdOlqjXdAKvdSbeUYVr4Ei42c0LzEfjQnIVaI5nwIf
M7b2tBWyBIM+2EVa5D58/u8p5zj+l8p/MePSLpW6z6aePHhkwsliPemLO2WR5KS5
WTvrTKI1V6wM/lx+kx2Ia1b/k48Bu8rfsKIDHeejBQcxWE0MfHqvpA85YwQ8oLYM
crcNgaMz0w+zD5Rfk01SA+hc83Y2l1+cxYdDKSkNxVvEUWdGE7td9npd8pMVZEuk
sSVKTt3zqLmHftwmsNHv34RA32aQVJ9noOCeynDe83vZdBLEcSdMi0uvjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP+M9hW89V2O+4q8hMyTdPuOShImMB8GA1UdIwQY
MBaAFFlgLksIWUxcr/vrUNHgqdRw65LlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1dBdVN3aFpURnl2LS10UTBlQ3AxSERya3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8yNzkxMWItMDY0Zi00ZDYyLWJhMWMt
ZTY2MjZhZjc1OWI3LzEvXzR6MkZiejFYWTc3aXJ5RXpKTjAtNDVLRWlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8yNzkxMWItMDY0Zi00ZDYyLWJhMWMtZTY2MjZhZjc1OWI3
LzEvV1dBdVN3aFpURnl2LS10UTBlQ3AxSERya3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucgQMA0G
CSqGSIb3DQEBCwUAA4IBAQBvMq4ZgA/zkjB1Dci89rsrDQw3or3/1mxrH1zw8JCE
qo4Q5q/4g8zuwRRJJ64iRGzPdjFJBuxq/+Un3J/CIZ5W7c9H1GSJsOcX9KWcPG44
x/4/7oj6FrDTXq10jLrKJkNbcjnUZPWrkg4LYneS/6YPGYnRggn0gaVXlGTlwslb
PE9UC1rmePY+FbYw+0pDpKcZyNI4FvvTcWUzls1BSfjbpOAvPvtH/pnYXwWLPC4+
QUh1otZrWSoWu4fyE/X0tr/9ERLF14g1hVKTjSx7lYBwwxkAHNjEOdbRWJTDCc0c
Zkf/mN8jWVV4YsOK29xxuviTRVa+fFJpa6I/SdTqHcK+
-----END CERTIFICATE-----