Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/213464-1ddb-4c60-b57e-9c724f7d1265/1/_f1R0nJa_Km96lMRdkZYtcnBhdg.roa
File:                     _f1R0nJa_Km96lMRdkZYtcnBhdg.roa (raw, json)
Hash identifier:          c7wK0p2aSVdDVjhi/YlYdt6oIemWEX7fVGJgVz5zTu4=
Subject key identifier:   FD:FD:51:D2:72:5A:FC:A9:BD:EA:53:11:76:46:58:B5:C9:C1:85:D8
Certificate issuer:       /CN=c97ec9a2a4d9d3a2c1c05dabd41a5f9212e2d6cf
Certificate serial:       018CC5DC58D3991369733CF1F568497795D1
Authority key identifier: C9:7E:C9:A2:A4:D9:D3:A2:C1:C0:5D:AB:D4:1A:5F:92:12:E2:D6:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yX7JoqTZ06LBwF2r1BpfkhLi1s8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/213464-1ddb-4c60-b57e-9c724f7d1265/1/_f1R0nJa_Km96lMRdkZYtcnBhdg.roa
Signing time:             Mon 01 Jan 2024 16:30:01 +0000
ROA not before:           Mon 01 Jan 2024 16:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44979
IP address blocks:        185.111.4.0/24 maxlen: 24
                          185.111.6.0/24 maxlen: 24
                          185.111.7.0/24 maxlen: 24
                          185.111.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/213464-1ddb-4c60-b57e-9c724f7d1265/1/yX7JoqTZ06LBwF2r1BpfkhLi1s8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/213464-1ddb-4c60-b57e-9c724f7d1265/1/yX7JoqTZ06LBwF2r1BpfkhLi1s8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yX7JoqTZ06LBwF2r1BpfkhLi1s8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:58:d3:99:13:69:73:3c:f1:f5:68:49:77:95:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c97ec9a2a4d9d3a2c1c05dabd41a5f9212e2d6cf
        Validity
            Not Before: Jan  1 16:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdfd51d2725afca9bdea5311764658b5c9c185d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:0b:f7:8f:53:c4:27:d0:f1:9c:8c:17:34:22:
                    13:13:b5:f6:90:2e:5d:7c:5a:f6:49:66:ab:20:10:
                    ac:db:7b:b8:58:54:24:e8:fc:ef:be:e1:a4:62:c4:
                    11:f5:d3:fd:7b:d2:63:a4:65:e0:9e:98:a7:aa:fb:
                    70:4b:7b:a6:a8:1f:ed:4a:35:68:1e:66:7d:5c:61:
                    4f:57:7b:86:88:66:05:1b:d1:92:ae:3c:e7:f8:27:
                    08:47:33:bd:60:24:6d:54:4b:46:42:3d:37:71:89:
                    22:e2:41:d4:3b:49:cf:7e:a9:b1:07:ff:8f:66:f2:
                    b8:20:cd:79:31:89:db:53:bd:64:72:b5:c0:b9:67:
                    3f:58:ca:94:b3:69:eb:70:b9:bf:02:14:db:ad:24:
                    7c:f4:72:bc:b7:5c:4d:42:25:c9:e6:84:a4:d4:e4:
                    ec:6b:6d:d9:6e:18:82:c1:e5:f1:39:a6:bf:a3:ea:
                    e2:57:b1:b0:71:a6:d7:8b:4e:c6:47:1b:4c:29:f2:
                    42:42:35:0e:ee:bf:60:0c:e5:47:2d:6e:a6:db:e3:
                    37:b0:12:8a:2e:c2:7e:97:cd:a2:1b:33:3e:d1:56:
                    d7:ae:ab:a1:35:92:0f:5e:d4:7c:4e:e5:d3:9c:6b:
                    08:33:e1:44:ae:3f:40:9e:5e:cf:7a:89:4c:3c:26:
                    bd:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:FD:51:D2:72:5A:FC:A9:BD:EA:53:11:76:46:58:B5:C9:C1:85:D8
            X509v3 Authority Key Identifier:
                keyid:C9:7E:C9:A2:A4:D9:D3:A2:C1:C0:5D:AB:D4:1A:5F:92:12:E2:D6:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yX7JoqTZ06LBwF2r1BpfkhLi1s8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/213464-1ddb-4c60-b57e-9c724f7d1265/1/_f1R0nJa_Km96lMRdkZYtcnBhdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/213464-1ddb-4c60-b57e-9c724f7d1265/1/yX7JoqTZ06LBwF2r1BpfkhLi1s8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:89:d8:92:45:e6:9b:9a:f0:c4:dd:61:8a:a6:72:79:2b:47:
         a1:1d:b7:80:6b:f0:be:53:4d:4b:3f:9b:9c:5f:bc:47:45:a7:
         72:c7:4e:e6:8b:55:dc:eb:3f:eb:8d:72:02:77:87:1a:6c:1e:
         74:96:20:06:f9:b4:29:67:a8:81:5a:94:c1:ca:42:a7:01:16:
         6f:eb:56:aa:1b:8c:a8:db:16:36:fd:53:ce:41:10:b1:5f:5f:
         19:ce:da:9a:99:72:e5:10:a1:2b:e4:04:2d:73:fe:0c:9f:2a:
         34:64:e2:a6:1a:28:69:7a:7a:82:f8:46:e5:2e:f9:9a:e3:86:
         0c:80:83:32:ca:d8:3e:87:67:7f:c6:05:11:e9:c1:97:3e:98:
         b5:5c:3d:f9:7d:bb:61:30:25:5a:aa:06:31:75:1d:31:5e:03:
         83:a0:0c:68:55:20:73:c0:d9:a6:64:eb:c6:11:0d:77:86:1b:
         8b:a1:7c:3a:f2:b0:58:2b:13:41:cf:3b:f0:27:14:52:dc:05:
         1b:ca:53:79:e4:97:8f:73:32:c9:0d:6f:6b:b6:27:f8:9d:10:
         44:d4:06:45:d1:d1:a1:d1:62:16:91:74:14:b8:01:2b:d2:df:
         0f:0a:85:16:38:56:22:6e:f9:dd:b2:0b:88:26:b1:7e:ee:be:
         89:c5:62:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3FjTmRNpczzx9WhJd5XRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5N2VjOWEyYTRkOWQzYTJjMWMwNWRhYmQ0MWE1ZjkyMTJl
MmQ2Y2YwHhcNMjQwMTAxMTYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGZkNTFkMjcyNWFmY2E5YmRlYTUzMTE3NjQ2NThiNWM5YzE4NWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQv3j1PEJ9DxnIwXNCITE7X2kC5d
fFr2SWarIBCs23u4WFQk6PzvvuGkYsQR9dP9e9JjpGXgnpinqvtwS3umqB/tSjVo
HmZ9XGFPV3uGiGYFG9GSrjzn+CcIRzO9YCRtVEtGQj03cYki4kHUO0nPfqmxB/+P
ZvK4IM15MYnbU71kcrXAuWc/WMqUs2nrcLm/AhTbrSR89HK8t1xNQiXJ5oSk1OTs
a23ZbhiCweXxOaa/o+riV7GwcabXi07GRxtMKfJCQjUO7r9gDOVHLW6m2+M3sBKK
LsJ+l82iGzM+0VbXrquhNZIPXtR8TuXTnGsIM+FErj9Anl7PeolMPCa9ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP39UdJyWvypvepTEXZGWLXJwYXYMB8GA1UdIwQY
MBaAFMl+yaKk2dOiwcBdq9QaX5IS4tbPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVg3Sm9xVFowNkxCd0YycjFCcGZraExpMXM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8yMTM0NjQtMWRkYi00YzYwLWI1N2Ut
OWM3MjRmN2QxMjY1LzEvX2YxUjBuSmFfS205NmxNUmRrWll0Y25CaGRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8yMTM0NjQtMWRkYi00YzYwLWI1N2UtOWM3MjRmN2QxMjY1
LzEveVg3Sm9xVFowNkxCd0YycjFCcGZraExpMXM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuW8EMA0G
CSqGSIb3DQEBCwUAA4IBAQCUidiSReabmvDE3WGKpnJ5K0ehHbeAa/C+U01LP5uc
X7xHRadyx07mi1Xc6z/rjXICd4cabB50liAG+bQpZ6iBWpTBykKnARZv61aqG4yo
2xY2/VPOQRCxX18ZztqamXLlEKEr5AQtc/4Mnyo0ZOKmGihpenqC+EblLvma44YM
gIMyytg+h2d/xgUR6cGXPpi1XD35fbthMCVaqgYxdR0xXgODoAxoVSBzwNmmZOvG
EQ13hhuLoXw68rBYKxNBzzvwJxRS3AUbylN55JePczLJDW9rtif4nRBE1AZF0dGh
0WIWkXQUuAEr0t8PCoUWOFYibvndsguIJrF+7r6JxWKL
-----END CERTIFICATE-----