Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/05c0a3-7378-4542-897d-d3a58b5cb0c0/1/F17UiV9SI2HthhLngSLA0C7zpHk.roa
File:                     F17UiV9SI2HthhLngSLA0C7zpHk.roa (raw, json)
Hash identifier:          JinvvCCX2s+7jIN9oCgDIzUjdizWvBHGCC6+HkQFbko=
Subject key identifier:   17:5E:D4:89:5F:52:23:61:ED:86:12:E7:81:22:C0:D0:2E:F3:A4:79
Certificate issuer:       /CN=8abdc26cddc0bbcfa354f11a01e6ff01296b3c7b
Certificate serial:       018CC5008B6B71978BCC808F8FFB403A10E1
Authority key identifier: 8A:BD:C2:6C:DD:C0:BB:CF:A3:54:F1:1A:01:E6:FF:01:29:6B:3C:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ir3CbN3Au8-jVPEaAeb_ASlrPHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/05c0a3-7378-4542-897d-d3a58b5cb0c0/1/F17UiV9SI2HthhLngSLA0C7zpHk.roa
Signing time:             Mon 01 Jan 2024 12:29:56 +0000
ROA not before:           Mon 01 Jan 2024 12:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16265
IP address blocks:        194.169.245.0/24 maxlen: 24
                          176.103.222.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/05c0a3-7378-4542-897d-d3a58b5cb0c0/1/ir3CbN3Au8-jVPEaAeb_ASlrPHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/05c0a3-7378-4542-897d-d3a58b5cb0c0/1/ir3CbN3Au8-jVPEaAeb_ASlrPHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ir3CbN3Au8-jVPEaAeb_ASlrPHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:8b:6b:71:97:8b:cc:80:8f:8f:fb:40:3a:10:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8abdc26cddc0bbcfa354f11a01e6ff01296b3c7b
        Validity
            Not Before: Jan  1 12:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=175ed4895f522361ed8612e78122c0d02ef3a479
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d3:f1:21:8c:84:0a:96:ad:2d:45:a8:93:0e:
                    8d:fe:fa:a9:36:47:86:dd:67:7e:95:0b:30:88:b2:
                    60:68:88:a7:95:9d:0c:3b:56:2c:71:67:2b:7f:6e:
                    23:87:20:17:63:1e:c3:bf:1e:89:93:47:19:ea:d9:
                    98:40:b4:20:ea:65:42:d2:cb:c5:57:ec:f7:74:e8:
                    d6:73:88:50:56:ec:dd:57:01:97:f5:c6:2d:4b:b8:
                    83:a0:04:29:bd:f4:bc:da:ca:f9:32:98:d7:5b:b2:
                    0b:6f:ba:84:d7:32:c4:19:98:e8:9b:54:77:86:de:
                    8a:35:8e:b0:86:af:a5:7b:61:80:75:44:16:09:fe:
                    de:1b:9c:c7:b1:cf:d4:ac:2e:45:49:8a:8b:0d:1d:
                    b0:db:6a:e5:95:d4:ca:54:c4:f6:55:10:9d:fe:25:
                    9d:12:82:6f:65:8b:54:29:fb:93:18:07:a8:6f:45:
                    86:b5:64:53:7e:3a:3c:e9:c5:ac:64:2a:c2:6f:b7:
                    78:25:d9:8b:7d:88:77:17:b1:d6:9e:63:ac:ad:db:
                    b5:2c:63:73:bb:26:1e:83:08:0e:ac:23:47:9c:7d:
                    42:5f:03:42:15:43:19:1f:5a:5c:0e:f6:a0:c0:56:
                    88:17:78:b9:61:95:b7:e4:a7:45:ea:f7:94:6e:d1:
                    45:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:5E:D4:89:5F:52:23:61:ED:86:12:E7:81:22:C0:D0:2E:F3:A4:79
            X509v3 Authority Key Identifier:
                keyid:8A:BD:C2:6C:DD:C0:BB:CF:A3:54:F1:1A:01:E6:FF:01:29:6B:3C:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ir3CbN3Au8-jVPEaAeb_ASlrPHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/05c0a3-7378-4542-897d-d3a58b5cb0c0/1/F17UiV9SI2HthhLngSLA0C7zpHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/05c0a3-7378-4542-897d-d3a58b5cb0c0/1/ir3CbN3Au8-jVPEaAeb_ASlrPHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.103.222.0/23
                  194.169.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:22:78:f5:de:ac:03:ca:26:9c:8f:06:2f:e4:06:f2:90:99:
         32:e7:e4:e2:20:0b:32:08:7c:78:16:ef:68:82:38:91:6e:97:
         b8:86:c7:6d:2e:e2:05:5c:4c:27:42:ef:8e:19:68:96:25:ff:
         60:54:e5:fb:48:39:33:e6:4d:ee:a0:ff:c7:da:fc:ec:0a:4f:
         23:77:13:d1:a0:b5:81:8d:0f:4b:ac:a3:99:8a:ad:d7:b4:66:
         62:0d:93:e5:7e:fa:e8:c5:ca:fc:ff:58:e8:d1:73:7f:f1:cf:
         17:f8:95:b5:76:a6:85:81:34:1f:ed:de:1d:a0:63:74:6a:a2:
         b8:14:24:75:92:0a:d9:e1:21:29:02:0d:8d:25:78:76:10:67:
         74:a3:94:03:c4:59:9a:8a:5d:db:e5:24:f2:f9:b5:43:10:98:
         07:2f:96:a6:d4:09:ed:50:95:e3:a6:5a:82:8a:8d:03:f5:7e:
         ca:4d:7b:e4:80:2e:7a:c4:56:c0:e1:0f:8e:7c:c8:b8:7e:c1:
         a4:5a:63:d7:59:8d:47:5b:69:29:ba:8f:bb:db:4f:43:09:ad:
         aa:b2:1a:65:48:8d:07:fb:d1:10:17:57:ae:ed:ad:dd:17:d6:
         3a:a4:8b:95:58:49:9f:52:f5:31:2e:c0:60:b5:af:c2:22:cc:
         e4:98:be:7f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAItrcZeLzICPj/tAOhDhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYmRjMjZjZGRjMGJiY2ZhMzU0ZjExYTAxZTZmZjAxMjk2
YjNjN2IwHhcNMjQwMTAxMTIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzVlZDQ4OTVmNTIyMzYxZWQ4NjEyZTc4MTIyYzBkMDJlZjNhNDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9PxIYyECpatLUWokw6N/vqpNkeG
3Wd+lQswiLJgaIinlZ0MO1YscWcrf24jhyAXYx7Dvx6Jk0cZ6tmYQLQg6mVC0svF
V+z3dOjWc4hQVuzdVwGX9cYtS7iDoAQpvfS82sr5MpjXW7ILb7qE1zLEGZjom1R3
ht6KNY6whq+le2GAdUQWCf7eG5zHsc/UrC5FSYqLDR2w22rlldTKVMT2VRCd/iWd
EoJvZYtUKfuTGAeob0WGtWRTfjo86cWsZCrCb7d4JdmLfYh3F7HWnmOsrdu1LGNz
uyYegwgOrCNHnH1CXwNCFUMZH1pcDvagwFaIF3i5YZW35KdF6veUbtFF8wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBde1IlfUiNh7YYS54EiwNAu86R5MB8GA1UdIwQY
MBaAFIq9wmzdwLvPo1TxGgHm/wEpazx7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXIzQ2JOM0F1OC1qVlBFYUFlYl9BU2xyUEhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8wNWMwYTMtNzM3OC00NTQyLTg5N2Qt
ZDNhNThiNWNiMGMwLzEvRjE3VWlWOVNJMkh0aGhMbmdTTEEwQzd6cEhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8wNWMwYTMtNzM3OC00NTQyLTg5N2QtZDNhNThiNWNiMGMw
LzEvaXIzQ2JOM0F1OC1qVlBFYUFlYl9BU2xyUEhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBsGfeAwQA
wqn1MA0GCSqGSIb3DQEBCwUAA4IBAQB0Inj13qwDyiacjwYv5AbykJky5+TiIAsy
CHx4Fu9ogjiRbpe4hsdtLuIFXEwnQu+OGWiWJf9gVOX7SDkz5k3uoP/H2vzsCk8j
dxPRoLWBjQ9LrKOZiq3XtGZiDZPlfvroxcr8/1jo0XN/8c8X+JW1dqaFgTQf7d4d
oGN0aqK4FCR1kgrZ4SEpAg2NJXh2EGd0o5QDxFmail3b5STy+bVDEJgHL5am1Ant
UJXjplqCio0D9X7KTXvkgC56xFbA4Q+OfMi4fsGkWmPXWY1HW2kpuo+7209DCa2q
shplSI0H+9EQF1eu7a3dF9Y6pIuVWEmfUvUxLsBgta/CIszkmL5/
-----END CERTIFICATE-----