Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/I1hs5EKY4qzyh0kk6i0vbygxR8I.roa
File:                     I1hs5EKY4qzyh0kk6i0vbygxR8I.roa (raw, json)
Hash identifier:          +0oZtNAUaJ0XW1OlRxC42VMr147UTalCPIoTyMDamrQ=
Subject key identifier:   23:58:6C:E4:42:98:E2:AC:F2:87:49:24:EA:2D:2F:6F:28:31:47:C2
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       018CE3B8CC6E479185BEB1DB1797B6BE0E9B
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/I1hs5EKY4qzyh0kk6i0vbygxR8I.roa
Signing time:             Sun 07 Jan 2024 11:39:48 +0000
ROA not before:           Sun 07 Jan 2024 11:39:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     152179
IP address blocks:        213.145.88.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e3:b8:cc:6e:47:91:85:be:b1:db:17:97:b6:be:0e:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Jan  7 11:39:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23586ce44298e2acf2874924ea2d2f6f283147c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:3b:e1:da:da:36:de:a8:2b:04:c9:ca:24:4e:
                    a3:3f:2a:c5:e8:4b:5c:1c:e0:aa:d2:87:3c:b1:ff:
                    5a:51:03:7d:2b:b3:95:8e:d2:37:93:7d:68:c7:89:
                    5d:03:0a:a0:98:54:c9:6f:a6:e2:d5:e7:07:a3:fd:
                    af:7a:a5:ad:c2:0e:36:97:1a:a5:1d:ae:ce:34:93:
                    f4:6f:f7:64:ab:6c:13:ec:7c:2b:ed:94:79:52:72:
                    90:e8:34:d0:2b:01:da:83:b7:77:b1:2d:11:bf:56:
                    0f:dd:90:d4:41:28:ec:ef:ba:47:06:35:0b:7d:7b:
                    fd:7b:31:0c:3f:43:af:31:d8:00:da:ad:1f:d9:c1:
                    9d:e1:41:76:4e:10:5d:c3:ad:3d:da:a7:89:04:3d:
                    44:4b:66:a2:19:96:6e:6a:2a:1f:6f:67:fc:5f:b9:
                    92:dd:bb:72:19:9a:d2:3b:ab:91:59:9c:af:cc:38:
                    b9:16:91:b8:5a:26:b1:15:f8:cb:1a:c0:5d:1c:32:
                    1a:54:fb:cc:00:ce:4e:20:da:b6:bc:4c:2a:06:7a:
                    5d:f2:47:2c:c0:85:49:ba:23:79:b0:33:bb:91:65:
                    bf:75:9f:8d:fb:2c:d5:aa:16:91:8a:7a:d4:fe:f1:
                    7c:ad:0e:0f:76:08:f7:52:2a:24:78:d8:c9:d0:77:
                    f5:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:58:6C:E4:42:98:E2:AC:F2:87:49:24:EA:2D:2F:6F:28:31:47:C2
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/I1hs5EKY4qzyh0kk6i0vbygxR8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ef:9b:51:64:ef:43:cb:09:aa:ab:46:77:8f:94:7d:c8:64:54:
         50:fd:c7:2c:73:ae:c2:03:65:00:47:21:b1:ff:85:0e:a8:ab:
         e8:29:32:df:ca:0a:b2:83:94:8a:d9:29:50:63:9a:fa:3f:e7:
         d6:56:47:cb:3a:55:10:eb:74:51:7d:0d:33:8c:d0:01:70:a7:
         19:44:d3:af:02:1b:89:85:36:8e:4b:28:33:c7:fa:46:f7:90:
         df:a2:42:6f:87:59:50:9c:76:9f:57:c9:08:64:d4:81:48:91:
         cf:03:7e:87:f6:f6:1e:0c:53:24:9c:eb:fd:67:9d:0b:42:5b:
         a6:a8:36:53:9f:97:35:bc:eb:b7:8d:86:47:02:65:b8:81:95:
         ad:ef:6e:bf:f8:23:b9:76:b0:5c:59:ed:70:d9:4b:ad:d6:0c:
         e7:d6:c1:0b:d2:63:5d:e8:75:c2:57:06:8f:98:6d:a5:4a:6d:
         52:29:a5:6b:92:66:85:e3:b3:df:3f:17:15:dd:d3:c1:bb:7f:
         a1:b2:50:f9:b9:a4:e3:9f:91:e3:7d:cd:91:74:03:e9:8b:7b:
         e9:e0:18:e4:4c:96:2a:16:25:e5:78:5f:d1:56:af:c2:d0:43:
         bb:de:a2:48:cb:be:14:4f:f1:c8:36:61:49:97:0d:ce:18:d8:
         5a:44:e4:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzjuMxuR5GFvrHbF5e2vg6bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjQwMTA3MTEzOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzU4NmNlNDQyOThlMmFjZjI4NzQ5MjRlYTJkMmY2ZjI4MzE0N2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTvh2to23qgrBMnKJE6jPyrF6Etc
HOCq0oc8sf9aUQN9K7OVjtI3k31ox4ldAwqgmFTJb6bi1ecHo/2veqWtwg42lxql
Ha7ONJP0b/dkq2wT7Hwr7ZR5UnKQ6DTQKwHag7d3sS0Rv1YP3ZDUQSjs77pHBjUL
fXv9ezEMP0OvMdgA2q0f2cGd4UF2ThBdw6092qeJBD1ES2aiGZZuaiofb2f8X7mS
3btyGZrSO6uRWZyvzDi5FpG4WiaxFfjLGsBdHDIaVPvMAM5OINq2vEwqBnpd8kcs
wIVJuiN5sDO7kWW/dZ+N+yzVqhaRinrU/vF8rQ4Pdgj3UiokeNjJ0Hf1EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNYbORCmOKs8odJJOotL28oMUfCMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvSTFoczVFS1k0cXp5aDBrazZpMHZieWd4UjhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1ZFYMA0G
CSqGSIb3DQEBCwUAA4IBAQDvm1Fk70PLCaqrRnePlH3IZFRQ/ccsc67CA2UARyGx
/4UOqKvoKTLfygqyg5SK2SlQY5r6P+fWVkfLOlUQ63RRfQ0zjNABcKcZRNOvAhuJ
hTaOSygzx/pG95DfokJvh1lQnHafV8kIZNSBSJHPA36H9vYeDFMknOv9Z50LQlum
qDZTn5c1vOu3jYZHAmW4gZWt726/+CO5drBcWe1w2Uut1gzn1sEL0mNd6HXCVwaP
mG2lSm1SKaVrkmaF47PfPxcV3dPBu3+hslD5uaTjn5Hjfc2RdAPpi3vp4BjkTJYq
FiXleF/RVq/C0EO73qJIy74UT/HINmFJlw3OGNhaROTR
-----END CERTIFICATE-----