Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/f2ab0f-be43-4665-bbaa-1cd3cb07ef5d/1/T9ntRaF7VFPSitomX4sRbWSlacA.roa
File:                     T9ntRaF7VFPSitomX4sRbWSlacA.roa (raw, json)
Hash identifier:          jSAHSC++W0V3uYJfa8hPT1xNMVO8cQlpGh8eekycMsE=
Subject key identifier:   4F:D9:ED:45:A1:7B:54:53:D2:8A:DA:26:5F:8B:11:6D:64:A5:69:C0
Certificate issuer:       /CN=e43bac4a1bbba56cc434861a4c769ff9ce2d15ec
Certificate serial:       018CC94E4FC251ADB3D6A0B27D808BA19918
Authority key identifier: E4:3B:AC:4A:1B:BB:A5:6C:C4:34:86:1A:4C:76:9F:F9:CE:2D:15:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5DusShu7pWzENIYaTHaf-c4tFew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/f2ab0f-be43-4665-bbaa-1cd3cb07ef5d/1/T9ntRaF7VFPSitomX4sRbWSlacA.roa
Signing time:             Tue 02 Jan 2024 08:33:21 +0000
ROA not before:           Tue 02 Jan 2024 08:33:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205136
IP address blocks:        185.81.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/f2ab0f-be43-4665-bbaa-1cd3cb07ef5d/1/5DusShu7pWzENIYaTHaf-c4tFew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/f2ab0f-be43-4665-bbaa-1cd3cb07ef5d/1/5DusShu7pWzENIYaTHaf-c4tFew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5DusShu7pWzENIYaTHaf-c4tFew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 14:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:4f:c2:51:ad:b3:d6:a0:b2:7d:80:8b:a1:99:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e43bac4a1bbba56cc434861a4c769ff9ce2d15ec
        Validity
            Not Before: Jan  2 08:33:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fd9ed45a17b5453d28ada265f8b116d64a569c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:02:0a:d1:2a:df:52:59:b8:6c:20:7c:6c:dd:
                    ba:96:50:0b:ac:46:12:ab:69:5b:80:e0:18:96:8a:
                    be:82:a6:74:2a:29:28:42:2f:55:96:63:6b:14:0f:
                    70:48:dd:80:c7:33:d0:0d:77:10:41:f1:a7:fb:fc:
                    bc:29:0a:6c:69:63:75:f8:b4:6c:c8:98:60:0e:6e:
                    84:77:09:c0:b3:34:b7:63:92:bc:db:56:1f:38:fd:
                    82:c2:b4:b0:c4:60:71:e5:b1:8d:a7:4d:93:d5:3c:
                    fc:7b:66:93:dd:60:41:4e:b8:30:1c:41:6f:13:0e:
                    c0:b2:14:3e:ae:50:76:12:03:aa:4b:b6:24:78:ce:
                    74:17:bb:7b:cb:58:a4:58:74:a3:60:83:a0:7e:94:
                    0e:6d:67:08:7d:58:b6:2f:a5:ce:5e:a1:ba:5a:f7:
                    4a:b8:72:4e:aa:f1:b0:c1:73:02:98:20:66:71:e0:
                    c8:61:fb:3b:0a:f5:bf:42:46:3b:cd:0f:a1:37:0b:
                    2c:a6:5d:e4:8a:fd:1f:14:98:a7:03:7a:b9:15:f3:
                    49:3b:ec:c0:0c:68:b5:df:76:c1:7d:76:77:03:e2:
                    5d:1e:e1:3c:0e:ba:28:6a:1c:30:52:dc:7b:98:85:
                    9c:4f:22:4d:16:f3:d7:52:d3:93:f2:b2:c6:8d:8d:
                    41:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:D9:ED:45:A1:7B:54:53:D2:8A:DA:26:5F:8B:11:6D:64:A5:69:C0
            X509v3 Authority Key Identifier:
                keyid:E4:3B:AC:4A:1B:BB:A5:6C:C4:34:86:1A:4C:76:9F:F9:CE:2D:15:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5DusShu7pWzENIYaTHaf-c4tFew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f2ab0f-be43-4665-bbaa-1cd3cb07ef5d/1/T9ntRaF7VFPSitomX4sRbWSlacA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f2ab0f-be43-4665-bbaa-1cd3cb07ef5d/1/5DusShu7pWzENIYaTHaf-c4tFew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:62:4b:da:00:88:c0:43:f4:42:7b:dd:4a:bf:30:55:66:cf:
         66:03:f6:8a:27:e0:cb:a1:d7:6c:a0:c2:68:c4:84:14:9d:35:
         41:18:6d:84:d9:b4:89:6f:33:40:46:50:29:7d:25:aa:a8:60:
         c1:37:fc:cf:ec:2f:24:8d:31:d4:45:d7:73:da:be:8b:86:93:
         ac:8d:d7:36:b1:8f:ab:7f:12:f4:78:06:ed:f2:b1:97:82:0e:
         99:1d:ae:db:f5:b2:b2:62:05:a6:5e:e5:60:38:c8:13:45:79:
         47:e8:69:f7:52:22:71:65:28:e0:30:91:3b:c4:50:23:0d:1b:
         52:54:6b:0d:df:a6:33:d8:63:04:a6:3c:8c:64:fe:c8:a2:b1:
         1f:0e:ed:68:95:0d:db:ab:32:48:f2:d3:e3:84:3e:07:30:91:
         1e:95:a5:c6:31:c3:44:c5:1d:78:1f:1d:5d:87:23:f3:52:ec:
         43:26:c8:35:54:07:c5:f6:f9:4d:e9:ee:44:e9:ed:77:cf:08:
         e2:b3:56:8e:d4:43:97:82:ba:9d:a0:75:8b:8d:74:77:dd:27:
         31:65:90:93:72:da:b4:ab:66:22:41:ed:1b:be:e9:3e:e0:26:
         c0:7f:90:6d:31:e9:e6:e4:38:32:27:91:2b:51:5e:22:0c:4e:
         93:39:1f:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTk/CUa2z1qCyfYCLoZkYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0M2JhYzRhMWJiYmE1NmNjNDM0ODYxYTRjNzY5ZmY5Y2Uy
ZDE1ZWMwHhcNMjQwMTAyMDgzMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmQ5ZWQ0NWExN2I1NDUzZDI4YWRhMjY1ZjhiMTE2ZDY0YTU2OWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgIK0SrfUlm4bCB8bN26llALrEYS
q2lbgOAYloq+gqZ0KikoQi9VlmNrFA9wSN2AxzPQDXcQQfGn+/y8KQpsaWN1+LRs
yJhgDm6EdwnAszS3Y5K821YfOP2CwrSwxGBx5bGNp02T1Tz8e2aT3WBBTrgwHEFv
Ew7AshQ+rlB2EgOqS7YkeM50F7t7y1ikWHSjYIOgfpQObWcIfVi2L6XOXqG6WvdK
uHJOqvGwwXMCmCBmceDIYfs7CvW/QkY7zQ+hNwsspl3kiv0fFJinA3q5FfNJO+zA
DGi133bBfXZ3A+JdHuE8DrooahwwUtx7mIWcTyJNFvPXUtOT8rLGjY1B0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/Z7UWhe1RT0oraJl+LEW1kpWnAMB8GA1UdIwQY
MBaAFOQ7rEobu6VsxDSGGkx2n/nOLRXsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUR1c1NodTdwV3pFTklZYVRIYWYtYzR0RmV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9mMmFiMGYtYmU0My00NjY1LWJiYWEt
MWNkM2NiMDdlZjVkLzEvVDludFJhRjdWRlBTaXRvbVg0c1JiV1NsYWNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9mMmFiMGYtYmU0My00NjY1LWJiYWEtMWNkM2NiMDdlZjVk
LzEvNUR1c1NodTdwV3pFTklZYVRIYWYtYzR0RmV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVFoMA0G
CSqGSIb3DQEBCwUAA4IBAQAxYkvaAIjAQ/RCe91KvzBVZs9mA/aKJ+DLoddsoMJo
xIQUnTVBGG2E2bSJbzNARlApfSWqqGDBN/zP7C8kjTHURddz2r6LhpOsjdc2sY+r
fxL0eAbt8rGXgg6ZHa7b9bKyYgWmXuVgOMgTRXlH6Gn3UiJxZSjgMJE7xFAjDRtS
VGsN36Yz2GMEpjyMZP7IorEfDu1olQ3bqzJI8tPjhD4HMJEelaXGMcNExR14Hx1d
hyPzUuxDJsg1VAfF9vlN6e5E6e13zwjis1aO1EOXgrqdoHWLjXR33ScxZZCTctq0
q2YiQe0bvuk+4CbAf5BtMenm5DgyJ5ErUV4iDE6TOR8Y
-----END CERTIFICATE-----