Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/1-qQL62AodyeaVjcyi-ox4l_dVPI.roa
File:                     1-qQL62AodyeaVjcyi-ox4l_dVPI.roa (raw, json)
Hash identifier:          dX0vA+sJvSmrBfuKsw4+6v8OPHjux+r94YqIpLMOvuA=
Subject key identifier:   FA:A4:0B:EB:60:28:77:27:9A:56:37:32:8B:EA:31:E2:5F:DD:54:F2
Certificate issuer:       /CN=2ac943517f5e3b747e7530320789a03444b43912
Certificate serial:       018CC64B560707FC4D1A974E73E7FC4A75F2
Authority key identifier: 2A:C9:43:51:7F:5E:3B:74:7E:75:30:32:07:89:A0:34:44:B4:39:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KslDUX9eO3R-dTAyB4mgNES0ORI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/1-qQL62AodyeaVjcyi-ox4l_dVPI.roa
Signing time:             Mon 01 Jan 2024 18:31:15 +0000
ROA not before:           Mon 01 Jan 2024 18:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209051
IP address blocks:        185.166.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/KslDUX9eO3R-dTAyB4mgNES0ORI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/KslDUX9eO3R-dTAyB4mgNES0ORI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KslDUX9eO3R-dTAyB4mgNES0ORI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:56:07:07:fc:4d:1a:97:4e:73:e7:fc:4a:75:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac943517f5e3b747e7530320789a03444b43912
        Validity
            Not Before: Jan  1 18:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=faa40beb602877279a5637328bea31e25fdd54f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:1b:26:b5:e3:ff:1d:e2:3c:38:fe:14:d8:9a:
                    a5:fe:76:bb:22:d9:cd:d8:3f:5d:6c:78:16:e4:75:
                    ce:81:52:11:8d:0b:ee:a5:df:01:55:05:c0:08:6d:
                    93:2a:b8:bc:9d:0d:67:d9:13:e3:aa:79:6d:93:06:
                    f8:19:9c:ba:6d:91:36:3d:b5:00:5b:19:3e:b7:c1:
                    d3:8f:6f:b7:e4:a6:b9:a0:e5:d9:53:7d:fb:08:06:
                    6c:39:b4:71:33:cd:d5:30:4f:33:05:ff:aa:6f:dd:
                    b3:b5:27:22:54:ea:01:2d:6a:95:10:83:86:9f:a2:
                    69:53:4f:b1:96:68:0b:87:e0:b1:6d:f2:35:5f:c3:
                    06:5a:af:08:dc:16:ea:de:e4:0e:30:7c:43:78:63:
                    be:d0:c4:dc:75:bd:3c:0b:23:88:31:d4:6e:10:89:
                    fe:aa:43:fa:28:92:a9:49:bd:f6:17:77:49:53:e5:
                    ad:c5:53:33:09:47:8e:22:cc:e3:1f:2f:bf:f1:d4:
                    66:ca:d7:db:ae:dc:5d:7b:87:cf:f7:1c:6e:56:a3:
                    4b:bc:cb:cc:b5:83:f4:3f:f3:d8:e1:27:7b:ed:0a:
                    84:4c:89:8e:3f:ca:68:37:f5:67:4d:bb:01:62:fa:
                    8c:73:36:1c:e3:06:bf:cc:45:60:b2:55:54:16:95:
                    c8:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:A4:0B:EB:60:28:77:27:9A:56:37:32:8B:EA:31:E2:5F:DD:54:F2
            X509v3 Authority Key Identifier:
                keyid:2A:C9:43:51:7F:5E:3B:74:7E:75:30:32:07:89:A0:34:44:B4:39:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KslDUX9eO3R-dTAyB4mgNES0ORI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/1-qQL62AodyeaVjcyi-ox4l_dVPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/KslDUX9eO3R-dTAyB4mgNES0ORI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:e2:6f:fe:eb:55:04:5d:86:ef:8f:ec:d5:30:b3:38:e9:50:
         72:0e:5c:03:ac:dd:d7:1a:21:c8:40:de:a1:dd:84:40:12:ba:
         4d:8b:b8:92:c3:14:d8:f2:9e:6e:6b:02:0d:cb:22:1b:03:34:
         32:cb:b2:3e:3c:5e:30:12:3a:37:90:c9:ae:69:6c:8d:b8:e3:
         0e:c5:a4:ea:3e:91:18:a0:fb:ce:ac:ab:df:c3:90:5a:26:b2:
         7f:49:dc:66:1d:a2:22:39:25:f9:35:79:30:33:55:ec:99:52:
         39:39:55:70:4c:fe:72:9b:42:ef:72:f4:88:eb:3f:be:8e:ec:
         76:4b:e6:6c:25:2e:f6:8d:76:d5:16:0d:56:05:37:dd:e8:a9:
         33:24:3a:3f:68:47:30:e0:fd:75:32:91:5e:89:92:57:70:62:
         c1:cb:12:c9:63:7f:ef:94:0f:12:3f:39:45:c2:b0:59:f6:14:
         a4:3a:13:de:74:5d:e6:17:ce:2a:e5:c0:54:9f:b1:2b:25:30:
         95:fa:f8:5c:4a:1b:0d:e5:ef:36:88:93:92:a5:2f:ae:b3:b2:
         3f:3b:cc:62:4e:ec:e9:8c:d0:01:89:cc:2c:a3:33:2a:25:01:
         f2:6f:c0:d9:94:d8:3d:07:61:b3:1e:7d:71:e5:13:87:5e:17:
         8f:0e:d0:60
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGS1YHB/xNGpdOc+f8SnXyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzk0MzUxN2Y1ZTNiNzQ3ZTc1MzAzMjA3ODlhMDM0NDRi
NDM5MTIwHhcNMjQwMTAxMTgzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWE0MGJlYjYwMjg3NzI3OWE1NjM3MzI4YmVhMzFlMjVmZGQ1NGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBsmteP/HeI8OP4U2Jql/na7ItnN
2D9dbHgW5HXOgVIRjQvupd8BVQXACG2TKri8nQ1n2RPjqnltkwb4GZy6bZE2PbUA
Wxk+t8HTj2+35Ka5oOXZU337CAZsObRxM83VME8zBf+qb92ztSciVOoBLWqVEIOG
n6JpU0+xlmgLh+CxbfI1X8MGWq8I3Bbq3uQOMHxDeGO+0MTcdb08CyOIMdRuEIn+
qkP6KJKpSb32F3dJU+WtxVMzCUeOIszjHy+/8dRmytfbrtxde4fP9xxuVqNLvMvM
tYP0P/PY4Sd77QqETImOP8poN/VnTbsBYvqMczYc4wa/zEVgslVUFpXICQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPqkC+tgKHcnmlY3MovqMeJf3VTyMB8GA1UdIwQY
MBaAFCrJQ1F/Xjt0fnUwMgeJoDREtDkSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NsRFVYOWVPM1ItZFRBeUI0bWdORVMwT1JJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8xOTUxMWQtNTM3ZS00MjQxLWEwZDgt
MmQ5MWNmZDdhYWY0LzEvMS1xUUw2MkFvZHllYVZqY3lpLW94NGxfZFZQSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjkvMTk1MTFkLTUzN2UtNDI0MS1hMGQ4LTJkOTFjZmQ3YWFm
NC8xL0tzbERVWDllTzNSLWRUQXlCNG1nTkVTME9SSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALmmWDAN
BgkqhkiG9w0BAQsFAAOCAQEAb+Jv/utVBF2G74/s1TCzOOlQcg5cA6zd1xohyEDe
od2EQBK6TYu4ksMU2PKebmsCDcsiGwM0MsuyPjxeMBI6N5DJrmlsjbjjDsWk6j6R
GKD7zqyr38OQWiayf0ncZh2iIjkl+TV5MDNV7JlSOTlVcEz+cptC73L0iOs/vo7s
dkvmbCUu9o121RYNVgU33eipMyQ6P2hHMOD9dTKRXomSV3BiwcsSyWN/75QPEj85
RcKwWfYUpDoT3nRd5hfOKuXAVJ+xKyUwlfr4XEobDeXvNoiTkqUvrrOyPzvMYk7s
6YzQAYnMLKMzKiUB8m/A2ZTYPQdhsx59ceUTh14Xjw7QYA==
-----END CERTIFICATE-----