Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/ea128c-a09d-40e8-bb11-aea714ec5113/1/898OdgYXPg4kwkLQgjWcxVdo2AM.roa
File:                     898OdgYXPg4kwkLQgjWcxVdo2AM.roa (raw, json)
Hash identifier:          JlzkWj4LR0kmTnF7z5DXk2JBJrdBB5vElyBpuGrmc5w=
Subject key identifier:   F3:DF:0E:76:06:17:3E:0E:24:C2:42:D0:82:35:9C:C5:57:68:D8:03
Certificate issuer:       /CN=f1f930e23b08a15ccd4dc9ab1829c607fedde8a5
Certificate serial:       018CC7949007BF4A0F77160C74EC3B4BC69B
Authority key identifier: F1:F9:30:E2:3B:08:A1:5C:CD:4D:C9:AB:18:29:C6:07:FE:DD:E8:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8fkw4jsIoVzNTcmrGCnGB_7d6KU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/ea128c-a09d-40e8-bb11-aea714ec5113/1/898OdgYXPg4kwkLQgjWcxVdo2AM.roa
Signing time:             Tue 02 Jan 2024 00:30:51 +0000
ROA not before:           Tue 02 Jan 2024 00:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25145
IP address blocks:        185.22.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/ea128c-a09d-40e8-bb11-aea714ec5113/1/8fkw4jsIoVzNTcmrGCnGB_7d6KU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/ea128c-a09d-40e8-bb11-aea714ec5113/1/8fkw4jsIoVzNTcmrGCnGB_7d6KU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8fkw4jsIoVzNTcmrGCnGB_7d6KU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:90:07:bf:4a:0f:77:16:0c:74:ec:3b:4b:c6:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1f930e23b08a15ccd4dc9ab1829c607fedde8a5
        Validity
            Not Before: Jan  2 00:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3df0e7606173e0e24c242d082359cc55768d803
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:0a:19:6d:8b:a9:e4:44:44:32:64:a8:cf:ef:
                    9e:1a:2c:c1:ea:7c:0b:f7:eb:39:d1:89:b6:40:94:
                    a9:cc:0c:dd:5c:95:e1:68:f8:32:56:51:2c:8d:47:
                    9d:6b:98:c8:8c:12:df:d7:7a:ac:aa:a3:2b:36:b1:
                    cf:01:a4:4a:46:ef:4f:66:83:7c:36:ec:47:8c:71:
                    1b:85:1f:f7:d1:6a:06:a8:11:9b:7e:ed:44:65:8d:
                    cd:c7:e5:f4:66:6e:e8:a9:6f:96:70:17:68:9a:bf:
                    24:f0:11:16:5e:b0:e7:b6:d0:8d:b2:d5:c5:24:f5:
                    5e:8a:89:c5:29:3d:c2:dc:16:0d:73:2b:61:50:78:
                    c8:66:d9:50:c1:4e:e5:b6:ea:e9:61:a1:6f:87:2e:
                    38:0b:62:99:6e:0a:13:62:d7:f4:d1:5b:6e:29:83:
                    a8:1a:3d:d7:8d:e7:2b:9c:8a:d0:5b:00:07:6d:b4:
                    56:2b:f2:19:eb:90:a9:8a:0d:7f:e3:a3:2a:20:a2:
                    4b:75:2b:ac:af:b6:de:9d:14:75:d0:94:95:2a:82:
                    6c:75:99:5f:d4:be:df:42:ba:01:d8:31:92:99:19:
                    4f:2f:85:0c:f0:3c:78:89:64:05:cf:e8:70:e1:31:
                    5d:d2:32:03:54:01:97:28:95:51:3e:68:d0:a3:15:
                    b1:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:DF:0E:76:06:17:3E:0E:24:C2:42:D0:82:35:9C:C5:57:68:D8:03
            X509v3 Authority Key Identifier:
                keyid:F1:F9:30:E2:3B:08:A1:5C:CD:4D:C9:AB:18:29:C6:07:FE:DD:E8:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8fkw4jsIoVzNTcmrGCnGB_7d6KU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/ea128c-a09d-40e8-bb11-aea714ec5113/1/898OdgYXPg4kwkLQgjWcxVdo2AM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/ea128c-a09d-40e8-bb11-aea714ec5113/1/8fkw4jsIoVzNTcmrGCnGB_7d6KU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.22.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:fd:67:54:71:62:5f:e0:22:91:a1:4f:2d:6a:b3:b6:28:91:
         5c:e1:27:bb:fb:c8:c0:a7:d4:8a:9f:6b:98:b9:1f:bb:bb:1c:
         4d:71:a8:05:52:61:9d:84:7c:5c:4e:bc:02:ee:6c:a6:46:b3:
         39:42:5a:2e:8d:a5:8f:37:e4:d9:75:5d:fa:72:1f:64:3d:8e:
         6c:40:70:fb:65:a2:58:fe:01:dd:04:69:7a:f9:8b:55:b9:05:
         a7:39:44:a7:c5:06:6d:3c:7c:0c:92:71:72:1d:2d:d6:a8:00:
         06:2e:ec:b3:c3:87:e4:9f:fa:cd:ae:ac:d7:71:58:4a:f7:b1:
         5b:74:e7:93:29:2e:a7:a7:ee:69:96:94:bd:8f:e6:d5:3f:cd:
         e6:62:f2:4f:53:f5:06:df:78:a7:5c:c4:6b:b0:2e:50:de:19:
         7f:a2:9c:52:d2:f9:67:cb:6e:21:ef:66:8b:45:05:1f:e9:b3:
         4d:9d:8d:6f:73:0d:97:80:16:65:6b:2a:e0:b4:3f:61:74:e8:
         fe:dd:aa:a0:f4:80:50:a3:1a:e3:9d:2e:e2:9a:a4:6f:68:de:
         d7:53:fa:74:cf:4a:c9:4e:c6:6e:1a:26:1d:c1:50:f0:01:df:
         63:86:9e:c3:db:0d:82:c6:e9:0f:b2:c9:5c:de:f7:a4:25:39:
         1d:8e:c2:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlJAHv0oPdxYMdOw7S8abMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZjkzMGUyM2IwOGExNWNjZDRkYzlhYjE4MjljNjA3ZmVk
ZGU4YTUwHhcNMjQwMTAyMDAzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2RmMGU3NjA2MTczZTBlMjRjMjQyZDA4MjM1OWNjNTU3NjhkODAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7AoZbYup5EREMmSoz++eGizB6nwL
9+s50Ym2QJSpzAzdXJXhaPgyVlEsjUeda5jIjBLf13qsqqMrNrHPAaRKRu9PZoN8
NuxHjHEbhR/30WoGqBGbfu1EZY3Nx+X0Zm7oqW+WcBdomr8k8BEWXrDnttCNstXF
JPVeionFKT3C3BYNcythUHjIZtlQwU7lturpYaFvhy44C2KZbgoTYtf00VtuKYOo
Gj3XjecrnIrQWwAHbbRWK/IZ65Cpig1/46MqIKJLdSusr7benRR10JSVKoJsdZlf
1L7fQroB2DGSmRlPL4UM8Dx4iWQFz+hw4TFd0jIDVAGXKJVRPmjQoxWx+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPPfDnYGFz4OJMJC0II1nMVXaNgDMB8GA1UdIwQY
MBaAFPH5MOI7CKFczU3Jqxgpxgf+3eilMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGZrdzRqc0lvVnpOVGNtckdDbkdCXzdkNktVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9lYTEyOGMtYTA5ZC00MGU4LWJiMTEt
YWVhNzE0ZWM1MTEzLzEvODk4T2RnWVhQZzRrd2tMUWdqV2N4VmRvMkFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9lYTEyOGMtYTA5ZC00MGU4LWJiMTEtYWVhNzE0ZWM1MTEz
LzEvOGZrdzRqc0lvVnpOVGNtckdDbkdCXzdkNktVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRbmMA0G
CSqGSIb3DQEBCwUAA4IBAQBb/WdUcWJf4CKRoU8tarO2KJFc4Se7+8jAp9SKn2uY
uR+7uxxNcagFUmGdhHxcTrwC7mymRrM5QloujaWPN+TZdV36ch9kPY5sQHD7ZaJY
/gHdBGl6+YtVuQWnOUSnxQZtPHwMknFyHS3WqAAGLuyzw4fkn/rNrqzXcVhK97Fb
dOeTKS6np+5plpS9j+bVP83mYvJPU/UG33inXMRrsC5Q3hl/opxS0vlny24h72aL
RQUf6bNNnY1vcw2XgBZlayrgtD9hdOj+3aqg9IBQoxrjnS7imqRvaN7XU/p0z0rJ
TsZuGiYdwVDwAd9jhp7D2w2CxukPsslc3vekJTkdjsLA
-----END CERTIFICATE-----