Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/dbf997-cdba-4930-8553-fd0989487b16/1/AXz6xKY93k0FvdwfGVzfSpt7mK8.roa
File:                     AXz6xKY93k0FvdwfGVzfSpt7mK8.roa (raw, json)
Hash identifier:          OiobNo1hNA27hv9XJo728hdwuvlBk/22m8M/XVSRxB4=
Subject key identifier:   01:7C:FA:C4:A6:3D:DE:4D:05:BD:DC:1F:19:5C:DF:4A:9B:7B:98:AF
Certificate issuer:       /CN=49e305d79cacdbefbf1e832b34d7c06bbb5f627a
Certificate serial:       018CC94E0D8672C8A6E4148538AC9B016F72
Authority key identifier: 49:E3:05:D7:9C:AC:DB:EF:BF:1E:83:2B:34:D7:C0:6B:BB:5F:62:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeMF15ys2--_HoMrNNfAa7tfYno.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/dbf997-cdba-4930-8553-fd0989487b16/1/AXz6xKY93k0FvdwfGVzfSpt7mK8.roa
Signing time:             Tue 02 Jan 2024 08:33:04 +0000
ROA not before:           Tue 02 Jan 2024 08:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60868
IP address blocks:        185.25.32.0/22 maxlen: 24
                          2a00:77e0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/dbf997-cdba-4930-8553-fd0989487b16/1/SeMF15ys2--_HoMrNNfAa7tfYno.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/dbf997-cdba-4930-8553-fd0989487b16/1/SeMF15ys2--_HoMrNNfAa7tfYno.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeMF15ys2--_HoMrNNfAa7tfYno.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:0d:86:72:c8:a6:e4:14:85:38:ac:9b:01:6f:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e305d79cacdbefbf1e832b34d7c06bbb5f627a
        Validity
            Not Before: Jan  2 08:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=017cfac4a63dde4d05bddc1f195cdf4a9b7b98af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:70:e7:9a:49:de:a7:ff:de:14:b5:a3:43:12:
                    2f:34:0d:04:ee:2a:df:05:1c:78:65:b9:0a:a5:1b:
                    43:37:a8:49:d8:6a:d0:05:2a:9d:1e:03:94:c9:60:
                    35:fe:a9:d5:21:de:7d:eb:8f:b2:43:35:78:ec:c9:
                    c9:5b:11:55:a7:f0:88:ff:87:81:c4:17:9c:3e:76:
                    03:9e:ee:59:38:13:42:06:b8:53:31:f6:2d:70:7a:
                    b9:53:b3:7b:e5:6c:47:9c:5a:80:53:4a:ab:19:70:
                    8e:61:7f:2d:44:79:83:d5:15:4e:91:12:eb:ae:87:
                    b4:53:9b:68:5f:fd:66:b6:c3:e5:62:5a:a8:50:c2:
                    d2:7a:36:e4:bf:b4:11:e1:88:14:a9:21:28:5d:88:
                    6d:2f:5d:6a:c9:4a:ae:63:af:b5:85:68:b5:e7:85:
                    02:9e:00:9c:39:b4:a4:e3:9e:0b:1a:1f:08:dc:b6:
                    fb:0d:f5:e6:61:28:22:00:fd:44:30:20:ca:12:f8:
                    18:b0:f8:d2:a9:85:aa:b1:a8:06:76:31:39:1d:93:
                    78:09:17:c6:2e:61:a1:83:77:55:29:a7:f0:09:e2:
                    55:ad:cc:26:2d:4a:32:fb:3a:7a:d3:d9:a6:bf:94:
                    a6:2b:a2:0e:31:63:0c:6b:20:a9:61:3c:9e:c4:f5:
                    e4:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:7C:FA:C4:A6:3D:DE:4D:05:BD:DC:1F:19:5C:DF:4A:9B:7B:98:AF
            X509v3 Authority Key Identifier:
                keyid:49:E3:05:D7:9C:AC:DB:EF:BF:1E:83:2B:34:D7:C0:6B:BB:5F:62:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeMF15ys2--_HoMrNNfAa7tfYno.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/dbf997-cdba-4930-8553-fd0989487b16/1/AXz6xKY93k0FvdwfGVzfSpt7mK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/dbf997-cdba-4930-8553-fd0989487b16/1/SeMF15ys2--_HoMrNNfAa7tfYno.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.32.0/22
                IPv6:
                  2a00:77e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         1c:59:12:c7:7f:01:b1:40:7b:ff:d4:1b:c3:0a:82:6f:be:17:
         06:a8:d0:f5:6d:ca:bc:45:93:3c:68:5c:23:fa:0f:fc:5d:e3:
         ed:4b:88:07:c0:1d:30:b5:1e:ea:b4:50:c4:64:5a:1c:fe:69:
         79:8b:f2:a0:02:9a:f3:e5:12:15:70:fa:a7:7c:59:3b:e3:d5:
         4e:76:fa:eb:2f:2e:99:1b:bc:97:62:eb:6a:d7:60:56:b4:ef:
         d5:c3:14:6a:16:28:ad:d2:ac:97:fb:77:62:0d:a5:4e:a0:bb:
         83:13:45:e9:a3:e7:85:83:17:dd:ad:3b:b4:10:3a:78:64:62:
         a2:70:07:5a:7d:69:10:31:64:22:f1:9b:67:e5:cd:cf:d1:2f:
         3e:30:a3:ab:92:88:8e:95:6b:0e:c4:59:46:e1:ab:25:a0:b1:
         42:8e:b0:8b:52:d6:da:13:1f:2c:a7:83:ce:ea:69:e5:a7:63:
         cc:b7:b6:df:fa:8b:f7:ee:f7:b5:48:a5:60:cb:96:32:07:ed:
         e0:73:9c:75:89:df:09:2a:af:86:11:a9:e5:3b:02:66:01:4a:
         37:5e:62:c4:d8:4d:f4:38:74:be:8a:11:21:a9:cc:f8:0d:03:
         9a:6a:91:ac:5c:5a:2a:b7:fb:bb:06:d1:cc:41:25:52:d9:32:
         0d:90:6e:b1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTg2Gcsim5BSFOKybAW9yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTMwNWQ3OWNhY2RiZWZiZjFlODMyYjM0ZDdjMDZiYmI1
ZjYyN2EwHhcNMjQwMTAyMDgzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTdjZmFjNGE2M2RkZTRkMDViZGRjMWYxOTVjZGY0YTliN2I5OGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHDnmknep//eFLWjQxIvNA0E7irf
BRx4ZbkKpRtDN6hJ2GrQBSqdHgOUyWA1/qnVId5964+yQzV47MnJWxFVp/CI/4eB
xBecPnYDnu5ZOBNCBrhTMfYtcHq5U7N75WxHnFqAU0qrGXCOYX8tRHmD1RVOkRLr
roe0U5toX/1mtsPlYlqoUMLSejbkv7QR4YgUqSEoXYhtL11qyUquY6+1hWi154UC
ngCcObSk454LGh8I3Lb7DfXmYSgiAP1EMCDKEvgYsPjSqYWqsagGdjE5HZN4CRfG
LmGhg3dVKafwCeJVrcwmLUoy+zp609mmv5SmK6IOMWMMayCpYTyexPXkmwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAF8+sSmPd5NBb3cHxlc30qbe5ivMB8GA1UdIwQY
MBaAFEnjBdecrNvvvx6DKzTXwGu7X2J6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VNRjE1eXMyLS1fSG9Nck5OZkFhN3RmWW5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9kYmY5OTctY2RiYS00OTMwLTg1NTMt
ZmQwOTg5NDg3YjE2LzEvQVh6NnhLWTkzazBGdmR3ZkdWemZTcHQ3bUs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9kYmY5OTctY2RiYS00OTMwLTg1NTMtZmQwOTg5NDg3YjE2
LzEvU2VNRjE1eXMyLS1fSG9Nck5OZkFhN3RmWW5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRkgMA0E
AgACMAcDBQAqAHfgMA0GCSqGSIb3DQEBCwUAA4IBAQAcWRLHfwGxQHv/1BvDCoJv
vhcGqND1bcq8RZM8aFwj+g/8XePtS4gHwB0wtR7qtFDEZFoc/ml5i/KgAprz5RIV
cPqnfFk749VOdvrrLy6ZG7yXYutq12BWtO/VwxRqFiit0qyX+3diDaVOoLuDE0Xp
o+eFgxfdrTu0EDp4ZGKicAdafWkQMWQi8Ztn5c3P0S8+MKOrkoiOlWsOxFlG4asl
oLFCjrCLUtbaEx8sp4PO6mnlp2PMt7bf+ov37ve1SKVgy5YyB+3gc5x1id8JKq+G
EanlOwJmAUo3XmLE2E30OHS+ihEhqcz4DQOaapGsXFoqt/u7BtHMQSVS2TINkG6x
-----END CERTIFICATE-----