Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/5268dd-56ee-4b9a-8050-232fbdaf5c1a/1/X-NiJNOydEVn8QaTp84pepsXklQ.roa
File:                     X-NiJNOydEVn8QaTp84pepsXklQ.roa (raw, json)
Hash identifier:          l0LVgdDi7xT11QfQg0F2z7jB50QR5KvnC6IbYqqblj0=
Subject key identifier:   5F:E3:62:24:D3:B2:74:45:67:F1:06:93:A7:CE:29:7A:9B:17:92:54
Certificate issuer:       /CN=b710cd4471a3f8cdcd844d3f366148940952b4e7
Certificate serial:       018CC8016D0668838891D7DB2409BBE524F0
Authority key identifier: B7:10:CD:44:71:A3:F8:CD:CD:84:4D:3F:36:61:48:94:09:52:B4:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/txDNRHGj-M3NhE0_NmFIlAlStOc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/5268dd-56ee-4b9a-8050-232fbdaf5c1a/1/X-NiJNOydEVn8QaTp84pepsXklQ.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25540
IP address blocks:        185.130.116.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/5268dd-56ee-4b9a-8050-232fbdaf5c1a/1/txDNRHGj-M3NhE0_NmFIlAlStOc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/5268dd-56ee-4b9a-8050-232fbdaf5c1a/1/txDNRHGj-M3NhE0_NmFIlAlStOc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/txDNRHGj-M3NhE0_NmFIlAlStOc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6d:06:68:83:88:91:d7:db:24:09:bb:e5:24:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b710cd4471a3f8cdcd844d3f366148940952b4e7
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5fe36224d3b2744567f10693a7ce297a9b179254
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:81:f4:35:33:84:a6:09:51:2d:5d:b7:0b:df:
                    4b:bc:fd:55:67:f7:35:0c:6b:98:f0:5a:c4:f9:40:
                    11:bc:f8:fc:11:14:09:8b:84:c7:4c:95:62:66:8d:
                    d9:0e:8a:ac:52:57:75:e5:5a:c7:cc:97:ce:1a:7f:
                    83:8e:84:39:f3:c6:90:8d:81:04:cf:79:4a:37:78:
                    60:ea:c2:b6:9c:cf:ac:e5:82:56:15:d6:53:58:7d:
                    87:2f:28:4b:36:dd:76:4f:90:16:9a:a6:02:18:2f:
                    26:7f:93:16:8d:d7:05:99:05:bf:d4:28:5d:82:43:
                    b9:fe:96:bf:63:4d:ad:f3:ed:01:ac:29:c3:d5:75:
                    b4:ab:2f:62:ae:ce:1c:e5:d2:0f:2c:49:12:9c:9a:
                    20:b7:ec:3a:70:d9:61:44:d1:82:ce:82:f3:dc:20:
                    1c:9b:3f:17:62:1d:49:73:67:5a:91:a0:63:76:09:
                    f1:77:0d:c4:84:6e:c8:79:d8:41:86:ee:a0:6a:30:
                    5b:11:2a:0a:bb:af:fc:5c:a2:3b:2b:b6:6c:73:ff:
                    bf:5e:95:d8:07:3a:b1:87:6b:41:3f:dd:35:c8:47:
                    56:7a:d2:5b:5b:6f:c9:41:b4:16:f2:0a:50:d3:07:
                    6b:60:bb:4e:0b:74:dc:2f:8e:ce:d9:c7:db:54:1e:
                    bd:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:E3:62:24:D3:B2:74:45:67:F1:06:93:A7:CE:29:7A:9B:17:92:54
            X509v3 Authority Key Identifier:
                keyid:B7:10:CD:44:71:A3:F8:CD:CD:84:4D:3F:36:61:48:94:09:52:B4:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/txDNRHGj-M3NhE0_NmFIlAlStOc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5268dd-56ee-4b9a-8050-232fbdaf5c1a/1/X-NiJNOydEVn8QaTp84pepsXklQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5268dd-56ee-4b9a-8050-232fbdaf5c1a/1/txDNRHGj-M3NhE0_NmFIlAlStOc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:b3:3c:7d:5d:ff:1b:e8:ef:de:7f:8a:a0:63:cf:6d:69:1c:
         6d:ed:d1:44:1b:f4:c5:1e:2e:a5:ff:ee:e0:1e:ef:77:85:d4:
         f4:cf:92:03:54:04:6e:31:a0:49:3d:0a:b1:ed:2d:23:e5:ea:
         1f:c7:35:94:f8:e0:66:c4:0c:0e:4a:95:9a:37:10:e4:04:66:
         ea:7f:bb:6d:d0:2d:28:c2:af:57:97:78:05:9f:28:3e:24:1e:
         93:52:89:43:04:56:b3:73:a8:38:ed:2a:57:45:4a:98:6b:5b:
         9e:8b:64:28:80:a7:9b:7d:97:54:cc:e5:64:ab:6d:48:1e:59:
         ea:28:c4:8c:66:55:a9:7c:c1:eb:01:d8:e3:df:a9:b9:87:97:
         2e:3e:24:27:55:90:e8:ba:18:ab:f4:df:32:91:aa:9c:30:43:
         e2:cd:cc:7f:d6:7a:ee:be:74:b8:0c:e6:8d:db:bb:32:75:56:
         df:ff:dd:0e:ea:15:f3:62:06:fd:8c:02:c2:26:92:e6:2e:59:
         28:1b:0f:8a:e4:a1:4d:90:13:a7:b4:0b:75:e0:65:ea:e1:bd:
         1b:ee:36:3a:bd:95:7c:28:00:e5:2e:c1:27:de:35:b2:61:d1:
         57:33:43:ef:48:45:85:e4:77:8a:cb:61:6a:b4:cd:62:60:20:
         5e:d8:fd:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAW0GaIOIkdfbJAm75STwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MTBjZDQ0NzFhM2Y4Y2RjZDg0NGQzZjM2NjE0ODk0MDk1
MmI0ZTcwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmUzNjIyNGQzYjI3NDQ1NjdmMTA2OTNhN2NlMjk3YTliMTc5MjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4H0NTOEpglRLV23C99LvP1VZ/c1
DGuY8FrE+UARvPj8ERQJi4THTJViZo3ZDoqsUld15VrHzJfOGn+DjoQ588aQjYEE
z3lKN3hg6sK2nM+s5YJWFdZTWH2HLyhLNt12T5AWmqYCGC8mf5MWjdcFmQW/1Chd
gkO5/pa/Y02t8+0BrCnD1XW0qy9irs4c5dIPLEkSnJogt+w6cNlhRNGCzoLz3CAc
mz8XYh1Jc2dakaBjdgnxdw3EhG7IedhBhu6gajBbESoKu6/8XKI7K7Zsc/+/XpXY
Bzqxh2tBP901yEdWetJbW2/JQbQW8gpQ0wdrYLtOC3TcL47O2cfbVB69RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF/jYiTTsnRFZ/EGk6fOKXqbF5JUMB8GA1UdIwQY
MBaAFLcQzURxo/jNzYRNPzZhSJQJUrTnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHhETlJIR2otTTNOaEUwX05tRklsQWxTdE9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy81MjY4ZGQtNTZlZS00YjlhLTgwNTAt
MjMyZmJkYWY1YzFhLzEvWC1OaUpOT3lkRVZuOFFhVHA4NHBlcHNYa2xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy81MjY4ZGQtNTZlZS00YjlhLTgwNTAtMjMyZmJkYWY1YzFh
LzEvdHhETlJIR2otTTNOaEUwX05tRklsQWxTdE9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYJ0MA0G
CSqGSIb3DQEBCwUAA4IBAQAZszx9Xf8b6O/ef4qgY89taRxt7dFEG/TFHi6l/+7g
Hu93hdT0z5IDVARuMaBJPQqx7S0j5eofxzWU+OBmxAwOSpWaNxDkBGbqf7tt0C0o
wq9Xl3gFnyg+JB6TUolDBFazc6g47SpXRUqYa1uei2QogKebfZdUzOVkq21IHlnq
KMSMZlWpfMHrAdjj36m5h5cuPiQnVZDouhir9N8ykaqcMEPizcx/1nruvnS4DOaN
27sydVbf/90O6hXzYgb9jALCJpLmLlkoGw+K5KFNkBOntAt14GXq4b0b7jY6vZV8
KADlLsEn3jWyYdFXM0PvSEWF5HeKy2FqtM1iYCBe2P1P
-----END CERTIFICATE-----