Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/1-fAnTOMvGmtKIaUd125dCBDlBdg.roa
File:                     1-fAnTOMvGmtKIaUd125dCBDlBdg.roa (raw, json)
Hash identifier:          yqAP/MpfjvjMlSGM8w1erXqde04uPjGxJND3EGABG9U=
Subject key identifier:   F9:F0:27:4C:E3:2F:1A:6B:4A:21:A5:1D:D7:6E:5D:08:10:E5:05:D8
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018CC2DB61DF0C5038EBBCEF792A40EAF1EB
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/1-fAnTOMvGmtKIaUd125dCBDlBdg.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41925
IP address blocks:        185.39.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:61:df:0c:50:38:eb:bc:ef:79:2a:40:ea:f1:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9f0274ce32f1a6b4a21a51dd76e5d0810e505d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:5c:60:f4:b2:fb:7d:bf:5c:61:8a:f8:d5:70:
                    0c:fb:b2:03:8a:55:42:27:a1:82:bc:5c:a1:7b:f8:
                    06:e1:13:69:b6:9b:b4:7b:cd:84:f7:2a:f0:b6:85:
                    cd:4f:a3:2c:86:8c:a2:78:2d:67:7b:94:4b:66:4d:
                    04:9d:cc:17:7a:0d:b6:7d:37:ef:fe:99:92:1e:84:
                    35:47:85:50:dc:5e:c6:bd:f4:33:e5:1f:1d:89:10:
                    07:83:e3:a9:59:5b:9a:0b:50:f6:f5:d1:17:0a:f6:
                    ac:d8:fa:f9:72:93:79:33:bf:6a:c3:24:82:2e:36:
                    6d:e0:e4:21:c5:6a:d7:2b:d1:ee:84:80:9c:50:48:
                    26:8e:92:62:b2:40:9c:bd:54:54:9d:6a:03:c1:a5:
                    c4:a3:f5:80:50:41:9c:cd:a4:b3:ae:8d:fe:8c:b3:
                    03:42:30:59:64:df:27:f2:8e:b7:73:bc:b7:75:db:
                    a9:17:a4:3b:69:cf:b5:25:7c:90:0e:fd:80:f3:9f:
                    bf:1b:d2:b3:ae:b9:7c:ba:39:0e:3a:ae:7d:33:4a:
                    14:9b:82:14:6d:ae:21:39:72:d0:0c:eb:ac:2e:ec:
                    4f:65:45:8d:ff:2f:66:ba:73:40:6f:00:3a:9b:e2:
                    8c:30:ed:97:8d:31:99:48:0f:41:9c:4c:2b:7c:b5:
                    71:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:F0:27:4C:E3:2F:1A:6B:4A:21:A5:1D:D7:6E:5D:08:10:E5:05:D8
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/1-fAnTOMvGmtKIaUd125dCBDlBdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:be:f5:ec:2d:eb:1e:9e:cb:7f:07:c8:f4:b0:0d:ae:d1:df:
         e5:25:98:1f:87:c5:6b:67:58:e4:a8:a8:c5:5c:ec:29:f7:78:
         cc:fb:c6:37:2c:94:a7:86:11:b9:dc:a4:1d:c6:40:85:48:c5:
         df:1b:80:bd:f3:e5:13:db:30:e0:de:03:3d:57:4e:4c:5e:47:
         e7:da:44:7d:05:2d:4e:20:89:77:94:3d:4b:d8:66:a4:80:74:
         d0:06:18:2e:bc:b9:1f:2b:51:af:c4:aa:ac:de:08:55:2e:67:
         9e:df:c8:bc:d6:d1:07:f9:69:3f:28:04:46:b1:fe:cd:48:9c:
         66:1f:ab:34:50:54:08:2f:15:6c:a5:92:a2:7c:cb:c3:de:39:
         2b:9a:cb:2d:01:22:70:49:fc:a7:e2:c2:62:76:b3:5b:1b:3a:
         67:33:ba:a7:6b:28:12:bc:00:43:b5:d5:af:12:fd:0b:ff:97:
         8f:dd:bf:b7:a9:39:24:2c:7f:39:a6:7f:4c:2f:9a:de:31:f9:
         c2:bc:14:9c:c0:77:f3:fc:d7:18:95:d8:d5:d1:b6:28:1d:f8:
         ea:92:95:73:1a:d4:c1:ba:7f:dc:77:23:af:a5:9d:92:dc:dd:
         74:70:a5:b6:04:ad:7d:52:75:41:67:5f:de:ac:bb:a9:ce:6d:
         fc:b6:e5:fb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzC22HfDFA467zveSpA6vHrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWYwMjc0Y2UzMmYxYTZiNGEyMWE1MWRkNzZlNWQwODEwZTUwNWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFxg9LL7fb9cYYr41XAM+7IDilVC
J6GCvFyhe/gG4RNptpu0e82E9yrwtoXNT6MshoyieC1ne5RLZk0EncwXeg22fTfv
/pmSHoQ1R4VQ3F7GvfQz5R8diRAHg+OpWVuaC1D29dEXCvas2Pr5cpN5M79qwySC
LjZt4OQhxWrXK9HuhICcUEgmjpJiskCcvVRUnWoDwaXEo/WAUEGczaSzro3+jLMD
QjBZZN8n8o63c7y3ddupF6Q7ac+1JXyQDv2A85+/G9Kzrrl8ujkOOq59M0oUm4IU
ba4hOXLQDOusLuxPZUWN/y9munNAbwA6m+KMMO2XjTGZSA9BnEwrfLVxMwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPnwJ0zjLxprSiGlHdduXQgQ5QXYMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvMS1mQW5UT012R210S0lhVWQxMjVkQ0JEbEJkZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmUvMWZhNmEzLThkYzUtNGMzNS1hNDliLTE3MWMzNjdiZTc4
Mi8xL2RRaEhYX0RZN0pZRE5nRnVEZ1FpR3BqbDdQSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALknzTAN
BgkqhkiG9w0BAQsFAAOCAQEAXr717C3rHp7LfwfI9LANrtHf5SWYH4fFa2dY5Kio
xVzsKfd4zPvGNyyUp4YRudykHcZAhUjF3xuAvfPlE9sw4N4DPVdOTF5H59pEfQUt
TiCJd5Q9S9hmpIB00AYYLry5HytRr8SqrN4IVS5nnt/IvNbRB/lpPygERrH+zUic
Zh+rNFBUCC8VbKWSonzLw945K5rLLQEicEn8p+LCYnazWxs6ZzO6p2soErwAQ7XV
rxL9C/+Xj92/t6k5JCx/OaZ/TC+a3jH5wrwUnMB38/zXGJXY1dG2KB346pKVcxrU
wbp/3Hcjr6WdktzddHCltgStfVJ1QWdf3qy7qc5t/Lbl+w==
-----END CERTIFICATE-----