Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/844d8YXrvTNl1RLnjpXcGkHJh-c.roa
File:                     844d8YXrvTNl1RLnjpXcGkHJh-c.roa (raw, json)
Hash identifier:          ICCfAZs/YrJ5V352jwXG56/9HpzDonDDaLjFUk+weFs=
Subject key identifier:   F3:8E:1D:F1:85:EB:BD:33:65:D5:12:E7:8E:95:DC:1A:41:C9:87:E7
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       018CC727547F33987AA189A7412FC1797D43
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/844d8YXrvTNl1RLnjpXcGkHJh-c.roa
Signing time:             Mon 01 Jan 2024 22:31:32 +0000
ROA not before:           Mon 01 Jan 2024 22:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207279
IP address blocks:        213.238.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:54:7f:33:98:7a:a1:89:a7:41:2f:c1:79:7d:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan  1 22:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f38e1df185ebbd3365d512e78e95dc1a41c987e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f1:94:25:33:c1:43:12:76:b5:8c:a3:11:f2:
                    62:51:e9:06:db:a9:32:d3:8b:52:25:f3:77:0f:86:
                    50:07:62:0c:58:5a:cc:19:43:f4:4b:31:6c:48:fa:
                    ba:60:36:0c:e0:16:1d:c8:05:bb:1a:7c:ba:54:97:
                    93:de:c4:b6:95:a3:65:4e:99:9e:ba:79:16:c9:57:
                    3e:37:1a:7d:ff:e3:1f:07:63:6a:a7:34:77:12:4a:
                    68:5b:23:8a:bb:18:e3:30:95:d5:25:73:2e:3d:63:
                    a5:d3:07:f5:7a:f9:58:f8:63:68:80:d1:5f:f5:fc:
                    e6:9c:8e:1f:07:85:d2:18:84:a4:59:f1:cc:15:99:
                    54:0d:d0:c3:49:08:bc:86:0a:8d:68:4c:e7:04:62:
                    db:5e:d2:9b:ee:bb:35:fe:3e:50:f9:e8:4c:2f:32:
                    3a:c9:35:82:b8:3a:a4:8e:b3:77:4d:cb:78:da:92:
                    23:fc:bc:e8:16:3b:4b:66:92:0d:78:36:47:7c:a2:
                    7e:d4:e4:68:50:96:10:41:99:19:e0:85:f0:3e:ef:
                    7f:30:a8:98:de:7e:5a:c5:5e:b7:ec:54:cf:c0:0e:
                    9a:f0:71:f5:3a:6b:2a:59:40:d2:63:67:98:f9:a8:
                    51:4a:62:3e:06:6c:73:32:59:7b:52:a3:ee:89:31:
                    97:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:8E:1D:F1:85:EB:BD:33:65:D5:12:E7:8E:95:DC:1A:41:C9:87:E7
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/844d8YXrvTNl1RLnjpXcGkHJh-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:f6:5e:16:4e:62:f5:bd:b6:1b:7f:90:92:41:7f:2b:9f:55:
         eb:39:8a:56:b6:b8:59:1d:fc:d6:b1:1e:e4:dc:a1:8d:32:ca:
         42:3f:a2:53:5d:f8:e6:c4:f0:fb:fb:81:3e:46:ea:4c:eb:0e:
         59:75:40:ca:07:8f:23:3f:b5:39:60:6c:c7:3c:a6:91:b7:83:
         1e:3e:89:34:db:8c:19:6e:5b:44:99:82:ef:26:08:36:07:32:
         35:14:91:b0:9a:dd:15:31:8f:4d:01:4f:41:dc:50:47:18:45:
         a6:d6:d4:4f:1f:27:bf:07:b8:d6:e6:67:05:76:24:8a:a7:61:
         34:6b:77:eb:93:f4:6a:e5:59:3a:9e:83:e0:2b:cd:49:69:30:
         e6:8a:7a:78:af:17:85:f0:95:ae:ea:c0:74:87:dc:20:a6:67:
         9f:2e:c5:ee:62:aa:90:13:b0:ba:39:0f:7c:1a:46:b9:ff:2d:
         f9:b5:7b:6b:d8:12:3c:91:47:b9:4b:83:98:b9:52:d1:70:a3:
         78:a9:cb:c3:2f:95:32:85:bd:26:d1:2f:5c:16:5c:80:1b:fd:
         45:d6:2d:01:91:e1:c9:76:46:3b:3c:8b:ae:0a:32:33:38:58:
         4a:d4:f2:1d:f3:cf:83:50:55:ce:30:4f:51:49:77:37:63:d5:
         ae:41:a9:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1R/M5h6oYmnQS/BeX1DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjQwMTAxMjIzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzhlMWRmMTg1ZWJiZDMzNjVkNTEyZTc4ZTk1ZGMxYTQxYzk4N2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPGUJTPBQxJ2tYyjEfJiUekG26ky
04tSJfN3D4ZQB2IMWFrMGUP0SzFsSPq6YDYM4BYdyAW7Gny6VJeT3sS2laNlTpme
unkWyVc+Nxp9/+MfB2NqpzR3EkpoWyOKuxjjMJXVJXMuPWOl0wf1evlY+GNogNFf
9fzmnI4fB4XSGISkWfHMFZlUDdDDSQi8hgqNaEznBGLbXtKb7rs1/j5Q+ehMLzI6
yTWCuDqkjrN3Tct42pIj/LzoFjtLZpINeDZHfKJ+1ORoUJYQQZkZ4IXwPu9/MKiY
3n5axV637FTPwA6a8HH1OmsqWUDSY2eY+ahRSmI+BmxzMll7UqPuiTGXaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPOOHfGF670zZdUS546V3BpByYfnMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvODQ0ZDhZWHJ2VE5sMVJMbmpwWGNHa0hKaC1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e62MA0G
CSqGSIb3DQEBCwUAA4IBAQBQ9l4WTmL1vbYbf5CSQX8rn1XrOYpWtrhZHfzWsR7k
3KGNMspCP6JTXfjmxPD7+4E+RupM6w5ZdUDKB48jP7U5YGzHPKaRt4MePok024wZ
bltEmYLvJgg2BzI1FJGwmt0VMY9NAU9B3FBHGEWm1tRPHye/B7jW5mcFdiSKp2E0
a3frk/Rq5Vk6noPgK81JaTDminp4rxeF8JWu6sB0h9wgpmefLsXuYqqQE7C6OQ98
Gka5/y35tXtr2BI8kUe5S4OYuVLRcKN4qcvDL5Uyhb0m0S9cFlyAG/1F1i0BkeHJ
dkY7PIuuCjIzOFhK1PId88+DUFXOME9RSXc3Y9WuQanw
-----END CERTIFICATE-----