Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/fc522f-b20f-47af-80c6-1a97944c91ca/1/T1HHfW_i8lfeEuODON5Gen5QGo0.roa
File:                     T1HHfW_i8lfeEuODON5Gen5QGo0.roa (raw, json)
Hash identifier:          kPVjx3EW8iP12xhrh1Obqx/xWV2/QtNEg3RYQ8gOOTM=
Subject key identifier:   4F:51:C7:7D:6F:E2:F2:57:DE:12:E3:83:38:DE:46:7A:7E:50:1A:8D
Certificate issuer:       /CN=6d2203ec1e5a6c266cca39b9af1abe2cb20b195a
Certificate serial:       018CC56EB09AFA17A9C2B4104EEF1A43699C
Authority key identifier: 6D:22:03:EC:1E:5A:6C:26:6C:CA:39:B9:AF:1A:BE:2C:B2:0B:19:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSID7B5abCZsyjm5rxq-LLILGVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/fc522f-b20f-47af-80c6-1a97944c91ca/1/T1HHfW_i8lfeEuODON5Gen5QGo0.roa
Signing time:             Mon 01 Jan 2024 14:30:14 +0000
ROA not before:           Mon 01 Jan 2024 14:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203200
IP address blocks:        185.122.76.0/22 maxlen: 22
                          2a10:d340:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/fc522f-b20f-47af-80c6-1a97944c91ca/1/bSID7B5abCZsyjm5rxq-LLILGVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/fc522f-b20f-47af-80c6-1a97944c91ca/1/bSID7B5abCZsyjm5rxq-LLILGVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSID7B5abCZsyjm5rxq-LLILGVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:b0:9a:fa:17:a9:c2:b4:10:4e:ef:1a:43:69:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d2203ec1e5a6c266cca39b9af1abe2cb20b195a
        Validity
            Not Before: Jan  1 14:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f51c77d6fe2f257de12e38338de467a7e501a8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:93:95:4a:76:9d:9a:d4:65:55:5c:dd:d9:5c:
                    22:a0:6a:8a:d3:c4:5a:26:98:21:11:6e:74:84:29:
                    e6:12:1a:bb:72:bd:2e:a5:47:d9:09:a4:91:ac:14:
                    8c:86:53:56:de:c7:37:84:4a:40:76:b6:ad:cf:36:
                    76:3a:e1:e4:59:c3:20:23:5f:60:86:7f:de:8c:75:
                    50:89:76:56:0e:1d:c3:68:4b:48:a4:d1:7f:40:a6:
                    5e:f4:85:d2:e1:7f:ff:cb:45:bf:6b:9f:a7:aa:9a:
                    d5:38:ed:d5:8a:08:9e:ec:ed:6d:5c:97:76:82:cf:
                    e8:ce:2b:81:af:b6:07:f3:ab:e8:0c:ce:b5:83:98:
                    37:7a:8e:64:3b:5c:82:a8:f2:5f:78:6c:3c:d5:88:
                    0b:9c:2c:14:57:7d:ae:e4:12:5f:d2:c3:f5:31:bd:
                    f9:15:b7:b2:08:d7:29:1d:72:bf:d4:ef:74:e7:02:
                    5c:9f:f4:bc:49:6b:78:1d:a7:c5:3d:0a:8a:0a:ac:
                    0b:15:11:9c:20:5e:7a:5e:d1:8c:45:10:93:ed:e2:
                    6b:ed:9d:f2:42:96:35:bc:72:37:75:43:88:91:24:
                    59:13:e1:c2:cd:b2:b6:33:06:ee:3e:22:d4:64:85:
                    ab:a0:5a:10:ef:ca:35:ef:7e:4d:1f:35:4e:b5:1a:
                    9a:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:51:C7:7D:6F:E2:F2:57:DE:12:E3:83:38:DE:46:7A:7E:50:1A:8D
            X509v3 Authority Key Identifier:
                keyid:6D:22:03:EC:1E:5A:6C:26:6C:CA:39:B9:AF:1A:BE:2C:B2:0B:19:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSID7B5abCZsyjm5rxq-LLILGVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/fc522f-b20f-47af-80c6-1a97944c91ca/1/T1HHfW_i8lfeEuODON5Gen5QGo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/fc522f-b20f-47af-80c6-1a97944c91ca/1/bSID7B5abCZsyjm5rxq-LLILGVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.76.0/22
                IPv6:
                  2a10:d340:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:18:2d:64:24:0b:c8:b9:43:ca:cf:7f:1a:48:79:a0:7f:59:
         0d:3b:1a:84:f5:04:d8:52:0f:14:c3:7d:24:2e:54:4c:bf:7b:
         7e:73:2f:d5:4f:a5:c9:1c:aa:6b:b4:73:6d:38:8f:48:6e:01:
         16:47:77:cd:bc:d4:6d:9f:06:45:f7:de:77:1f:b0:34:ba:6e:
         ec:71:91:de:7f:de:f7:51:f3:76:fe:5b:82:d8:f7:2c:4e:ee:
         0a:1f:fe:08:1f:98:79:b2:10:41:e6:66:62:6e:00:67:17:90:
         4d:6c:1a:a2:95:79:eb:16:42:7f:e4:9d:ed:77:dc:73:5b:49:
         7c:8b:c1:a5:bc:f0:62:3d:20:81:91:d7:8f:6d:f0:f6:d5:77:
         44:48:17:8e:57:3c:06:3c:b4:15:53:61:a5:f8:48:fc:ed:fb:
         83:d1:ab:f7:24:a4:ec:8d:59:5e:80:d5:28:3a:a1:1a:32:de:
         42:fe:02:b7:45:50:1f:a3:16:82:51:70:a0:68:97:8f:41:55:
         7e:9f:01:7f:e5:15:de:8c:99:f8:0d:fb:3c:1c:8b:64:b9:56:
         8d:e8:82:95:14:b5:df:26:45:7d:c8:98:7b:6b:35:91:d2:7a:
         f4:b9:0d:f6:6c:61:e7:a3:a5:c7:1c:16:f4:62:6a:4c:49:68:
         be:ee:62:92
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFbrCa+hepwrQQTu8aQ2mcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjIwM2VjMWU1YTZjMjY2Y2NhMzliOWFmMWFiZTJjYjIw
YjE5NWEwHhcNMjQwMTAxMTQzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjUxYzc3ZDZmZTJmMjU3ZGUxMmUzODMzOGRlNDY3YTdlNTAxYThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0pOVSnadmtRlVVzd2VwioGqK08Ra
JpghEW50hCnmEhq7cr0upUfZCaSRrBSMhlNW3sc3hEpAdratzzZ2OuHkWcMgI19g
hn/ejHVQiXZWDh3DaEtIpNF/QKZe9IXS4X//y0W/a5+nqprVOO3Vigie7O1tXJd2
gs/oziuBr7YH86voDM61g5g3eo5kO1yCqPJfeGw81YgLnCwUV32u5BJf0sP1Mb35
FbeyCNcpHXK/1O905wJcn/S8SWt4HafFPQqKCqwLFRGcIF56XtGMRRCT7eJr7Z3y
QpY1vHI3dUOIkSRZE+HCzbK2MwbuPiLUZIWroFoQ78o1735NHzVOtRqaiQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFE9Rx31v4vJX3hLjgzjeRnp+UBqNMB8GA1UdIwQY
MBaAFG0iA+weWmwmbMo5ua8aviyyCxlaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNJRDdCNWFiQ1pzeWptNXJ4cS1MTElMR1ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9mYzUyMmYtYjIwZi00N2FmLTgwYzYt
MWE5Nzk0NGM5MWNhLzEvVDFISGZXX2k4bGZlRXVPRE9ONUdlbjVRR28wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9mYzUyMmYtYjIwZi00N2FmLTgwYzYtMWE5Nzk0NGM5MWNh
LzEvYlNJRDdCNWFiQ1pzeWptNXJ4cS1MTElMR1ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCuXpMMA8E
AgACMAkDBwAqENNAAAEwDQYJKoZIhvcNAQELBQADggEBAKEYLWQkC8i5Q8rPfxpI
eaB/WQ07GoT1BNhSDxTDfSQuVEy/e35zL9VPpckcqmu0c204j0huARZHd8281G2f
BkX33ncfsDS6buxxkd5/3vdR83b+W4LY9yxO7gof/ggfmHmyEEHmZmJuAGcXkE1s
GqKVeesWQn/kne133HNbSXyLwaW88GI9IIGR149t8PbVd0RIF45XPAY8tBVTYaX4
SPzt+4PRq/ckpOyNWV6A1Sg6oRoy3kL+ArdFUB+jFoJRcKBol49BVX6fAX/lFd6M
mfgN+zwci2S5Vo3ogpUUtd8mRX3ImHtrNZHSevS5DfZsYeejpcccFvRiakxJaL7u
YpI=
-----END CERTIFICATE-----