Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/65aaf4-a005-451b-9026-dff3519b2a06/1/Mp8i2HAPbOgjY6AhLP-eZTsYH14.roa
File:                     Mp8i2HAPbOgjY6AhLP-eZTsYH14.roa (raw, json)
Hash identifier:          NWiQMvbW3aGIQrfEjRVZnOImLOPh0+VWqZbI4C3givU=
Subject key identifier:   32:9F:22:D8:70:0F:6C:E8:23:63:A0:21:2C:FF:9E:65:3B:18:1F:5E
Certificate issuer:       /CN=5283cb4b810e6c592e7479afa42118f755c7f87e
Certificate serial:       018D82EBEA406F772E2C139396B1D10C6C3D
Authority key identifier: 52:83:CB:4B:81:0E:6C:59:2E:74:79:AF:A4:21:18:F7:55:C7:F8:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UoPLS4EObFkudHmvpCEY91XH-H4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/65aaf4-a005-451b-9026-dff3519b2a06/1/Mp8i2HAPbOgjY6AhLP-eZTsYH14.roa
Signing time:             Wed 07 Feb 2024 09:35:15 +0000
ROA not before:           Wed 07 Feb 2024 09:35:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41369
IP address blocks:        194.48.220.0/22 maxlen: 22
                          2a0c:c6c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/65aaf4-a005-451b-9026-dff3519b2a06/1/UoPLS4EObFkudHmvpCEY91XH-H4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/65aaf4-a005-451b-9026-dff3519b2a06/1/UoPLS4EObFkudHmvpCEY91XH-H4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UoPLS4EObFkudHmvpCEY91XH-H4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:82:eb:ea:40:6f:77:2e:2c:13:93:96:b1:d1:0c:6c:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5283cb4b810e6c592e7479afa42118f755c7f87e
        Validity
            Not Before: Feb  7 09:35:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=329f22d8700f6ce82363a0212cff9e653b181f5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:a4:d6:b5:ee:a8:f7:a2:35:42:23:9d:78:eb:
                    f9:e5:e4:2a:ef:86:1e:4d:94:a5:4f:cd:0d:a2:eb:
                    06:89:a8:7f:60:f2:a9:c9:9b:4a:05:93:51:93:1e:
                    8b:88:23:bd:bd:4e:de:48:8e:1d:f0:82:24:18:21:
                    0c:21:27:20:76:e2:85:f9:96:ad:6b:93:28:9e:b4:
                    bd:d5:b7:0b:15:84:ea:98:64:7d:96:bd:04:18:f3:
                    db:c4:eb:27:20:a6:ab:69:22:03:43:c2:4e:04:4e:
                    2b:36:ce:b0:10:45:06:bd:2b:f8:fb:57:36:5e:85:
                    98:2d:10:6e:a3:73:1d:4c:32:a2:b4:fd:92:af:d6:
                    36:b7:46:6b:8c:3d:9e:27:2a:9f:2d:a6:e5:10:36:
                    96:a5:db:45:4c:c1:e8:20:b7:c9:b1:78:09:00:c4:
                    d4:19:8d:17:f4:47:a0:1f:be:f6:d7:c1:5e:f7:b0:
                    2b:4b:0e:93:8e:a5:1d:3d:cd:8f:9d:5b:77:f9:ec:
                    9c:af:9a:c9:a6:cd:fe:18:5f:f5:ff:1f:66:68:a6:
                    03:ea:00:ec:d6:54:6d:f5:01:a9:ab:90:f4:ca:6c:
                    3b:9c:f9:1f:e8:e2:fa:0b:e2:88:7a:9f:c3:5d:19:
                    c9:cb:52:14:b5:71:58:80:d1:15:0f:ac:71:5b:af:
                    96:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:9F:22:D8:70:0F:6C:E8:23:63:A0:21:2C:FF:9E:65:3B:18:1F:5E
            X509v3 Authority Key Identifier:
                keyid:52:83:CB:4B:81:0E:6C:59:2E:74:79:AF:A4:21:18:F7:55:C7:F8:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UoPLS4EObFkudHmvpCEY91XH-H4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/65aaf4-a005-451b-9026-dff3519b2a06/1/Mp8i2HAPbOgjY6AhLP-eZTsYH14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/65aaf4-a005-451b-9026-dff3519b2a06/1/UoPLS4EObFkudHmvpCEY91XH-H4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.48.220.0/22
                IPv6:
                  2a0c:c6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         17:27:e5:ff:17:d2:59:86:fb:7b:f8:7c:65:d2:d1:a0:ae:2c:
         da:9a:87:ce:d6:ec:2f:3a:ee:90:90:b1:61:43:f1:f3:1f:f2:
         67:4c:47:c6:96:8a:00:ba:f0:10:f6:f8:21:28:9c:ff:d8:36:
         ed:14:54:94:ec:fd:fc:23:c5:bb:4e:40:00:5b:6f:b7:ff:6b:
         ff:3e:2f:dd:a6:68:47:5f:3b:a3:ff:bf:36:69:3f:35:44:ae:
         0c:db:03:3e:af:d3:2b:6c:a6:bd:e1:e4:7f:b9:14:14:c1:0d:
         be:ca:20:d4:f0:3f:ad:e3:04:89:0a:d6:69:ca:f9:7c:b5:77:
         bb:5f:d4:b6:85:24:c0:ef:be:50:dd:65:92:07:63:44:f9:db:
         14:fc:12:cd:1b:64:3f:57:81:5f:94:58:38:9a:17:82:3e:41:
         44:76:79:7a:71:41:35:1d:5f:df:7e:dc:ab:52:6a:f3:20:71:
         09:c5:82:f1:b1:0a:9f:99:34:5d:12:21:12:50:c4:b7:85:4b:
         84:20:93:75:82:67:eb:ad:c6:b3:dd:76:ed:31:5f:83:1b:b8:
         74:68:e7:3a:21:a0:9a:55:14:d8:f0:a1:a7:05:4a:7c:61:a7:
         22:c0:d0:57:78:14:f6:e1:09:cb:d6:4b:84:45:95:02:1e:f2:
         20:8c:e6:fb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY2C6+pAb3cuLBOTlrHRDGw9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyODNjYjRiODEwZTZjNTkyZTc0NzlhZmE0MjExOGY3NTVj
N2Y4N2UwHhcNMjQwMjA3MDkzNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjlmMjJkODcwMGY2Y2U4MjM2M2EwMjEyY2ZmOWU2NTNiMTgxZjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkKTWte6o96I1QiOdeOv55eQq74Ye
TZSlT80NousGiah/YPKpyZtKBZNRkx6LiCO9vU7eSI4d8IIkGCEMIScgduKF+Zat
a5MonrS91bcLFYTqmGR9lr0EGPPbxOsnIKaraSIDQ8JOBE4rNs6wEEUGvSv4+1c2
XoWYLRBuo3MdTDKitP2Sr9Y2t0ZrjD2eJyqfLablEDaWpdtFTMHoILfJsXgJAMTU
GY0X9EegH77218Fe97ArSw6TjqUdPc2PnVt3+eycr5rJps3+GF/1/x9maKYD6gDs
1lRt9QGpq5D0ymw7nPkf6OL6C+KIep/DXRnJy1IUtXFYgNEVD6xxW6+W7wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDKfIthwD2zoI2OgISz/nmU7GB9eMB8GA1UdIwQY
MBaAFFKDy0uBDmxZLnR5r6QhGPdVx/h+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW9QTFM0RU9iRmt1ZEhtdnBDRVk5MVhILUg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS82NWFhZjQtYTAwNS00NTFiLTkwMjYt
ZGZmMzUxOWIyYTA2LzEvTXA4aTJIQVBiT2dqWTZBaExQLWVaVHNZSDE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS82NWFhZjQtYTAwNS00NTFiLTkwMjYtZGZmMzUxOWIyYTA2
LzEvVW9QTFM0RU9iRmt1ZEhtdnBDRVk5MVhILUg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwjDcMA0E
AgACMAcDBQMqDMbAMA0GCSqGSIb3DQEBCwUAA4IBAQAXJ+X/F9JZhvt7+Hxl0tGg
rizamofO1uwvOu6QkLFhQ/HzH/JnTEfGlooAuvAQ9vghKJz/2DbtFFSU7P38I8W7
TkAAW2+3/2v/Pi/dpmhHXzuj/782aT81RK4M2wM+r9MrbKa94eR/uRQUwQ2+yiDU
8D+t4wSJCtZpyvl8tXe7X9S2hSTA775Q3WWSB2NE+dsU/BLNG2Q/V4FflFg4mheC
PkFEdnl6cUE1HV/fftyrUmrzIHEJxYLxsQqfmTRdEiESUMS3hUuEIJN1gmfrrcaz
3XbtMV+DG7h0aOc6IaCaVRTY8KGnBUp8YaciwNBXeBT24QnL1kuERZUCHvIgjOb7
-----END CERTIFICATE-----