Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/bebc33-e901-4559-bdd0-b53204d93c33/1/Ks5cydlMn6hTRMXsbT4S-h-jgxo.roa
File:                     Ks5cydlMn6hTRMXsbT4S-h-jgxo.roa (raw, json)
Hash identifier:          8umor7ZetiniRVi+OHnhKgl1hsUd2phUs0itaiJov9Q=
Subject key identifier:   2A:CE:5C:C9:D9:4C:9F:A8:53:44:C5:EC:6D:3E:12:FA:1F:A3:83:1A
Certificate issuer:       /CN=81e34878f96b3997aa78f4c7fb695ef0dbc6d360
Certificate serial:       018CCA29421C1B4C6763F56B16F7CFCDE817
Authority key identifier: 81:E3:48:78:F9:6B:39:97:AA:78:F4:C7:FB:69:5E:F0:DB:C6:D3:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/geNIePlrOZeqePTH-2le8NvG02A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/bebc33-e901-4559-bdd0-b53204d93c33/1/Ks5cydlMn6hTRMXsbT4S-h-jgxo.roa
Signing time:             Tue 02 Jan 2024 12:32:30 +0000
ROA not before:           Tue 02 Jan 2024 12:32:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202831
IP address blocks:        185.20.108.0/22 maxlen: 22
                          2a00:4de0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/bebc33-e901-4559-bdd0-b53204d93c33/1/geNIePlrOZeqePTH-2le8NvG02A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/bebc33-e901-4559-bdd0-b53204d93c33/1/geNIePlrOZeqePTH-2le8NvG02A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/geNIePlrOZeqePTH-2le8NvG02A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 19:03:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:42:1c:1b:4c:67:63:f5:6b:16:f7:cf:cd:e8:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81e34878f96b3997aa78f4c7fb695ef0dbc6d360
        Validity
            Not Before: Jan  2 12:32:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ace5cc9d94c9fa85344c5ec6d3e12fa1fa3831a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:69:65:59:83:fc:3f:59:f5:fd:3b:0c:f6:47:
                    d4:59:14:6e:04:83:99:fb:38:e4:24:ae:77:20:d9:
                    c0:45:f8:95:cf:34:49:02:35:35:10:f6:35:ed:1e:
                    a1:d3:67:06:f2:1e:cc:87:7e:bc:bf:be:b9:b1:3d:
                    6b:03:7e:26:69:f3:a2:56:65:ed:3e:17:1d:2e:fb:
                    50:3a:5d:63:31:2e:a2:5a:7e:95:46:c8:2a:ce:b3:
                    33:22:79:7b:a2:8a:7f:98:4e:5b:e7:4b:73:f7:2e:
                    41:91:32:ba:6a:0b:6b:e6:75:63:a1:26:e2:8a:43:
                    57:b3:ef:a9:6f:54:7d:31:6b:e7:9f:43:16:96:64:
                    56:15:c5:b1:b0:79:62:25:af:01:49:08:75:6e:59:
                    b6:f6:1c:fa:64:d5:7a:86:86:38:04:21:73:dd:b6:
                    25:7a:e4:b8:27:17:f2:26:08:dd:d4:3e:d9:1d:92:
                    e6:c1:5d:e1:ad:ea:c0:08:a4:6e:07:77:55:95:18:
                    37:09:66:9e:28:46:97:1e:6e:25:01:3d:40:68:40:
                    b2:59:61:9c:92:4c:77:ce:d5:60:cb:84:ef:5a:91:
                    9e:5c:8c:9c:5e:2f:93:c1:2d:f6:ad:51:f2:06:50:
                    2c:8b:fa:b8:e4:bb:4a:11:6a:4c:d0:13:27:da:34:
                    aa:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:CE:5C:C9:D9:4C:9F:A8:53:44:C5:EC:6D:3E:12:FA:1F:A3:83:1A
            X509v3 Authority Key Identifier:
                keyid:81:E3:48:78:F9:6B:39:97:AA:78:F4:C7:FB:69:5E:F0:DB:C6:D3:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/geNIePlrOZeqePTH-2le8NvG02A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/bebc33-e901-4559-bdd0-b53204d93c33/1/Ks5cydlMn6hTRMXsbT4S-h-jgxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/bebc33-e901-4559-bdd0-b53204d93c33/1/geNIePlrOZeqePTH-2le8NvG02A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.108.0/22
                IPv6:
                  2a00:4de0::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:7d:28:ec:6a:64:a8:41:24:da:31:90:5d:ec:b2:11:a8:c3:
         39:a3:e6:37:f0:de:e9:7a:af:f2:83:02:74:dd:63:a2:7f:c0:
         b5:d2:48:47:14:93:06:c9:b8:6b:55:c3:71:f4:0d:b6:70:fe:
         4e:28:ac:1a:f1:0c:4d:b5:08:ed:0c:60:c2:66:1b:7c:94:ad:
         0c:e6:4c:86:76:f9:fa:7e:ec:d0:e1:61:8d:1d:6f:8d:9b:44:
         6b:01:f4:e2:c7:e5:62:da:56:ae:80:5a:30:95:df:6c:0c:98:
         7f:53:8e:58:04:c1:6e:35:16:a2:e5:44:ab:c4:6a:b0:49:fc:
         5f:ec:01:98:4b:95:ed:37:65:e4:bb:2f:49:c1:d6:08:df:f8:
         13:2e:96:bf:02:d8:6e:22:f6:3d:09:52:f3:d6:d6:19:3a:2f:
         d6:1f:18:81:eb:ff:90:f7:5f:69:ec:f5:9f:48:29:b9:ad:a0:
         fc:81:10:7a:ba:b9:7c:d2:12:0a:39:c4:ba:fa:f8:1d:6a:b9:
         a0:db:84:d3:0b:c5:70:ad:f6:88:bb:a0:88:1b:3d:39:5d:f6:
         26:86:03:e6:fb:f3:d8:c3:ad:b8:55:e1:d3:0e:e2:e6:26:65:
         55:29:49:47:ad:92:e7:d7:32:9d:5a:42:41:72:9d:4a:47:d7:
         7c:81:03:17
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKUIcG0xnY/VrFvfPzegXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZTM0ODc4Zjk2YjM5OTdhYTc4ZjRjN2ZiNjk1ZWYwZGJj
NmQzNjAwHhcNMjQwMTAyMTIzMjMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWNlNWNjOWQ5NGM5ZmE4NTM0NGM1ZWM2ZDNlMTJmYTFmYTM4MzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA92llWYP8P1n1/TsM9kfUWRRuBIOZ
+zjkJK53INnARfiVzzRJAjU1EPY17R6h02cG8h7Mh368v765sT1rA34mafOiVmXt
PhcdLvtQOl1jMS6iWn6VRsgqzrMzInl7oop/mE5b50tz9y5BkTK6agtr5nVjoSbi
ikNXs++pb1R9MWvnn0MWlmRWFcWxsHliJa8BSQh1blm29hz6ZNV6hoY4BCFz3bYl
euS4JxfyJgjd1D7ZHZLmwV3hrerACKRuB3dVlRg3CWaeKEaXHm4lAT1AaECyWWGc
kkx3ztVgy4TvWpGeXIycXi+TwS32rVHyBlAsi/q45LtKEWpM0BMn2jSqzwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCrOXMnZTJ+oU0TF7G0+Evofo4MaMB8GA1UdIwQY
MBaAFIHjSHj5azmXqnj0x/tpXvDbxtNgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2VOSWVQbHJPWmVxZVBUSC0ybGU4TnZHMDJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9iZWJjMzMtZTkwMS00NTU5LWJkZDAt
YjUzMjA0ZDkzYzMzLzEvS3M1Y3lkbE1uNmhUUk1Yc2JUNFMtaC1qZ3hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9iZWJjMzMtZTkwMS00NTU5LWJkZDAtYjUzMjA0ZDkzYzMz
LzEvZ2VOSWVQbHJPWmVxZVBUSC0ybGU4TnZHMDJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRRsMA0E
AgACMAcDBQMqAE3gMA0GCSqGSIb3DQEBCwUAA4IBAQBJfSjsamSoQSTaMZBd7LIR
qMM5o+Y38N7peq/ygwJ03WOif8C10khHFJMGybhrVcNx9A22cP5OKKwa8QxNtQjt
DGDCZht8lK0M5kyGdvn6fuzQ4WGNHW+Nm0RrAfTix+Vi2laugFowld9sDJh/U45Y
BMFuNRai5USrxGqwSfxf7AGYS5XtN2Xkuy9JwdYI3/gTLpa/AthuIvY9CVLz1tYZ
Oi/WHxiB6/+Q919p7PWfSCm5raD8gRB6url80hIKOcS6+vgdarmg24TTC8VwrfaI
u6CIGz05XfYmhgPm+/PYw624VeHTDuLmJmVVKUlHrZLn1zKdWkJBcp1KR9d8gQMX
-----END CERTIFICATE-----