Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/e4ef53-30bf-4897-b210-d519b82afc36/1/_CnS8TidaQfD3Q3UknobRPSGM0Q.roa
File:                     _CnS8TidaQfD3Q3UknobRPSGM0Q.roa (raw, json)
Hash identifier:          gUUk2u3qQVDdcWd90rFvwbgTMbeHBKKZRJw7E4R1gDg=
Subject key identifier:   FC:29:D2:F1:38:9D:69:07:C3:DD:0D:D4:92:7A:1B:44:F4:86:33:44
Certificate issuer:       /CN=29d313a7fd2ba3d995c44a7ab4af332f875cc40c
Certificate serial:       018CC94D8D91BD96CC4CD183C69A7AFCE795
Authority key identifier: 29:D3:13:A7:FD:2B:A3:D9:95:C4:4A:7A:B4:AF:33:2F:87:5C:C4:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdMTp_0ro9mVxEp6tK8zL4dcxAw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/e4ef53-30bf-4897-b210-d519b82afc36/1/_CnS8TidaQfD3Q3UknobRPSGM0Q.roa
Signing time:             Tue 02 Jan 2024 08:32:32 +0000
ROA not before:           Tue 02 Jan 2024 08:32:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9051
IP address blocks:        185.44.152.0/22 maxlen: 24
                          2a04:9cc0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/e4ef53-30bf-4897-b210-d519b82afc36/1/KdMTp_0ro9mVxEp6tK8zL4dcxAw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/e4ef53-30bf-4897-b210-d519b82afc36/1/KdMTp_0ro9mVxEp6tK8zL4dcxAw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdMTp_0ro9mVxEp6tK8zL4dcxAw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 13:57:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:8d:91:bd:96:cc:4c:d1:83:c6:9a:7a:fc:e7:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d313a7fd2ba3d995c44a7ab4af332f875cc40c
        Validity
            Not Before: Jan  2 08:32:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc29d2f1389d6907c3dd0dd4927a1b44f4863344
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:69:ec:53:64:21:f0:7d:1b:0e:3d:0a:87:09:
                    e0:cc:81:ee:c0:3f:f4:2a:22:c3:5b:7a:4f:56:d6:
                    c7:67:7b:02:80:78:06:de:3e:f3:4f:70:df:ab:51:
                    5b:2d:c5:16:02:4e:39:3e:a9:7c:35:43:fe:fb:29:
                    f6:b0:b1:0b:3b:df:34:6c:1c:70:6a:c9:7a:60:28:
                    4b:63:39:9c:fe:b3:6d:a0:ba:1f:71:96:06:80:96:
                    b8:23:b5:87:28:e3:78:a2:48:f3:78:91:ae:e9:93:
                    9a:e0:24:a2:45:cf:ed:f2:8e:26:b3:11:0b:8f:39:
                    fb:9f:86:32:5b:96:15:01:da:f3:5d:b3:95:e1:3c:
                    49:f4:fb:a5:01:75:18:7a:4c:32:75:07:b6:ce:67:
                    92:23:e0:0f:4f:bf:f3:27:34:09:bf:2a:68:8d:76:
                    a1:2b:06:b4:24:19:c1:8b:ad:d7:d8:1b:f1:78:15:
                    b6:6e:04:4e:8f:9c:91:8e:e7:6d:03:d5:a0:f8:ae:
                    fa:99:ff:c3:9a:9f:d0:18:89:12:0e:e4:e5:db:be:
                    0e:a9:a5:85:52:6b:1e:0e:5f:8c:6e:91:4e:78:01:
                    b9:e3:87:1f:45:90:6f:88:f7:fb:23:28:bf:23:f8:
                    a2:4e:83:32:dd:77:fa:b4:fd:9f:f5:7a:63:c6:24:
                    d6:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:29:D2:F1:38:9D:69:07:C3:DD:0D:D4:92:7A:1B:44:F4:86:33:44
            X509v3 Authority Key Identifier:
                keyid:29:D3:13:A7:FD:2B:A3:D9:95:C4:4A:7A:B4:AF:33:2F:87:5C:C4:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdMTp_0ro9mVxEp6tK8zL4dcxAw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/e4ef53-30bf-4897-b210-d519b82afc36/1/_CnS8TidaQfD3Q3UknobRPSGM0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/e4ef53-30bf-4897-b210-d519b82afc36/1/KdMTp_0ro9mVxEp6tK8zL4dcxAw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.152.0/22
                IPv6:
                  2a04:9cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         52:17:b4:ee:fc:df:43:3b:78:cd:d0:41:36:d0:50:ad:44:d7:
         33:8b:c7:e6:62:61:2e:0d:f8:2e:1f:95:d1:f9:1e:d4:40:02:
         ed:76:21:b1:2a:42:bd:76:79:38:de:8f:c9:bf:8d:24:56:e3:
         71:58:42:42:0d:f8:7e:ae:8b:d2:77:32:3d:2d:5d:d2:97:6a:
         c4:12:1f:a1:fc:ad:4a:c7:c4:76:96:d4:54:b3:53:b6:14:6e:
         91:71:1d:8d:19:73:f9:68:b6:31:80:d5:d3:06:e6:24:cf:b5:
         f3:1d:2a:20:1a:e1:85:36:13:7d:15:e3:e7:d3:d8:68:65:e4:
         18:76:43:79:f4:14:ca:02:fc:7e:8a:e6:be:30:cb:8d:41:66:
         77:61:4f:4e:0b:db:73:f0:5f:ad:ff:d5:3e:f0:75:3d:75:ce:
         a7:a9:8e:d7:0d:66:32:7b:00:18:a5:0e:a1:53:89:87:9b:89:
         5f:26:a5:4c:ba:de:fa:28:7d:e8:41:14:3a:0b:92:3f:76:70:
         c1:8f:99:61:cb:23:71:4b:1f:50:64:3d:ae:47:5c:54:e3:b2:
         4b:5d:0b:89:0e:28:4c:6c:a8:57:86:12:96:52:76:75:9b:12:
         1d:cd:a8:2f:a2:f7:ec:b1:6c:08:cd:64:f2:42:de:b9:b6:53:
         22:39:40:2d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTY2RvZbMTNGDxpp6/OeVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDMxM2E3ZmQyYmEzZDk5NWM0NGE3YWI0YWYzMzJmODc1
Y2M0MGMwHhcNMjQwMTAyMDgzMjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzI5ZDJmMTM4OWQ2OTA3YzNkZDBkZDQ5MjdhMWI0NGY0ODYzMzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGnsU2Qh8H0bDj0KhwngzIHuwD/0
KiLDW3pPVtbHZ3sCgHgG3j7zT3Dfq1FbLcUWAk45Pql8NUP++yn2sLELO980bBxw
asl6YChLYzmc/rNtoLofcZYGgJa4I7WHKON4okjzeJGu6ZOa4CSiRc/t8o4msxEL
jzn7n4YyW5YVAdrzXbOV4TxJ9PulAXUYekwydQe2zmeSI+APT7/zJzQJvypojXah
Kwa0JBnBi63X2BvxeBW2bgROj5yRjudtA9Wg+K76mf/Dmp/QGIkSDuTl274OqaWF
UmseDl+MbpFOeAG544cfRZBviPf7Iyi/I/iiToMy3Xf6tP2f9XpjxiTWEQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPwp0vE4nWkHw90N1JJ6G0T0hjNEMB8GA1UdIwQY
MBaAFCnTE6f9K6PZlcRKerSvMy+HXMQMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RNVHBfMHJvOW1WeEVwNnRLOHpMNGRjeEF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9lNGVmNTMtMzBiZi00ODk3LWIyMTAt
ZDUxOWI4MmFmYzM2LzEvX0NuUzhUaWRhUWZEM1EzVWtub2JSUFNHTTBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9lNGVmNTMtMzBiZi00ODk3LWIyMTAtZDUxOWI4MmFmYzM2
LzEvS2RNVHBfMHJvOW1WeEVwNnRLOHpMNGRjeEF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSyYMA0E
AgACMAcDBQMqBJzAMA0GCSqGSIb3DQEBCwUAA4IBAQBSF7Tu/N9DO3jN0EE20FCt
RNczi8fmYmEuDfguH5XR+R7UQALtdiGxKkK9dnk43o/Jv40kVuNxWEJCDfh+rovS
dzI9LV3Sl2rEEh+h/K1Kx8R2ltRUs1O2FG6RcR2NGXP5aLYxgNXTBuYkz7XzHSog
GuGFNhN9FePn09hoZeQYdkN59BTKAvx+iua+MMuNQWZ3YU9OC9tz8F+t/9U+8HU9
dc6nqY7XDWYyewAYpQ6hU4mHm4lfJqVMut76KH3oQRQ6C5I/dnDBj5lhyyNxSx9Q
ZD2uR1xU47JLXQuJDihMbKhXhhKWUnZ1mxIdzagvovfssWwIzWTyQt65tlMiOUAt
-----END CERTIFICATE-----