Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/dd8098-7fe0-422f-92e9-1fb1e9c86b53/1/q3vPnjAkoHvi-wIWgjLo7EH5H0w.roa
File:                     q3vPnjAkoHvi-wIWgjLo7EH5H0w.roa (raw, json)
Hash identifier:          YI1H5pft0lJBSSBkLYEMJvyBye36CSc7iHae2MU7/80=
Subject key identifier:   AB:7B:CF:9E:30:24:A0:7B:E2:FB:02:16:82:32:E8:EC:41:F9:1F:4C
Certificate issuer:       /CN=b85213df97329556d608b150f03c4ee75fbd98c1
Certificate serial:       018CC5003B91F10A270100487F2DFADB9607
Authority key identifier: B8:52:13:DF:97:32:95:56:D6:08:B1:50:F0:3C:4E:E7:5F:BD:98:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uFIT35cylVbWCLFQ8DxO51-9mME.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/dd8098-7fe0-422f-92e9-1fb1e9c86b53/1/q3vPnjAkoHvi-wIWgjLo7EH5H0w.roa
Signing time:             Mon 01 Jan 2024 12:29:35 +0000
ROA not before:           Mon 01 Jan 2024 12:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202614
IP address blocks:        193.238.45.0/24 maxlen: 24
                          193.238.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/dd8098-7fe0-422f-92e9-1fb1e9c86b53/1/uFIT35cylVbWCLFQ8DxO51-9mME.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/dd8098-7fe0-422f-92e9-1fb1e9c86b53/1/uFIT35cylVbWCLFQ8DxO51-9mME.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uFIT35cylVbWCLFQ8DxO51-9mME.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 12:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:3b:91:f1:0a:27:01:00:48:7f:2d:fa:db:96:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b85213df97329556d608b150f03c4ee75fbd98c1
        Validity
            Not Before: Jan  1 12:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab7bcf9e3024a07be2fb02168232e8ec41f91f4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:6b:e6:6a:52:79:91:b8:42:cf:67:be:a7:a9:
                    cb:5a:c4:65:a5:49:71:fe:3f:93:15:9e:19:2f:8f:
                    a3:6f:54:1c:35:9c:6d:6c:96:bd:43:c7:56:31:5c:
                    53:fd:e0:a8:6a:c6:cd:6d:0c:ff:c4:f4:ff:9d:cc:
                    82:dd:72:0a:5c:f0:b2:94:13:5b:c4:b2:f7:3b:d9:
                    e6:18:a1:20:36:1b:cc:fb:82:44:18:19:c8:94:b6:
                    41:ce:a7:e6:6d:53:f8:e6:49:de:88:24:4f:15:f5:
                    03:6f:95:a8:3e:8e:55:bc:fa:f0:e6:38:64:db:b1:
                    e3:e9:01:de:97:49:b2:96:0c:2f:2a:1e:ab:1a:75:
                    d7:32:63:01:f4:c8:50:d0:c6:0e:76:70:2a:f3:4a:
                    d4:0e:f2:d4:92:9d:43:e1:42:27:62:b4:72:df:e7:
                    d8:92:fc:f3:57:69:6f:6c:50:ba:a6:bc:78:86:0d:
                    ea:b4:27:19:3e:11:f7:b6:25:4b:9f:f2:2c:e6:ba:
                    87:99:b8:70:30:02:f1:8f:2d:6b:0a:a5:7d:20:1b:
                    ce:8f:65:d7:07:e6:ce:73:b1:2e:4f:b1:b4:f0:f2:
                    c6:43:df:a4:16:40:75:19:f4:cb:71:93:b5:28:34:
                    de:9a:9c:87:55:7f:46:59:51:65:96:92:72:d3:e2:
                    2d:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:7B:CF:9E:30:24:A0:7B:E2:FB:02:16:82:32:E8:EC:41:F9:1F:4C
            X509v3 Authority Key Identifier:
                keyid:B8:52:13:DF:97:32:95:56:D6:08:B1:50:F0:3C:4E:E7:5F:BD:98:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uFIT35cylVbWCLFQ8DxO51-9mME.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/dd8098-7fe0-422f-92e9-1fb1e9c86b53/1/q3vPnjAkoHvi-wIWgjLo7EH5H0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/dd8098-7fe0-422f-92e9-1fb1e9c86b53/1/uFIT35cylVbWCLFQ8DxO51-9mME.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.238.45.0/24
                  193.238.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:55:7c:7a:76:19:6c:5b:0d:84:c7:0e:de:6e:56:ae:1b:db:
         db:2c:95:d5:bd:d1:bd:7a:70:66:82:f7:ef:59:e0:1f:82:4f:
         0c:d8:ba:b7:4a:71:1a:73:a9:aa:aa:90:96:1c:88:b1:f7:34:
         5d:fb:65:09:55:51:b2:df:a3:ef:ac:dc:20:c2:25:25:0d:3e:
         ae:7c:e3:5e:fa:66:5b:b1:15:9e:d8:ce:38:71:99:40:bf:b3:
         86:5d:4e:65:db:1c:80:1f:08:18:b7:14:7d:e9:68:64:ba:50:
         3c:62:3e:48:8d:42:4d:c8:d4:f2:f7:f6:d1:2c:e0:40:74:ac:
         53:31:8c:19:cb:c5:32:f6:5d:14:f7:94:76:4e:21:cd:a9:c1:
         a5:61:46:9e:2c:f6:e2:e1:06:69:2a:2d:bd:57:8a:f3:33:9c:
         27:fd:98:2b:20:08:aa:a8:a2:ae:e9:f8:f6:17:f3:01:5d:e4:
         3a:ff:c0:14:0b:91:a1:fc:11:ec:61:bd:58:06:37:05:e5:0f:
         8a:c1:e3:01:44:25:a2:75:ff:fd:19:22:67:6f:37:51:a5:16:
         f3:b7:98:f0:27:ea:e9:57:43:33:2f:c4:08:58:ba:5e:32:f0:
         fd:28:35:7f:94:e5:a1:56:0a:83:f2:29:a7:88:10:26:d6:b1:
         7e:00:b7:9a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFADuR8QonAQBIfy3625YHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NTIxM2RmOTczMjk1NTZkNjA4YjE1MGYwM2M0ZWU3NWZi
ZDk4YzEwHhcNMjQwMTAxMTIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjdiY2Y5ZTMwMjRhMDdiZTJmYjAyMTY4MjMyZThlYzQxZjkxZjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWvmalJ5kbhCz2e+p6nLWsRlpUlx
/j+TFZ4ZL4+jb1QcNZxtbJa9Q8dWMVxT/eCoasbNbQz/xPT/ncyC3XIKXPCylBNb
xLL3O9nmGKEgNhvM+4JEGBnIlLZBzqfmbVP45kneiCRPFfUDb5WoPo5VvPrw5jhk
27Hj6QHel0mylgwvKh6rGnXXMmMB9MhQ0MYOdnAq80rUDvLUkp1D4UInYrRy3+fY
kvzzV2lvbFC6prx4hg3qtCcZPhH3tiVLn/Is5rqHmbhwMALxjy1rCqV9IBvOj2XX
B+bOc7EuT7G08PLGQ9+kFkB1GfTLcZO1KDTempyHVX9GWVFllpJy0+ItEQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKt7z54wJKB74vsCFoIy6OxB+R9MMB8GA1UdIwQY
MBaAFLhSE9+XMpVW1gixUPA8TudfvZjBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUZJVDM1Y3lsVmJXQ0xGUThEeE81MS05bU1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9kZDgwOTgtN2ZlMC00MjJmLTkyZTkt
MWZiMWU5Yzg2YjUzLzEvcTN2UG5qQWtvSHZpLXdJV2dqTG83RUg1SDB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9kZDgwOTgtN2ZlMC00MjJmLTkyZTktMWZiMWU5Yzg2YjUz
LzEvdUZJVDM1Y3lsVmJXQ0xGUThEeE81MS05bU1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwe4tAwQA
we4vMA0GCSqGSIb3DQEBCwUAA4IBAQApVXx6dhlsWw2Exw7eblauG9vbLJXVvdG9
enBmgvfvWeAfgk8M2Lq3SnEac6mqqpCWHIix9zRd+2UJVVGy36PvrNwgwiUlDT6u
fONe+mZbsRWe2M44cZlAv7OGXU5l2xyAHwgYtxR96WhkulA8Yj5IjUJNyNTy9/bR
LOBAdKxTMYwZy8Uy9l0U95R2TiHNqcGlYUaeLPbi4QZpKi29V4rzM5wn/ZgrIAiq
qKKu6fj2F/MBXeQ6/8AUC5Gh/BHsYb1YBjcF5Q+KweMBRCWidf/9GSJnbzdRpRbz
t5jwJ+rpV0MzL8QIWLpeMvD9KDV/lOWhVgqD8imniBAm1rF+ALea
-----END CERTIFICATE-----