Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/jZXIG4EcXhTJ6ElVxgLlUuFQI0E.roa
File:                     jZXIG4EcXhTJ6ElVxgLlUuFQI0E.roa (raw, json)
Hash identifier:          Y/DYrRyGgIRWWyt9/A2N3cxR7E4gmvKLeTvyMRMWVnk=
Subject key identifier:   8D:95:C8:1B:81:1C:5E:14:C9:E8:49:55:C6:02:E5:52:E1:50:23:41
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       01907814AB21E48CA336765F295929620062
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/jZXIG4EcXhTJ6ElVxgLlUuFQI0E.roa
Signing time:             Wed 03 Jul 2024 10:12:18 +0000
ROA not before:           Wed 03 Jul 2024 10:12:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199048
IP address blocks:        83.222.186.0/23 maxlen: 24
                          83.222.188.0/24 maxlen: 24
                          94.72.146.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:78:14:ab:21:e4:8c:a3:36:76:5f:29:59:29:62:00:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jul  3 10:12:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d95c81b811c5e14c9e84955c602e552e1502341
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ef:72:e5:82:4b:8d:26:5b:8a:18:39:40:81:
                    65:24:46:8d:73:fd:cb:ae:6f:88:c3:70:f1:b0:5a:
                    65:a0:f1:76:63:d7:6d:de:a9:56:98:c1:86:62:01:
                    22:be:df:02:5e:56:0e:22:ea:a3:13:f6:4d:7e:68:
                    c7:6f:c4:e4:64:7d:d3:9e:1e:db:db:d9:62:0b:25:
                    a6:93:1b:c5:91:06:10:ac:c9:17:49:47:f9:24:2d:
                    20:93:e8:0a:c2:d0:9a:54:c2:63:91:84:ed:7a:cb:
                    bf:08:00:89:ab:32:6c:72:5f:46:57:c9:46:f7:04:
                    57:7e:cd:ab:98:3d:12:a8:dd:1b:f6:7b:e1:59:d9:
                    a4:11:8b:30:c6:74:c7:be:1e:45:69:a9:ad:6b:48:
                    4e:0e:72:9f:ab:67:5d:c1:26:30:18:fb:0a:91:b7:
                    74:d6:93:b7:a8:e2:aa:1a:c9:c3:11:76:43:51:66:
                    62:a0:a7:91:8f:26:0d:92:59:2b:86:0c:a2:25:31:
                    4c:ce:3e:80:fc:ad:09:f3:f7:e9:c3:8d:b5:9c:49:
                    99:5e:a8:1b:32:5a:4f:48:6d:c2:bd:44:85:e3:9b:
                    0b:9f:4e:58:47:97:aa:94:0f:46:7b:a3:01:64:8a:
                    5c:96:1c:57:62:b5:04:b1:5c:03:1a:ac:9b:63:a6:
                    42:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:95:C8:1B:81:1C:5E:14:C9:E8:49:55:C6:02:E5:52:E1:50:23:41
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/jZXIG4EcXhTJ6ElVxgLlUuFQI0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.222.186.0-83.222.188.255
                  94.72.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c6:40:30:10:4f:ba:8e:cd:c3:f8:65:b1:7a:4c:40:af:49:50:
         b2:d9:9f:28:df:23:e7:f2:00:74:96:35:a1:a9:ed:01:8a:19:
         89:a7:4f:fb:d9:0b:cf:e2:df:de:9f:1c:6f:4c:6b:f6:fa:c3:
         99:2f:fe:a6:43:32:7b:6d:8f:4d:8c:dd:cc:ef:99:95:9a:8c:
         e2:83:c2:ac:68:70:98:36:7f:3f:cf:02:7f:c7:89:59:f3:fc:
         7b:bb:ea:b1:d6:d6:6c:a1:c8:f3:e5:24:7c:5e:6c:63:9b:56:
         e7:db:0e:2a:31:0e:3f:33:f6:72:77:8e:84:9f:77:51:ae:31:
         3d:5c:e0:e3:bb:09:c4:d7:a7:a0:b4:66:0d:dd:37:cc:d0:cb:
         98:ce:7c:2c:4c:e4:ed:bd:32:91:6d:68:ff:81:fb:0f:8b:a3:
         60:dc:50:5c:39:df:6d:26:98:a8:f1:fc:73:2a:fa:9d:e2:32:
         70:d0:f1:fc:eb:6a:21:cb:d7:b1:9d:41:f8:94:d2:a4:43:65:
         a3:6b:5c:97:8f:76:c0:0c:a3:f4:cc:2f:5b:e2:ae:a5:51:f0:
         13:35:de:cc:92:40:18:e5:36:17:07:20:eb:cd:a9:a7:28:52:
         9e:af:a4:1b:8d:b0:94:d3:61:6e:2c:51:52:e0:ee:bf:3f:b9:
         19:82:fd:c0
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZB4FKsh5IyjNnZfKVkpYgBiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwNzAzMTAxMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDk1YzgxYjgxMWM1ZTE0YzllODQ5NTVjNjAyZTU1MmUxNTAyMzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+9y5YJLjSZbihg5QIFlJEaNc/3L
rm+Iw3DxsFploPF2Y9dt3qlWmMGGYgEivt8CXlYOIuqjE/ZNfmjHb8TkZH3Tnh7b
29liCyWmkxvFkQYQrMkXSUf5JC0gk+gKwtCaVMJjkYTtesu/CACJqzJscl9GV8lG
9wRXfs2rmD0SqN0b9nvhWdmkEYswxnTHvh5Faamta0hODnKfq2ddwSYwGPsKkbd0
1pO3qOKqGsnDEXZDUWZioKeRjyYNklkrhgyiJTFMzj6A/K0J8/fpw421nEmZXqgb
MlpPSG3CvUSF45sLn05YR5eqlA9Ge6MBZIpclhxXYrUEsVwDGqybY6ZCiwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFI2VyBuBHF4UyehJVcYC5VLhUCNBMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvalpYSUc0RWNYaFRKNkVsVnhnTGxVdUZRSTBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAFT3roD
BABT3rwDBAFeSJIwDQYJKoZIhvcNAQELBQADggEBAMZAMBBPuo7Nw/hlsXpMQK9J
ULLZnyjfI+fyAHSWNaGp7QGKGYmnT/vZC8/i396fHG9Ma/b6w5kv/qZDMnttj02M
3czvmZWajOKDwqxocJg2fz/PAn/HiVnz/Hu76rHW1myhyPPlJHxebGObVufbDiox
Dj8z9nJ3joSfd1GuMT1c4OO7CcTXp6C0Zg3dN8zQy5jOfCxM5O29MpFtaP+B+w+L
o2DcUFw5320mmKjx/HMq+p3iMnDQ8fzraiHL17GdQfiU0qRDZaNrXJePdsAMo/TM
L1virqVR8BM13sySQBjlNhcHIOvNqacoUp6vpBuNsJTTYW4sUVLg7r8/uRmC/cA=
-----END CERTIFICATE-----