Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/be1171-1202-4df8-8c30-d36935ebc6ad/1/s-BIU3zsbM5cwdts9EtPT1Q_yAQ.roa
File:                     s-BIU3zsbM5cwdts9EtPT1Q_yAQ.roa (raw, json)
Hash identifier:          4x1NjXVb+1PTT6VgAWgsOlOM/lREe+qgaxMj97ma6us=
Subject key identifier:   B3:E0:48:53:7C:EC:6C:CE:5C:C1:DB:6C:F4:4B:4F:4F:54:3F:C8:04
Certificate issuer:       /CN=1462a497efe0bc92b7ed92529ebbe39cb19d330a
Certificate serial:       018CC4932716F1A1A0BA8CC15F2E8C472891
Authority key identifier: 14:62:A4:97:EF:E0:BC:92:B7:ED:92:52:9E:BB:E3:9C:B1:9D:33:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FGKkl-_gvJK37ZJSnrvjnLGdMwo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/be1171-1202-4df8-8c30-d36935ebc6ad/1/s-BIU3zsbM5cwdts9EtPT1Q_yAQ.roa
Signing time:             Mon 01 Jan 2024 10:30:27 +0000
ROA not before:           Mon 01 Jan 2024 10:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34767
IP address blocks:        185.53.180.0/22 maxlen: 22
                          80.75.240.0/20 maxlen: 20
                          2a00:7a80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/be1171-1202-4df8-8c30-d36935ebc6ad/1/FGKkl-_gvJK37ZJSnrvjnLGdMwo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/be1171-1202-4df8-8c30-d36935ebc6ad/1/FGKkl-_gvJK37ZJSnrvjnLGdMwo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FGKkl-_gvJK37ZJSnrvjnLGdMwo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:02:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:27:16:f1:a1:a0:ba:8c:c1:5f:2e:8c:47:28:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1462a497efe0bc92b7ed92529ebbe39cb19d330a
        Validity
            Not Before: Jan  1 10:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3e048537cec6cce5cc1db6cf44b4f4f543fc804
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:94:97:68:52:1b:4a:71:82:ba:ea:b8:b9:06:
                    76:fa:af:6d:ba:c8:32:2d:a8:7d:26:e1:bd:63:fd:
                    3e:28:ff:41:b9:5f:d8:5b:96:c3:16:85:b1:4b:58:
                    a4:d4:0a:0c:ca:03:e6:30:28:c4:62:c4:26:f7:b3:
                    82:37:57:92:55:42:9b:1d:e3:62:e6:5a:f2:aa:70:
                    34:64:d0:e0:cf:a2:24:b1:c6:64:95:18:16:24:a9:
                    8c:42:f7:8d:86:4e:7d:b8:c1:80:a0:30:92:3a:ac:
                    01:6b:50:35:39:f7:0c:bb:5e:6e:3c:16:0b:a6:51:
                    5d:e4:35:8e:ba:8c:5d:e8:a7:47:e3:68:4f:4c:96:
                    a6:46:41:f5:e4:75:a1:cc:dc:76:70:07:61:99:c6:
                    4a:e2:b2:55:8d:65:12:04:07:b2:f0:5d:e8:47:1c:
                    5f:a6:56:97:33:07:ab:b7:06:92:e0:37:53:33:37:
                    2a:19:9e:cd:b3:0b:75:5e:a7:71:38:57:ae:fb:f5:
                    0a:04:a7:05:35:de:f4:0b:aa:a9:e5:53:9b:a9:70:
                    a2:a4:00:cb:ec:2c:55:5a:15:be:07:20:ce:36:b0:
                    de:69:d1:a3:91:5c:4a:33:ad:04:68:eb:12:3c:d1:
                    ff:de:69:07:ee:80:3c:27:57:23:a6:21:24:e7:14:
                    3c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:E0:48:53:7C:EC:6C:CE:5C:C1:DB:6C:F4:4B:4F:4F:54:3F:C8:04
            X509v3 Authority Key Identifier:
                keyid:14:62:A4:97:EF:E0:BC:92:B7:ED:92:52:9E:BB:E3:9C:B1:9D:33:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FGKkl-_gvJK37ZJSnrvjnLGdMwo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/be1171-1202-4df8-8c30-d36935ebc6ad/1/s-BIU3zsbM5cwdts9EtPT1Q_yAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/be1171-1202-4df8-8c30-d36935ebc6ad/1/FGKkl-_gvJK37ZJSnrvjnLGdMwo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.75.240.0/20
                  185.53.180.0/22
                IPv6:
                  2a00:7a80::/32

    Signature Algorithm: sha256WithRSAEncryption
         4a:7c:a6:c4:37:ff:ee:9d:61:6f:78:d9:e4:fe:6d:3f:90:2c:
         51:0d:30:51:87:6e:a2:79:8a:48:63:2e:20:a6:05:44:59:6a:
         86:67:e3:01:ac:20:21:dc:90:69:2e:b9:e5:cf:d2:b4:51:c3:
         95:21:79:0e:3d:6e:81:5c:6a:45:a5:da:41:43:91:ca:23:38:
         1c:be:c9:ac:93:ae:bb:41:a1:79:12:7d:de:58:5d:50:63:29:
         5f:7f:c4:05:01:2b:e4:67:76:0c:e5:09:49:bb:dd:45:26:29:
         3d:13:ab:e0:3a:39:15:04:01:38:64:8c:42:5c:50:f8:3f:ed:
         c7:d4:9d:d8:4c:76:68:8e:1d:5f:7a:39:90:ac:53:0f:42:dc:
         7a:e2:4c:98:ed:0b:e8:a0:fc:91:5e:ea:8d:d4:80:c5:60:4e:
         34:f3:bb:42:74:cc:14:d5:9b:ca:f4:52:5d:9e:79:72:87:86:
         94:ba:97:f6:ca:2d:7b:1f:d7:6e:50:12:d0:4b:48:02:c0:04:
         e0:24:96:62:61:76:43:a0:d1:27:85:87:48:30:87:b9:e3:3e:
         c5:a3:f6:df:cd:29:00:f0:5e:c4:6f:c7:4c:de:a8:61:85:35:
         2f:fc:fc:7a:70:52:e2:11:99:6a:cd:77:66:69:78:44:90:4b:
         a6:c1:b0:5e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEkycW8aGguozBXy6MRyiRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0NjJhNDk3ZWZlMGJjOTJiN2VkOTI1MjllYmJlMzljYjE5
ZDMzMGEwHhcNMjQwMTAxMTAzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2UwNDg1MzdjZWM2Y2NlNWNjMWRiNmNmNDRiNGY0ZjU0M2ZjODA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZSXaFIbSnGCuuq4uQZ2+q9tusgy
Lah9JuG9Y/0+KP9BuV/YW5bDFoWxS1ik1AoMygPmMCjEYsQm97OCN1eSVUKbHeNi
5lryqnA0ZNDgz6IkscZklRgWJKmMQveNhk59uMGAoDCSOqwBa1A1OfcMu15uPBYL
plFd5DWOuoxd6KdH42hPTJamRkH15HWhzNx2cAdhmcZK4rJVjWUSBAey8F3oRxxf
plaXMwertwaS4DdTMzcqGZ7Nswt1XqdxOFeu+/UKBKcFNd70C6qp5VObqXCipADL
7CxVWhW+ByDONrDeadGjkVxKM60EaOsSPNH/3mkH7oA8J1cjpiEk5xQ8DQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLPgSFN87GzOXMHbbPRLT09UP8gEMB8GA1UdIwQY
MBaAFBRipJfv4LySt+2SUp6745yxnTMKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkdLa2wtX2d2SkszN1pKU25ydmpuTEdkTXdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9iZTExNzEtMTIwMi00ZGY4LThjMzAt
ZDM2OTM1ZWJjNmFkLzEvcy1CSVUzenNiTTVjd2R0czlFdFBUMVFfeUFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9iZTExNzEtMTIwMi00ZGY4LThjMzAtZDM2OTM1ZWJjNmFk
LzEvRkdLa2wtX2d2SkszN1pKU25ydmpuTEdkTXdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEUEvwAwQC
uTW0MA0EAgACMAcDBQAqAHqAMA0GCSqGSIb3DQEBCwUAA4IBAQBKfKbEN//unWFv
eNnk/m0/kCxRDTBRh26ieYpIYy4gpgVEWWqGZ+MBrCAh3JBpLrnlz9K0UcOVIXkO
PW6BXGpFpdpBQ5HKIzgcvsmsk667QaF5En3eWF1QYylff8QFASvkZ3YM5QlJu91F
Jik9E6vgOjkVBAE4ZIxCXFD4P+3H1J3YTHZojh1fejmQrFMPQtx64kyY7QvooPyR
XuqN1IDFYE4087tCdMwU1ZvK9FJdnnlyh4aUupf2yi17H9duUBLQS0gCwATgJJZi
YXZDoNEnhYdIMIe54z7Fo/bfzSkA8F7Eb8dM3qhhhTUv/Px6cFLiEZlqzXdmaXhE
kEumwbBe
-----END CERTIFICATE-----