Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/3BPijMmz5EJiUWtMHBuOyyFFMEE.roa
File:                     3BPijMmz5EJiUWtMHBuOyyFFMEE.roa (raw, json)
Hash identifier:          u54PMGcEG20xMX0OMyl5HaMf7M/xeFSt6W62LjhEkIk=
Subject key identifier:   DC:13:E2:8C:C9:B3:E4:42:62:51:6B:4C:1C:1B:8E:CB:21:45:30:41
Certificate issuer:       /CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
Certificate serial:       018CC4924BB2F47C8F73CC8CC2CD94722468
Authority key identifier: 7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/3BPijMmz5EJiUWtMHBuOyyFFMEE.roa
Signing time:             Mon 01 Jan 2024 10:29:31 +0000
ROA not before:           Mon 01 Jan 2024 10:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45035
IP address blocks:        85.204.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:4b:b2:f4:7c:8f:73:cc:8c:c2:cd:94:72:24:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
        Validity
            Not Before: Jan  1 10:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc13e28cc9b3e44262516b4c1c1b8ecb21453041
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:cf:27:ff:2a:e8:b3:11:96:92:ce:96:41:47:
                    72:e3:48:2a:4c:d6:ae:ac:8d:18:c4:7a:01:b3:bc:
                    f1:f3:87:54:cc:d0:22:f4:04:0d:ad:c7:99:95:5b:
                    08:65:45:af:87:34:97:82:56:a0:0b:e9:44:7a:8e:
                    4c:19:66:89:4c:ea:82:d4:c4:02:1f:4f:88:02:11:
                    f0:14:8a:6e:21:35:b6:cd:dd:2e:51:95:f3:a8:e0:
                    9f:db:53:6a:8d:09:3c:e0:c0:71:e7:7a:08:be:e6:
                    2f:b5:9a:83:9e:49:43:d7:49:d3:c2:55:1d:fc:19:
                    35:15:f5:de:11:03:c5:d6:8f:6d:51:45:6a:65:82:
                    7e:e2:19:a9:80:a0:d1:d1:c0:5a:96:3c:ee:14:66:
                    a4:16:d5:94:14:7c:5e:9f:77:31:60:dc:6d:7c:ee:
                    59:2a:60:0b:3d:89:13:f4:33:fc:37:ec:1b:e7:86:
                    f2:72:d5:94:ec:ef:d1:52:e3:b1:b9:42:23:9a:0a:
                    fd:19:be:a8:de:95:21:7e:7f:3f:f7:8d:4c:3d:70:
                    70:25:31:e9:21:b1:6e:bc:21:ff:9a:08:74:55:82:
                    08:c9:58:89:2b:5c:e3:96:5b:3a:bb:ec:71:b2:8f:
                    32:8d:79:4a:69:e7:9e:41:4b:ff:b4:d2:19:b6:1c:
                    9b:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:13:E2:8C:C9:B3:E4:42:62:51:6B:4C:1C:1B:8E:CB:21:45:30:41
            X509v3 Authority Key Identifier:
                keyid:7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/3BPijMmz5EJiUWtMHBuOyyFFMEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:25:59:15:1f:6d:65:1b:01:c5:08:15:65:d9:66:6b:e4:0e:
         63:8f:cc:63:cc:12:61:40:c6:45:9d:f6:82:75:29:82:5e:54:
         b5:a8:78:52:40:20:07:8d:9d:d0:fb:03:06:b8:de:7e:20:9b:
         2d:db:6f:9a:68:9c:af:29:29:32:01:05:e1:b5:99:36:20:58:
         bd:8e:b5:57:3c:96:43:b2:58:ec:b9:93:8d:e7:bf:8c:87:d0:
         3f:6c:16:91:08:b9:7c:ec:6b:f9:96:11:ae:c2:ba:bb:cc:a4:
         e6:f9:77:dc:eb:ef:7e:64:82:dd:7a:af:3e:05:47:3c:8a:5c:
         ff:fe:12:32:20:39:1a:83:aa:de:0b:82:ca:27:8d:bb:16:0e:
         91:31:47:d4:59:97:04:6f:7d:a0:70:e8:c1:f4:ee:1b:0b:32:
         9e:a2:f2:b9:13:e9:8d:c5:75:c6:38:f3:b1:44:37:51:7f:d0:
         5e:45:09:1c:42:3d:50:5b:4e:9c:12:82:e2:24:c5:d4:65:56:
         5d:78:46:68:ce:fd:60:c1:6e:3b:ff:27:74:f9:76:32:46:d3:
         a5:2f:54:e9:20:f5:6a:18:08:5e:d6:44:06:13:ac:1f:4f:57:
         fb:31:cc:64:c9:ae:aa:0c:c2:32:3a:42:ad:21:5c:99:ae:d5:
         04:ef:df:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkkuy9HyPc8yMws2UciRoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZWYwNjllN2UzZWQ1YmY3MGY2ODJjZTQwYzU4MTBmZjNl
NWUzNzgwHhcNMjQwMTAxMTAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzEzZTI4Y2M5YjNlNDQyNjI1MTZiNGMxYzFiOGVjYjIxNDUzMDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw88n/yrosxGWks6WQUdy40gqTNau
rI0YxHoBs7zx84dUzNAi9AQNrceZlVsIZUWvhzSXglagC+lEeo5MGWaJTOqC1MQC
H0+IAhHwFIpuITW2zd0uUZXzqOCf21NqjQk84MBx53oIvuYvtZqDnklD10nTwlUd
/Bk1FfXeEQPF1o9tUUVqZYJ+4hmpgKDR0cBaljzuFGakFtWUFHxen3cxYNxtfO5Z
KmALPYkT9DP8N+wb54byctWU7O/RUuOxuUIjmgr9Gb6o3pUhfn8/941MPXBwJTHp
IbFuvCH/mgh0VYIIyViJK1zjlls6u+xxso8yjXlKaeeeQUv/tNIZthybLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNwT4ozJs+RCYlFrTBwbjsshRTBBMB8GA1UdIwQY
MBaAFHrvBp5+PtW/cPaCzkDFgQ/z5eN4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmIt
OTAwMDM0ZjAwZDllLzEvM0JQaWpNbXo1RUppVVd0TUhCdU95eUZGTUVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmItOTAwMDM0ZjAwZDll
LzEvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcwtMA0G
CSqGSIb3DQEBCwUAA4IBAQAkJVkVH21lGwHFCBVl2WZr5A5jj8xjzBJhQMZFnfaC
dSmCXlS1qHhSQCAHjZ3Q+wMGuN5+IJst22+aaJyvKSkyAQXhtZk2IFi9jrVXPJZD
sljsuZON57+Mh9A/bBaRCLl87Gv5lhGuwrq7zKTm+Xfc6+9+ZILdeq8+BUc8ilz/
/hIyIDkag6reC4LKJ427Fg6RMUfUWZcEb32gcOjB9O4bCzKeovK5E+mNxXXGOPOx
RDdRf9BeRQkcQj1QW06cEoLiJMXUZVZdeEZozv1gwW47/yd0+XYyRtOlL1TpIPVq
GAhe1kQGE6wfT1f7Mcxkya6qDMIyOkKtIVyZrtUE798J
-----END CERTIFICATE-----