Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XUJGk5T2TkfQNQqb5od9eus_Sq8.roa
File:                     XUJGk5T2TkfQNQqb5od9eus_Sq8.roa (raw, json)
Hash identifier:          PfQXllV0t0j9hfFN08RIyQFXi2FvPx4OWFBPOtW7V70=
Subject key identifier:   5D:42:46:93:94:F6:4E:47:D0:35:0A:9B:E6:87:7D:7A:EB:3F:4A:AF
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DD0150D0CECB9EE9A6B8494EA62CEC
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XUJGk5T2TkfQNQqb5od9eus_Sq8.roa
Signing time:             Tue 02 Jan 2024 06:29:36 +0000
ROA not before:           Tue 02 Jan 2024 06:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201814
IP address blocks:        194.180.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:01:50:d0:ce:cb:9e:e9:a6:b8:49:4e:a6:2c:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d42469394f64e47d0350a9be6877d7aeb3f4aaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:60:9d:0d:ca:1c:7f:2b:3d:71:96:6e:8e:4e:
                    03:eb:0e:5a:7c:42:5c:05:99:6a:42:7a:e2:bc:19:
                    48:92:36:5e:98:aa:aa:e4:83:e4:0e:49:0e:01:28:
                    d0:00:e9:a3:86:d1:4e:66:34:4c:97:c0:9c:c4:0b:
                    73:73:20:ff:44:04:45:b4:eb:46:aa:4a:80:d0:49:
                    df:c4:d7:6d:22:9d:01:5c:a6:0b:d5:0b:ff:3f:4d:
                    4a:35:d7:75:39:2f:15:47:63:11:f9:81:77:7f:36:
                    c3:84:7a:8e:ef:d3:c4:67:39:10:b8:6b:e8:bd:11:
                    28:5e:0f:4e:ce:f9:0f:04:d3:87:bc:22:28:99:a1:
                    3f:e5:1d:82:96:87:f6:7a:89:7f:97:67:40:17:73:
                    48:19:2c:a1:1f:b0:c7:f2:6a:c4:19:c5:d2:6b:23:
                    7f:ad:8c:ee:17:26:58:2e:4a:41:87:b1:28:9f:2c:
                    2a:83:c3:47:63:57:a2:d1:ae:75:74:4d:0e:97:49:
                    46:c3:3a:76:d5:f0:7a:6c:6e:93:02:73:17:e2:6e:
                    8e:d7:b1:0f:f6:49:4f:19:ad:47:8d:d2:29:8d:ca:
                    4a:60:b9:34:2b:8b:b6:75:88:d0:ea:5b:5f:75:9b:
                    b8:40:a9:c6:3c:6f:d9:49:df:1f:1c:b9:c1:ff:00:
                    c5:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:42:46:93:94:F6:4E:47:D0:35:0A:9B:E6:87:7D:7A:EB:3F:4A:AF
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XUJGk5T2TkfQNQqb5od9eus_Sq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.180.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:16:08:65:0e:be:23:f1:bf:8c:d6:14:92:ad:8c:10:fc:dd:
         63:35:15:c1:ab:b7:22:d5:aa:3d:3a:ae:95:4b:7a:fe:c9:e2:
         20:73:64:89:f7:b1:13:70:cd:73:ff:9b:f0:5d:96:e8:d1:b6:
         82:e8:96:3b:5e:f3:10:7d:56:52:14:e7:54:bf:eb:f1:ad:52:
         e2:38:da:ec:20:b9:7f:79:d9:7b:9c:de:e0:a1:7a:5b:5d:61:
         d8:5e:53:95:68:f4:8b:2c:64:aa:af:c3:49:a9:bb:77:fa:d0:
         aa:fe:34:a6:38:3c:48:54:57:44:dd:ca:c4:3b:48:68:89:61:
         a5:40:7a:c1:1d:9b:64:18:d6:a4:6c:77:97:9d:7c:7c:b2:85:
         6f:bf:8f:d8:12:4a:db:12:32:28:86:f1:0f:5c:d3:c6:a7:58:
         1c:78:c2:9c:1b:12:6c:b4:42:a7:a5:e5:be:30:3e:c3:e9:ca:
         8b:9c:65:32:da:71:30:73:22:d8:f6:62:29:3b:0d:e3:84:0b:
         ae:26:61:93:3f:2d:33:a7:5d:5f:11:fc:4f:79:bd:42:35:f2:
         1a:24:8e:1a:09:8d:fc:77:ab:68:c3:dc:61:6e:9a:ad:79:00:
         61:06:5d:90:90:b1:8a:e1:ce:aa:c9:61:61:a6:8d:63:31:07:
         b9:54:c0:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3QFQ0M7LnummuElOpizsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDQyNDY5Mzk0ZjY0ZTQ3ZDAzNTBhOWJlNjg3N2Q3YWViM2Y0YWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWCdDcocfys9cZZujk4D6w5afEJc
BZlqQnrivBlIkjZemKqq5IPkDkkOASjQAOmjhtFOZjRMl8CcxAtzcyD/RARFtOtG
qkqA0EnfxNdtIp0BXKYL1Qv/P01KNdd1OS8VR2MR+YF3fzbDhHqO79PEZzkQuGvo
vREoXg9OzvkPBNOHvCIomaE/5R2Clof2eol/l2dAF3NIGSyhH7DH8mrEGcXSayN/
rYzuFyZYLkpBh7Eonywqg8NHY1ei0a51dE0Ol0lGwzp21fB6bG6TAnMX4m6O17EP
9klPGa1HjdIpjcpKYLk0K4u2dYjQ6ltfdZu4QKnGPG/ZSd8fHLnB/wDF3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF1CRpOU9k5H0DUKm+aHfXrrP0qvMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWFVKR2s1VDJUa2ZRTlFxYjVvZDlldXNfU3E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrQxMA0G
CSqGSIb3DQEBCwUAA4IBAQCTFghlDr4j8b+M1hSSrYwQ/N1jNRXBq7ci1ao9Oq6V
S3r+yeIgc2SJ97ETcM1z/5vwXZbo0baC6JY7XvMQfVZSFOdUv+vxrVLiONrsILl/
edl7nN7goXpbXWHYXlOVaPSLLGSqr8NJqbt3+tCq/jSmODxIVFdE3crEO0hoiWGl
QHrBHZtkGNakbHeXnXx8soVvv4/YEkrbEjIohvEPXNPGp1gceMKcGxJstEKnpeW+
MD7D6cqLnGUy2nEwcyLY9mIpOw3jhAuuJmGTPy0zp11fEfxPeb1CNfIaJI4aCY38
d6tow9xhbpqteQBhBl2QkLGK4c6qyWFhpo1jMQe5VMCD
-----END CERTIFICATE-----