Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/04e8dd-de3c-47fa-a024-f33797e39bb2/1/T1nnlXAqMJkOZFZ1A8rJylFpK4M.roa
File:                     T1nnlXAqMJkOZFZ1A8rJylFpK4M.roa (raw, json)
Hash identifier:          1jamfDtS51sNmbvF5EQWl/h3bPh5Am9VkvGQO6WWjMs=
Subject key identifier:   4F:59:E7:95:70:2A:30:99:0E:64:56:75:03:CA:C9:CA:51:69:2B:83
Certificate issuer:       /CN=c3a49f65a3d680c428fd94d67e65a2709f0292cf
Certificate serial:       018CC8DF76C60C99F514E9DB662DFBD33264
Authority key identifier: C3:A4:9F:65:A3:D6:80:C4:28:FD:94:D6:7E:65:A2:70:9F:02:92:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w6SfZaPWgMQo_ZTWfmWicJ8Cks8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/04e8dd-de3c-47fa-a024-f33797e39bb2/1/T1nnlXAqMJkOZFZ1A8rJylFpK4M.roa
Signing time:             Tue 02 Jan 2024 06:32:17 +0000
ROA not before:           Tue 02 Jan 2024 06:32:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205451
IP address blocks:        195.47.232.0/24 maxlen: 24
                          185.117.112.0/22 maxlen: 22
                          2a0c:3180::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/04e8dd-de3c-47fa-a024-f33797e39bb2/1/w6SfZaPWgMQo_ZTWfmWicJ8Cks8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/04e8dd-de3c-47fa-a024-f33797e39bb2/1/w6SfZaPWgMQo_ZTWfmWicJ8Cks8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w6SfZaPWgMQo_ZTWfmWicJ8Cks8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:76:c6:0c:99:f5:14:e9:db:66:2d:fb:d3:32:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3a49f65a3d680c428fd94d67e65a2709f0292cf
        Validity
            Not Before: Jan  2 06:32:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f59e795702a30990e64567503cac9ca51692b83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:15:78:4c:cf:b8:87:0a:86:3d:3b:12:8c:df:
                    76:9c:36:d9:73:53:fd:7f:72:7d:76:1d:11:9d:0a:
                    e1:76:fe:e3:d3:4b:4c:47:d3:e9:c6:00:5e:ba:11:
                    43:6e:2b:61:9f:a8:19:c5:b8:19:53:9d:fc:65:ce:
                    bd:39:26:de:c4:19:69:ca:41:a3:7d:cd:9d:e1:ec:
                    7d:c6:e0:95:7a:d4:8f:3f:1a:93:c2:2f:55:97:1c:
                    a9:60:e0:ca:b4:18:f3:ba:70:0f:3c:d2:00:69:cb:
                    f2:f8:5e:92:b5:16:ed:0f:db:df:36:58:3e:f0:2b:
                    eb:04:01:4d:9d:0c:a9:17:3f:df:4e:ac:da:19:a0:
                    32:4d:3b:44:18:ae:41:e5:1c:a3:35:44:21:13:80:
                    0c:78:44:a4:ff:1a:c3:f5:7b:03:ba:19:04:b2:8f:
                    25:71:b2:1c:04:ef:73:cc:13:4d:03:4b:6d:73:43:
                    b6:d9:d5:a7:8a:e0:23:1a:f5:a1:e0:03:de:3d:8b:
                    55:e5:fb:74:29:85:eb:b7:1e:89:44:a0:43:f3:56:
                    1c:54:44:a6:1f:96:55:1e:9d:74:9b:fb:dd:b7:2d:
                    5d:b8:74:3c:88:c9:25:0f:05:ee:e4:f8:b6:c2:a2:
                    d6:3f:9f:38:bb:73:8e:a6:b2:f1:8b:e3:d2:a7:36:
                    bd:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:59:E7:95:70:2A:30:99:0E:64:56:75:03:CA:C9:CA:51:69:2B:83
            X509v3 Authority Key Identifier:
                keyid:C3:A4:9F:65:A3:D6:80:C4:28:FD:94:D6:7E:65:A2:70:9F:02:92:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w6SfZaPWgMQo_ZTWfmWicJ8Cks8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/04e8dd-de3c-47fa-a024-f33797e39bb2/1/T1nnlXAqMJkOZFZ1A8rJylFpK4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/04e8dd-de3c-47fa-a024-f33797e39bb2/1/w6SfZaPWgMQo_ZTWfmWicJ8Cks8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.112.0/22
                  195.47.232.0/24
                IPv6:
                  2a0c:3180::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:71:96:a8:55:f5:a2:27:38:b5:0f:1a:c4:b7:39:69:db:f7:
         72:4c:7a:b6:7d:0d:ab:f1:f6:a3:a9:3c:f7:43:cf:33:54:30:
         7c:25:78:40:ae:e2:3c:95:59:2e:12:f6:80:0d:d4:e2:87:af:
         cc:d8:88:32:2f:4e:2b:12:b3:34:df:00:4b:df:3d:51:a9:28:
         31:b5:fb:f7:8b:c9:b0:6e:38:67:a2:84:e4:b3:0a:29:92:0f:
         be:26:fe:f5:88:d1:78:29:12:39:13:97:a8:9b:28:7d:05:3a:
         aa:cf:90:d5:aa:54:77:50:0a:99:87:28:99:5f:0a:0a:66:80:
         60:a3:4c:4b:a0:23:89:bb:3f:b0:43:c4:cd:ff:9b:35:48:9d:
         98:71:55:b8:72:a3:95:06:15:3c:13:c5:76:75:8a:a8:4e:1d:
         17:e3:10:9d:75:cd:4a:c2:e3:98:ab:dd:57:91:31:19:e2:17:
         1a:f2:64:b7:1e:2a:ec:b7:c3:1f:66:02:41:0a:a6:93:9a:ce:
         ce:3a:10:d0:f3:68:a7:e8:54:0a:32:6c:9e:da:c6:9f:36:fd:
         4a:a0:a5:9a:62:90:7f:ef:23:76:2b:01:63:96:76:b8:6c:c7:
         17:0f:ce:e8:58:27:ae:92:db:84:24:95:ac:7b:22:fc:96:d9:
         82:fd:1b:3f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzI33bGDJn1FOnbZi370zJkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYTQ5ZjY1YTNkNjgwYzQyOGZkOTRkNjdlNjVhMjcwOWYw
MjkyY2YwHhcNMjQwMTAyMDYzMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjU5ZTc5NTcwMmEzMDk5MGU2NDU2NzUwM2NhYzljYTUxNjkyYjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxV4TM+4hwqGPTsSjN92nDbZc1P9
f3J9dh0RnQrhdv7j00tMR9PpxgBeuhFDbithn6gZxbgZU538Zc69OSbexBlpykGj
fc2d4ex9xuCVetSPPxqTwi9VlxypYODKtBjzunAPPNIAacvy+F6StRbtD9vfNlg+
8CvrBAFNnQypFz/fTqzaGaAyTTtEGK5B5RyjNUQhE4AMeESk/xrD9XsDuhkEso8l
cbIcBO9zzBNNA0ttc0O22dWniuAjGvWh4APePYtV5ft0KYXrtx6JRKBD81YcVESm
H5ZVHp10m/vdty1duHQ8iMklDwXu5Pi2wqLWP584u3OOprLxi+PSpza9uQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFE9Z55VwKjCZDmRWdQPKycpRaSuDMB8GA1UdIwQY
MBaAFMOkn2Wj1oDEKP2U1n5lonCfApLPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzZTZlphUFdnTVFvX1pUV2ZtV2ljSjhDa3M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8wNGU4ZGQtZGUzYy00N2ZhLWEwMjQt
ZjMzNzk3ZTM5YmIyLzEvVDFubmxYQXFNSmtPWkZaMUE4ckp5bEZwSzRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8wNGU4ZGQtZGUzYy00N2ZhLWEwMjQtZjMzNzk3ZTM5YmIy
LzEvdzZTZlphUFdnTVFvX1pUV2ZtV2ljSjhDa3M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuXVwAwQA
wy/oMA0EAgACMAcDBQAqDDGAMA0GCSqGSIb3DQEBCwUAA4IBAQBhcZaoVfWiJzi1
DxrEtzlp2/dyTHq2fQ2r8fajqTz3Q88zVDB8JXhAruI8lVkuEvaADdTih6/M2Igy
L04rErM03wBL3z1RqSgxtfv3i8mwbjhnooTkswopkg++Jv71iNF4KRI5E5eomyh9
BTqqz5DVqlR3UAqZhyiZXwoKZoBgo0xLoCOJuz+wQ8TN/5s1SJ2YcVW4cqOVBhU8
E8V2dYqoTh0X4xCddc1KwuOYq91XkTEZ4hca8mS3Hirst8MfZgJBCqaTms7OOhDQ
82in6FQKMmye2safNv1KoKWaYpB/7yN2KwFjlna4bMcXD87oWCeuktuEJJWseyL8
ltmC/Rs/
-----END CERTIFICATE-----