Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/7083b8-158f-40d2-91cc-9775a5d6604c/1/aU_CZi_Grg-SIRyigP6XGKcKKsc.roa
File:                     aU_CZi_Grg-SIRyigP6XGKcKKsc.roa (raw, json)
Hash identifier:          02yBfF6P/z0kaTYMJqEBSPthNJRiTnYyu8X3OrqWLs8=
Subject key identifier:   69:4F:C2:66:2F:C6:AE:0F:92:21:1C:A2:80:FE:97:18:A7:0A:2A:C7
Certificate issuer:       /CN=fe53426e2361ba665d8f25bd3cfaefc20ebda488
Certificate serial:       018CCA2B749D4B0FAAF5677C2DF29DF1F65E
Authority key identifier: FE:53:42:6E:23:61:BA:66:5D:8F:25:BD:3C:FA:EF:C2:0E:BD:A4:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_lNCbiNhumZdjyW9PPrvwg69pIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/7083b8-158f-40d2-91cc-9775a5d6604c/1/aU_CZi_Grg-SIRyigP6XGKcKKsc.roa
Signing time:             Tue 02 Jan 2024 12:34:54 +0000
ROA not before:           Tue 02 Jan 2024 12:34:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31234
IP address blocks:        195.225.228.0/22 maxlen: 22
                          185.115.36.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/7083b8-158f-40d2-91cc-9775a5d6604c/1/_lNCbiNhumZdjyW9PPrvwg69pIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/7083b8-158f-40d2-91cc-9775a5d6604c/1/_lNCbiNhumZdjyW9PPrvwg69pIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_lNCbiNhumZdjyW9PPrvwg69pIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:03:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:74:9d:4b:0f:aa:f5:67:7c:2d:f2:9d:f1:f6:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe53426e2361ba665d8f25bd3cfaefc20ebda488
        Validity
            Not Before: Jan  2 12:34:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=694fc2662fc6ae0f92211ca280fe9718a70a2ac7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:14:28:22:1e:ba:da:4e:85:19:9b:65:82:ce:
                    87:4b:89:a0:67:6d:32:24:8a:7c:69:67:e1:d0:82:
                    a8:61:db:f8:1b:77:37:30:c7:e6:74:8d:f7:3c:d4:
                    8c:47:43:c7:c5:19:96:a9:54:99:df:bb:c4:16:d7:
                    03:2d:17:ab:8d:1e:ae:9c:86:87:a0:bd:e8:b9:d3:
                    a3:69:0a:c1:f6:04:9b:cc:ed:b0:bd:ad:b0:72:d2:
                    4a:aa:77:b0:73:59:ba:7e:aa:80:d2:2d:47:cf:ce:
                    ad:88:e7:4d:f0:86:a4:b4:44:c7:c6:01:3d:d3:d6:
                    c8:c9:0a:9c:47:ca:de:1a:a5:a5:2f:6c:5d:69:08:
                    e1:0b:74:80:87:e3:9c:b2:7e:17:98:98:8a:ae:89:
                    d6:f9:2e:6d:58:d0:16:21:60:65:ea:d7:60:47:6b:
                    d9:94:12:e1:1c:3c:f3:c5:b6:67:b2:6a:c8:b0:1e:
                    ab:f5:f2:06:db:14:8e:38:a3:f8:6a:c2:4d:36:c1:
                    41:e2:19:53:a6:84:89:ff:de:65:02:f2:c6:ba:ae:
                    42:c8:c1:b3:e0:b8:d3:d1:3f:a8:da:9f:9d:36:50:
                    a0:7d:38:bb:cd:73:e1:d9:63:a5:c4:de:7c:a1:21:
                    9a:97:dc:49:22:9f:e1:d7:5c:03:4e:31:87:e0:df:
                    23:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:4F:C2:66:2F:C6:AE:0F:92:21:1C:A2:80:FE:97:18:A7:0A:2A:C7
            X509v3 Authority Key Identifier:
                keyid:FE:53:42:6E:23:61:BA:66:5D:8F:25:BD:3C:FA:EF:C2:0E:BD:A4:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_lNCbiNhumZdjyW9PPrvwg69pIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/7083b8-158f-40d2-91cc-9775a5d6604c/1/aU_CZi_Grg-SIRyigP6XGKcKKsc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/7083b8-158f-40d2-91cc-9775a5d6604c/1/_lNCbiNhumZdjyW9PPrvwg69pIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.36.0/22
                  195.225.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:d6:e8:b3:61:c1:51:1c:5a:1f:21:9c:28:fb:94:4c:e3:d8:
         79:a9:4b:5c:2c:18:99:c7:dd:e2:b3:ad:c2:7e:9f:02:f0:ad:
         e2:02:d3:4b:68:2e:cc:87:67:b2:07:59:3d:7b:62:fe:dc:0f:
         46:90:9a:cb:f2:0e:b4:68:17:bb:4e:c3:9a:a0:8b:33:50:6b:
         66:6d:e1:fd:79:f2:8d:55:bf:b9:c4:16:e5:8d:ec:f1:95:48:
         85:9f:a6:eb:2d:37:0b:f4:68:5a:fb:53:ac:cc:f3:76:ec:7a:
         5f:1e:3d:75:e9:0a:b0:55:7e:69:0a:a4:0b:65:4e:6f:c7:25:
         a3:34:a1:2d:d6:ec:26:fc:0b:3a:f9:4f:47:c1:38:5b:78:fb:
         05:40:dc:d6:05:73:48:02:7b:02:c3:5f:4a:fe:b6:81:52:49:
         98:9f:bc:22:f6:15:24:81:63:06:ac:e3:14:08:58:b9:e4:7b:
         92:a1:47:cc:31:0c:4a:1e:23:72:58:38:41:d9:2a:7c:05:9f:
         b9:18:62:e0:a0:36:c9:d7:08:34:b0:da:aa:b9:e6:b1:41:17:
         d5:20:bb:7b:c0:74:4e:43:80:78:ae:fe:91:6e:6a:50:d6:38:
         b5:88:23:2f:ac:66:d8:ca:90:3b:91:db:fe:5a:00:3f:87:81:
         eb:8d:ec:a1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKK3SdSw+q9Wd8LfKd8fZeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTM0MjZlMjM2MWJhNjY1ZDhmMjViZDNjZmFlZmMyMGVi
ZGE0ODgwHhcNMjQwMTAyMTIzNDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTRmYzI2NjJmYzZhZTBmOTIyMTFjYTI4MGZlOTcxOGE3MGEyYWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBQoIh662k6FGZtlgs6HS4mgZ20y
JIp8aWfh0IKoYdv4G3c3MMfmdI33PNSMR0PHxRmWqVSZ37vEFtcDLRerjR6unIaH
oL3oudOjaQrB9gSbzO2wva2wctJKqnewc1m6fqqA0i1Hz86tiOdN8IaktETHxgE9
09bIyQqcR8reGqWlL2xdaQjhC3SAh+Ocsn4XmJiKronW+S5tWNAWIWBl6tdgR2vZ
lBLhHDzzxbZnsmrIsB6r9fIG2xSOOKP4asJNNsFB4hlTpoSJ/95lAvLGuq5CyMGz
4LjT0T+o2p+dNlCgfTi7zXPh2WOlxN58oSGal9xJIp/h11wDTjGH4N8j2wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGlPwmYvxq4PkiEcooD+lxinCirHMB8GA1UdIwQY
MBaAFP5TQm4jYbpmXY8lvTz678IOvaSIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xOQ2JpTmh1bVpkanlXOVBQcnZ3ZzY5cElnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi83MDgzYjgtMTU4Zi00MGQyLTkxY2Mt
OTc3NWE1ZDY2MDRjLzEvYVVfQ1ppX0dyZy1TSVJ5aWdQNlhHS2NLS3NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi83MDgzYjgtMTU4Zi00MGQyLTkxY2MtOTc3NWE1ZDY2MDRj
LzEvX2xOQ2JpTmh1bVpkanlXOVBQcnZ3ZzY5cElnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuXMkAwQC
w+HkMA0GCSqGSIb3DQEBCwUAA4IBAQAW1uizYcFRHFofIZwo+5RM49h5qUtcLBiZ
x93is63Cfp8C8K3iAtNLaC7Mh2eyB1k9e2L+3A9GkJrL8g60aBe7TsOaoIszUGtm
beH9efKNVb+5xBbljezxlUiFn6brLTcL9Gha+1OszPN27HpfHj116QqwVX5pCqQL
ZU5vxyWjNKEt1uwm/As6+U9HwThbePsFQNzWBXNIAnsCw19K/raBUkmYn7wi9hUk
gWMGrOMUCFi55HuSoUfMMQxKHiNyWDhB2Sp8BZ+5GGLgoDbJ1wg0sNqqueaxQRfV
ILt7wHROQ4B4rv6RbmpQ1ji1iCMvrGbYypA7kdv+WgA/h4Hrjeyh
-----END CERTIFICATE-----