Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/48898b-f9b4-45b4-993f-e8a1dc8e3ffc/1/PM3kCLD-I1cgObmr7LfZjxo0Yr0.roa
File:                     PM3kCLD-I1cgObmr7LfZjxo0Yr0.roa (raw, json)
Hash identifier:          YmaiiOZvPTihMjGCi2y1UvALmNJa0g07UuPvSjAOwIA=
Subject key identifier:   3C:CD:E4:08:B0:FE:23:57:20:39:B9:AB:EC:B7:D9:8F:1A:34:62:BD
Certificate issuer:       /CN=597582bc3f0badb661a69fb9a483b37ec905827e
Certificate serial:       018CC5009BC21C357F16BF7D4007ADCDE1B2
Authority key identifier: 59:75:82:BC:3F:0B:AD:B6:61:A6:9F:B9:A4:83:B3:7E:C9:05:82:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WXWCvD8LrbZhpp-5pIOzfskFgn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/48898b-f9b4-45b4-993f-e8a1dc8e3ffc/1/PM3kCLD-I1cgObmr7LfZjxo0Yr0.roa
Signing time:             Mon 01 Jan 2024 12:30:00 +0000
ROA not before:           Mon 01 Jan 2024 12:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62244
IP address blocks:        185.43.96.0/22 maxlen: 22
                          2a01:65e0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/48898b-f9b4-45b4-993f-e8a1dc8e3ffc/1/WXWCvD8LrbZhpp-5pIOzfskFgn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/48898b-f9b4-45b4-993f-e8a1dc8e3ffc/1/WXWCvD8LrbZhpp-5pIOzfskFgn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WXWCvD8LrbZhpp-5pIOzfskFgn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:9b:c2:1c:35:7f:16:bf:7d:40:07:ad:cd:e1:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=597582bc3f0badb661a69fb9a483b37ec905827e
        Validity
            Not Before: Jan  1 12:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ccde408b0fe23572039b9abecb7d98f1a3462bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:97:fe:e7:50:74:0a:89:d4:01:99:8f:8c:8a:
                    cd:4b:a6:6c:93:d7:39:52:01:af:43:ab:b1:a4:3c:
                    e6:a3:15:15:37:91:ef:6d:90:ee:58:b3:4b:dd:f7:
                    52:7f:ae:49:a8:a2:af:d0:44:58:6c:6d:a2:be:b4:
                    58:b5:f7:50:18:08:6f:31:e1:50:89:93:39:3d:30:
                    a8:da:17:06:b8:e6:20:83:b4:87:a0:78:7c:3e:b1:
                    4b:eb:18:cc:77:63:06:39:20:f2:b0:f8:a3:02:db:
                    aa:39:b1:a8:a6:0c:aa:f1:3b:21:97:7b:81:69:4f:
                    63:14:c3:fe:c8:31:f8:94:72:b6:76:10:3a:5d:0b:
                    98:51:fc:bc:88:78:6f:f0:59:2b:67:27:61:03:a8:
                    82:08:ec:78:a4:39:61:48:3e:7d:ba:a7:4a:8b:21:
                    c8:b7:29:12:96:21:b0:96:72:cc:f4:b1:bf:6e:f2:
                    eb:b3:19:9e:cd:d1:67:9c:57:84:cf:15:96:5a:72:
                    38:6d:d7:81:01:c4:fc:54:30:77:f8:9f:f9:9f:1e:
                    df:20:fa:54:0b:57:2b:c7:51:81:75:20:fe:1d:cb:
                    15:2c:31:5c:75:c6:f7:2b:36:75:6a:3b:4b:32:83:
                    a5:55:ed:22:4e:02:51:1d:e0:5e:a6:1e:e5:1c:bb:
                    cb:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:CD:E4:08:B0:FE:23:57:20:39:B9:AB:EC:B7:D9:8F:1A:34:62:BD
            X509v3 Authority Key Identifier:
                keyid:59:75:82:BC:3F:0B:AD:B6:61:A6:9F:B9:A4:83:B3:7E:C9:05:82:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXWCvD8LrbZhpp-5pIOzfskFgn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/48898b-f9b4-45b4-993f-e8a1dc8e3ffc/1/PM3kCLD-I1cgObmr7LfZjxo0Yr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/48898b-f9b4-45b4-993f-e8a1dc8e3ffc/1/WXWCvD8LrbZhpp-5pIOzfskFgn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.96.0/22
                IPv6:
                  2a01:65e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         8d:43:bf:e7:d0:56:f2:c0:52:62:a4:0d:70:e9:59:b5:21:73:
         c4:fe:24:fe:c6:5e:fc:dd:b4:45:f4:df:16:a2:f2:34:7d:78:
         42:11:ce:cf:ac:60:58:4a:de:a4:6e:bb:36:f9:6c:b5:55:da:
         0c:c4:89:10:a0:b4:f1:2e:e5:b2:4d:95:44:9a:cf:e2:cc:38:
         5f:bd:b4:6a:fa:09:56:0b:56:12:dd:f2:0e:cd:10:c5:6e:00:
         da:22:85:38:6a:ce:f7:16:13:b9:6d:e0:d6:f5:66:4a:78:3c:
         e1:0f:27:2c:07:59:47:93:76:0e:1b:30:68:58:30:97:b8:ec:
         c2:53:64:66:ac:4f:b6:ca:e6:5a:16:a1:1f:68:29:19:04:eb:
         3e:8d:26:b2:91:58:a4:21:aa:9e:e1:2f:12:d9:c1:ca:1c:1d:
         cd:8b:96:10:c2:3f:ca:9c:56:6b:55:14:fc:3e:7e:29:15:8c:
         ae:cf:f5:3c:20:8f:c4:fa:a9:5b:07:ce:13:63:4e:f9:59:26:
         09:71:26:1e:06:04:ce:03:ab:3e:66:2b:ad:e1:d5:ff:99:76:
         88:66:87:ef:1a:91:94:4a:4e:b7:2d:51:c3:27:32:09:51:1c:
         e2:99:10:ad:b8:7e:37:54:a9:0b:85:d1:b4:d7:2f:58:7b:45:
         23:d5:37:52
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAJvCHDV/Fr99QAetzeGyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NzU4MmJjM2YwYmFkYjY2MWE2OWZiOWE0ODNiMzdlYzkw
NTgyN2UwHhcNMjQwMTAxMTIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2NkZTQwOGIwZmUyMzU3MjAzOWI5YWJlY2I3ZDk4ZjFhMzQ2MmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpf+51B0ConUAZmPjIrNS6Zsk9c5
UgGvQ6uxpDzmoxUVN5HvbZDuWLNL3fdSf65JqKKv0ERYbG2ivrRYtfdQGAhvMeFQ
iZM5PTCo2hcGuOYgg7SHoHh8PrFL6xjMd2MGOSDysPijAtuqObGopgyq8Tshl3uB
aU9jFMP+yDH4lHK2dhA6XQuYUfy8iHhv8FkrZydhA6iCCOx4pDlhSD59uqdKiyHI
tykSliGwlnLM9LG/bvLrsxmezdFnnFeEzxWWWnI4bdeBAcT8VDB3+J/5nx7fIPpU
C1crx1GBdSD+HcsVLDFcdcb3KzZ1ajtLMoOlVe0iTgJRHeBeph7lHLvLvwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDzN5Aiw/iNXIDm5q+y32Y8aNGK9MB8GA1UdIwQY
MBaAFFl1grw/C622YaafuaSDs37JBYJ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1hXQ3ZEOExyYlpocHAtNXBJT3pmc2tGZ240LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC80ODg5OGItZjliNC00NWI0LTk5M2Yt
ZThhMWRjOGUzZmZjLzEvUE0za0NMRC1JMWNnT2JtcjdMZlpqeG8wWXIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC80ODg5OGItZjliNC00NWI0LTk5M2YtZThhMWRjOGUzZmZj
LzEvV1hXQ3ZEOExyYlpocHAtNXBJT3pmc2tGZ240LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuStgMA0E
AgACMAcDBQAqAWXgMA0GCSqGSIb3DQEBCwUAA4IBAQCNQ7/n0FbywFJipA1w6Vm1
IXPE/iT+xl783bRF9N8WovI0fXhCEc7PrGBYSt6kbrs2+Wy1VdoMxIkQoLTxLuWy
TZVEms/izDhfvbRq+glWC1YS3fIOzRDFbgDaIoU4as73FhO5beDW9WZKeDzhDycs
B1lHk3YOGzBoWDCXuOzCU2RmrE+2yuZaFqEfaCkZBOs+jSaykVikIaqe4S8S2cHK
HB3Ni5YQwj/KnFZrVRT8Pn4pFYyuz/U8II/E+qlbB84TY075WSYJcSYeBgTOA6s+
Ziut4dX/mXaIZofvGpGUSk63LVHDJzIJURzimRCtuH43VKkLhdG01y9Ye0Uj1TdS
-----END CERTIFICATE-----