Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/decaeb-3f95-4f2a-af65-0c020a7e4a44/1/bbg3HTkLDp5q9sAfubDYOiDyNlQ.roa
File:                     bbg3HTkLDp5q9sAfubDYOiDyNlQ.roa (raw, json)
Hash identifier:          w0PYG+huDNAbp8gGr/Z3FSbyzucZd/AXRh4TiudqLeg=
Subject key identifier:   6D:B8:37:1D:39:0B:0E:9E:6A:F6:C0:1F:B9:B0:D8:3A:20:F2:36:54
Certificate issuer:       /CN=52ceee2d6d7a50c92499da1a21f2abb7a2a774c8
Certificate serial:       018CC79411D369F4E7FE3DB9366A31749388
Authority key identifier: 52:CE:EE:2D:6D:7A:50:C9:24:99:DA:1A:21:F2:AB:B7:A2:A7:74:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Us7uLW16UMkkmdoaIfKrt6KndMg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/decaeb-3f95-4f2a-af65-0c020a7e4a44/1/bbg3HTkLDp5q9sAfubDYOiDyNlQ.roa
Signing time:             Tue 02 Jan 2024 00:30:19 +0000
ROA not before:           Tue 02 Jan 2024 00:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15506
IP address blocks:        62.169.4.0/22 maxlen: 22
                          62.169.0.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/decaeb-3f95-4f2a-af65-0c020a7e4a44/1/Us7uLW16UMkkmdoaIfKrt6KndMg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/decaeb-3f95-4f2a-af65-0c020a7e4a44/1/Us7uLW16UMkkmdoaIfKrt6KndMg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Us7uLW16UMkkmdoaIfKrt6KndMg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:11:d3:69:f4:e7:fe:3d:b9:36:6a:31:74:93:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52ceee2d6d7a50c92499da1a21f2abb7a2a774c8
        Validity
            Not Before: Jan  2 00:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6db8371d390b0e9e6af6c01fb9b0d83a20f23654
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:45:ad:de:9d:54:37:41:63:0d:f4:f4:1f:29:
                    ef:c4:67:c6:c1:fb:aa:44:9e:56:e3:07:26:ec:0a:
                    68:7d:c2:94:ed:b3:ea:22:0a:06:c0:ca:92:9c:43:
                    37:12:5b:22:54:85:ea:27:7b:f5:2f:b9:0e:d9:29:
                    e6:76:45:9c:4f:55:f8:e2:3a:fb:ec:ef:b7:2b:d7:
                    59:f7:a3:82:b0:5e:1c:7d:8b:46:fa:2d:32:ad:df:
                    aa:c8:a4:e6:ab:e0:21:50:a2:1d:3a:d5:64:a8:70:
                    54:a3:fa:c7:b5:86:7c:ba:c4:eb:bb:4d:d8:6c:de:
                    ec:49:4f:cc:1f:fe:fd:bf:6f:65:8d:be:1b:ae:95:
                    c2:32:12:bd:13:10:e2:11:c1:fd:bf:7a:88:54:c2:
                    67:3c:06:fc:ef:1d:12:97:d2:33:7b:55:4c:d1:79:
                    f3:49:53:41:05:ec:b6:71:48:0e:ea:5f:04:ad:98:
                    c1:0c:61:ca:41:ac:1c:da:07:18:bb:9e:aa:72:18:
                    d4:ab:e5:57:d5:32:c5:e9:84:a0:7b:a2:f9:26:a3:
                    aa:93:67:d9:d1:be:e5:d8:34:ca:52:27:15:3e:fc:
                    b5:af:65:1f:32:76:b3:10:01:7b:6c:c2:10:70:1a:
                    99:2a:07:b2:40:e4:09:bc:5c:a9:66:e3:26:14:6f:
                    ca:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:B8:37:1D:39:0B:0E:9E:6A:F6:C0:1F:B9:B0:D8:3A:20:F2:36:54
            X509v3 Authority Key Identifier:
                keyid:52:CE:EE:2D:6D:7A:50:C9:24:99:DA:1A:21:F2:AB:B7:A2:A7:74:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us7uLW16UMkkmdoaIfKrt6KndMg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/decaeb-3f95-4f2a-af65-0c020a7e4a44/1/bbg3HTkLDp5q9sAfubDYOiDyNlQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/decaeb-3f95-4f2a-af65-0c020a7e4a44/1/Us7uLW16UMkkmdoaIfKrt6KndMg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.169.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a8:bc:f4:8b:30:68:0d:b5:6c:52:a0:be:3a:ec:fd:98:cf:03:
         3a:9e:8f:71:d9:aa:ab:02:d1:a3:6a:38:a8:17:d8:21:ef:13:
         c2:58:de:26:0b:72:2e:ca:38:5c:e5:d6:4a:76:c2:21:9a:11:
         1d:11:dd:14:48:c8:1d:3b:16:0e:5d:a9:d3:27:92:18:58:e3:
         7f:ea:59:6c:c5:20:61:47:8f:02:e9:f2:ea:5f:76:7a:ce:88:
         f0:36:e9:46:f6:5f:ec:e5:09:66:0e:de:d8:3c:b4:f9:51:87:
         0a:27:41:2f:1d:a4:74:06:65:ea:ae:3b:21:63:18:f1:0d:83:
         3f:fe:28:00:56:1a:b0:d4:12:d8:0d:af:5b:30:55:16:b5:8a:
         5c:ce:0e:35:b5:00:33:8f:9c:bf:26:c3:60:4e:ca:f3:48:5a:
         36:43:94:35:c3:68:29:ba:24:51:80:77:23:a8:09:07:b8:9b:
         c7:6b:32:aa:05:79:50:97:99:bc:96:c2:4c:9e:72:21:7b:e0:
         20:aa:fa:be:2e:99:00:cf:93:b9:4f:11:70:3c:12:d7:a1:8f:
         f5:5d:75:1c:93:06:c1:ba:f8:41:db:4f:9e:52:0a:6c:0f:52:
         1f:d2:8b:5e:05:99:b5:32:be:5e:bb:ce:01:d4:62:d5:b6:6e:
         98:f0:7a:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlBHTafTn/j25NmoxdJOIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2VlZTJkNmQ3YTUwYzkyNDk5ZGExYTIxZjJhYmI3YTJh
Nzc0YzgwHhcNMjQwMTAyMDAzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGI4MzcxZDM5MGIwZTllNmFmNmMwMWZiOWIwZDgzYTIwZjIzNjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkWt3p1UN0FjDfT0HynvxGfGwfuq
RJ5W4wcm7ApofcKU7bPqIgoGwMqSnEM3ElsiVIXqJ3v1L7kO2SnmdkWcT1X44jr7
7O+3K9dZ96OCsF4cfYtG+i0yrd+qyKTmq+AhUKIdOtVkqHBUo/rHtYZ8usTru03Y
bN7sSU/MH/79v29ljb4brpXCMhK9ExDiEcH9v3qIVMJnPAb87x0Sl9Ize1VM0Xnz
SVNBBey2cUgO6l8ErZjBDGHKQawc2gcYu56qchjUq+VX1TLF6YSge6L5JqOqk2fZ
0b7l2DTKUicVPvy1r2UfMnazEAF7bMIQcBqZKgeyQOQJvFypZuMmFG/KlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG24Nx05Cw6eavbAH7mw2Dog8jZUMB8GA1UdIwQY
MBaAFFLO7i1telDJJJnaGiHyq7eip3TIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXM3dUxXMTZVTWtrbWRvYUlmS3J0NktuZE1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9kZWNhZWItM2Y5NS00ZjJhLWFmNjUt
MGMwMjBhN2U0YTQ0LzEvYmJnM0hUa0xEcDVxOXNBZnViRFlPaUR5TmxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9kZWNhZWItM2Y5NS00ZjJhLWFmNjUtMGMwMjBhN2U0YTQ0
LzEvVXM3dUxXMTZVTWtrbWRvYUlmS3J0NktuZE1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDPqkAMA0G
CSqGSIb3DQEBCwUAA4IBAQCovPSLMGgNtWxSoL467P2YzwM6no9x2aqrAtGjajio
F9gh7xPCWN4mC3Iuyjhc5dZKdsIhmhEdEd0USMgdOxYOXanTJ5IYWON/6llsxSBh
R48C6fLqX3Z6zojwNulG9l/s5QlmDt7YPLT5UYcKJ0EvHaR0BmXqrjshYxjxDYM/
/igAVhqw1BLYDa9bMFUWtYpczg41tQAzj5y/JsNgTsrzSFo2Q5Q1w2gpuiRRgHcj
qAkHuJvHazKqBXlQl5m8lsJMnnIhe+Agqvq+LpkAz5O5TxFwPBLXoY/1XXUckwbB
uvhB20+eUgpsD1If0oteBZm1Mr5eu84B1GLVtm6Y8Hor
-----END CERTIFICATE-----