Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/bS3ApRlD93vB-K8Tp7bGQtEvSdY.roa
File:                     bS3ApRlD93vB-K8Tp7bGQtEvSdY.roa (raw, json)
Hash identifier:          KrBiDuyaEcjRcy9tucn74mdNjNrerIw792YK+prBImY=
Subject key identifier:   6D:2D:C0:A5:19:43:F7:7B:C1:F8:AF:13:A7:B6:C6:42:D1:2F:49:D6
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       019082EF4B2D3182416FD208FFBCAEF602AA
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/bS3ApRlD93vB-K8Tp7bGQtEvSdY.roa
Signing time:             Fri 05 Jul 2024 12:47:18 +0000
ROA not before:           Fri 05 Jul 2024 12:47:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13627
IP address blocks:        85.202.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:82:ef:4b:2d:31:82:41:6f:d2:08:ff:bc:ae:f6:02:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jul  5 12:47:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d2dc0a51943f77bc1f8af13a7b6c642d12f49d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:cf:04:6a:50:df:24:fa:5f:f5:8f:0c:64:6a:
                    8a:d3:ca:ee:96:98:6b:36:bd:46:22:a4:5d:63:81:
                    3c:33:be:c0:ec:dd:dd:71:b9:8f:2c:a2:2a:64:35:
                    fa:2c:d5:01:67:46:dc:01:86:65:5c:87:68:36:32:
                    ab:6e:c9:90:a4:ee:c1:07:ec:4f:32:4e:66:01:9e:
                    58:d0:09:e3:2d:e7:6d:88:11:a5:cd:5b:ec:13:b8:
                    8a:a2:c6:a0:e3:68:fa:59:5a:64:9f:a5:0b:5f:0a:
                    46:af:62:58:c1:9c:45:d1:fa:5a:48:c4:92:c2:2b:
                    1f:55:fe:96:da:fa:a6:72:ba:d4:6e:19:e0:02:ab:
                    1a:f1:c0:16:7c:c8:c1:01:ab:68:a1:e0:e9:5f:f0:
                    de:37:d4:ba:83:22:ef:12:0c:01:13:78:21:34:8f:
                    9d:fc:ed:f2:74:63:cc:ba:8a:51:eb:c1:c5:dd:c8:
                    e5:1f:00:49:5e:a0:ee:6f:c8:d9:00:be:b5:e8:81:
                    ed:81:35:f1:f0:16:41:07:02:e9:99:d4:59:72:bc:
                    81:5c:d9:3e:9f:c0:58:86:14:ab:07:e7:c2:dd:f3:
                    99:3e:40:6a:ee:91:30:f7:11:30:6a:94:a3:4f:c2:
                    9e:3d:9a:cc:d7:b2:01:d3:5f:4a:ce:f4:d9:62:c4:
                    8e:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:2D:C0:A5:19:43:F7:7B:C1:F8:AF:13:A7:B6:C6:42:D1:2F:49:D6
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/bS3ApRlD93vB-K8Tp7bGQtEvSdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:19:6f:d3:b2:93:84:f9:41:7f:d9:25:fd:c9:7a:47:37:48:
         02:48:a7:ac:96:d4:82:bd:27:9f:22:19:57:92:57:58:26:9d:
         58:e8:03:f4:be:2d:82:1a:bd:28:d7:f2:32:45:d4:ca:7d:95:
         3d:e2:36:9c:24:81:c0:e6:4f:19:6a:c7:5e:48:00:0e:84:7a:
         24:ce:b4:28:6a:dc:d6:59:3c:a2:bf:a8:7a:22:aa:bd:87:03:
         3e:db:3c:85:3e:ee:2f:2e:bf:74:ae:25:8c:0c:5f:e7:2d:70:
         46:31:39:19:d0:3b:bb:0d:74:e0:13:fb:b6:d8:05:01:f7:fe:
         51:ff:96:7c:91:93:8a:34:ef:a0:75:8f:54:cb:be:e1:8a:16:
         53:57:3f:48:67:cc:47:5b:aa:da:81:64:19:3e:90:65:b2:d7:
         ef:cd:ad:27:a2:6d:d5:ac:c4:3c:10:e4:0c:ce:1e:10:d5:a0:
         cb:ba:2e:d2:df:cb:9d:45:39:57:f8:e2:89:3e:e1:62:3d:f5:
         70:dd:be:7c:e2:f3:29:c3:64:f6:55:22:f4:c5:8b:24:37:81:
         bd:da:84:37:de:5c:e4:78:13:3a:04:fe:2d:0a:43:3c:20:0c:
         38:ce:80:40:3b:d8:fd:5e:d7:be:93:1c:63:d4:6c:5e:94:40:
         54:2f:19:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCC70stMYJBb9II/7yu9gKqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwNzA1MTI0NzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDJkYzBhNTE5NDNmNzdiYzFmOGFmMTNhN2I2YzY0MmQxMmY0OWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo88EalDfJPpf9Y8MZGqK08rulphr
Nr1GIqRdY4E8M77A7N3dcbmPLKIqZDX6LNUBZ0bcAYZlXIdoNjKrbsmQpO7BB+xP
Mk5mAZ5Y0AnjLedtiBGlzVvsE7iKosag42j6WVpkn6ULXwpGr2JYwZxF0fpaSMSS
wisfVf6W2vqmcrrUbhngAqsa8cAWfMjBAatooeDpX/DeN9S6gyLvEgwBE3ghNI+d
/O3ydGPMuopR68HF3cjlHwBJXqDub8jZAL616IHtgTXx8BZBBwLpmdRZcryBXNk+
n8BYhhSrB+fC3fOZPkBq7pEw9xEwapSjT8KePZrM17IB019KzvTZYsSOUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0twKUZQ/d7wfivE6e2xkLRL0nWMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvYlMzQXBSbEQ5M3ZCLUs4VHA3YkdRdEV2U2RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcqgMA0G
CSqGSIb3DQEBCwUAA4IBAQCiGW/TspOE+UF/2SX9yXpHN0gCSKesltSCvSefIhlX
kldYJp1Y6AP0vi2CGr0o1/IyRdTKfZU94jacJIHA5k8ZasdeSAAOhHokzrQoatzW
WTyiv6h6Iqq9hwM+2zyFPu4vLr90riWMDF/nLXBGMTkZ0Du7DXTgE/u22AUB9/5R
/5Z8kZOKNO+gdY9Uy77hihZTVz9IZ8xHW6ragWQZPpBlstfvza0nom3VrMQ8EOQM
zh4Q1aDLui7S38udRTlX+OKJPuFiPfVw3b584vMpw2T2VSL0xYskN4G92oQ33lzk
eBM6BP4tCkM8IAw4zoBAO9j9Xte+kxxj1GxelEBULxk+
-----END CERTIFICATE-----