Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/8e36b6-d5af-410a-9fb9-8a92df77a07f/1/BSr8Z7LztTL0iyNgroHwBJjywy0.roa
File:                     BSr8Z7LztTL0iyNgroHwBJjywy0.roa (raw, json)
Hash identifier:          EGgqaF+SRCL91qkhgP6rhRn5WgM3rxHzgEGcLVGJJ7A=
Subject key identifier:   05:2A:FC:67:B2:F3:B5:32:F4:8B:23:60:AE:81:F0:04:98:F2:C3:2D
Certificate issuer:       /CN=93e079d7349891d2b4024895fa67e41c18f56fd4
Certificate serial:       018CC4252BD145239830C0BE363C70675543
Authority key identifier: 93:E0:79:D7:34:98:91:D2:B4:02:48:95:FA:67:E4:1C:18:F5:6F:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-B51zSYkdK0AkiV-mfkHBj1b9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/8e36b6-d5af-410a-9fb9-8a92df77a07f/1/BSr8Z7LztTL0iyNgroHwBJjywy0.roa
Signing time:             Mon 01 Jan 2024 08:30:19 +0000
ROA not before:           Mon 01 Jan 2024 08:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204101
IP address blocks:        185.111.152.0/22 maxlen: 22
                          2a06:5e40:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/8e36b6-d5af-410a-9fb9-8a92df77a07f/1/k-B51zSYkdK0AkiV-mfkHBj1b9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/8e36b6-d5af-410a-9fb9-8a92df77a07f/1/k-B51zSYkdK0AkiV-mfkHBj1b9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-B51zSYkdK0AkiV-mfkHBj1b9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 01:03:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:2b:d1:45:23:98:30:c0:be:36:3c:70:67:55:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e079d7349891d2b4024895fa67e41c18f56fd4
        Validity
            Not Before: Jan  1 08:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=052afc67b2f3b532f48b2360ae81f00498f2c32d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a8:79:15:3b:7d:af:60:61:93:6e:a6:14:a6:
                    8e:6f:e3:96:5b:fb:27:48:cb:91:42:8a:9b:5c:89:
                    5b:ae:ce:d3:d7:93:0d:33:97:57:d5:a6:7e:04:89:
                    f6:d5:77:a4:c1:8d:7b:23:7d:d0:d7:09:eb:86:7a:
                    95:32:9f:26:8d:c3:11:cd:88:b8:03:e2:d1:fa:c9:
                    71:ac:8a:37:e8:59:9c:8e:5e:7c:5d:6c:ce:35:d1:
                    d2:6e:6f:c9:43:b3:49:34:18:f1:35:f6:95:e8:46:
                    67:e1:37:f5:23:f8:95:46:55:e9:4b:1e:b6:f8:4c:
                    02:cc:58:c6:10:60:79:85:94:5e:8b:79:07:92:3b:
                    92:0c:db:c6:cf:93:32:f6:13:4b:6e:4d:9d:64:54:
                    73:5f:83:36:bb:0e:6a:fe:22:6a:9a:5a:e5:27:fe:
                    66:35:42:15:9f:ec:04:d3:4e:dd:19:7b:96:19:ac:
                    6d:5a:0d:24:ec:04:d9:0c:10:c8:f0:10:a7:ae:26:
                    b0:3a:5c:4e:b9:b8:98:12:2c:a9:30:6d:43:2d:22:
                    3a:77:98:f3:6f:e0:8f:a0:ca:63:89:bf:38:57:30:
                    79:36:f0:d0:3d:50:5a:56:f7:94:58:6b:69:56:c0:
                    f1:ff:15:c1:cb:a4:fb:57:6b:c0:67:75:85:29:99:
                    64:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:2A:FC:67:B2:F3:B5:32:F4:8B:23:60:AE:81:F0:04:98:F2:C3:2D
            X509v3 Authority Key Identifier:
                keyid:93:E0:79:D7:34:98:91:D2:B4:02:48:95:FA:67:E4:1C:18:F5:6F:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-B51zSYkdK0AkiV-mfkHBj1b9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8e36b6-d5af-410a-9fb9-8a92df77a07f/1/BSr8Z7LztTL0iyNgroHwBJjywy0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8e36b6-d5af-410a-9fb9-8a92df77a07f/1/k-B51zSYkdK0AkiV-mfkHBj1b9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.152.0/22
                IPv6:
                  2a06:5e40:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:3d:80:8a:c0:a0:b2:fa:2c:cd:66:b9:71:82:88:44:8a:a0:
         fc:11:ff:e1:4d:41:03:85:b6:7e:4f:58:5c:bd:54:11:3e:5c:
         02:4e:8d:4b:f4:5a:13:db:37:a0:1b:aa:32:f8:8f:3c:b1:e9:
         69:ee:5e:fa:0c:a8:d2:48:b3:a4:d6:52:de:a9:cc:87:c3:4f:
         c1:0e:c1:b9:74:b8:7a:dc:71:23:6e:48:42:ca:28:c5:7c:79:
         6d:03:80:5a:a5:33:71:f4:31:27:76:ad:3d:43:b5:39:05:12:
         f1:a1:18:68:f6:9a:ed:7d:93:57:d9:a2:83:0a:47:1e:fe:12:
         59:27:b4:43:32:22:5e:d8:1c:de:b8:c6:3d:cc:51:13:6e:02:
         d1:76:0c:51:a3:63:fb:de:fc:fd:a8:9f:98:0a:72:90:e9:97:
         c5:81:fe:ec:92:54:ac:70:cd:24:08:72:06:5c:e4:55:79:7f:
         e1:d3:06:4b:cf:d7:f2:7b:93:1d:bf:dc:1e:b5:5c:7d:f9:88:
         c8:01:b1:e1:49:10:8f:0f:a1:8a:ea:33:25:41:52:27:6c:47:
         b0:86:b6:c4:97:e5:26:39:0d:bc:a5:cd:51:33:c3:48:4d:0c:
         d9:14:7a:7b:9a:cb:71:e8:4b:29:09:58:88:51:a6:82:d4:71:
         20:88:7d:91
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJSvRRSOYMMC+NjxwZ1VDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZTA3OWQ3MzQ5ODkxZDJiNDAyNDg5NWZhNjdlNDFjMThm
NTZmZDQwHhcNMjQwMTAxMDgzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTJhZmM2N2IyZjNiNTMyZjQ4YjIzNjBhZTgxZjAwNDk4ZjJjMzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqh5FTt9r2Bhk26mFKaOb+OWW/sn
SMuRQoqbXIlbrs7T15MNM5dX1aZ+BIn21XekwY17I33Q1wnrhnqVMp8mjcMRzYi4
A+LR+slxrIo36Fmcjl58XWzONdHSbm/JQ7NJNBjxNfaV6EZn4Tf1I/iVRlXpSx62
+EwCzFjGEGB5hZRei3kHkjuSDNvGz5My9hNLbk2dZFRzX4M2uw5q/iJqmlrlJ/5m
NUIVn+wE007dGXuWGaxtWg0k7ATZDBDI8BCnriawOlxOubiYEiypMG1DLSI6d5jz
b+CPoMpjib84VzB5NvDQPVBaVveUWGtpVsDx/xXBy6T7V2vAZ3WFKZlknwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAUq/Gey87Uy9IsjYK6B8ASY8sMtMB8GA1UdIwQY
MBaAFJPgedc0mJHStAJIlfpn5BwY9W/UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1CNTF6U1lrZEswQWtpVi1tZmtIQmoxYjlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84ZTM2YjYtZDVhZi00MTBhLTlmYjkt
OGE5MmRmNzdhMDdmLzEvQlNyOFo3THp0VEwwaXlOZ3JvSHdCSmp5d3kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84ZTM2YjYtZDVhZi00MTBhLTlmYjktOGE5MmRmNzdhMDdm
LzEvay1CNTF6U1lrZEswQWtpVi1tZmtIQmoxYjlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCuW+YMA8E
AgACMAkDBwAqBl5AAAEwDQYJKoZIhvcNAQELBQADggEBAAE9gIrAoLL6LM1muXGC
iESKoPwR/+FNQQOFtn5PWFy9VBE+XAJOjUv0WhPbN6AbqjL4jzyx6WnuXvoMqNJI
s6TWUt6pzIfDT8EOwbl0uHrccSNuSELKKMV8eW0DgFqlM3H0MSd2rT1DtTkFEvGh
GGj2mu19k1fZooMKRx7+ElkntEMyIl7YHN64xj3MURNuAtF2DFGjY/ve/P2on5gK
cpDpl8WB/uySVKxwzSQIcgZc5FV5f+HTBkvP1/J7kx2/3B61XH35iMgBseFJEI8P
oYrqMyVBUidsR7CGtsSX5SY5DbylzVEzw0hNDNkUenuay3HoSykJWIhRpoLUcSCI
fZE=
-----END CERTIFICATE-----