Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/0Q_dh2E2s8QOEh01qnB0KABhNcg.roa
File:                     0Q_dh2E2s8QOEh01qnB0KABhNcg.roa (raw, json)
Hash identifier:          w9jjnAU5RqdKC7NDtTNvDgMh6ftXBRkRZVqEC1BSexE=
Subject key identifier:   D1:0F:DD:87:61:36:B3:C4:0E:12:1D:35:AA:70:74:28:00:61:35:C8
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB3AE78241EE5F10A5646D3BE4CDE9
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/0Q_dh2E2s8QOEh01qnB0KABhNcg.roa
Signing time:             Mon 01 Jan 2024 02:29:56 +0000
ROA not before:           Mon 01 Jan 2024 02:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209868
IP address blocks:        2.57.152.0/22 maxlen: 22
                          5.253.228.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3a:e7:82:41:ee:5f:10:a5:64:6d:3b:e4:cd:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d10fdd876136b3c40e121d35aa707428006135c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a3:de:b9:c3:7a:81:ab:d1:0e:50:45:5f:ad:
                    22:c2:b2:93:b4:ce:a3:70:18:be:6e:82:c9:32:df:
                    d7:96:7e:f5:90:4b:f5:e4:cc:3b:03:a9:59:02:07:
                    ae:f1:3e:d9:23:af:94:53:47:2e:cf:c6:a9:f8:1c:
                    d4:58:67:8b:99:39:76:df:91:0c:5b:fc:f5:9b:0d:
                    32:5b:dd:62:db:52:ea:a7:f3:a4:49:3a:77:73:48:
                    6b:32:8e:19:73:57:81:3c:aa:f7:be:fd:7f:64:72:
                    02:94:fd:40:bd:9f:b9:ff:69:4e:15:cc:0f:d1:71:
                    65:8e:ff:4b:77:f5:4b:56:da:f0:97:36:db:1c:55:
                    d8:73:d6:cc:fe:fc:55:a1:2c:0b:46:c1:25:73:49:
                    de:8b:1c:b8:9a:6d:53:43:3e:16:fd:81:8a:b9:d7:
                    bf:15:51:f3:37:6f:56:ae:9f:7e:c3:d6:19:c7:8b:
                    2f:03:2e:58:15:49:35:fe:86:3b:69:9e:af:05:70:
                    27:66:e7:63:71:13:73:55:90:96:b1:3e:d5:c1:e3:
                    59:a3:f5:a0:9e:c3:95:a8:dd:fb:ae:ad:8f:7d:5c:
                    1b:cd:4a:2e:27:60:0e:c8:9d:e7:e7:f6:bd:8d:ff:
                    65:f3:01:5b:a0:65:54:75:b8:18:46:cd:a6:b6:fb:
                    7c:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:0F:DD:87:61:36:B3:C4:0E:12:1D:35:AA:70:74:28:00:61:35:C8
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/0Q_dh2E2s8QOEh01qnB0KABhNcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.152.0/22
                  5.253.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:58:05:32:69:c7:e1:2e:e8:1e:7a:4a:98:59:5e:49:bf:a7:
         0e:bb:5b:4b:5f:ed:c8:ae:72:6f:b1:50:7a:b9:c0:d6:6b:34:
         1f:3b:0a:6c:4f:55:5c:c7:04:f6:8a:7b:f4:50:82:17:2f:42:
         5b:00:83:9b:3a:b2:eb:5e:49:e5:e6:ee:03:5f:d3:f3:8a:32:
         ab:26:54:57:cc:1b:06:c0:ef:13:db:ba:31:4f:77:22:af:8e:
         eb:c3:d9:50:3a:0a:b2:87:1f:30:ad:10:b3:88:96:d9:6e:12:
         4e:04:eb:b4:00:45:e2:6b:dd:79:1c:d9:73:f5:51:59:6e:1e:
         b6:95:33:ca:e1:ad:2d:20:f2:ff:3d:63:9d:d8:e8:89:ca:e9:
         8e:c5:8a:bc:88:d6:9d:e3:14:58:f2:04:bb:0e:ee:b6:4c:b2:
         73:e1:f1:12:d4:4c:3f:16:94:ae:77:06:b3:8e:19:2a:b2:b9:
         34:3e:8c:0d:95:cf:cf:99:0b:60:f9:37:0d:17:be:9f:21:5a:
         a5:31:a5:f2:48:03:7a:47:5b:8d:b1:5e:e6:db:8b:f9:4b:a6:
         01:52:b9:d0:d4:da:16:35:7e:9f:9e:66:f8:ab:fc:d2:55:d0:
         3d:66:86:91:1b:fe:a8:67:74:44:87:5e:5a:06:6c:df:fc:db:
         99:89:7f:ee
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2zrngkHuXxClZG075M3pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTBmZGQ4NzYxMzZiM2M0MGUxMjFkMzVhYTcwNzQyODAwNjEzNWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaPeucN6gavRDlBFX60iwrKTtM6j
cBi+boLJMt/Xln71kEv15Mw7A6lZAgeu8T7ZI6+UU0cuz8ap+BzUWGeLmTl235EM
W/z1mw0yW91i21Lqp/OkSTp3c0hrMo4Zc1eBPKr3vv1/ZHIClP1AvZ+5/2lOFcwP
0XFljv9Ld/VLVtrwlzbbHFXYc9bM/vxVoSwLRsElc0neixy4mm1TQz4W/YGKude/
FVHzN29Wrp9+w9YZx4svAy5YFUk1/oY7aZ6vBXAnZudjcRNzVZCWsT7VweNZo/Wg
nsOVqN37rq2PfVwbzUouJ2AOyJ3n5/a9jf9l8wFboGVUdbgYRs2mtvt8owIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNEP3YdhNrPEDhIdNapwdCgAYTXIMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvMFFfZGgyRTJzOFFPRWgwMXFuQjBLQUJoTmNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCAjmYAwQC
Bf3kMA0GCSqGSIb3DQEBCwUAA4IBAQADWAUyacfhLugeekqYWV5Jv6cOu1tLX+3I
rnJvsVB6ucDWazQfOwpsT1VcxwT2inv0UIIXL0JbAIObOrLrXknl5u4DX9PzijKr
JlRXzBsGwO8T27oxT3cir47rw9lQOgqyhx8wrRCziJbZbhJOBOu0AEXia915HNlz
9VFZbh62lTPK4a0tIPL/PWOd2OiJyumOxYq8iNad4xRY8gS7Du62TLJz4fES1Ew/
FpSudwazjhkqsrk0PowNlc/PmQtg+TcNF76fIVqlMaXySAN6R1uNsV7m24v5S6YB
UrnQ1NoWNX6fnmb4q/zSVdA9ZoaRG/6oZ3REh15aBmzf/NuZiX/u
-----END CERTIFICATE-----