Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/e2a2b2-ab3c-4afb-8987-dd63f215c434/1/P42ukMtdRn5p4GlfRaMCfONqcVQ.roa
File:                     P42ukMtdRn5p4GlfRaMCfONqcVQ.roa (raw, json)
Hash identifier:          bS2LtOaRorsRGqhXWmgLa7TYY3QpdO2Gj4CtgO9uxao=
Subject key identifier:   3F:8D:AE:90:CB:5D:46:7E:69:E0:69:5F:45:A3:02:7C:E3:6A:71:54
Certificate issuer:       /CN=52d661a948f2bf3490e89d8252f2ccc8747ce5c7
Certificate serial:       018CC5DC900B2D0B081F47F14A6CA9051732
Authority key identifier: 52:D6:61:A9:48:F2:BF:34:90:E8:9D:82:52:F2:CC:C8:74:7C:E5:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UtZhqUjyvzSQ6J2CUvLMyHR85cc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/e2a2b2-ab3c-4afb-8987-dd63f215c434/1/P42ukMtdRn5p4GlfRaMCfONqcVQ.roa
Signing time:             Mon 01 Jan 2024 16:30:15 +0000
ROA not before:           Mon 01 Jan 2024 16:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57630
IP address blocks:        193.201.16.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/e2a2b2-ab3c-4afb-8987-dd63f215c434/1/UtZhqUjyvzSQ6J2CUvLMyHR85cc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/e2a2b2-ab3c-4afb-8987-dd63f215c434/1/UtZhqUjyvzSQ6J2CUvLMyHR85cc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UtZhqUjyvzSQ6J2CUvLMyHR85cc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:90:0b:2d:0b:08:1f:47:f1:4a:6c:a9:05:17:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52d661a948f2bf3490e89d8252f2ccc8747ce5c7
        Validity
            Not Before: Jan  1 16:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f8dae90cb5d467e69e0695f45a3027ce36a7154
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:d5:d4:26:a3:34:ce:01:91:ef:70:09:29:0b:
                    2f:33:6e:30:35:65:1a:b4:49:be:7e:c6:7a:ff:ee:
                    c4:e6:b4:9c:73:e2:0b:eb:66:fa:85:fc:bf:06:5c:
                    e2:6d:25:de:e0:9d:10:e5:06:a2:18:60:8b:ce:dd:
                    80:41:b8:3a:34:b8:aa:ac:94:3c:93:b2:55:98:cd:
                    66:08:e9:05:dd:1e:77:b8:0c:d4:18:23:6d:63:a3:
                    a1:66:a0:f0:bb:4a:9c:28:f3:d1:0c:f1:f0:08:c1:
                    78:aa:c2:5a:14:06:59:d7:2c:21:76:f0:74:97:1d:
                    94:85:a2:b8:e6:cb:0e:8a:a6:da:8d:f5:ed:64:64:
                    02:1f:ec:99:ee:1c:db:8c:a7:bf:ca:78:70:c9:26:
                    62:11:12:98:41:88:d5:6b:f6:58:d7:d0:12:67:a3:
                    09:68:ba:bb:40:df:e7:0c:a8:ab:97:38:10:81:22:
                    5d:1b:dc:78:d6:9f:fa:07:d9:e1:fa:b5:33:ed:c7:
                    d7:18:a3:24:1b:22:67:87:be:4d:63:0c:28:78:61:
                    c3:8f:e2:16:0f:70:52:2f:d9:0c:d1:fd:39:b0:8f:
                    52:33:d8:a1:8a:4d:68:7e:b1:43:c4:8f:06:b6:97:
                    47:26:10:a6:f1:3d:6e:94:ee:2a:79:aa:f5:64:55:
                    09:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:8D:AE:90:CB:5D:46:7E:69:E0:69:5F:45:A3:02:7C:E3:6A:71:54
            X509v3 Authority Key Identifier:
                keyid:52:D6:61:A9:48:F2:BF:34:90:E8:9D:82:52:F2:CC:C8:74:7C:E5:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UtZhqUjyvzSQ6J2CUvLMyHR85cc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/e2a2b2-ab3c-4afb-8987-dd63f215c434/1/P42ukMtdRn5p4GlfRaMCfONqcVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/e2a2b2-ab3c-4afb-8987-dd63f215c434/1/UtZhqUjyvzSQ6J2CUvLMyHR85cc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:82:d3:d4:0f:eb:8b:98:a9:59:a6:57:70:6b:03:e0:ea:5c:
         b3:da:bd:82:8d:86:4f:a8:0b:82:5c:af:97:8f:f8:b2:d8:31:
         b5:e6:95:e1:ab:49:ba:68:79:3a:aa:cf:3d:98:a6:9c:20:3a:
         23:7c:6d:19:25:fe:82:59:a0:ed:38:31:0c:43:68:a2:c8:85:
         5e:78:bc:ea:11:ef:e2:e8:15:a0:8c:86:12:4a:33:f3:eb:27:
         0a:fc:c1:dc:bc:27:6d:12:b0:82:6d:17:67:f5:f4:d2:06:b6:
         60:72:94:52:d4:5c:7f:f1:42:2a:aa:f8:d6:06:e4:46:50:d2:
         4d:06:7b:a7:f3:b0:69:c6:13:7f:09:ef:b7:91:51:dc:3a:b3:
         50:b6:8f:38:3f:27:8d:03:b7:a6:84:a5:6d:20:08:52:8e:f0:
         5e:81:d5:c0:e6:1a:cd:cd:dd:ba:8e:fc:9d:30:03:5e:d7:cf:
         aa:2d:ab:9c:b0:02:ef:d0:01:83:03:72:d1:49:f2:80:e2:9e:
         fd:9d:e7:7b:76:52:5e:61:46:af:8a:a4:81:14:10:81:59:b9:
         1a:a9:f0:28:92:77:e6:ea:be:6d:23:9b:9f:c4:f1:26:bb:14:
         71:db:95:67:26:35:9d:02:33:eb:ae:62:be:48:4c:59:f7:8e:
         55:aa:d3:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3JALLQsIH0fxSmypBRcyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZDY2MWE5NDhmMmJmMzQ5MGU4OWQ4MjUyZjJjY2M4NzQ3
Y2U1YzcwHhcNMjQwMTAxMTYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjhkYWU5MGNiNWQ0NjdlNjllMDY5NWY0NWEzMDI3Y2UzNmE3MTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4tXUJqM0zgGR73AJKQsvM24wNWUa
tEm+fsZ6/+7E5rScc+IL62b6hfy/BlzibSXe4J0Q5QaiGGCLzt2AQbg6NLiqrJQ8
k7JVmM1mCOkF3R53uAzUGCNtY6OhZqDwu0qcKPPRDPHwCMF4qsJaFAZZ1ywhdvB0
lx2UhaK45ssOiqbajfXtZGQCH+yZ7hzbjKe/ynhwySZiERKYQYjVa/ZY19ASZ6MJ
aLq7QN/nDKirlzgQgSJdG9x41p/6B9nh+rUz7cfXGKMkGyJnh75NYwwoeGHDj+IW
D3BSL9kM0f05sI9SM9ihik1ofrFDxI8GtpdHJhCm8T1ulO4qear1ZFUJFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+NrpDLXUZ+aeBpX0WjAnzjanFUMB8GA1UdIwQY
MBaAFFLWYalI8r80kOidglLyzMh0fOXHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXRaaHFVanl2elNRNkoyQ1V2TE15SFI4NWNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lMmEyYjItYWIzYy00YWZiLTg5ODct
ZGQ2M2YyMTVjNDM0LzEvUDQydWtNdGRSbjVwNEdsZlJhTUNmT05xY1ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lMmEyYjItYWIzYy00YWZiLTg5ODctZGQ2M2YyMTVjNDM0
LzEvVXRaaHFVanl2elNRNkoyQ1V2TE15SFI4NWNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwckQMA0G
CSqGSIb3DQEBCwUAA4IBAQAxgtPUD+uLmKlZpldwawPg6lyz2r2CjYZPqAuCXK+X
j/iy2DG15pXhq0m6aHk6qs89mKacIDojfG0ZJf6CWaDtODEMQ2iiyIVeeLzqEe/i
6BWgjIYSSjPz6ycK/MHcvCdtErCCbRdn9fTSBrZgcpRS1Fx/8UIqqvjWBuRGUNJN
Bnun87BpxhN/Ce+3kVHcOrNQto84PyeNA7emhKVtIAhSjvBegdXA5hrNzd26jvyd
MANe18+qLaucsALv0AGDA3LRSfKA4p79ned7dlJeYUaviqSBFBCBWbkaqfAoknfm
6r5tI5ufxPEmuxRx25VnJjWdAjPrrmK+SExZ945VqtPA
-----END CERTIFICATE-----