Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/080530-3f81-4479-b5a0-9a38159b794e/1/EjQxT7tWV4My88QEb-r51W1rC2g.roa
File:                     EjQxT7tWV4My88QEb-r51W1rC2g.roa (raw, json)
Hash identifier:          uPfO9E9yUSqylGeQYjSiT7O5KtGS/qoSKvGAOYl1WhQ=
Subject key identifier:   12:34:31:4F:BB:56:57:83:32:F3:C4:04:6F:EA:F9:D5:6D:6B:0B:68
Certificate issuer:       /CN=773110a43704d9549df7156e3a789e62285b1693
Certificate serial:       018CCA2A5BDD0C58056CD7850A4C89EC083D
Authority key identifier: 77:31:10:A4:37:04:D9:54:9D:F7:15:6E:3A:78:9E:62:28:5B:16:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dzEQpDcE2VSd9xVuOnieYihbFpM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/080530-3f81-4479-b5a0-9a38159b794e/1/EjQxT7tWV4My88QEb-r51W1rC2g.roa
Signing time:             Tue 02 Jan 2024 12:33:42 +0000
ROA not before:           Tue 02 Jan 2024 12:33:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59626
IP address blocks:        185.139.100.0/22 maxlen: 22
                          2a07:1480::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/080530-3f81-4479-b5a0-9a38159b794e/1/dzEQpDcE2VSd9xVuOnieYihbFpM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/080530-3f81-4479-b5a0-9a38159b794e/1/dzEQpDcE2VSd9xVuOnieYihbFpM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dzEQpDcE2VSd9xVuOnieYihbFpM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:5b:dd:0c:58:05:6c:d7:85:0a:4c:89:ec:08:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=773110a43704d9549df7156e3a789e62285b1693
        Validity
            Not Before: Jan  2 12:33:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1234314fbb56578332f3c4046feaf9d56d6b0b68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:65:fd:b6:24:a4:94:99:f8:2e:11:51:70:43:
                    dd:7f:4d:3b:d4:dd:dd:e6:87:2e:c7:b2:35:31:d6:
                    a9:3a:fa:19:58:80:b5:24:35:c2:e9:78:d2:a3:f3:
                    f7:25:06:d3:2d:ae:20:e3:75:d8:bd:1f:a5:11:28:
                    a4:0d:38:66:58:28:17:9d:b2:7b:d0:80:96:f2:dc:
                    64:a0:88:6e:d1:cd:c0:63:cb:6e:a4:3a:de:c6:ee:
                    f8:f2:ff:11:0e:0d:16:5c:08:db:e8:24:58:59:79:
                    0e:4d:88:af:58:8b:1c:ca:22:c9:5c:cc:bb:8e:0c:
                    08:33:70:57:7e:8a:40:ee:50:fa:18:e4:2d:13:44:
                    f0:84:66:13:4b:3f:f1:fe:bf:46:88:ef:47:12:e9:
                    fb:64:cc:45:0c:66:1e:15:79:a3:eb:36:b4:a9:0e:
                    86:3a:3d:59:14:de:f9:99:b8:47:e2:6a:47:7b:f7:
                    ac:e7:b9:eb:63:b3:86:d3:b5:9f:77:48:50:16:41:
                    08:30:03:3e:18:07:a2:bb:fb:84:0f:18:4d:48:68:
                    7f:f4:45:b7:d9:3a:8a:c7:1c:dd:3e:33:39:8c:55:
                    15:a6:34:bd:c8:a0:26:53:1d:eb:b6:cd:32:f5:c1:
                    c8:0f:15:af:ab:0b:28:5e:ff:c4:0f:32:9a:e1:bc:
                    fd:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:34:31:4F:BB:56:57:83:32:F3:C4:04:6F:EA:F9:D5:6D:6B:0B:68
            X509v3 Authority Key Identifier:
                keyid:77:31:10:A4:37:04:D9:54:9D:F7:15:6E:3A:78:9E:62:28:5B:16:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dzEQpDcE2VSd9xVuOnieYihbFpM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/080530-3f81-4479-b5a0-9a38159b794e/1/EjQxT7tWV4My88QEb-r51W1rC2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/080530-3f81-4479-b5a0-9a38159b794e/1/dzEQpDcE2VSd9xVuOnieYihbFpM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.100.0/22
                IPv6:
                  2a07:1480::/29

    Signature Algorithm: sha256WithRSAEncryption
         48:b7:ea:0f:3e:ef:3a:e3:5f:ca:b3:a4:b4:cd:a3:65:8b:da:
         6e:49:e1:e5:56:c0:b2:5a:0c:99:4f:1c:bb:a4:c3:ce:d8:0e:
         d5:1a:8a:20:37:30:6a:c4:52:a1:37:5a:14:82:f5:9d:eb:36:
         ce:88:29:d4:76:50:2d:30:8e:76:3b:77:70:7b:48:7e:76:83:
         50:e8:7e:0c:0f:a2:86:d8:d4:d2:8b:46:0f:6b:8a:94:5e:49:
         9a:ef:ce:2c:ae:07:c9:ca:86:de:ba:5b:9b:2f:55:d3:21:94:
         51:ec:24:ec:81:c6:ea:ae:55:91:59:a7:84:43:c6:c1:97:5c:
         3d:48:4c:0c:78:a4:b7:3b:8f:25:8a:2c:e5:cb:24:14:35:47:
         75:ee:cd:36:1e:78:4f:6d:ff:93:db:38:32:38:4a:e7:ed:b8:
         3b:75:92:f9:50:ad:b1:ad:d3:da:57:28:b0:13:c9:de:74:66:
         5a:83:e3:46:32:57:51:c3:c7:2e:c7:d3:6c:58:4c:96:96:ba:
         fc:01:a3:23:54:0c:d9:cc:7c:ca:5d:9f:49:c0:ec:7d:21:b6:
         07:12:0a:b7:77:b0:81:9d:85:06:c3:3c:57:e7:cc:d7:0e:8b:
         61:5c:14:95:29:a5:61:c6:0b:b1:ca:dc:8d:84:1f:4d:9f:7f:
         9d:db:46:8f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKlvdDFgFbNeFCkyJ7Ag9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MzExMGE0MzcwNGQ5NTQ5ZGY3MTU2ZTNhNzg5ZTYyMjg1
YjE2OTMwHhcNMjQwMTAyMTIzMzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjM0MzE0ZmJiNTY1NzgzMzJmM2M0MDQ2ZmVhZjlkNTZkNmIwYjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmX9tiSklJn4LhFRcEPdf0071N3d
5ocux7I1MdapOvoZWIC1JDXC6XjSo/P3JQbTLa4g43XYvR+lESikDThmWCgXnbJ7
0ICW8txkoIhu0c3AY8tupDrexu748v8RDg0WXAjb6CRYWXkOTYivWIscyiLJXMy7
jgwIM3BXfopA7lD6GOQtE0TwhGYTSz/x/r9GiO9HEun7ZMxFDGYeFXmj6za0qQ6G
Oj1ZFN75mbhH4mpHe/es57nrY7OG07Wfd0hQFkEIMAM+GAeiu/uEDxhNSGh/9EW3
2TqKxxzdPjM5jFUVpjS9yKAmUx3rts0y9cHIDxWvqwsoXv/EDzKa4bz90QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBI0MU+7VleDMvPEBG/q+dVtawtoMB8GA1UdIwQY
MBaAFHcxEKQ3BNlUnfcVbjp4nmIoWxaTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHpFUXBEY0UyVlNkOXhWdU9uaWVZaWhiRnBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8wODA1MzAtM2Y4MS00NDc5LWI1YTAt
OWEzODE1OWI3OTRlLzEvRWpReFQ3dFdWNE15ODhRRWItcjUxVzFyQzJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8wODA1MzAtM2Y4MS00NDc5LWI1YTAtOWEzODE1OWI3OTRl
LzEvZHpFUXBEY0UyVlNkOXhWdU9uaWVZaWhiRnBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYtkMA0E
AgACMAcDBQMqBxSAMA0GCSqGSIb3DQEBCwUAA4IBAQBIt+oPPu8641/Ks6S0zaNl
i9puSeHlVsCyWgyZTxy7pMPO2A7VGoogNzBqxFKhN1oUgvWd6zbOiCnUdlAtMI52
O3dwe0h+doNQ6H4MD6KG2NTSi0YPa4qUXkma784srgfJyobeulubL1XTIZRR7CTs
gcbqrlWRWaeEQ8bBl1w9SEwMeKS3O48liizlyyQUNUd17s02HnhPbf+T2zgyOErn
7bg7dZL5UK2xrdPaVyiwE8nedGZag+NGMldRw8cux9NsWEyWlrr8AaMjVAzZzHzK
XZ9JwOx9IbYHEgq3d7CBnYUGwzxX58zXDothXBSVKaVhxguxytyNhB9Nn3+d20aP
-----END CERTIFICATE-----