Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/ptDcEUC3uqYJalEXe3RgKGPhAjY.roa
File:                     ptDcEUC3uqYJalEXe3RgKGPhAjY.roa (raw, json)
Hash identifier:          LEArpKFGD5F1wuW7hchhWM65uRqDABoTPCnUH8HZZgo=
Subject key identifier:   A6:D0:DC:11:40:B7:BA:A6:09:6A:51:17:7B:74:60:28:63:E1:02:36
Certificate issuer:       /CN=554adb72b82ecfafc5705e25febcab5c82d76ee6
Certificate serial:       018CC94AD519FDBB2E7757EB6756A0E21F67
Authority key identifier: 55:4A:DB:72:B8:2E:CF:AF:C5:70:5E:25:FE:BC:AB:5C:82:D7:6E:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VUrbcrguz6_FcF4l_ryrXILXbuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/ptDcEUC3uqYJalEXe3RgKGPhAjY.roa
Signing time:             Tue 02 Jan 2024 08:29:33 +0000
ROA not before:           Tue 02 Jan 2024 08:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200542
IP address blocks:        185.100.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/VUrbcrguz6_FcF4l_ryrXILXbuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/VUrbcrguz6_FcF4l_ryrXILXbuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VUrbcrguz6_FcF4l_ryrXILXbuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:d5:19:fd:bb:2e:77:57:eb:67:56:a0:e2:1f:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=554adb72b82ecfafc5705e25febcab5c82d76ee6
        Validity
            Not Before: Jan  2 08:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6d0dc1140b7baa6096a51177b74602863e10236
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:bd:d8:98:8b:fd:b5:bd:fa:1e:93:9b:5b:54:
                    de:36:71:57:55:db:07:68:ba:3e:9a:ef:03:67:cb:
                    e7:f2:27:23:af:10:cb:11:6e:b9:08:1e:0d:65:c4:
                    6c:02:63:06:6a:f2:a1:f7:35:cd:6c:4f:fc:4c:d5:
                    1f:98:ac:51:33:e0:a7:ef:fe:5b:8f:22:7a:12:a3:
                    65:65:0e:4a:27:11:64:ee:6d:cb:4c:10:23:32:89:
                    ae:d7:e3:da:f1:12:7f:28:76:48:e7:7a:85:ea:3e:
                    96:fd:26:5f:26:d6:3c:17:7f:22:3c:0e:7b:f2:01:
                    72:45:df:3f:d1:56:eb:d7:fb:f3:81:bb:92:1f:cf:
                    4b:6d:17:96:b5:09:6a:69:e1:7e:8f:16:a9:aa:8f:
                    82:02:46:bd:4e:bc:07:79:87:d3:64:73:44:58:8a:
                    5b:29:71:9c:e4:46:6f:f0:ab:33:02:73:be:5d:78:
                    e6:c7:b1:24:ab:57:0f:9c:ef:6a:04:2e:74:f3:b4:
                    8f:26:1e:36:09:66:81:6c:be:b3:96:f6:b9:85:27:
                    db:75:d9:b6:27:2f:c0:a4:06:a4:bb:94:c7:1b:47:
                    df:16:9b:51:d4:cd:c3:9e:76:2e:c1:87:b7:42:d9:
                    3d:ac:45:eb:d8:0b:5c:a5:42:b3:de:60:45:25:7a:
                    5a:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:D0:DC:11:40:B7:BA:A6:09:6A:51:17:7B:74:60:28:63:E1:02:36
            X509v3 Authority Key Identifier:
                keyid:55:4A:DB:72:B8:2E:CF:AF:C5:70:5E:25:FE:BC:AB:5C:82:D7:6E:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VUrbcrguz6_FcF4l_ryrXILXbuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/ptDcEUC3uqYJalEXe3RgKGPhAjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/VUrbcrguz6_FcF4l_ryrXILXbuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b7:43:f7:cb:5d:d6:e2:2a:2d:8a:b1:0f:d9:95:cc:eb:02:1e:
         6e:57:fd:40:ab:cc:9c:de:51:51:f5:9e:de:8f:43:1c:85:74:
         92:59:99:fc:a0:54:86:ab:b1:84:b6:82:65:24:cd:e2:00:29:
         8e:af:9a:bc:bd:1a:2d:a2:d4:1b:99:63:cd:2c:7d:fc:ae:27:
         e7:0b:b9:f8:5e:11:72:48:2e:f7:f3:93:88:f6:97:42:0a:2c:
         09:60:a2:72:dc:68:76:25:69:31:a9:44:9b:bc:97:4b:9d:3b:
         7b:51:43:a7:ec:10:a8:4d:c6:f5:16:f4:3a:2e:7c:73:b5:a5:
         91:45:2a:c6:ef:d6:c2:8a:83:eb:e3:cc:d6:c7:9e:08:a8:5a:
         3c:10:1d:1e:58:ac:a1:ca:75:65:44:5d:80:59:0c:e9:eb:f1:
         1f:03:aa:50:aa:cb:7d:1b:b3:35:35:2f:4f:e2:79:34:63:bf:
         04:15:0a:ad:25:83:d7:45:c1:a4:82:67:6f:5b:80:28:7a:b2:
         88:2e:b4:f2:2e:0d:fe:de:85:de:31:f5:48:3a:cd:23:72:ce:
         60:02:de:47:b6:f0:e0:ff:1c:21:77:50:d6:e2:6e:20:bb:19:
         4a:77:7b:9e:0c:41:43:45:b6:5b:02:2f:ba:45:47:7f:ea:76:
         e4:86:87:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJStUZ/bsud1frZ1ag4h9nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1NGFkYjcyYjgyZWNmYWZjNTcwNWUyNWZlYmNhYjVjODJk
NzZlZTYwHhcNMjQwMTAyMDgyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmQwZGMxMTQwYjdiYWE2MDk2YTUxMTc3Yjc0NjAyODYzZTEwMjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmr3YmIv9tb36HpObW1TeNnFXVdsH
aLo+mu8DZ8vn8icjrxDLEW65CB4NZcRsAmMGavKh9zXNbE/8TNUfmKxRM+Cn7/5b
jyJ6EqNlZQ5KJxFk7m3LTBAjMomu1+Pa8RJ/KHZI53qF6j6W/SZfJtY8F38iPA57
8gFyRd8/0Vbr1/vzgbuSH89LbReWtQlqaeF+jxapqo+CAka9TrwHeYfTZHNEWIpb
KXGc5EZv8KszAnO+XXjmx7Ekq1cPnO9qBC5087SPJh42CWaBbL6zlva5hSfbddm2
Jy/ApAaku5THG0ffFptR1M3DnnYuwYe3Qtk9rEXr2AtcpUKz3mBFJXpaZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKbQ3BFAt7qmCWpRF3t0YChj4QI2MB8GA1UdIwQY
MBaAFFVK23K4Ls+vxXBeJf68q1yC127mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlVyYmNyZ3V6Nl9GY0Y0bF9yeXJYSUxYYnVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi81ZTM4OTUtYWU5NS00M2UyLWI3YTEt
NzU4NjNmNDM0NzZhLzEvcHREY0VVQzN1cVlKYWxFWGUzUmdLR1BoQWpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi81ZTM4OTUtYWU5NS00M2UyLWI3YTEtNzU4NjNmNDM0NzZh
LzEvVlVyYmNyZ3V6Nl9GY0Y0bF9yeXJYSUxYYnVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWTsMA0G
CSqGSIb3DQEBCwUAA4IBAQC3Q/fLXdbiKi2KsQ/ZlczrAh5uV/1Aq8yc3lFR9Z7e
j0MchXSSWZn8oFSGq7GEtoJlJM3iACmOr5q8vRototQbmWPNLH38rifnC7n4XhFy
SC7385OI9pdCCiwJYKJy3Gh2JWkxqUSbvJdLnTt7UUOn7BCoTcb1FvQ6LnxztaWR
RSrG79bCioPr48zWx54IqFo8EB0eWKyhynVlRF2AWQzp6/EfA6pQqst9G7M1NS9P
4nk0Y78EFQqtJYPXRcGkgmdvW4AoerKILrTyLg3+3oXeMfVIOs0jcs5gAt5HtvDg
/xwhd1DW4m4guxlKd3ueDEFDRbZbAi+6RUd/6nbkhofn
-----END CERTIFICATE-----