Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/9c5404-5ea4-4776-8cec-aedbbf468028/1/86LUIezq1-8nXyeCCPFhTsbnpE4.roa
File:                     86LUIezq1-8nXyeCCPFhTsbnpE4.roa (raw, json)
Hash identifier:          5qJC9xEu9Zxg6jOeB/HxaeGKmxNs/vLcGZbdb6ATMJc=
Subject key identifier:   F3:A2:D4:21:EC:EA:D7:EF:27:5F:27:82:08:F1:61:4E:C6:E7:A4:4E
Certificate issuer:       /CN=1ec0434a5c3cf2374ca360331926ae7d24ac345b
Certificate serial:       018CC9BCF3510DC66C8CD621AB33D8C63119
Authority key identifier: 1E:C0:43:4A:5C:3C:F2:37:4C:A3:60:33:19:26:AE:7D:24:AC:34:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HsBDSlw88jdMo2AzGSaufSSsNFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/9c5404-5ea4-4776-8cec-aedbbf468028/1/86LUIezq1-8nXyeCCPFhTsbnpE4.roa
Signing time:             Tue 02 Jan 2024 10:34:12 +0000
ROA not before:           Tue 02 Jan 2024 10:34:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.201.20.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/9c5404-5ea4-4776-8cec-aedbbf468028/1/HsBDSlw88jdMo2AzGSaufSSsNFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/9c5404-5ea4-4776-8cec-aedbbf468028/1/HsBDSlw88jdMo2AzGSaufSSsNFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HsBDSlw88jdMo2AzGSaufSSsNFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:f3:51:0d:c6:6c:8c:d6:21:ab:33:d8:c6:31:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ec0434a5c3cf2374ca360331926ae7d24ac345b
        Validity
            Not Before: Jan  2 10:34:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3a2d421ecead7ef275f278208f1614ec6e7a44e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d4:8e:5f:a7:b6:35:08:6b:af:13:3f:61:86:
                    09:21:80:0c:d4:58:59:0b:b3:55:0e:66:f7:55:30:
                    48:b6:f5:b9:57:80:61:46:33:6f:7e:f3:34:01:13:
                    79:02:e7:6a:22:7f:6e:cc:91:7b:6e:e3:26:d8:78:
                    bd:bf:aa:16:ee:92:64:ca:49:79:02:bf:a8:14:96:
                    b5:46:32:61:9a:8f:60:32:92:07:01:0f:a6:d7:89:
                    a1:41:13:3d:45:d0:44:10:69:c7:ef:01:ee:30:31:
                    10:a6:2d:41:06:6e:f5:8d:d9:0c:6c:ff:b9:34:fb:
                    ac:0a:6f:32:b8:6e:26:7f:fd:2a:e2:50:be:08:b6:
                    f0:97:6a:f7:f4:a9:53:fb:df:d5:9c:18:b5:f5:35:
                    a7:91:5c:d1:52:4e:43:3a:e5:31:5d:71:90:4b:74:
                    4d:e4:b4:c5:5a:f6:bb:2d:90:4f:b5:db:7a:20:b9:
                    dc:cd:1f:99:24:a5:00:dc:1d:b3:5f:0e:73:9f:19:
                    a7:50:17:b8:94:ac:a6:38:5a:19:0d:0f:d9:43:44:
                    90:86:a5:bb:79:3b:a4:b4:22:71:4d:cb:bb:79:40:
                    7d:07:53:0e:ec:2d:07:cc:cf:4c:0c:4b:fa:b9:55:
                    e8:90:3a:52:fa:56:8b:d3:9d:23:46:ca:dd:85:80:
                    96:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:A2:D4:21:EC:EA:D7:EF:27:5F:27:82:08:F1:61:4E:C6:E7:A4:4E
            X509v3 Authority Key Identifier:
                keyid:1E:C0:43:4A:5C:3C:F2:37:4C:A3:60:33:19:26:AE:7D:24:AC:34:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HsBDSlw88jdMo2AzGSaufSSsNFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9c5404-5ea4-4776-8cec-aedbbf468028/1/86LUIezq1-8nXyeCCPFhTsbnpE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9c5404-5ea4-4776-8cec-aedbbf468028/1/HsBDSlw88jdMo2AzGSaufSSsNFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c7:2c:be:8e:20:5d:a1:df:05:e1:87:5a:64:ed:1a:41:2f:75:
         67:e1:24:84:94:c7:26:20:3b:a9:b5:83:98:d4:17:74:c6:f9:
         9e:1a:bc:a4:21:98:33:f8:63:b1:ba:9b:45:bc:5b:3e:8f:e5:
         f3:dd:e0:55:8b:a6:12:a5:a9:b8:2f:3d:5c:6d:8d:08:8b:e4:
         02:9d:eb:91:4d:4c:28:0f:df:82:db:0b:32:33:5e:0a:e2:c0:
         d1:36:c9:7e:d2:e5:a4:a8:7b:55:95:00:60:7e:b2:37:a0:1e:
         c9:7b:b4:2c:f2:40:fe:8e:cd:59:12:0d:c2:23:f2:98:bb:94:
         cc:c0:e8:56:1c:29:31:93:7e:27:17:8a:f1:6f:34:05:6d:3c:
         ed:cd:d8:9b:47:e2:e2:29:6b:6b:ef:22:f1:66:3c:89:d1:e3:
         de:70:fe:6d:e5:0c:20:e1:5f:97:49:ac:35:16:72:e4:b7:c3:
         2f:4a:0b:50:2a:77:3b:73:b7:cd:6f:96:f7:43:9a:e1:e7:34:
         ca:e7:ef:34:70:b2:cd:bd:af:07:9d:15:fe:fc:c6:14:49:c4:
         49:bf:20:77:50:49:fb:39:20:b7:3d:ce:38:f6:26:5f:03:e2:
         a5:c9:7e:1a:7c:82:33:72:be:0a:9f:57:f0:23:f9:37:57:8f:
         cf:36:b5:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvPNRDcZsjNYhqzPYxjEZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlYzA0MzRhNWMzY2YyMzc0Y2EzNjAzMzE5MjZhZTdkMjRh
YzM0NWIwHhcNMjQwMTAyMTAzNDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2EyZDQyMWVjZWFkN2VmMjc1ZjI3ODIwOGYxNjE0ZWM2ZTdhNDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNSOX6e2NQhrrxM/YYYJIYAM1FhZ
C7NVDmb3VTBItvW5V4BhRjNvfvM0ARN5AudqIn9uzJF7buMm2Hi9v6oW7pJkykl5
Ar+oFJa1RjJhmo9gMpIHAQ+m14mhQRM9RdBEEGnH7wHuMDEQpi1BBm71jdkMbP+5
NPusCm8yuG4mf/0q4lC+CLbwl2r39KlT+9/VnBi19TWnkVzRUk5DOuUxXXGQS3RN
5LTFWva7LZBPtdt6ILnczR+ZJKUA3B2zXw5znxmnUBe4lKymOFoZDQ/ZQ0SQhqW7
eTuktCJxTcu7eUB9B1MO7C0HzM9MDEv6uVXokDpS+laL050jRsrdhYCWuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPOi1CHs6tfvJ18nggjxYU7G56ROMB8GA1UdIwQY
MBaAFB7AQ0pcPPI3TKNgMxkmrn0krDRbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHNCRFNsdzg4amRNbzJBekdTYXVmU1NzTkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC85YzU0MDQtNWVhNC00Nzc2LThjZWMt
YWVkYmJmNDY4MDI4LzEvODZMVUllenExLThuWHllQ0NQRmhUc2JucEU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC85YzU0MDQtNWVhNC00Nzc2LThjZWMtYWVkYmJmNDY4MDI4
LzEvSHNCRFNsdzg4amRNbzJBekdTYXVmU1NzTkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuckUMA0G
CSqGSIb3DQEBCwUAA4IBAQDHLL6OIF2h3wXhh1pk7RpBL3Vn4SSElMcmIDuptYOY
1Bd0xvmeGrykIZgz+GOxuptFvFs+j+Xz3eBVi6YSpam4Lz1cbY0Ii+QCneuRTUwo
D9+C2wsyM14K4sDRNsl+0uWkqHtVlQBgfrI3oB7Je7Qs8kD+js1ZEg3CI/KYu5TM
wOhWHCkxk34nF4rxbzQFbTztzdibR+LiKWtr7yLxZjyJ0ePecP5t5Qwg4V+XSaw1
FnLkt8MvSgtQKnc7c7fNb5b3Q5rh5zTK5+80cLLNva8HnRX+/MYUScRJvyB3UEn7
OSC3Pc449iZfA+KlyX4afIIzcr4Kn1fwI/k3V4/PNrWo
-----END CERTIFICATE-----