Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/645f6a-2653-4d31-bb4e-1f87976137a0/1/POCPcQKlbvz6Olki1Rq-pqBbFl0.roa
File:                     POCPcQKlbvz6Olki1Rq-pqBbFl0.roa (raw, json)
Hash identifier:          EaXaIFRgz99d/D/2ZSZZvabzmKQmdpVsqHiz7De2coQ=
Subject key identifier:   3C:E0:8F:71:02:A5:6E:FC:FA:3A:59:22:D5:1A:BE:A6:A0:5B:16:5D
Certificate issuer:       /CN=b4089f84483057ac364647c80a1b23c976b93016
Certificate serial:       018CC56E3C3998F2B82A3E663E5A7C9EA1A1
Authority key identifier: B4:08:9F:84:48:30:57:AC:36:46:47:C8:0A:1B:23:C9:76:B9:30:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tAifhEgwV6w2RkfIChsjyXa5MBY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/645f6a-2653-4d31-bb4e-1f87976137a0/1/POCPcQKlbvz6Olki1Rq-pqBbFl0.roa
Signing time:             Mon 01 Jan 2024 14:29:45 +0000
ROA not before:           Mon 01 Jan 2024 14:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20582
IP address blocks:        185.113.20.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/645f6a-2653-4d31-bb4e-1f87976137a0/1/tAifhEgwV6w2RkfIChsjyXa5MBY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/645f6a-2653-4d31-bb4e-1f87976137a0/1/tAifhEgwV6w2RkfIChsjyXa5MBY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tAifhEgwV6w2RkfIChsjyXa5MBY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:3c:39:98:f2:b8:2a:3e:66:3e:5a:7c:9e:a1:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4089f84483057ac364647c80a1b23c976b93016
        Validity
            Not Before: Jan  1 14:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ce08f7102a56efcfa3a5922d51abea6a05b165d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f5:c5:e5:0a:59:f0:74:93:2a:e2:57:87:6e:
                    ae:01:9b:ff:a4:cb:81:1c:69:29:ea:97:48:85:ed:
                    b3:7b:a4:53:a0:f6:c9:98:6b:6d:51:57:ae:10:f7:
                    eb:cc:60:75:9d:e8:59:09:e3:28:b0:10:a4:01:c8:
                    3b:2d:70:73:09:df:60:a9:57:50:c0:c1:f0:cb:51:
                    72:45:ae:91:9d:25:09:36:29:f4:19:70:55:d4:f6:
                    77:31:89:65:f3:14:0f:6c:17:1c:14:fd:73:25:72:
                    49:99:ee:ce:05:f4:b5:97:60:49:27:17:7a:d6:49:
                    03:5c:83:c5:24:11:d3:e6:b0:be:f3:9c:aa:3e:91:
                    ae:77:af:c4:bd:72:ec:1f:a3:45:4c:c7:40:75:b2:
                    b4:2b:80:4a:3b:cd:47:a0:be:2c:4a:82:90:7a:80:
                    82:26:21:cb:bc:c2:7e:7c:ab:e9:da:5b:a8:20:9a:
                    bf:1f:8a:86:24:bc:f1:de:08:0f:02:6a:2c:bb:94:
                    a8:13:5c:dc:28:f1:16:12:d3:d9:46:7c:e5:99:31:
                    8d:82:cb:f5:74:48:e1:16:13:ce:e8:e0:c1:4f:8e:
                    7e:1b:f6:dd:7f:ed:f4:1c:98:da:62:00:9c:f9:56:
                    dc:4d:39:dd:1c:c9:c6:6d:2b:b9:5b:d3:4a:b1:9e:
                    6c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:E0:8F:71:02:A5:6E:FC:FA:3A:59:22:D5:1A:BE:A6:A0:5B:16:5D
            X509v3 Authority Key Identifier:
                keyid:B4:08:9F:84:48:30:57:AC:36:46:47:C8:0A:1B:23:C9:76:B9:30:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tAifhEgwV6w2RkfIChsjyXa5MBY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/645f6a-2653-4d31-bb4e-1f87976137a0/1/POCPcQKlbvz6Olki1Rq-pqBbFl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/645f6a-2653-4d31-bb4e-1f87976137a0/1/tAifhEgwV6w2RkfIChsjyXa5MBY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:7c:4a:85:33:bd:10:9b:38:be:c5:8f:2b:58:dd:c7:8e:73:
         c1:30:dc:d0:67:12:ca:48:a4:70:6f:af:b0:28:66:a9:b9:63:
         b4:34:5b:6a:ab:2d:f0:5a:b5:bf:7e:8a:a8:94:54:65:90:28:
         f2:36:1b:da:7c:31:51:c8:52:ac:7f:2f:65:bb:c6:3b:f4:93:
         4b:d4:cc:52:0b:48:81:51:b6:de:38:e3:95:3e:bd:03:30:91:
         16:05:a4:58:3c:1c:fb:4b:12:9d:b9:c0:a8:87:29:a0:d6:4c:
         2d:6c:1c:ee:31:de:1a:c9:a9:51:05:6c:3e:ad:bd:3e:5a:23:
         0b:b2:f8:49:eb:25:71:0f:1f:c2:b3:8f:6a:0a:49:7a:de:b2:
         e7:60:78:07:1f:ae:be:7f:d7:7d:a2:b0:34:85:d7:f2:b7:af:
         2d:7f:36:5a:eb:97:5e:1e:21:43:40:da:66:bb:6e:a8:2b:c4:
         f3:cf:3f:62:a2:51:75:77:87:74:6e:b1:18:59:bf:96:d1:20:
         48:cf:c9:62:85:79:6e:45:9f:d4:e2:24:53:e2:8f:92:fe:7d:
         90:b8:7c:41:01:f9:cf:95:de:95:3d:64:9b:49:03:f1:f0:45:
         65:6a:8a:01:03:2e:4d:c2:0b:29:15:a2:13:03:7f:3f:17:bc:
         92:89:e6:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbjw5mPK4Kj5mPlp8nqGhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MDg5Zjg0NDgzMDU3YWMzNjQ2NDdjODBhMWIyM2M5NzZi
OTMwMTYwHhcNMjQwMTAxMTQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2UwOGY3MTAyYTU2ZWZjZmEzYTU5MjJkNTFhYmVhNmEwNWIxNjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvXF5QpZ8HSTKuJXh26uAZv/pMuB
HGkp6pdIhe2ze6RToPbJmGttUVeuEPfrzGB1nehZCeMosBCkAcg7LXBzCd9gqVdQ
wMHwy1FyRa6RnSUJNin0GXBV1PZ3MYll8xQPbBccFP1zJXJJme7OBfS1l2BJJxd6
1kkDXIPFJBHT5rC+85yqPpGud6/EvXLsH6NFTMdAdbK0K4BKO81HoL4sSoKQeoCC
JiHLvMJ+fKvp2luoIJq/H4qGJLzx3ggPAmosu5SoE1zcKPEWEtPZRnzlmTGNgsv1
dEjhFhPO6ODBT45+G/bdf+30HJjaYgCc+VbcTTndHMnGbSu5W9NKsZ5sqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDzgj3ECpW78+jpZItUavqagWxZdMB8GA1UdIwQY
MBaAFLQIn4RIMFesNkZHyAobI8l2uTAWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEFpZmhFZ3dWNncyUmtmSUNoc2p5WGE1TUJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC82NDVmNmEtMjY1My00ZDMxLWJiNGUt
MWY4Nzk3NjEzN2EwLzEvUE9DUGNRS2xidno2T2xraTFScS1wcUJiRmwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC82NDVmNmEtMjY1My00ZDMxLWJiNGUtMWY4Nzk3NjEzN2Ew
LzEvdEFpZmhFZ3dWNncyUmtmSUNoc2p5WGE1TUJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXEUMA0G
CSqGSIb3DQEBCwUAA4IBAQBjfEqFM70Qmzi+xY8rWN3HjnPBMNzQZxLKSKRwb6+w
KGapuWO0NFtqqy3wWrW/foqolFRlkCjyNhvafDFRyFKsfy9lu8Y79JNL1MxSC0iB
UbbeOOOVPr0DMJEWBaRYPBz7SxKducCohymg1kwtbBzuMd4ayalRBWw+rb0+WiML
svhJ6yVxDx/Cs49qCkl63rLnYHgHH66+f9d9orA0hdfyt68tfzZa65deHiFDQNpm
u26oK8Tzzz9iolF1d4d0brEYWb+W0SBIz8lihXluRZ/U4iRT4o+S/n2QuHxBAfnP
ld6VPWSbSQPx8EVlaooBAy5NwgspFaITA38/F7ySieZl
-----END CERTIFICATE-----