Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/_BGpGzmDIm7YEve92BwjZ_sIyZA.roa
File:                     _BGpGzmDIm7YEve92BwjZ_sIyZA.roa (raw, json)
Hash identifier:          PE+GVyKpzzR5kCksI0o08q10NkHGpfOiIfsmFswX9+0=
Subject key identifier:   FC:11:A9:1B:39:83:22:6E:D8:12:F7:BD:D8:1C:23:67:FB:08:C9:90
Certificate issuer:       /CN=537f9bf84b69a09042432dae8377ee0ac8ff1c61
Certificate serial:       018CC8016E1BEE5D8CCE7D502BBD0ECBC11F
Authority key identifier: 53:7F:9B:F8:4B:69:A0:90:42:43:2D:AE:83:77:EE:0A:C8:FF:1C:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U3-b-EtpoJBCQy2ug3fuCsj_HGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/_BGpGzmDIm7YEve92BwjZ_sIyZA.roa
Signing time:             Tue 02 Jan 2024 02:29:46 +0000
ROA not before:           Tue 02 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.226.0/23 maxlen: 23
                          2001:67c:29f0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/U3-b-EtpoJBCQy2ug3fuCsj_HGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/U3-b-EtpoJBCQy2ug3fuCsj_HGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U3-b-EtpoJBCQy2ug3fuCsj_HGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6e:1b:ee:5d:8c:ce:7d:50:2b:bd:0e:cb:c1:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=537f9bf84b69a09042432dae8377ee0ac8ff1c61
        Validity
            Not Before: Jan  2 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc11a91b3983226ed812f7bdd81c2367fb08c990
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:16:a5:d4:84:c4:f9:e2:25:4b:03:82:2f:29:
                    14:2a:89:22:98:95:0f:ae:d7:62:21:ff:3d:ff:32:
                    8b:40:1b:5c:18:dc:31:f0:08:60:d4:29:5c:93:68:
                    c9:d5:3d:7d:10:51:34:50:e9:05:39:a5:38:44:34:
                    66:fd:b1:3c:5f:4c:e0:2b:e0:06:cb:b6:51:c0:3c:
                    03:f5:40:35:b4:6f:c4:d3:91:a3:e2:30:5a:d9:25:
                    4f:1a:8c:dd:54:6b:34:a2:89:2c:00:b4:a8:a6:a7:
                    9a:71:c0:0e:2f:36:84:b9:c7:af:15:c6:22:af:3f:
                    99:6c:ab:8b:25:0b:2f:74:07:18:f4:82:96:4d:df:
                    ec:7c:7c:ec:49:04:4f:48:68:9d:22:a6:c3:13:07:
                    7b:aa:07:e0:1c:1a:65:1e:c3:48:2c:ec:56:71:c6:
                    01:b4:77:7b:5d:37:30:33:6c:9b:4c:01:88:78:01:
                    9e:8c:e3:76:b2:dd:62:fd:32:0b:a8:33:6f:64:52:
                    68:8c:60:7e:ca:65:66:95:99:49:6a:c2:93:0e:05:
                    0c:fd:dc:9e:62:dd:31:43:f4:59:d3:14:65:b4:19:
                    47:24:20:d8:0e:db:40:23:03:a0:56:1e:0c:d3:74:
                    3a:69:fc:90:82:e8:d7:d8:1f:a0:92:12:b6:17:66:
                    67:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:11:A9:1B:39:83:22:6E:D8:12:F7:BD:D8:1C:23:67:FB:08:C9:90
            X509v3 Authority Key Identifier:
                keyid:53:7F:9B:F8:4B:69:A0:90:42:43:2D:AE:83:77:EE:0A:C8:FF:1C:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U3-b-EtpoJBCQy2ug3fuCsj_HGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/_BGpGzmDIm7YEve92BwjZ_sIyZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/U3-b-EtpoJBCQy2ug3fuCsj_HGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.226.0/23
                IPv6:
                  2001:67c:29f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:9e:9e:f6:bd:f6:65:5f:63:e1:3b:45:75:c6:f4:e5:7b:bd:
         01:c7:ec:60:32:b9:c1:2d:af:22:60:87:bb:7f:5e:e4:1b:e2:
         5f:f9:5c:55:3b:74:f3:6f:a6:4f:e3:74:30:e7:3f:48:23:03:
         a4:65:1e:71:c1:5b:03:f5:86:34:c0:af:8e:0b:31:0d:e8:0d:
         f6:d1:71:8f:89:c0:81:de:a4:db:05:0f:6b:77:a2:70:33:4f:
         b4:e2:2e:1b:7b:04:64:30:d2:d6:3a:b3:0f:af:ed:a6:9d:1e:
         80:18:4c:a5:98:0b:c9:96:31:f4:96:66:71:fc:88:e7:0c:54:
         ec:db:39:bc:fb:c9:5d:21:86:56:81:9c:42:ec:d9:95:82:fc:
         2d:b0:f6:9b:4c:ad:84:9c:82:ac:48:83:3d:d7:16:ff:0f:54:
         bb:9b:22:60:ce:9e:94:6c:61:e0:90:09:06:ae:3d:49:70:d8:
         5e:b2:2f:6e:0f:97:9d:6b:76:fb:9c:70:ad:6c:e9:4e:ec:ed:
         fa:32:50:b8:47:57:40:f3:8a:5e:db:3a:4e:84:1e:8c:f8:b6:
         22:2e:8b:f6:66:44:25:01:ab:86:ff:24:02:c6:94:3d:9c:b3:
         98:16:21:f6:a9:b2:b9:19:b7:4f:56:84:73:46:6b:c5:09:c6:
         95:42:ce:4e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAW4b7l2Mzn1QK70Oy8EfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzN2Y5YmY4NGI2OWEwOTA0MjQzMmRhZTgzNzdlZTBhYzhm
ZjFjNjEwHhcNMjQwMTAyMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzExYTkxYjM5ODMyMjZlZDgxMmY3YmRkODFjMjM2N2ZiMDhjOTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgxal1ITE+eIlSwOCLykUKokimJUP
rtdiIf89/zKLQBtcGNwx8Ahg1Clck2jJ1T19EFE0UOkFOaU4RDRm/bE8X0zgK+AG
y7ZRwDwD9UA1tG/E05Gj4jBa2SVPGozdVGs0ooksALSopqeaccAOLzaEucevFcYi
rz+ZbKuLJQsvdAcY9IKWTd/sfHzsSQRPSGidIqbDEwd7qgfgHBplHsNILOxWccYB
tHd7XTcwM2ybTAGIeAGejON2st1i/TILqDNvZFJojGB+ymVmlZlJasKTDgUM/dye
Yt0xQ/RZ0xRltBlHJCDYDttAIwOgVh4M03Q6afyQgujX2B+gkhK2F2ZnAQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPwRqRs5gyJu2BL3vdgcI2f7CMmQMB8GA1UdIwQY
MBaAFFN/m/hLaaCQQkMtroN37grI/xxhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTMtYi1FdHBvSkJDUXkydWczZnVDc2pfSEdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jYmM3NDYtNDE2Yi00ZGE5LTkyMjUt
ODkyZWM2ZmY0NzcxLzEvX0JHcEd6bURJbTdZRXZlOTJCd2paX3NJeVpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jYmM3NDYtNDE2Yi00ZGE5LTkyMjUtODkyZWM2ZmY0Nzcx
LzEvVTMtYi1FdHBvSkJDUXkydWczZnVDc2pfSEdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBuQHiMA8E
AgACMAkDBwAgAQZ8KfAwDQYJKoZIhvcNAQELBQADggEBAB+enva99mVfY+E7RXXG
9OV7vQHH7GAyucEtryJgh7t/XuQb4l/5XFU7dPNvpk/jdDDnP0gjA6RlHnHBWwP1
hjTAr44LMQ3oDfbRcY+JwIHepNsFD2t3onAzT7TiLht7BGQw0tY6sw+v7aadHoAY
TKWYC8mWMfSWZnH8iOcMVOzbObz7yV0hhlaBnELs2ZWC/C2w9ptMrYScgqxIgz3X
Fv8PVLubImDOnpRsYeCQCQauPUlw2F6yL24Pl51rdvuccK1s6U7s7foyULhHV0Dz
il7bOk6EHoz4tiIui/ZmRCUBq4b/JALGlD2cs5gWIfapsrkZt09WhHNGa8UJxpVC
zk4=
-----END CERTIFICATE-----