Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/248133-8670-4167-a195-6e2f588c0c7e/1/3Y2eSPGmV3nU_WH49YZuXTi-1VU.roa
File:                     3Y2eSPGmV3nU_WH49YZuXTi-1VU.roa (raw, json)
Hash identifier:          eFuGtFGhwCy4ROyBhjwb+6SY5H5sxfCKnOTm8jjxYIs=
Subject key identifier:   DD:8D:9E:48:F1:A6:57:79:D4:FD:61:F8:F5:86:6E:5D:38:BE:D5:55
Certificate issuer:       /CN=e47efc9cc3d9c4bd29a2bbc15551f82f25cf11ba
Certificate serial:       018CC348A3516749C7DA0709D64026EA2965
Authority key identifier: E4:7E:FC:9C:C3:D9:C4:BD:29:A2:BB:C1:55:51:F8:2F:25:CF:11:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5H78nMPZxL0porvBVVH4LyXPEbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/248133-8670-4167-a195-6e2f588c0c7e/1/3Y2eSPGmV3nU_WH49YZuXTi-1VU.roa
Signing time:             Mon 01 Jan 2024 04:29:26 +0000
ROA not before:           Mon 01 Jan 2024 04:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31543
IP address blocks:        185.236.188.0/22 maxlen: 24
                          2a0d:c900::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/248133-8670-4167-a195-6e2f588c0c7e/1/5H78nMPZxL0porvBVVH4LyXPEbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/248133-8670-4167-a195-6e2f588c0c7e/1/5H78nMPZxL0porvBVVH4LyXPEbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5H78nMPZxL0porvBVVH4LyXPEbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a3:51:67:49:c7:da:07:09:d6:40:26:ea:29:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e47efc9cc3d9c4bd29a2bbc15551f82f25cf11ba
        Validity
            Not Before: Jan  1 04:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd8d9e48f1a65779d4fd61f8f5866e5d38bed555
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:91:5b:4d:4e:66:6e:14:ba:bb:cf:d9:7d:12:
                    f1:a3:d9:ef:19:53:db:d9:b3:17:22:26:c6:84:28:
                    70:37:04:02:b9:4b:8e:d3:cc:a5:ae:6b:34:08:51:
                    00:47:93:18:1a:21:c9:e3:8a:c7:71:d7:15:21:4b:
                    79:14:12:3a:7c:b5:ce:24:79:00:08:f8:29:97:e6:
                    6b:25:9e:5f:99:9b:9d:77:77:74:b6:63:f3:b8:4b:
                    85:ba:ac:97:b6:d4:63:dd:81:57:a5:3d:54:8a:67:
                    ae:56:9a:86:80:37:d0:1c:9d:c2:31:ef:b6:06:50:
                    f9:5b:29:35:26:d5:d6:21:20:a8:fc:bf:ef:06:5b:
                    2d:20:b1:fd:23:7a:8c:39:55:41:7a:9f:91:a8:73:
                    b0:ad:1b:1a:46:bb:65:01:79:ab:68:a3:99:99:09:
                    68:1b:2a:64:87:33:f0:4d:07:9e:35:70:8d:36:f0:
                    f4:29:0c:f6:0d:32:65:99:8f:c7:cd:dc:68:c5:e9:
                    c0:0b:78:a0:25:c3:69:86:df:33:0f:d7:5a:be:91:
                    5d:e5:d5:b9:27:e5:1c:87:2e:83:cd:b1:dd:59:2b:
                    dd:7a:c2:16:98:9d:4d:d7:f8:d9:2d:95:89:49:71:
                    55:6a:38:ef:5e:8f:6a:a9:7d:b7:75:15:32:07:51:
                    83:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:8D:9E:48:F1:A6:57:79:D4:FD:61:F8:F5:86:6E:5D:38:BE:D5:55
            X509v3 Authority Key Identifier:
                keyid:E4:7E:FC:9C:C3:D9:C4:BD:29:A2:BB:C1:55:51:F8:2F:25:CF:11:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5H78nMPZxL0porvBVVH4LyXPEbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/248133-8670-4167-a195-6e2f588c0c7e/1/3Y2eSPGmV3nU_WH49YZuXTi-1VU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/248133-8670-4167-a195-6e2f588c0c7e/1/5H78nMPZxL0porvBVVH4LyXPEbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.188.0/22
                IPv6:
                  2a0d:c900::/29

    Signature Algorithm: sha256WithRSAEncryption
         5f:bc:52:a5:71:ce:4e:91:73:12:73:34:cd:27:45:01:4d:a7:
         77:47:d6:36:c8:e5:0b:e9:90:f9:81:a8:18:e2:43:ce:bd:b2:
         86:2f:83:64:8e:4b:f7:f5:4a:af:e6:96:34:f7:e1:d9:8a:ad:
         04:b2:40:87:2e:b0:5c:e0:0d:e3:f3:e1:fe:f8:fd:bd:bd:64:
         47:f3:0b:2d:a4:75:cf:88:72:72:a8:c3:8c:27:79:73:a8:98:
         f6:6b:5a:06:00:d0:28:d8:9b:7a:b8:74:1f:84:3a:42:13:7d:
         4d:e3:49:0d:ac:06:8c:58:b5:45:54:e6:3f:6c:a2:ca:99:14:
         1a:66:ea:76:64:47:6a:10:e4:51:38:6b:fb:f7:b8:6a:55:14:
         53:c0:98:d2:d9:97:3e:73:75:a7:b6:10:03:2a:1f:d2:6b:1f:
         6a:c3:d8:82:b1:7f:45:b9:ab:41:f7:6b:e1:91:34:5f:58:c2:
         d7:b1:d9:32:06:47:a8:fb:76:e1:48:d9:ef:a8:cf:63:e0:93:
         a1:98:d4:9b:ef:f4:c6:d0:29:9f:2f:16:b3:8a:02:ce:73:d8:
         a5:d8:4d:4c:d8:fc:ab:0c:77:d6:32:7a:ca:af:b1:bc:c0:c3:
         3b:88:10:52:a5:f5:0d:cf:25:b5:54:aa:f9:6d:37:8d:a2:f0:
         86:da:f3:12
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSKNRZ0nH2gcJ1kAm6illMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0N2VmYzljYzNkOWM0YmQyOWEyYmJjMTU1NTFmODJmMjVj
ZjExYmEwHhcNMjQwMTAxMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDhkOWU0OGYxYTY1Nzc5ZDRmZDYxZjhmNTg2NmU1ZDM4YmVkNTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJFbTU5mbhS6u8/ZfRLxo9nvGVPb
2bMXIibGhChwNwQCuUuO08ylrms0CFEAR5MYGiHJ44rHcdcVIUt5FBI6fLXOJHkA
CPgpl+ZrJZ5fmZudd3d0tmPzuEuFuqyXttRj3YFXpT1UimeuVpqGgDfQHJ3CMe+2
BlD5Wyk1JtXWISCo/L/vBlstILH9I3qMOVVBep+RqHOwrRsaRrtlAXmraKOZmQlo
GypkhzPwTQeeNXCNNvD0KQz2DTJlmY/HzdxoxenAC3igJcNpht8zD9davpFd5dW5
J+Uchy6DzbHdWSvdesIWmJ1N1/jZLZWJSXFVajjvXo9qqX23dRUyB1GDswIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFN2Nnkjxpld51P1h+PWGbl04vtVVMB8GA1UdIwQY
MBaAFOR+/JzD2cS9KaK7wVVR+C8lzxG6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUg3OG5NUFp4TDBwb3J2QlZWSDRMeVhQRWJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8yNDgxMzMtODY3MC00MTY3LWExOTUt
NmUyZjU4OGMwYzdlLzEvM1kyZVNQR21WM25VX1dINDlZWnVYVGktMVZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8yNDgxMzMtODY3MC00MTY3LWExOTUtNmUyZjU4OGMwYzdl
LzEvNUg3OG5NUFp4TDBwb3J2QlZWSDRMeVhQRWJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuey8MA0E
AgACMAcDBQMqDckAMA0GCSqGSIb3DQEBCwUAA4IBAQBfvFKlcc5OkXMSczTNJ0UB
Tad3R9Y2yOUL6ZD5gagY4kPOvbKGL4Nkjkv39Uqv5pY09+HZiq0EskCHLrBc4A3j
8+H++P29vWRH8wstpHXPiHJyqMOMJ3lzqJj2a1oGANAo2Jt6uHQfhDpCE31N40kN
rAaMWLVFVOY/bKLKmRQaZup2ZEdqEORROGv797hqVRRTwJjS2Zc+c3WnthADKh/S
ax9qw9iCsX9FuatB92vhkTRfWMLXsdkyBkeo+3bhSNnvqM9j4JOhmNSb7/TG0Cmf
LxazigLOc9il2E1M2PyrDHfWMnrKr7G8wMM7iBBSpfUNzyW1VKr5bTeNovCG2vMS
-----END CERTIFICATE-----