Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/200fa4-4578-4ae8-9ffb-2ed269384a74/1/4k26lWDAfgnNxYc4-rAd1KanQQs.roa
File:                     4k26lWDAfgnNxYc4-rAd1KanQQs.roa (raw, json)
Hash identifier:          hV9aDzM3mt//sq7xeI5TZ7bcipt9IF3GoxbuyS31WXI=
Subject key identifier:   E2:4D:BA:95:60:C0:7E:09:CD:C5:87:38:FA:B0:1D:D4:A6:A7:41:0B
Certificate issuer:       /CN=80d72537cc54ac10b4abfacc72c1b754c171af8f
Certificate serial:       018E5364497BB74F8EE16542EC5079166DBF
Authority key identifier: 80:D7:25:37:CC:54:AC:10:B4:AB:FA:CC:72:C1:B7:54:C1:71:AF:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gNclN8xUrBC0q_rMcsG3VMFxr48.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/200fa4-4578-4ae8-9ffb-2ed269384a74/1/4k26lWDAfgnNxYc4-rAd1KanQQs.roa
Signing time:             Mon 18 Mar 2024 21:07:45 +0000
ROA not before:           Mon 18 Mar 2024 21:07:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13332
IP address blocks:        171.22.216.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/200fa4-4578-4ae8-9ffb-2ed269384a74/1/gNclN8xUrBC0q_rMcsG3VMFxr48.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/200fa4-4578-4ae8-9ffb-2ed269384a74/1/gNclN8xUrBC0q_rMcsG3VMFxr48.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gNclN8xUrBC0q_rMcsG3VMFxr48.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:53:64:49:7b:b7:4f:8e:e1:65:42:ec:50:79:16:6d:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80d72537cc54ac10b4abfacc72c1b754c171af8f
        Validity
            Not Before: Mar 18 21:07:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e24dba9560c07e09cdc58738fab01dd4a6a7410b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:45:2b:4d:87:08:ab:d4:a0:35:df:11:42:5d:
                    0d:77:a5:10:fb:3d:4e:15:1b:fe:b1:81:01:8b:3d:
                    87:02:4b:37:5e:cd:60:a5:36:39:5d:13:0a:1d:dc:
                    8a:48:e7:7f:21:9e:49:c1:00:71:6d:18:ab:34:13:
                    9f:06:16:13:ce:aa:cc:be:90:44:31:33:b8:76:61:
                    64:98:20:ed:97:ea:b9:81:ec:84:9e:de:c0:ae:31:
                    84:fb:e6:e3:a4:d9:7b:73:79:f6:e7:b1:4b:3a:60:
                    0c:7d:d8:03:d1:fd:ba:58:f3:63:4d:6e:42:d6:bf:
                    d7:6b:55:ec:35:be:a5:34:0f:3c:3a:7d:e2:ca:7f:
                    a1:a9:f5:fc:fe:4f:a1:57:e2:7b:09:d5:23:a0:81:
                    d1:b9:23:91:81:f0:7a:92:a6:33:ed:5a:4e:d5:6d:
                    11:de:e9:27:8e:dd:b0:94:ca:a9:60:4a:d6:b9:37:
                    a3:ef:ae:c8:93:88:5e:fa:9c:4f:58:1c:5a:37:d6:
                    48:79:37:b5:48:9a:8e:e3:2e:bf:04:63:a1:c1:fc:
                    f4:42:a8:25:b7:39:ca:b7:22:d4:5f:ff:38:51:bc:
                    18:d4:eb:4c:55:d7:dd:9c:28:09:00:af:56:84:c6:
                    c7:9d:8c:c8:89:a3:98:28:73:e2:9e:46:14:35:73:
                    4c:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:4D:BA:95:60:C0:7E:09:CD:C5:87:38:FA:B0:1D:D4:A6:A7:41:0B
            X509v3 Authority Key Identifier:
                keyid:80:D7:25:37:CC:54:AC:10:B4:AB:FA:CC:72:C1:B7:54:C1:71:AF:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gNclN8xUrBC0q_rMcsG3VMFxr48.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/200fa4-4578-4ae8-9ffb-2ed269384a74/1/4k26lWDAfgnNxYc4-rAd1KanQQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/200fa4-4578-4ae8-9ffb-2ed269384a74/1/gNclN8xUrBC0q_rMcsG3VMFxr48.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a7:2b:a1:54:b2:97:2b:7c:c4:fe:ef:19:3f:99:ec:93:87:af:
         1e:73:71:98:be:72:44:65:86:9b:d7:17:0d:38:8c:d1:15:7a:
         be:22:d6:ed:80:5e:e0:1a:8f:b5:76:1f:e3:c0:8d:f4:72:46:
         f9:4d:d6:c2:e4:19:77:f2:bf:fb:45:09:aa:4c:c4:b3:df:51:
         bf:6b:6c:bb:5f:08:a7:a3:e2:a2:f9:3c:90:20:c1:38:ab:f8:
         4e:34:a6:38:cb:eb:88:e9:74:ae:6d:7c:0c:7d:ad:c0:33:4c:
         49:6b:90:5c:c9:54:26:c9:3e:55:f1:58:cd:90:a0:0b:bd:8c:
         ea:ff:fe:98:63:5b:49:d2:58:af:b8:4b:15:73:5f:10:12:54:
         76:71:13:cc:60:d2:95:8f:b2:b1:83:39:ce:bb:ac:4f:79:40:
         57:81:9e:02:ce:fe:4e:f1:35:9b:d1:ee:2a:9c:f6:b1:eb:93:
         3a:96:e7:ee:67:53:5e:8c:79:be:1e:f1:7d:7d:74:af:1b:9d:
         c3:29:bb:8d:5a:47:05:93:8a:0d:2c:01:cf:72:81:e0:4f:a5:
         db:15:f3:29:9f:d3:22:df:e4:ba:08:4f:9c:c8:54:a0:0a:24:
         a0:4e:88:10:35:d1:2b:e8:84:e3:e4:44:32:36:17:66:e7:02:
         e2:24:ac:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5TZEl7t0+O4WVC7FB5Fm2/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwZDcyNTM3Y2M1NGFjMTBiNGFiZmFjYzcyYzFiNzU0YzE3
MWFmOGYwHhcNMjQwMzE4MjEwNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjRkYmE5NTYwYzA3ZTA5Y2RjNTg3MzhmYWIwMWRkNGE2YTc0MTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkUrTYcIq9SgNd8RQl0Nd6UQ+z1O
FRv+sYEBiz2HAks3Xs1gpTY5XRMKHdyKSOd/IZ5JwQBxbRirNBOfBhYTzqrMvpBE
MTO4dmFkmCDtl+q5geyEnt7ArjGE++bjpNl7c3n257FLOmAMfdgD0f26WPNjTW5C
1r/Xa1XsNb6lNA88On3iyn+hqfX8/k+hV+J7CdUjoIHRuSORgfB6kqYz7VpO1W0R
3uknjt2wlMqpYErWuTej767Ik4he+pxPWBxaN9ZIeTe1SJqO4y6/BGOhwfz0Qqgl
tznKtyLUX/84UbwY1OtMVdfdnCgJAK9WhMbHnYzIiaOYKHPinkYUNXNM+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOJNupVgwH4JzcWHOPqwHdSmp0ELMB8GA1UdIwQY
MBaAFIDXJTfMVKwQtKv6zHLBt1TBca+PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ05jbE44eFVyQkMwcV9yTWNzRzNWTUZ4cjQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8yMDBmYTQtNDU3OC00YWU4LTlmZmIt
MmVkMjY5Mzg0YTc0LzEvNGsyNmxXREFmZ25OeFljNC1yQWQxS2FuUVFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8yMDBmYTQtNDU3OC00YWU4LTlmZmItMmVkMjY5Mzg0YTc0
LzEvZ05jbE44eFVyQkMwcV9yTWNzRzNWTUZ4cjQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCqxbYMA0G
CSqGSIb3DQEBCwUAA4IBAQCnK6FUspcrfMT+7xk/meyTh68ec3GYvnJEZYab1xcN
OIzRFXq+ItbtgF7gGo+1dh/jwI30ckb5TdbC5Bl38r/7RQmqTMSz31G/a2y7Xwin
o+Ki+TyQIME4q/hONKY4y+uI6XSubXwMfa3AM0xJa5BcyVQmyT5V8VjNkKALvYzq
//6YY1tJ0livuEsVc18QElR2cRPMYNKVj7KxgznOu6xPeUBXgZ4Czv5O8TWb0e4q
nPax65M6lufuZ1NejHm+HvF9fXSvG53DKbuNWkcFk4oNLAHPcoHgT6XbFfMpn9Mi
3+S6CE+cyFSgCiSgTogQNdEr6ITj5EQyNhdm5wLiJKwi
-----END CERTIFICATE-----