Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/7b1ef8-a377-4e59-a55c-19b2fbeaea4c/1/PWuHhI8U0wLjSt_CDv6_vJG9-J8.roa
File:                     PWuHhI8U0wLjSt_CDv6_vJG9-J8.roa (raw, json)
Hash identifier:          c7jxg6zz70qyyZD6Md+cttiL4ARO0F1bpyUSJkVJ0pw=
Subject key identifier:   3D:6B:87:84:8F:14:D3:02:E3:4A:DF:C2:0E:FE:BF:BC:91:BD:F8:9F
Certificate issuer:       /CN=283dc03f2c2e73903a503e77accf7d3c752be971
Certificate serial:       018CC26D58A2C00D1C83AF0D26A036D1984E
Authority key identifier: 28:3D:C0:3F:2C:2E:73:90:3A:50:3E:77:AC:CF:7D:3C:75:2B:E9:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KD3APywuc5A6UD53rM99PHUr6XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/7b1ef8-a377-4e59-a55c-19b2fbeaea4c/1/PWuHhI8U0wLjSt_CDv6_vJG9-J8.roa
Signing time:             Mon 01 Jan 2024 00:29:55 +0000
ROA not before:           Mon 01 Jan 2024 00:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30742
IP address blocks:        193.176.72.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/7b1ef8-a377-4e59-a55c-19b2fbeaea4c/1/KD3APywuc5A6UD53rM99PHUr6XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/7b1ef8-a377-4e59-a55c-19b2fbeaea4c/1/KD3APywuc5A6UD53rM99PHUr6XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KD3APywuc5A6UD53rM99PHUr6XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:58:a2:c0:0d:1c:83:af:0d:26:a0:36:d1:98:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=283dc03f2c2e73903a503e77accf7d3c752be971
        Validity
            Not Before: Jan  1 00:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d6b87848f14d302e34adfc20efebfbc91bdf89f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b8:81:b0:02:2d:ec:e2:9d:48:d8:16:74:f4:
                    04:f4:12:2e:b3:8a:e0:bd:22:b6:46:c4:a1:4d:dc:
                    5e:ae:60:a8:48:a0:ff:70:d8:79:98:e8:ed:be:c4:
                    86:06:97:27:22:45:45:56:71:b3:ce:07:54:34:5f:
                    f3:82:b9:49:67:82:8e:d6:60:d3:59:73:8a:24:f4:
                    7f:61:85:4a:20:93:42:e0:cb:85:a4:79:a5:a6:56:
                    ed:0d:dd:74:2d:60:e9:b2:d7:13:73:1c:c3:84:8a:
                    fa:0f:12:3b:f8:1a:7d:0b:a0:e7:31:f8:b2:45:b2:
                    86:ab:4d:46:67:e2:ac:94:93:bc:b3:7b:db:05:e8:
                    ea:40:a3:22:08:c9:ab:22:75:50:37:84:e7:b3:a5:
                    e2:0c:28:df:58:74:08:38:8e:49:27:8a:44:6c:5d:
                    79:23:2e:c2:f2:63:14:07:60:44:20:34:b4:71:37:
                    b7:14:e7:d2:ef:b1:b3:10:cb:91:98:5a:84:53:20:
                    07:05:f4:05:b8:d6:86:d5:f4:34:ed:35:c2:a2:64:
                    0e:da:fd:73:34:18:75:77:bd:e9:24:eb:9e:d6:13:
                    cf:b3:6e:0f:fb:2d:6e:47:98:e5:13:7f:31:bf:05:
                    cc:b0:ce:7c:07:d0:8f:bf:82:87:81:e8:ce:7f:b0:
                    58:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:6B:87:84:8F:14:D3:02:E3:4A:DF:C2:0E:FE:BF:BC:91:BD:F8:9F
            X509v3 Authority Key Identifier:
                keyid:28:3D:C0:3F:2C:2E:73:90:3A:50:3E:77:AC:CF:7D:3C:75:2B:E9:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KD3APywuc5A6UD53rM99PHUr6XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/7b1ef8-a377-4e59-a55c-19b2fbeaea4c/1/PWuHhI8U0wLjSt_CDv6_vJG9-J8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/7b1ef8-a377-4e59-a55c-19b2fbeaea4c/1/KD3APywuc5A6UD53rM99PHUr6XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b8:43:0a:e4:8b:0a:2c:92:0e:9b:f7:15:dd:b8:bd:b3:2c:1d:
         14:cd:e7:84:71:22:e8:03:53:ff:39:af:69:b2:71:25:70:3c:
         24:ad:2f:0e:3c:20:30:f7:1e:dd:27:c8:e6:70:d8:40:08:51:
         a4:62:25:a3:5f:99:0b:21:d0:a2:61:ce:c8:92:b8:e9:b1:fc:
         f4:c0:61:d2:5b:6f:10:dc:a4:6e:18:22:1d:3d:66:f3:53:73:
         ca:12:36:1e:4f:58:25:ba:07:bd:3d:bf:fc:2d:fd:dc:c7:6c:
         8b:f3:d5:01:55:2a:c9:ee:a3:40:36:63:87:0e:ad:89:30:ef:
         5e:96:25:e1:0d:e0:0d:df:25:4f:41:f7:2d:21:02:9c:e7:2e:
         90:4d:43:96:9d:54:bf:18:06:f6:a1:6a:42:eb:50:17:77:6b:
         f8:35:db:55:0d:bc:22:3d:32:b4:25:07:1c:07:15:55:8c:8d:
         5f:8f:df:a4:68:66:a1:25:25:92:5e:6c:ab:5b:a7:e0:94:21:
         ba:39:46:7f:bb:08:78:57:3d:08:44:66:8a:d8:be:ab:e4:da:
         29:ca:bd:78:5a:23:61:53:2a:b8:20:dc:8f:20:c9:a2:6c:cb:
         8d:2e:59:24:e6:04:bf:da:4e:2e:02:a0:ff:b8:84:9b:8c:8b:
         19:38:b0:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbViiwA0cg68NJqA20ZhOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4M2RjMDNmMmMyZTczOTAzYTUwM2U3N2FjY2Y3ZDNjNzUy
YmU5NzEwHhcNMjQwMTAxMDAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDZiODc4NDhmMTRkMzAyZTM0YWRmYzIwZWZlYmZiYzkxYmRmODlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLiBsAIt7OKdSNgWdPQE9BIus4rg
vSK2RsShTdxermCoSKD/cNh5mOjtvsSGBpcnIkVFVnGzzgdUNF/zgrlJZ4KO1mDT
WXOKJPR/YYVKIJNC4MuFpHmlplbtDd10LWDpstcTcxzDhIr6DxI7+Bp9C6DnMfiy
RbKGq01GZ+KslJO8s3vbBejqQKMiCMmrInVQN4Tns6XiDCjfWHQIOI5JJ4pEbF15
Iy7C8mMUB2BEIDS0cTe3FOfS77GzEMuRmFqEUyAHBfQFuNaG1fQ07TXComQO2v1z
NBh1d73pJOue1hPPs24P+y1uR5jlE38xvwXMsM58B9CPv4KHgejOf7BYAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD1rh4SPFNMC40rfwg7+v7yRvfifMB8GA1UdIwQY
MBaAFCg9wD8sLnOQOlA+d6zPfTx1K+lxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0QzQVB5d3VjNUE2VUQ1M3JNOTlQSFVyNlhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC83YjFlZjgtYTM3Ny00ZTU5LWE1NWMt
MTliMmZiZWFlYTRjLzEvUFd1SGhJOFUwd0xqU3RfQ0R2Nl92Skc5LUo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC83YjFlZjgtYTM3Ny00ZTU5LWE1NWMtMTliMmZiZWFlYTRj
LzEvS0QzQVB5d3VjNUE2VUQ1M3JNOTlQSFVyNlhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwbBIMA0G
CSqGSIb3DQEBCwUAA4IBAQC4Qwrkiwoskg6b9xXduL2zLB0UzeeEcSLoA1P/Oa9p
snElcDwkrS8OPCAw9x7dJ8jmcNhACFGkYiWjX5kLIdCiYc7Ikrjpsfz0wGHSW28Q
3KRuGCIdPWbzU3PKEjYeT1gluge9Pb/8Lf3cx2yL89UBVSrJ7qNANmOHDq2JMO9e
liXhDeAN3yVPQfctIQKc5y6QTUOWnVS/GAb2oWpC61AXd2v4NdtVDbwiPTK0JQcc
BxVVjI1fj9+kaGahJSWSXmyrW6fglCG6OUZ/uwh4Vz0IRGaK2L6r5Nopyr14WiNh
Uyq4INyPIMmibMuNLlkk5gS/2k4uAqD/uISbjIsZOLCs
-----END CERTIFICATE-----