Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/K3fYuZe-Rotvl-utH6CHj9zXe4I.roa
File:                     K3fYuZe-Rotvl-utH6CHj9zXe4I.roa (raw, json)
Hash identifier:          /si00U4dxo6u1wIfEAIGTQ153yCOCk2DcwiPDv59F7A=
Subject key identifier:   2B:77:D8:B9:97:BE:46:8B:6F:97:EB:AD:1F:A0:87:8F:DC:D7:7B:82
Certificate issuer:       /CN=21e86ff9973c93abe6398f031966c29d75a3ba86
Certificate serial:       018CC7942191E849FD0CD3142BDA312D0B93
Authority key identifier: 21:E8:6F:F9:97:3C:93:AB:E6:39:8F:03:19:66:C2:9D:75:A3:BA:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/K3fYuZe-Rotvl-utH6CHj9zXe4I.roa
Signing time:             Tue 02 Jan 2024 00:30:23 +0000
ROA not before:           Tue 02 Jan 2024 00:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13443
IP address blocks:        144.2.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:21:91:e8:49:fd:0c:d3:14:2b:da:31:2d:0b:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21e86ff9973c93abe6398f031966c29d75a3ba86
        Validity
            Not Before: Jan  2 00:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b77d8b997be468b6f97ebad1fa0878fdcd77b82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:2e:fe:8d:b4:fa:8b:85:2c:c0:b8:c3:1f:cc:
                    c1:6e:66:5e:bb:b4:8b:0b:15:74:04:43:15:77:53:
                    4c:00:dd:1d:69:35:eb:83:51:ea:23:8b:5c:4d:50:
                    2b:df:6b:4f:b6:6a:bf:bc:3b:88:2d:cc:aa:9b:7e:
                    b6:13:c0:50:48:ab:67:1b:89:e5:74:0a:bd:29:09:
                    71:65:4e:25:31:31:64:6d:18:f1:f9:fa:85:ed:ef:
                    ef:18:08:df:20:67:8a:38:21:0a:a6:a6:d2:16:9e:
                    44:5f:c8:56:57:8c:93:4b:f9:1f:4b:0b:36:d3:ea:
                    21:19:f1:9b:9f:24:e4:7c:7d:f3:bf:13:40:4e:1e:
                    e0:fb:2e:3c:6f:b7:f9:32:35:0c:71:bb:9f:7b:bf:
                    1e:33:02:a8:a3:de:b8:8d:e3:03:e4:ad:ba:f9:f8:
                    af:7c:02:62:8e:a2:2d:46:4b:3a:97:3d:65:f4:30:
                    00:75:44:7b:8d:ff:56:fb:2d:70:e7:64:c6:f7:f5:
                    3b:ca:6b:c6:1e:c0:56:0b:d5:31:42:10:b7:72:1c:
                    66:24:0c:23:ad:58:0e:a1:21:f9:84:ff:ae:d5:b0:
                    e0:13:50:53:88:77:a0:81:68:53:14:e3:ea:87:bf:
                    ca:37:2e:2a:e2:ee:64:12:01:83:9c:cd:ab:41:d7:
                    33:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:77:D8:B9:97:BE:46:8B:6F:97:EB:AD:1F:A0:87:8F:DC:D7:7B:82
            X509v3 Authority Key Identifier:
                keyid:21:E8:6F:F9:97:3C:93:AB:E6:39:8F:03:19:66:C2:9D:75:A3:BA:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/K3fYuZe-Rotvl-utH6CHj9zXe4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.2.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:2d:4c:db:a6:46:f5:1f:bd:e8:c1:7e:62:27:85:19:3e:ee:
         de:61:52:8f:2c:ac:7a:f5:c2:b2:54:03:56:a8:e4:47:6a:dd:
         74:90:48:19:97:62:4f:ed:ea:ec:83:e3:63:2f:8a:8e:e1:ed:
         54:28:43:38:c4:49:69:b5:e5:53:1b:a2:e6:b4:87:86:8d:ef:
         b8:28:e2:24:ed:b1:88:3d:8c:1c:c3:63:4c:9f:87:b0:fc:0c:
         e4:d8:90:d4:51:13:d1:3c:6b:24:68:cd:b2:f9:50:32:95:78:
         f3:0e:86:e7:34:c2:7b:34:00:ec:99:1a:a8:0c:c5:89:bd:09:
         8b:20:9a:01:2a:ff:a3:92:41:e9:dc:19:0d:48:89:97:14:68:
         dd:55:8d:c5:57:0b:0f:96:e0:5d:89:18:c5:64:ea:9f:51:b2:
         ae:fa:34:77:fc:97:f8:d1:38:6c:8c:ba:8f:65:67:bb:44:3f:
         90:14:5c:3a:f4:a9:ae:ea:06:77:2d:fc:36:2b:a5:2e:dd:91:
         25:bf:cf:da:2e:29:b1:f6:a0:14:2b:e2:03:ce:bc:9c:82:0b:
         f5:62:89:9f:0a:b6:6e:e7:fe:b7:ab:15:d1:38:57:3e:11:f4:
         62:f3:58:fb:32:63:1a:fa:d2:40:0b:10:61:61:18:16:c8:b5:
         ed:14:20:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlCGR6En9DNMUK9oxLQuTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxZTg2ZmY5OTczYzkzYWJlNjM5OGYwMzE5NjZjMjlkNzVh
M2JhODYwHhcNMjQwMTAyMDAzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjc3ZDhiOTk3YmU0NjhiNmY5N2ViYWQxZmEwODc4ZmRjZDc3YjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApC7+jbT6i4UswLjDH8zBbmZeu7SL
CxV0BEMVd1NMAN0daTXrg1HqI4tcTVAr32tPtmq/vDuILcyqm362E8BQSKtnG4nl
dAq9KQlxZU4lMTFkbRjx+fqF7e/vGAjfIGeKOCEKpqbSFp5EX8hWV4yTS/kfSws2
0+ohGfGbnyTkfH3zvxNATh7g+y48b7f5MjUMcbufe78eMwKoo964jeMD5K26+fiv
fAJijqItRks6lz1l9DAAdUR7jf9W+y1w52TG9/U7ymvGHsBWC9UxQhC3chxmJAwj
rVgOoSH5hP+u1bDgE1BTiHeggWhTFOPqh7/KNy4q4u5kEgGDnM2rQdczIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCt32LmXvkaLb5frrR+gh4/c13uCMB8GA1UdIwQY
MBaAFCHob/mXPJOr5jmPAxlmwp11o7qGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWVodi1aYzhrNnZtT1k4REdXYkNuWFdqdW9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8yZjZkZDAtYjc2Zi00N2Q1LWE0YWIt
MzJmZWViNTY2ZWU2LzEvSzNmWXVaZS1Sb3R2bC11dEg2Q0hqOXpYZTRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8yZjZkZDAtYjc2Zi00N2Q1LWE0YWItMzJmZWViNTY2ZWU2
LzEvSWVodi1aYzhrNnZtT1k4REdXYkNuWFdqdW9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkAIWMA0G
CSqGSIb3DQEBCwUAA4IBAQAwLUzbpkb1H73owX5iJ4UZPu7eYVKPLKx69cKyVANW
qORHat10kEgZl2JP7ersg+NjL4qO4e1UKEM4xElpteVTG6LmtIeGje+4KOIk7bGI
PYwcw2NMn4ew/Azk2JDUURPRPGskaM2y+VAylXjzDobnNMJ7NADsmRqoDMWJvQmL
IJoBKv+jkkHp3BkNSImXFGjdVY3FVwsPluBdiRjFZOqfUbKu+jR3/Jf40ThsjLqP
ZWe7RD+QFFw69Kmu6gZ3Lfw2K6Uu3ZElv8/aLimx9qAUK+IDzrycggv1YomfCrZu
5/63qxXROFc+EfRi81j7MmMa+tJACxBhYRgWyLXtFCBM
-----END CERTIFICATE-----