Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/a2fe68-761d-4e6c-9dcd-594c1acd9daf/1/T5RTRdlsyKxw-dkPhgesI4422Sw.roa
File:                     T5RTRdlsyKxw-dkPhgesI4422Sw.roa (raw, json)
Hash identifier:          k10Z7HSk0cdZquKf1POAL7mEfa7RwaGHLLIUinifABU=
Subject key identifier:   4F:94:53:45:D9:6C:C8:AC:70:F9:D9:0F:86:07:AC:23:8E:36:D9:2C
Certificate issuer:       /CN=3fe5d9aa34786baa16d456bdf39ecafb5d9730f8
Certificate serial:       018CCA2BE45CCE5F058505C4BCB774E4667A
Authority key identifier: 3F:E5:D9:AA:34:78:6B:AA:16:D4:56:BD:F3:9E:CA:FB:5D:97:30:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-XZqjR4a6oW1Fa9857K-12XMPg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/a2fe68-761d-4e6c-9dcd-594c1acd9daf/1/T5RTRdlsyKxw-dkPhgesI4422Sw.roa
Signing time:             Tue 02 Jan 2024 12:35:23 +0000
ROA not before:           Tue 02 Jan 2024 12:35:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62064
IP address blocks:        185.47.32.0/22 maxlen: 24
                          188.213.8.0/21 maxlen: 24
                          188.209.112.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/a2fe68-761d-4e6c-9dcd-594c1acd9daf/1/P-XZqjR4a6oW1Fa9857K-12XMPg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/a2fe68-761d-4e6c-9dcd-594c1acd9daf/1/P-XZqjR4a6oW1Fa9857K-12XMPg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-XZqjR4a6oW1Fa9857K-12XMPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 04:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:e4:5c:ce:5f:05:85:05:c4:bc:b7:74:e4:66:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fe5d9aa34786baa16d456bdf39ecafb5d9730f8
        Validity
            Not Before: Jan  2 12:35:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f945345d96cc8ac70f9d90f8607ac238e36d92c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:95:33:1a:11:d0:6a:6a:09:93:d8:7a:c6:59:
                    c2:39:33:16:98:fb:7a:6d:44:57:f0:ec:78:a4:21:
                    a8:ac:3d:9f:ca:26:e6:f1:24:95:f3:62:3e:c5:13:
                    0a:98:56:57:27:71:0a:6d:5b:a9:0d:e9:7a:61:0e:
                    4a:dc:ab:2e:ec:ec:44:96:a8:7e:af:c9:c0:f8:1e:
                    c0:16:28:10:42:31:31:a2:4a:66:67:0c:ec:42:3d:
                    83:41:8a:de:74:70:1b:8f:9c:86:d8:ad:47:4f:3e:
                    19:cb:58:a1:94:f6:53:77:77:48:cd:d5:3c:09:80:
                    71:cd:15:08:50:fa:e7:a9:1c:d9:d5:81:a0:4f:bb:
                    22:de:1e:50:44:91:f1:03:8b:70:6d:09:f4:fc:45:
                    56:ec:2d:0a:e6:cf:d1:35:a3:2b:6f:7a:a8:2a:cc:
                    67:6e:60:af:9b:d1:7c:3b:47:59:2b:a7:65:bf:f0:
                    f6:64:c9:5c:12:dd:3b:29:07:dc:46:f6:d4:01:c2:
                    a6:6d:47:bf:56:28:d8:6e:ee:ed:b1:3e:31:46:67:
                    01:f0:0e:16:32:1b:06:02:42:25:5e:0f:98:03:83:
                    7e:48:75:ab:9c:9d:ea:df:0f:72:49:89:82:86:53:
                    d2:b7:a2:e8:55:8e:44:3c:f8:42:24:70:c5:7b:44:
                    0b:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:94:53:45:D9:6C:C8:AC:70:F9:D9:0F:86:07:AC:23:8E:36:D9:2C
            X509v3 Authority Key Identifier:
                keyid:3F:E5:D9:AA:34:78:6B:AA:16:D4:56:BD:F3:9E:CA:FB:5D:97:30:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-XZqjR4a6oW1Fa9857K-12XMPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/a2fe68-761d-4e6c-9dcd-594c1acd9daf/1/T5RTRdlsyKxw-dkPhgesI4422Sw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/a2fe68-761d-4e6c-9dcd-594c1acd9daf/1/P-XZqjR4a6oW1Fa9857K-12XMPg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.47.32.0/22
                  188.209.112.0/22
                  188.213.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6e:f1:c1:f2:d5:6f:a6:9c:b3:69:67:4b:97:61:15:b4:e8:5c:
         e0:6c:98:9a:d8:f4:25:c2:40:8c:1f:03:dd:06:b8:ba:2a:66:
         e1:c5:21:cf:6d:fe:cf:a0:c4:69:a6:b7:7b:16:43:3f:38:bf:
         20:27:e2:6d:18:f2:15:f1:02:37:5d:ac:65:6c:eb:6a:0c:41:
         e1:0d:ad:67:9d:f0:b6:05:80:e5:49:9c:e5:a2:b4:cd:fd:01:
         46:ef:09:17:ec:17:ef:2f:37:63:d0:28:6b:62:2b:1d:a9:d6:
         cd:97:27:5c:7a:f1:08:25:99:be:3e:75:73:c1:a9:27:95:e4:
         74:dd:59:b6:32:e9:6e:62:1a:cb:64:0a:12:3d:d4:63:02:fd:
         5e:8f:ec:d4:82:03:e4:ef:08:6f:6d:80:6b:8d:d8:9a:0e:15:
         ae:d3:90:0b:41:b0:7f:9d:52:bc:4e:3d:65:e0:01:8b:d5:a0:
         84:2b:d6:79:db:e1:61:7e:f8:d7:14:a2:6e:ad:5e:ce:8b:b4:
         a4:c2:f1:e6:f1:ff:29:a0:03:28:11:98:e8:a5:a5:65:f0:a5:
         04:c2:40:72:a6:dc:dc:9f:7a:15:77:b2:9a:ac:ff:eb:4c:e8:
         81:35:5b:e2:c6:f0:b1:41:30:de:91:aa:c4:19:1a:f0:dc:30:
         0b:e8:bc:27
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKK+Rczl8FhQXEvLd05GZ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZTVkOWFhMzQ3ODZiYWExNmQ0NTZiZGYzOWVjYWZiNWQ5
NzMwZjgwHhcNMjQwMTAyMTIzNTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Zjk0NTM0NWQ5NmNjOGFjNzBmOWQ5MGY4NjA3YWMyMzhlMzZkOTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5UzGhHQamoJk9h6xlnCOTMWmPt6
bURX8Ox4pCGorD2fyibm8SSV82I+xRMKmFZXJ3EKbVupDel6YQ5K3Ksu7OxElqh+
r8nA+B7AFigQQjExokpmZwzsQj2DQYredHAbj5yG2K1HTz4Zy1ihlPZTd3dIzdU8
CYBxzRUIUPrnqRzZ1YGgT7si3h5QRJHxA4twbQn0/EVW7C0K5s/RNaMrb3qoKsxn
bmCvm9F8O0dZK6dlv/D2ZMlcEt07KQfcRvbUAcKmbUe/VijYbu7tsT4xRmcB8A4W
MhsGAkIlXg+YA4N+SHWrnJ3q3w9ySYmChlPSt6LoVY5EPPhCJHDFe0QLcQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFE+UU0XZbMiscPnZD4YHrCOONtksMB8GA1UdIwQY
MBaAFD/l2ao0eGuqFtRWvfOeyvtdlzD4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUC1YWnFqUjRhNm9XMUZhOTg1N0stMTJYTVBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9hMmZlNjgtNzYxZC00ZTZjLTlkY2Qt
NTk0YzFhY2Q5ZGFmLzEvVDVSVFJkbHN5S3h3LWRrUGhnZXNJNDQyMlN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9hMmZlNjgtNzYxZC00ZTZjLTlkY2QtNTk0YzFhY2Q5ZGFm
LzEvUC1YWnFqUjRhNm9XMUZhOTg1N0stMTJYTVBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuS8gAwQC
vNFwAwQDvNUIMA0GCSqGSIb3DQEBCwUAA4IBAQBu8cHy1W+mnLNpZ0uXYRW06Fzg
bJia2PQlwkCMHwPdBri6KmbhxSHPbf7PoMRpprd7FkM/OL8gJ+JtGPIV8QI3Xaxl
bOtqDEHhDa1nnfC2BYDlSZzlorTN/QFG7wkX7BfvLzdj0ChrYisdqdbNlydcevEI
JZm+PnVzwaknleR03Vm2MuluYhrLZAoSPdRjAv1ej+zUggPk7whvbYBrjdiaDhWu
05ALQbB/nVK8Tj1l4AGL1aCEK9Z52+FhfvjXFKJurV7Oi7SkwvHm8f8poAMoEZjo
paVl8KUEwkByptzcn3oVd7KarP/rTOiBNVvixvCxQTDekarEGRrw3DAL6Lwn
-----END CERTIFICATE-----