Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/oeTJ3nFP1pl-DJqrZ88EOyluiWM.roa
File:                     oeTJ3nFP1pl-DJqrZ88EOyluiWM.roa (raw, json)
Hash identifier:          eAqlOR2aFiDAsqHAK8XT2LgEkR7uGHnkJ/oR1k0nYTs=
Subject key identifier:   A1:E4:C9:DE:71:4F:D6:99:7E:0C:9A:AB:67:CF:04:3B:29:6E:89:63
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E16AAF89B6D702E04193830052808
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/oeTJ3nFP1pl-DJqrZ88EOyluiWM.roa
Signing time:             Mon 01 Jan 2024 14:29:35 +0000
ROA not before:           Mon 01 Jan 2024 14:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204629
IP address blocks:        185.244.228.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:16:aa:f8:9b:6d:70:2e:04:19:38:30:05:28:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1e4c9de714fd6997e0c9aab67cf043b296e8963
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:56:3c:9c:a6:56:ac:1f:5a:96:cb:be:e3:b3:
                    40:55:37:2d:31:16:50:29:ae:2d:dc:7d:90:b2:ad:
                    df:b6:7b:fa:ac:93:87:f7:f9:6b:fd:57:55:fe:80:
                    1d:df:d6:af:64:d0:2d:1b:47:5a:79:69:3d:fa:18:
                    b4:da:e3:f1:64:bb:d2:3f:ae:dd:a3:4b:a4:43:bc:
                    97:3f:e9:02:e4:78:86:1d:86:26:7d:b2:03:5f:72:
                    cd:0e:4f:07:47:3a:3e:30:82:d5:f0:e8:df:53:7f:
                    c6:e0:a0:aa:53:ee:76:7a:76:9b:08:f4:86:19:f7:
                    fa:6b:48:6a:53:25:ce:31:cf:44:df:57:9d:2e:78:
                    71:bf:e5:41:d9:fa:8f:21:5f:37:89:22:54:bc:60:
                    0d:e3:57:64:d1:e0:92:0f:9a:45:df:64:04:df:27:
                    1a:f3:b2:2c:fe:71:04:a8:03:67:d7:08:46:0c:55:
                    d3:a7:1c:17:d8:a9:83:f9:0f:3a:23:a2:b4:d6:9b:
                    ac:81:7c:f2:7c:3b:9a:1c:74:5c:0e:23:ed:59:24:
                    ee:13:2c:7a:ed:ce:9d:1e:42:1d:a7:38:2d:37:9e:
                    2f:ad:34:99:79:1b:b3:e7:4a:49:84:b1:73:0c:2a:
                    cd:b5:df:f0:57:90:c3:b6:06:d5:66:85:58:75:bb:
                    d7:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:E4:C9:DE:71:4F:D6:99:7E:0C:9A:AB:67:CF:04:3B:29:6E:89:63
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/oeTJ3nFP1pl-DJqrZ88EOyluiWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a5:3b:e7:7b:37:64:49:15:7f:ef:95:24:0b:e3:ad:ae:13:fa:
         1c:f3:d8:3d:d1:58:ab:47:a7:5a:0c:56:97:54:15:f0:ae:f7:
         59:6c:97:d1:f7:6c:a1:c5:e2:d7:c1:20:e9:78:b4:63:22:64:
         0a:6d:c9:c3:d1:d5:fb:02:7c:5e:6d:8e:ed:e8:76:f6:d8:4d:
         1c:1d:23:02:e1:b8:88:f5:f3:c8:a5:09:17:ca:9b:1d:b8:88:
         8a:c1:10:8e:3e:77:46:46:f6:04:6a:df:23:0a:35:9d:65:ef:
         79:d6:37:94:aa:d2:fa:b0:f9:c0:17:b5:05:8e:9d:8d:d2:dc:
         9e:de:77:29:f9:f0:a4:ae:89:f0:c7:b4:5f:7f:57:a1:c2:32:
         2e:a6:cb:72:6d:56:67:d0:6f:f4:5a:25:f3:ca:57:52:b9:11:
         b5:8c:9c:c0:92:12:e3:79:cf:3e:e4:60:a3:fb:04:d9:5c:fe:
         65:e5:f1:60:bd:8c:31:d9:18:79:b5:f1:72:d3:17:ce:21:5e:
         2b:03:79:19:ed:41:ef:10:8a:6b:9d:96:a1:e2:48:d5:8c:eb:
         66:a8:53:29:fb:cb:66:d8:2c:ff:92:ef:17:0e:cc:40:d6:e3:
         22:01:54:12:ff:7e:3c:3d:8a:05:77:13:45:9a:b9:ef:cc:c9:
         c9:7e:7f:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhaq+JttcC4EGTgwBSgIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWU0YzlkZTcxNGZkNjk5N2UwYzlhYWI2N2NmMDQzYjI5NmU4OTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylY8nKZWrB9alsu+47NAVTctMRZQ
Ka4t3H2Qsq3ftnv6rJOH9/lr/VdV/oAd39avZNAtG0daeWk9+hi02uPxZLvSP67d
o0ukQ7yXP+kC5HiGHYYmfbIDX3LNDk8HRzo+MILV8OjfU3/G4KCqU+52enabCPSG
Gff6a0hqUyXOMc9E31edLnhxv+VB2fqPIV83iSJUvGAN41dk0eCSD5pF32QE3yca
87Is/nEEqANn1whGDFXTpxwX2KmD+Q86I6K01pusgXzyfDuaHHRcDiPtWSTuEyx6
7c6dHkIdpzgtN54vrTSZeRuz50pJhLFzDCrNtd/wV5DDtgbVZoVYdbvXpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKHkyd5xT9aZfgyaq2fPBDspboljMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvb2VUSjNuRlAxcGwtREpxclo4OEVPeWx1aVdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufTkMA0G
CSqGSIb3DQEBCwUAA4IBAQClO+d7N2RJFX/vlSQL462uE/oc89g90VirR6daDFaX
VBXwrvdZbJfR92yhxeLXwSDpeLRjImQKbcnD0dX7AnxebY7t6Hb22E0cHSMC4biI
9fPIpQkXypsduIiKwRCOPndGRvYEat8jCjWdZe951jeUqtL6sPnAF7UFjp2N0tye
3ncp+fCkronwx7Rff1ehwjIupstybVZn0G/0WiXzyldSuRG1jJzAkhLjec8+5GCj
+wTZXP5l5fFgvYwx2Rh5tfFy0xfOIV4rA3kZ7UHvEIprnZah4kjVjOtmqFMp+8tm
2Cz/ku8XDsxA1uMiAVQS/348PYoFdxNFmrnvzMnJfn8l
-----END CERTIFICATE-----