Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/qnVgEL7Rwmm3pW1p0yJ5oE6G5o0.roa
File:                     qnVgEL7Rwmm3pW1p0yJ5oE6G5o0.roa (raw, json)
Hash identifier:          m380GBcYteLaEVV//zqqjD2O1UgdqHGn5Zk3p9EGuQE=
Subject key identifier:   AA:75:60:10:BE:D1:C2:69:B7:A5:6D:69:D3:22:79:A0:4E:86:E6:8D
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E1B862C72C1A9F7D2E819992A05FC
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/qnVgEL7Rwmm3pW1p0yJ5oE6G5o0.roa
Signing time:             Mon 01 Jan 2024 14:29:36 +0000
ROA not before:           Mon 01 Jan 2024 14:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209835
IP address blocks:        185.227.101.0/24 maxlen: 24
                          185.227.100.0/23 maxlen: 23
                          185.227.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:1b:86:2c:72:c1:a9:f7:d2:e8:19:99:2a:05:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa756010bed1c269b7a56d69d32279a04e86e68d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:53:53:97:f8:55:d8:77:de:4c:02:6c:cb:25:
                    7a:76:7c:f4:6a:77:f4:36:24:9c:fe:35:e6:ff:ed:
                    81:d8:31:f6:68:af:e9:e9:37:e5:27:e6:cc:18:4e:
                    54:e5:bd:6b:38:bb:11:ea:54:7e:80:c5:60:c5:79:
                    79:50:d3:94:0f:41:19:9e:71:dd:2e:35:91:6f:3a:
                    3c:25:5a:e2:19:c8:4d:c1:71:ba:0a:ae:53:83:7a:
                    43:6e:62:54:e3:e1:6e:c7:9b:28:1c:01:63:e8:ef:
                    c8:7b:02:31:cb:15:89:c4:f0:a5:30:9b:b2:47:bf:
                    07:44:2d:bb:6a:a0:63:a8:5d:b9:51:87:68:4f:ba:
                    ef:0a:6e:db:c0:2c:ab:4f:23:b9:57:48:e3:37:21:
                    8f:d8:77:8c:b7:aa:36:c0:ab:c6:10:44:da:8d:f0:
                    7f:eb:9b:1d:eb:59:6f:43:b4:69:f4:bc:46:8d:a3:
                    23:96:25:a5:43:ef:a7:c9:f1:16:64:14:6b:79:cc:
                    d4:51:31:04:d4:7e:fa:7b:33:2a:1e:99:1b:cf:18:
                    d6:a0:8a:bc:f0:d4:91:c2:5c:b6:27:55:f1:be:c2:
                    7f:d7:5b:3e:56:44:30:39:fe:b0:47:49:f0:da:a1:
                    b4:a0:38:3c:33:1a:87:5c:fe:c6:d0:05:78:e7:99:
                    2d:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:75:60:10:BE:D1:C2:69:B7:A5:6D:69:D3:22:79:A0:4E:86:E6:8D
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/qnVgEL7Rwmm3pW1p0yJ5oE6G5o0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5f:de:2c:33:9d:23:ad:1c:c3:27:10:2e:06:9f:25:b5:18:39:
         d1:c3:9c:eb:af:c1:6a:01:2e:f5:89:77:b7:86:f5:58:2b:cb:
         f3:3b:7b:51:7c:de:9b:ee:6d:43:84:2b:9b:0b:8d:03:8e:c6:
         31:79:6a:54:0a:93:85:c8:4e:e9:ed:5e:e7:d5:ed:53:b7:8c:
         d3:a7:68:c1:61:f1:01:06:b2:f4:5a:0f:f8:ba:f1:1a:95:3b:
         b9:11:b2:77:9f:a7:14:f0:88:67:cd:2a:56:c3:a7:a7:4a:9d:
         87:62:1f:4e:11:c1:81:94:bb:f5:30:49:88:98:98:e9:cc:70:
         5d:12:ed:7c:bb:b8:37:db:bd:67:d6:78:21:34:33:3b:c7:84:
         f5:1e:f7:9a:3a:60:f9:46:37:a5:fe:73:ec:05:43:be:24:9e:
         76:64:01:04:52:68:be:13:a0:3f:46:b1:83:44:ac:e0:78:ed:
         53:94:42:b5:e5:46:de:48:89:fc:4d:3a:aa:24:21:b4:a3:8b:
         b5:63:db:d2:a5:e6:57:92:ed:ce:33:75:d5:2d:19:80:de:4d:
         76:c9:ae:2e:a5:69:fc:fa:ef:11:02:2b:fa:02:a4:03:da:e4:
         94:13:10:ac:0a:a7:d5:92:cd:69:a4:ce:b9:ce:f3:76:de:fd:
         aa:8e:6d:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhuGLHLBqffS6BmZKgX8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTc1NjAxMGJlZDFjMjY5YjdhNTZkNjlkMzIyNzlhMDRlODZlNjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1NTl/hV2HfeTAJsyyV6dnz0anf0
NiSc/jXm/+2B2DH2aK/p6TflJ+bMGE5U5b1rOLsR6lR+gMVgxXl5UNOUD0EZnnHd
LjWRbzo8JVriGchNwXG6Cq5Tg3pDbmJU4+Fux5soHAFj6O/IewIxyxWJxPClMJuy
R78HRC27aqBjqF25UYdoT7rvCm7bwCyrTyO5V0jjNyGP2HeMt6o2wKvGEETajfB/
65sd61lvQ7Rp9LxGjaMjliWlQ++nyfEWZBRreczUUTEE1H76ezMqHpkbzxjWoIq8
8NSRwly2J1XxvsJ/11s+VkQwOf6wR0nw2qG0oDg8MxqHXP7G0AV455ktlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKp1YBC+0cJpt6VtadMieaBOhuaNMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvcW5WZ0VMN1J3bW0zcFcxcDB5SjVvRTZHNW8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBueNkMA0G
CSqGSIb3DQEBCwUAA4IBAQBf3iwznSOtHMMnEC4GnyW1GDnRw5zrr8FqAS71iXe3
hvVYK8vzO3tRfN6b7m1DhCubC40DjsYxeWpUCpOFyE7p7V7n1e1Tt4zTp2jBYfEB
BrL0Wg/4uvEalTu5EbJ3n6cU8IhnzSpWw6enSp2HYh9OEcGBlLv1MEmImJjpzHBd
Eu18u7g3271n1nghNDM7x4T1HveaOmD5Rjel/nPsBUO+JJ52ZAEEUmi+E6A/RrGD
RKzgeO1TlEK15UbeSIn8TTqqJCG0o4u1Y9vSpeZXku3OM3XVLRmA3k12ya4upWn8
+u8RAiv6AqQD2uSUExCsCqfVks1ppM65zvN23v2qjm26
-----END CERTIFICATE-----