Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/v3q1oS5noY--3Gl2b_v6QPCdZeI.roa
File:                     v3q1oS5noY--3Gl2b_v6QPCdZeI.roa (raw, json)
Hash identifier:          NVk+K8/zzDEhcaaCKsYwjSx69Ww4WdLA7FB9oLnPyLc=
Subject key identifier:   BF:7A:B5:A1:2E:67:A1:8F:BE:DC:69:76:6F:FB:FA:40:F0:9D:65:E2
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E130930F6EC1E7482DD3FA465C98F
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/v3q1oS5noY--3Gl2b_v6QPCdZeI.roa
Signing time:             Mon 01 Jan 2024 14:29:34 +0000
ROA not before:           Mon 01 Jan 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56909
IP address blocks:        185.244.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:13:09:30:f6:ec:1e:74:82:dd:3f:a4:65:c9:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf7ab5a12e67a18fbedc69766ffbfa40f09d65e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:9c:88:7b:d6:b5:f0:e7:63:e2:b6:bb:a8:0b:
                    51:83:f5:b3:1e:78:e9:0b:3d:64:0f:c0:f2:bb:72:
                    43:a0:06:b6:31:6b:37:05:8d:7d:f6:b9:c5:c7:02:
                    c8:de:d8:2c:3e:9c:d6:e9:24:73:b0:b4:aa:47:98:
                    a9:85:19:7e:e0:1b:37:ff:40:ae:e4:ef:f7:57:dd:
                    70:a5:ea:27:a4:cd:41:69:d6:46:a1:76:16:1d:94:
                    e3:6d:34:d7:85:57:4b:00:9e:f4:9e:f3:8d:d3:1d:
                    7e:a2:fa:7d:d6:27:96:bf:7a:83:50:09:f3:78:2c:
                    5e:9c:9b:d0:b0:0e:3a:85:d9:c6:ef:04:95:65:de:
                    dc:7b:cd:72:36:a5:43:a5:e5:af:cc:18:c9:2a:23:
                    48:76:b4:bf:d8:92:d0:29:c6:42:2c:93:66:9f:10:
                    a0:4b:b4:3e:db:f1:5b:f2:a0:ce:94:bf:67:67:b9:
                    29:05:f2:27:0c:fb:c8:13:f3:26:8e:f8:e0:59:d8:
                    88:c8:1e:79:93:d2:a2:ae:1e:a6:6d:74:4d:67:64:
                    53:91:90:5c:97:47:43:7c:6f:62:39:de:a5:ff:91:
                    6d:47:bb:30:b1:12:7d:38:23:4b:f8:35:b1:9d:72:
                    f1:8e:9b:ee:73:c8:de:36:aa:0c:89:a8:a7:6f:f6:
                    ca:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:7A:B5:A1:2E:67:A1:8F:BE:DC:69:76:6F:FB:FA:40:F0:9D:65:E2
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/v3q1oS5noY--3Gl2b_v6QPCdZeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:44:71:cf:a2:e4:2f:30:80:df:69:19:07:67:4c:51:fc:2f:
         85:14:9f:91:95:97:f6:d3:22:7f:6c:8c:42:89:78:d2:7c:1c:
         21:20:5c:55:1e:df:f4:34:63:5a:12:b3:b9:7e:b1:13:28:bb:
         26:8b:c4:4f:fb:5e:44:63:b9:80:0b:f2:f5:78:88:a2:3c:ca:
         fa:d4:43:fd:9c:58:ef:a1:a0:9b:73:42:f9:ab:a5:ae:70:a7:
         66:9e:11:cf:dc:e7:1e:3c:15:f9:0b:29:db:fd:ee:da:d8:24:
         aa:f7:8a:a3:ff:eb:42:d7:be:eb:72:b9:8d:a0:2f:d5:e6:23:
         66:f8:b5:24:2a:25:c5:da:5f:38:21:ce:93:0a:37:a3:fd:7c:
         19:21:35:f7:d3:ff:c8:b8:50:4c:b1:af:8b:db:35:49:4b:6f:
         d0:97:ae:2c:4a:99:79:c1:b8:43:2a:f1:61:e8:8b:3c:3b:a9:
         38:39:03:0a:8d:a7:77:22:14:8b:67:d5:e1:17:0b:e6:0a:66:
         ed:72:5f:59:d9:5d:da:a9:a1:34:8f:71:ff:5a:7a:08:d2:5c:
         10:37:2b:2f:12:d0:d6:9f:57:e5:ea:88:44:76:7f:f1:a6:f6:
         c5:96:13:7d:bc:0e:97:db:fe:3a:cb:ba:1b:68:92:8c:22:33:
         99:9d:fd:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhMJMPbsHnSC3T+kZcmPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjdhYjVhMTJlNjdhMThmYmVkYzY5NzY2ZmZiZmE0MGYwOWQ2NWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5yIe9a18Odj4ra7qAtRg/WzHnjp
Cz1kD8Dyu3JDoAa2MWs3BY199rnFxwLI3tgsPpzW6SRzsLSqR5iphRl+4Bs3/0Cu
5O/3V91wpeonpM1BadZGoXYWHZTjbTTXhVdLAJ70nvON0x1+ovp91ieWv3qDUAnz
eCxenJvQsA46hdnG7wSVZd7ce81yNqVDpeWvzBjJKiNIdrS/2JLQKcZCLJNmnxCg
S7Q+2/Fb8qDOlL9nZ7kpBfInDPvIE/MmjvjgWdiIyB55k9Kirh6mbXRNZ2RTkZBc
l0dDfG9iOd6l/5FtR7swsRJ9OCNL+DWxnXLxjpvuc8jeNqoMiainb/bK/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL96taEuZ6GPvtxpdm/7+kDwnWXiMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvdjNxMW9TNW5vWS0tM0dsMmJfdjZRUENkWmVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufTqMA0G
CSqGSIb3DQEBCwUAA4IBAQCHRHHPouQvMIDfaRkHZ0xR/C+FFJ+RlZf20yJ/bIxC
iXjSfBwhIFxVHt/0NGNaErO5frETKLsmi8RP+15EY7mAC/L1eIiiPMr61EP9nFjv
oaCbc0L5q6WucKdmnhHP3OcePBX5Cynb/e7a2CSq94qj/+tC177rcrmNoC/V5iNm
+LUkKiXF2l84Ic6TCjej/XwZITX30//IuFBMsa+L2zVJS2/Ql64sSpl5wbhDKvFh
6Is8O6k4OQMKjad3IhSLZ9XhFwvmCmbtcl9Z2V3aqaE0j3H/WnoI0lwQNysvEtDW
n1fl6ohEdn/xpvbFlhN9vA6X2/46y7obaJKMIjOZnf2b
-----END CERTIFICATE-----