Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7eb7c3-e34a-4fbc-9272-4c1c57a81ffd/1/CnSP3Ja7HA15evGdjozyK8G5Z40.roa
File:                     CnSP3Ja7HA15evGdjozyK8G5Z40.roa (raw, json)
Hash identifier:          Ot2NsoX5tqU/Qq3S95HKQwPnRtmg8cW1xF+Vl7mc2Dk=
Subject key identifier:   0A:74:8F:DC:96:BB:1C:0D:79:7A:F1:9D:8E:8C:F2:2B:C1:B9:67:8D
Certificate issuer:       /CN=b859db7f2c2e3b3abd8bf415f0ce1fff334329ec
Certificate serial:       018CC4928548CDD67769EF02AFBCE5E85B66
Authority key identifier: B8:59:DB:7F:2C:2E:3B:3A:BD:8B:F4:15:F0:CE:1F:FF:33:43:29:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uFnbfywuOzq9i_QV8M4f_zNDKew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7eb7c3-e34a-4fbc-9272-4c1c57a81ffd/1/CnSP3Ja7HA15evGdjozyK8G5Z40.roa
Signing time:             Mon 01 Jan 2024 10:29:45 +0000
ROA not before:           Mon 01 Jan 2024 10:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43366
IP address blocks:        195.28.22.0/23 maxlen: 24
                          185.159.136.0/22 maxlen: 24
                          2a07:b440::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7eb7c3-e34a-4fbc-9272-4c1c57a81ffd/1/uFnbfywuOzq9i_QV8M4f_zNDKew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7eb7c3-e34a-4fbc-9272-4c1c57a81ffd/1/uFnbfywuOzq9i_QV8M4f_zNDKew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uFnbfywuOzq9i_QV8M4f_zNDKew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:03:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:85:48:cd:d6:77:69:ef:02:af:bc:e5:e8:5b:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b859db7f2c2e3b3abd8bf415f0ce1fff334329ec
        Validity
            Not Before: Jan  1 10:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a748fdc96bb1c0d797af19d8e8cf22bc1b9678d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:66:b4:28:16:18:e2:e7:15:3f:3a:c4:96:f0:
                    b9:54:60:d8:e7:5e:e0:34:1e:76:6d:e0:cc:1e:ae:
                    73:80:4b:f4:26:ca:65:00:02:40:90:71:f4:bd:32:
                    0f:c0:64:72:3e:66:a3:c3:8e:2c:cc:4e:0e:bb:fd:
                    61:da:24:3a:9c:04:18:6d:1f:70:96:3d:6c:b2:41:
                    b4:c1:b3:87:bc:cc:da:3f:3b:82:25:63:29:5e:53:
                    5f:b3:80:08:e0:85:95:5e:36:b7:16:87:e1:6a:cb:
                    dc:79:83:54:73:db:17:e5:b7:9c:71:53:15:ae:54:
                    05:cf:86:ff:39:f5:89:ee:0b:07:ab:34:c8:79:7d:
                    01:37:87:25:61:a5:69:f7:f8:45:b7:07:8f:e8:31:
                    07:6d:73:c1:aa:d0:da:34:45:d5:f5:ba:51:32:6c:
                    fd:30:91:d4:a7:2e:33:8e:14:46:3d:ef:ca:15:0f:
                    89:85:f6:8b:33:5c:cd:9f:39:8b:29:31:4c:d1:e0:
                    bd:fe:9c:d5:d0:8d:89:c5:2e:c4:20:c0:1c:d2:d3:
                    77:a8:ff:57:f3:02:0f:8b:e1:38:b3:6a:47:12:17:
                    67:d3:86:14:aa:87:26:46:7a:dc:44:7a:d0:f5:58:
                    03:46:44:d9:7c:c3:a9:27:fa:31:c0:f7:96:7d:f2:
                    62:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:74:8F:DC:96:BB:1C:0D:79:7A:F1:9D:8E:8C:F2:2B:C1:B9:67:8D
            X509v3 Authority Key Identifier:
                keyid:B8:59:DB:7F:2C:2E:3B:3A:BD:8B:F4:15:F0:CE:1F:FF:33:43:29:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uFnbfywuOzq9i_QV8M4f_zNDKew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7eb7c3-e34a-4fbc-9272-4c1c57a81ffd/1/CnSP3Ja7HA15evGdjozyK8G5Z40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7eb7c3-e34a-4fbc-9272-4c1c57a81ffd/1/uFnbfywuOzq9i_QV8M4f_zNDKew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.136.0/22
                  195.28.22.0/23
                IPv6:
                  2a07:b440::/29

    Signature Algorithm: sha256WithRSAEncryption
         82:0b:16:8a:6a:a7:95:e7:35:70:f8:b5:74:53:16:70:76:f1:
         58:ad:1d:00:2c:69:e1:36:f6:1b:28:6a:7e:35:36:b8:91:78:
         a8:1c:21:25:60:f1:c0:95:d1:3f:3e:46:d7:e7:a2:3c:70:0c:
         c2:46:83:e1:d6:a6:ac:46:eb:04:58:08:1a:97:c7:a8:24:d6:
         4a:11:f2:02:b1:83:f3:e7:f7:38:da:d4:48:4b:83:71:ef:cb:
         ab:40:b6:ca:60:be:94:de:0b:62:b5:e6:36:fd:e5:d4:60:92:
         39:89:c1:8f:cb:e8:ca:af:82:19:12:5c:ba:7f:e7:1f:e2:58:
         f1:09:b4:00:aa:65:52:11:a0:af:29:b4:0d:67:8b:26:84:8a:
         af:23:d6:27:0b:a0:d0:6f:1f:fa:9b:37:44:8a:b9:06:b7:ee:
         56:fa:9b:66:0c:f0:ba:83:d7:4f:23:09:46:0e:8e:dd:d3:7c:
         c0:de:70:03:4b:42:9c:e0:29:bc:15:44:18:a6:a9:57:fb:20:
         79:20:9c:76:02:5c:30:36:09:4a:cf:39:db:cb:8b:15:72:53:
         9b:59:a0:46:ce:8e:f2:37:e9:19:2b:55:fb:59:19:5f:09:e0:
         3a:00:0d:5b:52:b1:6f:d0:12:8f:0d:15:e7:55:c0:4f:36:4c:
         27:8e:df:0e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEkoVIzdZ3ae8Cr7zl6FtmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NTlkYjdmMmMyZTNiM2FiZDhiZjQxNWYwY2UxZmZmMzM0
MzI5ZWMwHhcNMjQwMTAxMTAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTc0OGZkYzk2YmIxYzBkNzk3YWYxOWQ4ZThjZjIyYmMxYjk2NzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtma0KBYY4ucVPzrElvC5VGDY517g
NB52beDMHq5zgEv0JsplAAJAkHH0vTIPwGRyPmajw44szE4Ou/1h2iQ6nAQYbR9w
lj1sskG0wbOHvMzaPzuCJWMpXlNfs4AI4IWVXja3FofhasvceYNUc9sX5beccVMV
rlQFz4b/OfWJ7gsHqzTIeX0BN4clYaVp9/hFtweP6DEHbXPBqtDaNEXV9bpRMmz9
MJHUpy4zjhRGPe/KFQ+JhfaLM1zNnzmLKTFM0eC9/pzV0I2JxS7EIMAc0tN3qP9X
8wIPi+E4s2pHEhdn04YUqocmRnrcRHrQ9VgDRkTZfMOpJ/oxwPeWffJiHQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAp0j9yWuxwNeXrxnY6M8ivBuWeNMB8GA1UdIwQY
MBaAFLhZ238sLjs6vYv0FfDOH/8zQynsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUZuYmZ5d3VPenE5aV9RVjhNNGZfek5ES2V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83ZWI3YzMtZTM0YS00ZmJjLTkyNzIt
NGMxYzU3YTgxZmZkLzEvQ25TUDNKYTdIQTE1ZXZHZGpvenlLOEc1WjQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83ZWI3YzMtZTM0YS00ZmJjLTkyNzItNGMxYzU3YTgxZmZk
LzEvdUZuYmZ5d3VPenE5aV9RVjhNNGZfek5ES2V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuZ+IAwQB
wxwWMA0EAgACMAcDBQMqB7RAMA0GCSqGSIb3DQEBCwUAA4IBAQCCCxaKaqeV5zVw
+LV0UxZwdvFYrR0ALGnhNvYbKGp+NTa4kXioHCElYPHAldE/PkbX56I8cAzCRoPh
1qasRusEWAgal8eoJNZKEfICsYPz5/c42tRIS4Nx78urQLbKYL6U3gtiteY2/eXU
YJI5icGPy+jKr4IZEly6f+cf4ljxCbQAqmVSEaCvKbQNZ4smhIqvI9YnC6DQbx/6
mzdEirkGt+5W+ptmDPC6g9dPIwlGDo7d03zA3nADS0Kc4Cm8FUQYpqlX+yB5IJx2
AlwwNglKzznby4sVclObWaBGzo7yN+kZK1X7WRlfCeA6AA1bUrFv0BKPDRXnVcBP
Nkwnjt8O
-----END CERTIFICATE-----