Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/Phql4pegaP-8g_PnIHgfMUaaJuk.roa
File:                     Phql4pegaP-8g_PnIHgfMUaaJuk.roa (raw, json)
Hash identifier:          pvXolEsHMj4/pGHELgtk3XFYd/G9tHlwva1rJ5nPZSA=
Subject key identifier:   3E:1A:A5:E2:97:A0:68:FF:BC:83:F3:E7:20:78:1F:31:46:9A:26:E9
Certificate issuer:       /CN=6583d322ef24c87198b765ea1d1c42c283a7f8f6
Certificate serial:       018CC870C21788AA443F3245F08FF0073BD3
Authority key identifier: 65:83:D3:22:EF:24:C8:71:98:B7:65:EA:1D:1C:42:C2:83:A7:F8:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/Phql4pegaP-8g_PnIHgfMUaaJuk.roa
Signing time:             Tue 02 Jan 2024 04:31:22 +0000
ROA not before:           Tue 02 Jan 2024 04:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209209
IP address blocks:        185.232.44.0/24 maxlen: 24
                          2a11:fe80::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 07:03:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:c2:17:88:aa:44:3f:32:45:f0:8f:f0:07:3b:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6583d322ef24c87198b765ea1d1c42c283a7f8f6
        Validity
            Not Before: Jan  2 04:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e1aa5e297a068ffbc83f3e720781f31469a26e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8a:e7:6d:d0:37:b9:62:88:e1:65:e3:85:7d:
                    c3:d8:33:b3:d0:03:e7:07:7e:af:30:24:7f:d8:9b:
                    fa:ef:00:34:43:30:49:14:b8:57:65:ea:8a:54:44:
                    3b:d5:43:06:8e:3e:97:68:c4:e2:2e:17:57:a8:0e:
                    06:90:86:86:9d:19:c4:0a:7d:21:79:4d:29:45:85:
                    eb:56:59:05:d2:30:ed:a4:a2:58:44:00:9c:3e:a9:
                    0c:9e:eb:8c:51:55:7a:cf:6f:f6:d0:d6:71:50:0e:
                    94:00:e9:bf:7b:21:37:34:3a:92:2d:2d:ae:83:64:
                    73:dc:a3:41:63:7a:b2:ce:4f:c7:f5:c3:ba:d3:98:
                    f3:c9:f6:f2:ba:54:cf:12:a5:18:5c:78:db:67:a9:
                    34:0a:89:32:9c:06:c2:7a:00:b6:8c:37:7e:fa:08:
                    96:66:20:69:72:f1:b0:0c:90:02:99:9d:70:67:6a:
                    25:9f:df:dd:4e:84:a8:5c:7c:86:bf:2b:5b:47:a0:
                    d9:b9:be:0e:f4:78:e7:9e:86:ad:4d:b0:f1:ce:a1:
                    55:54:5c:16:5d:1a:80:97:0a:1d:11:a6:ba:4f:7c:
                    a9:61:d8:04:2f:d5:30:69:bb:3a:2e:58:bc:f6:fe:
                    89:77:99:2c:84:a7:60:71:c7:7e:0f:99:f7:c8:5a:
                    35:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:1A:A5:E2:97:A0:68:FF:BC:83:F3:E7:20:78:1F:31:46:9A:26:E9
            X509v3 Authority Key Identifier:
                keyid:65:83:D3:22:EF:24:C8:71:98:B7:65:EA:1D:1C:42:C2:83:A7:F8:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/Phql4pegaP-8g_PnIHgfMUaaJuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.44.0/24
                IPv6:
                  2a11:fe80::/32

    Signature Algorithm: sha256WithRSAEncryption
         42:d4:e9:41:16:3b:e1:09:77:22:cd:68:b5:aa:55:1c:55:62:
         1e:86:ec:ba:ee:5b:b8:d7:4d:c0:06:75:e5:f6:1a:a6:8d:61:
         2a:6d:41:bd:f6:38:35:d3:2b:b8:52:a9:5a:41:3c:97:e5:7b:
         0c:b8:a6:3d:28:d7:42:d3:1a:c9:f4:0a:a6:3b:6d:02:70:46:
         a6:3d:11:bd:fa:97:a7:ef:de:b0:92:8a:4b:01:e8:88:b3:97:
         74:8e:4f:77:98:bf:3d:a7:91:3e:7d:fa:0c:08:bd:f2:b9:d4:
         b2:67:0b:3a:ea:6d:fc:3a:aa:15:51:ce:7b:02:41:ec:7c:f7:
         cb:7f:55:e9:a8:6a:c0:e6:22:d7:4f:d0:e5:bf:d5:34:b3:d4:
         c2:d6:53:63:9e:59:9b:21:de:be:9d:e6:8a:7e:63:90:4c:14:
         e0:86:ac:3d:42:6d:15:ac:94:b5:d1:21:a9:bf:e1:74:59:22:
         72:14:6a:82:06:e0:84:40:31:e6:ae:44:17:6c:fc:0b:59:a0:
         4e:3a:8c:aa:4e:0f:93:f2:3c:f4:ea:11:e0:b2:73:4d:b9:8e:
         fb:f5:1b:01:d3:80:c7:44:56:99:a5:1d:41:1c:77:73:2a:aa:
         60:02:05:b6:47:ce:0e:8d:70:37:92:5b:cf:99:db:ff:fb:53:
         cb:09:cd:a5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIcMIXiKpEPzJF8I/wBzvTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ODNkMzIyZWYyNGM4NzE5OGI3NjVlYTFkMWM0MmMyODNh
N2Y4ZjYwHhcNMjQwMTAyMDQzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTFhYTVlMjk3YTA2OGZmYmM4M2YzZTcyMDc4MWYzMTQ2OWEyNmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYrnbdA3uWKI4WXjhX3D2DOz0APn
B36vMCR/2Jv67wA0QzBJFLhXZeqKVEQ71UMGjj6XaMTiLhdXqA4GkIaGnRnECn0h
eU0pRYXrVlkF0jDtpKJYRACcPqkMnuuMUVV6z2/20NZxUA6UAOm/eyE3NDqSLS2u
g2Rz3KNBY3qyzk/H9cO605jzyfbyulTPEqUYXHjbZ6k0CokynAbCegC2jDd++giW
ZiBpcvGwDJACmZ1wZ2oln9/dToSoXHyGvytbR6DZub4O9HjnnoatTbDxzqFVVFwW
XRqAlwodEaa6T3ypYdgEL9Uwabs6Lli89v6Jd5kshKdgccd+D5n3yFo1xwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD4apeKXoGj/vIPz5yB4HzFGmibpMB8GA1UdIwQY
MBaAFGWD0yLvJMhxmLdl6h0cQsKDp/j2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWllQVEl1OGt5SEdZdDJYcUhSeEN3b09uLVBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDk3MWEtODg5MS00YjUzLTk0NGMt
NWJlOWUxMTdkYmRhLzEvUGhxbDRwZWdhUC04Z19QbklIZ2ZNVWFhSnVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDk3MWEtODg5MS00YjUzLTk0NGMtNWJlOWUxMTdkYmRh
LzEvWllQVEl1OGt5SEdZdDJYcUhSeEN3b09uLVBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuegsMA0E
AgACMAcDBQAqEf6AMA0GCSqGSIb3DQEBCwUAA4IBAQBC1OlBFjvhCXcizWi1qlUc
VWIehuy67lu4103ABnXl9hqmjWEqbUG99jg10yu4UqlaQTyX5XsMuKY9KNdC0xrJ
9AqmO20CcEamPRG9+pen796wkopLAeiIs5d0jk93mL89p5E+ffoMCL3yudSyZws6
6m38OqoVUc57AkHsfPfLf1XpqGrA5iLXT9Dlv9U0s9TC1lNjnlmbId6+neaKfmOQ
TBTghqw9Qm0VrJS10SGpv+F0WSJyFGqCBuCEQDHmrkQXbPwLWaBOOoyqTg+T8jz0
6hHgsnNNuY779RsB04DHRFaZpR1BHHdzKqpgAgW2R84OjXA3klvPmdv/+1PLCc2l
-----END CERTIFICATE-----