Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/c7f3d9-a501-46af-b9d8-72081bd4cd8d/1/3dhquPMXsdOSn93UO--YTGdklqA.roa
File:                     3dhquPMXsdOSn93UO--YTGdklqA.roa (raw, json)
Hash identifier:          ThN6qYtPQETFiGXA2u1iZhg/wtlgeE8xaolIiIzwiys=
Subject key identifier:   DD:D8:6A:B8:F3:17:B1:D3:92:9F:DD:D4:3B:EF:98:4C:67:64:96:A0
Certificate issuer:       /CN=dbb98010536c406ea8f3d665594c228d76eb10fd
Certificate serial:       018CC348A3DC8491105F8CCCF3F10D8804F0
Authority key identifier: DB:B9:80:10:53:6C:40:6E:A8:F3:D6:65:59:4C:22:8D:76:EB:10:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27mAEFNsQG6o89ZlWUwijXbrEP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/c7f3d9-a501-46af-b9d8-72081bd4cd8d/1/3dhquPMXsdOSn93UO--YTGdklqA.roa
Signing time:             Mon 01 Jan 2024 04:29:26 +0000
ROA not before:           Mon 01 Jan 2024 04:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47626
IP address blocks:        193.35.48.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/c7f3d9-a501-46af-b9d8-72081bd4cd8d/1/27mAEFNsQG6o89ZlWUwijXbrEP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/c7f3d9-a501-46af-b9d8-72081bd4cd8d/1/27mAEFNsQG6o89ZlWUwijXbrEP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27mAEFNsQG6o89ZlWUwijXbrEP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a3:dc:84:91:10:5f:8c:cc:f3:f1:0d:88:04:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb98010536c406ea8f3d665594c228d76eb10fd
        Validity
            Not Before: Jan  1 04:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ddd86ab8f317b1d3929fddd43bef984c676496a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2c:ce:d1:a2:5c:31:7c:76:67:5a:13:53:ce:
                    84:4d:a1:e9:37:92:e1:29:98:e5:a9:04:01:08:d9:
                    71:71:b8:ef:35:ff:43:ea:d3:16:cc:3a:95:c0:f5:
                    7c:0b:a4:01:f2:24:8f:b1:f3:00:6a:35:f8:bb:a5:
                    17:38:8f:d0:c2:70:df:a9:10:08:43:60:43:99:87:
                    f2:a8:2e:a6:8f:91:78:25:db:8f:eb:94:dc:db:3b:
                    7a:b4:ab:82:25:d0:3b:1c:f5:65:92:7e:d1:6f:47:
                    95:4f:73:db:b1:56:ff:41:62:24:1d:d5:b4:74:c7:
                    8d:64:d8:91:b7:5c:66:5b:97:78:82:7d:37:94:12:
                    b6:51:ae:09:92:5d:74:db:fa:f0:52:c3:dd:85:87:
                    fb:22:7c:f7:ab:8c:9a:b3:23:75:4e:b2:7a:bf:ee:
                    e1:d8:21:df:fa:2b:99:a9:85:85:f9:f9:99:b2:4e:
                    e4:c0:81:da:27:fa:57:77:ff:dd:af:7a:22:db:a4:
                    2a:4b:79:8c:38:9c:3d:dd:90:ab:2a:a4:cc:cd:8a:
                    cf:dd:df:22:a7:c9:98:02:38:33:1a:50:82:4d:89:
                    30:17:39:8a:fd:3e:01:ab:fe:a7:3e:2d:99:e2:f0:
                    40:b8:56:21:2a:60:ee:4c:6a:9e:cf:20:65:5d:bc:
                    bc:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:D8:6A:B8:F3:17:B1:D3:92:9F:DD:D4:3B:EF:98:4C:67:64:96:A0
            X509v3 Authority Key Identifier:
                keyid:DB:B9:80:10:53:6C:40:6E:A8:F3:D6:65:59:4C:22:8D:76:EB:10:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27mAEFNsQG6o89ZlWUwijXbrEP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/c7f3d9-a501-46af-b9d8-72081bd4cd8d/1/3dhquPMXsdOSn93UO--YTGdklqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/c7f3d9-a501-46af-b9d8-72081bd4cd8d/1/27mAEFNsQG6o89ZlWUwijXbrEP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:61:ef:f6:14:23:7b:6b:bd:22:66:78:61:98:10:7e:f8:6c:
         08:79:a7:8e:a4:e9:c3:d8:1f:fd:0a:97:90:a6:de:e6:7a:5c:
         56:51:9a:ef:ef:73:a2:ca:82:ad:9e:2a:25:86:1f:4a:66:f5:
         b6:2d:7b:3a:22:1b:b1:a2:2f:38:e4:ac:8c:c0:0c:5f:9e:b8:
         d0:83:77:07:43:72:25:ff:aa:fd:90:c1:3c:06:71:21:e0:37:
         ec:3f:c2:6e:c7:88:81:6e:98:67:57:0b:48:e7:85:71:a9:54:
         b2:63:e6:00:7f:86:66:46:dd:72:fe:e2:cf:57:bf:7e:46:ad:
         b8:5c:e7:94:20:b7:f7:b3:7e:0a:21:e0:b9:52:92:dc:8a:17:
         92:00:66:ca:42:2a:f9:05:09:28:4e:2b:73:e7:57:47:34:43:
         79:a3:92:27:82:5d:c6:70:b0:dd:ab:f7:35:0f:5d:18:14:69:
         f1:20:60:3b:89:9b:19:30:3d:97:b4:86:10:ef:38:dd:50:09:
         bc:1f:2c:f3:3f:8d:5b:20:fc:d7:9b:fb:15:08:2e:49:aa:a2:
         e9:46:ce:84:65:99:f0:2f:a6:50:94:dd:2c:03:90:50:66:e2:
         0e:b4:67:0c:fb:10:c5:90:9a:ac:e4:9a:70:dd:55:5e:81:97:
         ea:8b:e0:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKPchJEQX4zM8/ENiATwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjk4MDEwNTM2YzQwNmVhOGYzZDY2NTU5NGMyMjhkNzZl
YjEwZmQwHhcNMjQwMTAxMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGQ4NmFiOGYzMTdiMWQzOTI5ZmRkZDQzYmVmOTg0YzY3NjQ5NmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyzO0aJcMXx2Z1oTU86ETaHpN5Lh
KZjlqQQBCNlxcbjvNf9D6tMWzDqVwPV8C6QB8iSPsfMAajX4u6UXOI/QwnDfqRAI
Q2BDmYfyqC6mj5F4JduP65Tc2zt6tKuCJdA7HPVlkn7Rb0eVT3PbsVb/QWIkHdW0
dMeNZNiRt1xmW5d4gn03lBK2Ua4Jkl102/rwUsPdhYf7Inz3q4yasyN1TrJ6v+7h
2CHf+iuZqYWF+fmZsk7kwIHaJ/pXd//dr3oi26QqS3mMOJw93ZCrKqTMzYrP3d8i
p8mYAjgzGlCCTYkwFzmK/T4Bq/6nPi2Z4vBAuFYhKmDuTGqezyBlXby8gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN3YarjzF7HTkp/d1DvvmExnZJagMB8GA1UdIwQY
MBaAFNu5gBBTbEBuqPPWZVlMIo126xD9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdtQUVGTnNRRzZvODlabFdVd2lqWGJyRVAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9jN2YzZDktYTUwMS00NmFmLWI5ZDgt
NzIwODFiZDRjZDhkLzEvM2RocXVQTVhzZE9TbjkzVU8tLVlUR2RrbHFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9jN2YzZDktYTUwMS00NmFmLWI5ZDgtNzIwODFiZDRjZDhk
LzEvMjdtQUVGTnNRRzZvODlabFdVd2lqWGJyRVAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSMwMA0G
CSqGSIb3DQEBCwUAA4IBAQB+Ye/2FCN7a70iZnhhmBB++GwIeaeOpOnD2B/9CpeQ
pt7melxWUZrv73OiyoKtniolhh9KZvW2LXs6Ihuxoi845KyMwAxfnrjQg3cHQ3Il
/6r9kME8BnEh4DfsP8Jux4iBbphnVwtI54VxqVSyY+YAf4ZmRt1y/uLPV79+Rq24
XOeUILf3s34KIeC5UpLciheSAGbKQir5BQkoTitz51dHNEN5o5Ingl3GcLDdq/c1
D10YFGnxIGA7iZsZMD2XtIYQ7zjdUAm8HyzzP41bIPzXm/sVCC5JqqLpRs6EZZnw
L6ZQlN0sA5BQZuIOtGcM+xDFkJqs5Jpw3VVegZfqi+CO
-----END CERTIFICATE-----