Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/pD0BtXHAKmznaNeYfbui6ieO6bw.roa
File:                     pD0BtXHAKmznaNeYfbui6ieO6bw.roa (raw, json)
Hash identifier:          6iypBbRR4VOFPlZsLuT6AaNat5k3aUthdmeTIzuIY6E=
Subject key identifier:   A4:3D:01:B5:71:C0:2A:6C:E7:68:D7:98:7D:BB:A2:EA:27:8E:E9:BC
Certificate issuer:       /CN=e7f881401abacc88c941fdf740f1ab1536f05dba
Certificate serial:       018CCA2BB689F40274FA028B2A9D9220E541
Authority key identifier: E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/pD0BtXHAKmznaNeYfbui6ieO6bw.roa
Signing time:             Tue 02 Jan 2024 12:35:11 +0000
ROA not before:           Tue 02 Jan 2024 12:35:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48473
IP address blocks:        85.248.152.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:b6:89:f4:02:74:fa:02:8b:2a:9d:92:20:e5:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7f881401abacc88c941fdf740f1ab1536f05dba
        Validity
            Not Before: Jan  2 12:35:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a43d01b571c02a6ce768d7987dbba2ea278ee9bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:92:0c:55:e4:16:e5:07:98:a2:02:d1:4d:7c:
                    72:53:a0:d1:ea:4b:6d:6e:16:20:9d:76:7e:c6:86:
                    6d:07:57:60:5e:ec:b0:37:6d:63:81:a7:9b:73:ac:
                    2c:45:6c:44:83:eb:24:0d:c7:a5:e9:03:3c:5c:a6:
                    ff:80:f5:db:e5:2e:7d:4e:6b:43:d6:1d:35:58:c1:
                    ec:18:91:a2:9e:12:7f:df:0b:7b:ce:68:48:80:4a:
                    b3:a6:50:4f:6f:10:5e:78:6d:3b:3c:62:24:76:18:
                    25:99:56:b3:d5:81:5d:d1:e8:df:00:a9:1d:d2:f7:
                    30:56:2f:64:b5:1b:6e:bc:40:66:18:6b:d9:1d:75:
                    2b:f3:55:69:ab:2f:d2:16:ea:13:0f:b8:e2:38:43:
                    d2:df:b2:f6:32:65:60:b0:cf:f3:a3:9d:e9:fd:83:
                    99:a8:62:ff:f1:54:52:65:2f:30:35:f3:b5:3c:8d:
                    c4:34:dc:64:34:7d:a8:77:2d:fb:8d:a2:af:12:22:
                    4e:b6:be:52:e4:81:ac:67:2c:43:32:2f:ae:95:e8:
                    86:68:9c:ce:2d:48:64:f6:d0:dc:39:07:ed:2c:bf:
                    3b:c3:c9:56:72:95:26:0d:42:f1:b4:be:ce:e6:1e:
                    7a:92:13:97:6d:f6:b1:62:b8:66:94:10:aa:ff:a2:
                    12:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:3D:01:B5:71:C0:2A:6C:E7:68:D7:98:7D:BB:A2:EA:27:8E:E9:BC
            X509v3 Authority Key Identifier:
                keyid:E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/pD0BtXHAKmznaNeYfbui6ieO6bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.248.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:a4:03:4e:37:19:f3:b8:8a:15:32:01:15:8c:38:3d:cf:18:
         09:98:2d:83:02:9f:8f:a1:2c:8a:bd:e1:ef:87:a1:a8:36:e5:
         8a:e6:a6:e9:49:5f:d0:8b:27:36:a7:93:7c:46:a9:b8:42:c6:
         b1:00:62:35:dd:fe:39:82:4e:3f:1c:fc:ad:f0:c6:20:eb:fa:
         9a:df:c2:1c:ae:10:f2:dd:a4:8a:82:f3:f1:62:bf:4b:92:41:
         3c:1c:70:20:87:0e:8b:42:dd:5a:68:d9:92:c1:c0:e5:2b:87:
         21:1e:1b:e7:c6:a3:25:32:0c:43:d5:f0:f3:22:2e:63:a0:31:
         df:41:f6:7f:df:99:97:a2:51:e1:86:a2:50:7b:be:38:61:66:
         71:4a:dd:c4:ff:f0:ec:75:53:69:42:63:ed:ca:0d:5d:bc:52:
         81:67:33:2c:88:8e:f0:c7:28:c8:76:65:80:d2:2e:01:46:0c:
         b5:78:52:c9:47:dd:ca:8d:73:ae:a8:10:ef:e1:03:d8:c2:b4:
         78:0a:47:72:09:47:f4:6d:69:a0:22:2b:aa:99:71:1b:3a:7e:
         c1:00:9f:92:8e:ad:3b:fa:f2:29:91:ab:90:09:f8:bc:42:55:
         75:b3:c1:b7:26:cf:82:78:7c:07:61:33:a9:50:65:c7:53:0d:
         c1:18:44:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK7aJ9AJ0+gKLKp2SIOVBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Zjg4MTQwMWFiYWNjODhjOTQxZmRmNzQwZjFhYjE1MzZm
MDVkYmEwHhcNMjQwMTAyMTIzNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDNkMDFiNTcxYzAyYTZjZTc2OGQ3OTg3ZGJiYTJlYTI3OGVlOWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5IMVeQW5QeYogLRTXxyU6DR6ktt
bhYgnXZ+xoZtB1dgXuywN21jgaebc6wsRWxEg+skDcel6QM8XKb/gPXb5S59TmtD
1h01WMHsGJGinhJ/3wt7zmhIgEqzplBPbxBeeG07PGIkdhglmVaz1YFd0ejfAKkd
0vcwVi9ktRtuvEBmGGvZHXUr81Vpqy/SFuoTD7jiOEPS37L2MmVgsM/zo53p/YOZ
qGL/8VRSZS8wNfO1PI3ENNxkNH2ody37jaKvEiJOtr5S5IGsZyxDMi+uleiGaJzO
LUhk9tDcOQftLL87w8lWcpUmDULxtL7O5h56khOXbfaxYrhmlBCq/6ISCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQ9AbVxwCps52jXmH27ouonjum8MB8GA1UdIwQY
MBaAFOf4gUAausyIyUH990DxqxU28F26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmIt
ZTJmYmMzYTY4ODAwLzEvcEQwQnRYSEFLbXpuYU5lWWZidWk2aWVPNmJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmItZTJmYmMzYTY4ODAw
LzEvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVfiYMA0G
CSqGSIb3DQEBCwUAA4IBAQCHpANONxnzuIoVMgEVjDg9zxgJmC2DAp+PoSyKveHv
h6GoNuWK5qbpSV/Qiyc2p5N8Rqm4QsaxAGI13f45gk4/HPyt8MYg6/qa38IcrhDy
3aSKgvPxYr9LkkE8HHAghw6LQt1aaNmSwcDlK4chHhvnxqMlMgxD1fDzIi5joDHf
QfZ/35mXolHhhqJQe744YWZxSt3E//DsdVNpQmPtyg1dvFKBZzMsiI7wxyjIdmWA
0i4BRgy1eFLJR93KjXOuqBDv4QPYwrR4CkdyCUf0bWmgIiuqmXEbOn7BAJ+Sjq07
+vIpkauQCfi8QlV1s8G3Js+CeHwHYTOpUGXHUw3BGERi
-----END CERTIFICATE-----