Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c38797-d7fa-4a57-9f83-a16a34c46f30/1/bGLzs9iH26YLGxHHFyd0nc65N50.roa
File:                     bGLzs9iH26YLGxHHFyd0nc65N50.roa (raw, json)
Hash identifier:          XpzJol4njNOhOFZwgwQoGAd+TqdXM5+pJNn2nz7IJPw=
Subject key identifier:   6C:62:F3:B3:D8:87:DB:A6:0B:1B:11:C7:17:27:74:9D:CE:B9:37:9D
Certificate issuer:       /CN=38879a78a58a485ccd8970f0432db8f3d771725b
Certificate serial:       018CC2DAFCAF809C4698BE1781C415775B39
Authority key identifier: 38:87:9A:78:A5:8A:48:5C:CD:89:70:F0:43:2D:B8:F3:D7:71:72:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OIeaeKWKSFzNiXDwQy2489dxcls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c38797-d7fa-4a57-9f83-a16a34c46f30/1/bGLzs9iH26YLGxHHFyd0nc65N50.roa
Signing time:             Mon 01 Jan 2024 02:29:40 +0000
ROA not before:           Mon 01 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29422
IP address blocks:        185.196.232.0/22 maxlen: 22
                          2a0a:73c0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/c38797-d7fa-4a57-9f83-a16a34c46f30/1/OIeaeKWKSFzNiXDwQy2489dxcls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/c38797-d7fa-4a57-9f83-a16a34c46f30/1/OIeaeKWKSFzNiXDwQy2489dxcls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OIeaeKWKSFzNiXDwQy2489dxcls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fc:af:80:9c:46:98:be:17:81:c4:15:77:5b:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38879a78a58a485ccd8970f0432db8f3d771725b
        Validity
            Not Before: Jan  1 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c62f3b3d887dba60b1b11c71727749dceb9379d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:b6:70:82:cc:1c:bb:9b:6b:df:67:ea:6e:87:
                    f6:6f:77:3a:02:2f:2b:b1:28:d0:38:ee:9b:96:b8:
                    8f:3a:fb:4d:af:92:60:4c:b4:40:73:39:bb:5b:60:
                    e7:78:99:38:c5:a7:44:2f:24:a5:0b:c6:58:ae:2c:
                    c1:66:8e:28:ee:47:e1:a5:31:f6:01:4c:3d:62:92:
                    1f:b8:bb:18:c9:93:c5:b4:f5:1b:90:aa:27:53:f8:
                    9e:da:02:8c:48:06:bc:79:4b:0c:1e:e7:4f:df:ba:
                    19:dd:4e:57:d6:9c:37:24:76:f8:25:a7:27:15:3a:
                    a7:56:9f:7d:75:00:73:8e:5e:9c:42:23:dc:c8:2b:
                    ec:3b:3b:b6:bb:03:89:87:75:74:d3:37:8a:b5:c1:
                    b4:ab:2e:6e:b5:e4:12:e9:5d:69:1b:dd:67:52:e5:
                    ab:43:b2:da:29:86:a3:f5:f8:5a:9c:be:0e:de:eb:
                    27:80:07:74:ac:8d:ec:9a:51:00:e9:0f:14:e9:f8:
                    33:ce:2a:b2:d9:b3:46:cd:81:38:04:e9:a0:2c:49:
                    61:1d:8b:2e:cb:1a:38:a8:18:49:3b:a4:a2:63:dd:
                    9e:55:27:6e:59:97:1d:be:17:60:e8:db:e7:a3:1b:
                    a3:1c:42:ba:3a:14:d9:76:2c:ca:38:dd:1f:e0:1b:
                    90:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:62:F3:B3:D8:87:DB:A6:0B:1B:11:C7:17:27:74:9D:CE:B9:37:9D
            X509v3 Authority Key Identifier:
                keyid:38:87:9A:78:A5:8A:48:5C:CD:89:70:F0:43:2D:B8:F3:D7:71:72:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OIeaeKWKSFzNiXDwQy2489dxcls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c38797-d7fa-4a57-9f83-a16a34c46f30/1/bGLzs9iH26YLGxHHFyd0nc65N50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c38797-d7fa-4a57-9f83-a16a34c46f30/1/OIeaeKWKSFzNiXDwQy2489dxcls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.232.0/22
                IPv6:
                  2a0a:73c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9e:d5:a7:7a:a0:9d:31:ff:0d:05:6a:e1:ae:eb:c8:07:59:20:
         be:4a:3e:20:43:91:6d:f2:82:b9:73:72:7e:93:c6:79:05:41:
         c0:9f:ef:2b:99:dd:64:f9:94:47:11:f4:cb:2a:2f:60:94:e0:
         1f:ed:35:2d:bb:5b:5e:49:8a:b9:61:ae:4e:d6:b7:08:4b:9d:
         2c:d8:3f:2a:5f:65:e5:47:ec:22:bd:3c:e5:98:cb:89:f5:d7:
         24:31:a1:fb:9d:a6:ec:46:69:c7:c8:b8:cd:55:c2:a1:ec:9e:
         08:08:d0:0e:8e:4b:7c:1b:78:f9:45:d5:13:14:bb:fd:5a:53:
         f8:45:e9:30:8c:7d:44:3b:56:9a:79:e7:41:f8:55:38:35:20:
         9e:18:f4:c5:81:9a:cb:53:ce:83:53:35:32:a0:6d:0d:8a:b6:
         ef:48:29:f7:41:91:ee:f5:51:0f:d2:28:4b:13:cd:c2:21:32:
         23:d9:6e:23:4b:d5:a1:c0:1a:a4:95:93:f0:0e:28:d2:60:c8:
         6e:66:63:86:d1:50:93:ab:60:e5:8f:10:f8:65:8b:a8:20:f0:
         e1:cf:a7:93:5e:ba:63:37:67:f7:9f:4e:38:ee:a7:57:cf:2d:
         c9:c3:da:31:4b:91:5b:88:a8:63:7c:2d:37:7b:40:a7:89:d6:
         fe:9f:33:f4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2vyvgJxGmL4XgcQVd1s5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4ODc5YTc4YTU4YTQ4NWNjZDg5NzBmMDQzMmRiOGYzZDc3
MTcyNWIwHhcNMjQwMTAxMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzYyZjNiM2Q4ODdkYmE2MGIxYjExYzcxNzI3NzQ5ZGNlYjkzNzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgrZwgswcu5tr32fqbof2b3c6Ai8r
sSjQOO6blriPOvtNr5JgTLRAczm7W2DneJk4xadELySlC8ZYrizBZo4o7kfhpTH2
AUw9YpIfuLsYyZPFtPUbkKonU/ie2gKMSAa8eUsMHudP37oZ3U5X1pw3JHb4Jacn
FTqnVp99dQBzjl6cQiPcyCvsOzu2uwOJh3V00zeKtcG0qy5uteQS6V1pG91nUuWr
Q7LaKYaj9fhanL4O3usngAd0rI3smlEA6Q8U6fgzziqy2bNGzYE4BOmgLElhHYsu
yxo4qBhJO6SiY92eVSduWZcdvhdg6NvnoxujHEK6OhTZdizKON0f4BuQRQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGxi87PYh9umCxsRxxcndJ3OuTedMB8GA1UdIwQY
MBaAFDiHmnilikhczYlw8EMtuPPXcXJbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0llYWVLV0tTRnpOaVhEd1F5MjQ4OWR4Y2xzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jMzg3OTctZDdmYS00YTU3LTlmODMt
YTE2YTM0YzQ2ZjMwLzEvYkdMenM5aUgyNllMR3hISEZ5ZDBuYzY1TjUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jMzg3OTctZDdmYS00YTU3LTlmODMtYTE2YTM0YzQ2ZjMw
LzEvT0llYWVLV0tTRnpOaVhEd1F5MjQ4OWR4Y2xzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucToMA0E
AgACMAcDBQMqCnPAMA0GCSqGSIb3DQEBCwUAA4IBAQCe1ad6oJ0x/w0FauGu68gH
WSC+Sj4gQ5Ft8oK5c3J+k8Z5BUHAn+8rmd1k+ZRHEfTLKi9glOAf7TUtu1teSYq5
Ya5O1rcIS50s2D8qX2XlR+wivTzlmMuJ9dckMaH7nabsRmnHyLjNVcKh7J4ICNAO
jkt8G3j5RdUTFLv9WlP4RekwjH1EO1aaeedB+FU4NSCeGPTFgZrLU86DUzUyoG0N
irbvSCn3QZHu9VEP0ihLE83CITIj2W4jS9WhwBqklZPwDijSYMhuZmOG0VCTq2Dl
jxD4ZYuoIPDhz6eTXrpjN2f3n0447qdXzy3Jw9oxS5FbiKhjfC03e0Cnidb+nzP0
-----END CERTIFICATE-----