Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/637377-cadc-4fd4-b66d-c9a56c5d3e91/1/dU3Cpqzko1uuAv2oQiQle4dt9nc.roa
File:                     dU3Cpqzko1uuAv2oQiQle4dt9nc.roa (raw, json)
Hash identifier:          0rNHo6RMyu2NTdT41LQf+axLBZjpVR29ZGlwJ5gx17g=
Subject key identifier:   75:4D:C2:A6:AC:E4:A3:5B:AE:02:FD:A8:42:24:25:7B:87:6D:F6:77
Certificate issuer:       /CN=6b3ae80cecb56f5b3003883a95e26f441d749f2e
Certificate serial:       018CC5DC8AF82D918221B715A09F6E8236C6
Authority key identifier: 6B:3A:E8:0C:EC:B5:6F:5B:30:03:88:3A:95:E2:6F:44:1D:74:9F:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/azroDOy1b1swA4g6leJvRB10ny4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/637377-cadc-4fd4-b66d-c9a56c5d3e91/1/dU3Cpqzko1uuAv2oQiQle4dt9nc.roa
Signing time:             Mon 01 Jan 2024 16:30:14 +0000
ROA not before:           Mon 01 Jan 2024 16:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25151
IP address blocks:        80.85.160.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/637377-cadc-4fd4-b66d-c9a56c5d3e91/1/azroDOy1b1swA4g6leJvRB10ny4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/637377-cadc-4fd4-b66d-c9a56c5d3e91/1/azroDOy1b1swA4g6leJvRB10ny4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/azroDOy1b1swA4g6leJvRB10ny4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:8a:f8:2d:91:82:21:b7:15:a0:9f:6e:82:36:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b3ae80cecb56f5b3003883a95e26f441d749f2e
        Validity
            Not Before: Jan  1 16:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=754dc2a6ace4a35bae02fda84224257b876df677
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:8f:7f:2e:f4:32:31:56:dd:0b:7f:f1:4d:8f:
                    17:97:93:89:12:58:7e:1f:c7:88:27:ca:1e:d5:ee:
                    a8:a5:e9:31:5f:30:39:91:d9:3c:6e:ce:94:7f:4f:
                    71:3d:6c:56:22:f5:7f:38:14:9f:a8:3a:ef:9a:23:
                    14:f4:f7:3e:ad:07:55:a7:60:f6:0f:27:fe:62:39:
                    41:77:d7:c1:a6:b8:cb:f3:d6:79:92:51:bd:f2:4f:
                    c0:8f:fa:a1:e8:10:68:07:71:8c:95:83:d2:cf:00:
                    e4:a5:ba:c9:0c:e0:a8:ca:11:79:28:ab:0d:8f:c0:
                    6e:c8:cf:7e:d9:9c:3a:dc:d6:c2:14:43:57:61:23:
                    d6:5f:67:9b:33:ee:0d:45:93:1e:71:18:db:aa:8e:
                    cd:45:16:eb:c4:10:21:eb:3c:00:87:08:fa:53:c0:
                    e2:be:78:e0:28:a0:56:18:dd:d5:99:db:07:35:38:
                    0d:d5:e0:b7:76:d1:c5:61:4b:ef:dd:d0:f3:7f:64:
                    d2:18:ea:76:2d:e5:34:9b:7e:ca:80:31:c0:2a:8f:
                    80:72:16:f8:ee:25:64:6b:a1:a5:f9:e6:b7:a7:62:
                    6a:e0:9a:80:4b:11:75:b8:fc:eb:57:c8:d4:0c:5b:
                    16:7b:79:e4:8c:e7:f3:c7:22:93:91:56:c4:d9:13:
                    31:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:4D:C2:A6:AC:E4:A3:5B:AE:02:FD:A8:42:24:25:7B:87:6D:F6:77
            X509v3 Authority Key Identifier:
                keyid:6B:3A:E8:0C:EC:B5:6F:5B:30:03:88:3A:95:E2:6F:44:1D:74:9F:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/azroDOy1b1swA4g6leJvRB10ny4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/637377-cadc-4fd4-b66d-c9a56c5d3e91/1/dU3Cpqzko1uuAv2oQiQle4dt9nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/637377-cadc-4fd4-b66d-c9a56c5d3e91/1/azroDOy1b1swA4g6leJvRB10ny4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.85.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:29:ca:0d:c5:64:b4:48:65:22:3a:86:2c:86:1c:88:8b:f5:
         48:0f:81:cd:74:af:f7:25:8a:bb:0c:7c:17:58:e7:d5:ab:0f:
         47:e6:21:b1:8e:a3:79:78:4a:1e:2a:c4:7a:52:5c:5c:fb:89:
         73:bf:86:02:07:ea:fb:a9:76:d4:4f:85:38:9e:15:77:b3:7d:
         92:c2:06:2c:50:f3:c9:12:0c:b1:68:25:62:f8:cf:94:b0:13:
         c7:d9:73:86:db:7d:38:00:07:5c:b1:02:34:bc:3f:0f:b9:32:
         4b:7e:80:0e:3a:84:c5:f1:30:45:6a:43:2e:f6:be:52:94:61:
         54:52:85:f4:09:1c:c7:7c:91:e8:39:23:a5:6f:d9:7a:c2:89:
         0e:52:42:b4:d1:62:06:a8:1d:9e:cd:04:d0:42:d0:f4:f6:3f:
         91:6b:df:9f:83:ef:73:b9:08:14:59:8e:ba:e7:7d:f7:68:29:
         73:b0:70:7c:33:b3:68:92:e0:38:29:f0:d7:0a:c6:93:f6:fb:
         a9:7d:ac:44:33:56:a6:44:72:02:27:33:11:2a:2e:e7:bd:61:
         5b:fc:c5:62:d1:f1:d5:1c:f7:ee:3d:87:c9:d7:22:20:b4:f5:
         87:c7:d8:3d:f4:ba:6f:d0:4f:f9:0f:4d:7d:7e:c5:ce:ec:e8:
         46:f7:0c:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Ir4LZGCIbcVoJ9ugjbGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiM2FlODBjZWNiNTZmNWIzMDAzODgzYTk1ZTI2ZjQ0MWQ3
NDlmMmUwHhcNMjQwMTAxMTYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTRkYzJhNmFjZTRhMzViYWUwMmZkYTg0MjI0MjU3Yjg3NmRmNjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxo9/LvQyMVbdC3/xTY8Xl5OJElh+
H8eIJ8oe1e6opekxXzA5kdk8bs6Uf09xPWxWIvV/OBSfqDrvmiMU9Pc+rQdVp2D2
Dyf+YjlBd9fBprjL89Z5klG98k/Aj/qh6BBoB3GMlYPSzwDkpbrJDOCoyhF5KKsN
j8BuyM9+2Zw63NbCFENXYSPWX2ebM+4NRZMecRjbqo7NRRbrxBAh6zwAhwj6U8Di
vnjgKKBWGN3VmdsHNTgN1eC3dtHFYUvv3dDzf2TSGOp2LeU0m37KgDHAKo+Achb4
7iVka6Gl+ea3p2Jq4JqASxF1uPzrV8jUDFsWe3nkjOfzxyKTkVbE2RMxXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHVNwqas5KNbrgL9qEIkJXuHbfZ3MB8GA1UdIwQY
MBaAFGs66AzstW9bMAOIOpXib0QddJ8uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXpyb0RPeTFiMXN3QTRnNmxlSnZSQjEwbnk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi82MzczNzctY2FkYy00ZmQ0LWI2NmQt
YzlhNTZjNWQzZTkxLzEvZFUzQ3BxemtvMXV1QXYyb1FpUWxlNGR0OW5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi82MzczNzctY2FkYy00ZmQ0LWI2NmQtYzlhNTZjNWQzZTkx
LzEvYXpyb0RPeTFiMXN3QTRnNmxlSnZSQjEwbnk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUFWgMA0G
CSqGSIb3DQEBCwUAA4IBAQAuKcoNxWS0SGUiOoYshhyIi/VID4HNdK/3JYq7DHwX
WOfVqw9H5iGxjqN5eEoeKsR6Ulxc+4lzv4YCB+r7qXbUT4U4nhV3s32SwgYsUPPJ
EgyxaCVi+M+UsBPH2XOG2304AAdcsQI0vD8PuTJLfoAOOoTF8TBFakMu9r5SlGFU
UoX0CRzHfJHoOSOlb9l6wokOUkK00WIGqB2ezQTQQtD09j+Ra9+fg+9zuQgUWY66
5333aClzsHB8M7NokuA4KfDXCsaT9vupfaxEM1amRHICJzMRKi7nvWFb/MVi0fHV
HPfuPYfJ1yIgtPWHx9g99Lpv0E/5D019fsXO7OhG9wy6
-----END CERTIFICATE-----