Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/33339f-6d98-4b5f-ab60-1c94cb7dfeb3/1/3IVzsGDuEO3MzXs65szdwv2epAQ.roa
File:                     3IVzsGDuEO3MzXs65szdwv2epAQ.roa (raw, json)
Hash identifier:          oecSDiFxGR/AIPD9ft+K/rhwt+qCeB/yaFihYhEZnIM=
Subject key identifier:   DC:85:73:B0:60:EE:10:ED:CC:CD:7B:3A:E6:CC:DD:C2:FD:9E:A4:04
Certificate issuer:       /CN=8e8b1071131763aadab1f294e37cd50adac0939c
Certificate serial:       018CC80263B2B2EE29E309A8325A61666CF5
Authority key identifier: 8E:8B:10:71:13:17:63:AA:DA:B1:F2:94:E3:7C:D5:0A:DA:C0:93:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/josQcRMXY6rasfKU43zVCtrAk5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/33339f-6d98-4b5f-ab60-1c94cb7dfeb3/1/3IVzsGDuEO3MzXs65szdwv2epAQ.roa
Signing time:             Tue 02 Jan 2024 02:30:48 +0000
ROA not before:           Tue 02 Jan 2024 02:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20249
IP address blocks:        185.55.132.0/22 maxlen: 22
                          185.55.132.0/23 maxlen: 23
                          185.55.134.0/23 maxlen: 23
                          185.55.134.0/24 maxlen: 24
                          185.55.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/33339f-6d98-4b5f-ab60-1c94cb7dfeb3/1/josQcRMXY6rasfKU43zVCtrAk5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/33339f-6d98-4b5f-ab60-1c94cb7dfeb3/1/josQcRMXY6rasfKU43zVCtrAk5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/josQcRMXY6rasfKU43zVCtrAk5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:63:b2:b2:ee:29:e3:09:a8:32:5a:61:66:6c:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e8b1071131763aadab1f294e37cd50adac0939c
        Validity
            Not Before: Jan  2 02:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc8573b060ee10edcccd7b3ae6ccddc2fd9ea404
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:10:84:f3:aa:78:f0:23:f9:ad:eb:2d:f4:8c:
                    38:a7:2b:23:51:03:28:1b:18:24:4d:7a:f6:d4:28:
                    e5:b6:48:1b:c9:d5:58:62:71:b5:14:5b:97:94:fc:
                    09:e0:14:c4:61:f3:c2:9e:c7:c5:2a:db:c6:eb:6c:
                    78:c7:5e:46:a6:01:e8:82:3f:45:0b:9c:a4:14:00:
                    e3:7f:7a:da:21:a4:5b:38:e5:ec:62:87:aa:b1:56:
                    16:a5:88:25:20:1e:d0:1b:09:f5:90:ad:e7:32:eb:
                    da:32:a3:1f:cf:88:77:6c:8a:df:16:6f:2e:a6:bd:
                    09:dd:b7:d5:44:9f:8a:f3:5d:ed:63:80:07:f8:5c:
                    3c:8f:32:e5:9f:89:36:1e:b0:1c:68:91:1a:d8:38:
                    30:8c:32:57:3c:8b:e7:dc:73:e4:3d:e8:97:82:ea:
                    c1:01:a5:0e:16:5f:3e:5f:a0:55:0e:af:ab:39:e5:
                    d3:f8:22:8e:87:e5:a8:de:d3:c2:c6:8c:9a:d9:9c:
                    02:dc:a8:07:72:1e:c7:35:08:35:84:59:ef:61:0c:
                    b5:9c:d9:2f:27:0d:8b:85:60:5f:f0:c1:e4:1f:fb:
                    33:ee:c8:3c:ad:d5:e9:ed:60:b2:7f:75:cf:43:e3:
                    b8:c4:27:26:d1:ab:76:4e:47:22:4d:fe:e0:22:09:
                    81:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:85:73:B0:60:EE:10:ED:CC:CD:7B:3A:E6:CC:DD:C2:FD:9E:A4:04
            X509v3 Authority Key Identifier:
                keyid:8E:8B:10:71:13:17:63:AA:DA:B1:F2:94:E3:7C:D5:0A:DA:C0:93:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/josQcRMXY6rasfKU43zVCtrAk5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/33339f-6d98-4b5f-ab60-1c94cb7dfeb3/1/3IVzsGDuEO3MzXs65szdwv2epAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/33339f-6d98-4b5f-ab60-1c94cb7dfeb3/1/josQcRMXY6rasfKU43zVCtrAk5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.55.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c8:4f:77:c6:17:9b:d6:4d:b9:1f:8a:7f:78:1b:a6:8f:4f:0f:
         d6:d4:06:54:32:e5:52:c9:91:e2:7b:4f:1f:aa:a0:36:f9:10:
         e4:c3:2a:45:57:d2:78:43:39:39:2e:20:7f:89:d7:b9:4c:6a:
         0e:6b:d3:54:b0:d2:a1:aa:b4:20:52:d0:aa:39:f9:d9:63:f7:
         6b:73:9b:1b:f9:43:13:9a:41:0b:64:cb:16:d1:74:6c:b6:a4:
         23:48:96:3c:3b:7f:e5:5f:1c:27:f5:de:ec:c3:3d:b8:5c:79:
         13:1d:4a:98:7d:52:25:65:e9:5f:06:62:98:21:56:e7:7a:a9:
         13:d7:87:2c:7b:0a:97:b3:aa:d5:4c:e3:04:b2:25:1d:ce:c0:
         28:17:0b:13:bc:2a:de:82:93:16:ca:4e:7d:0e:09:ac:4a:2f:
         41:f1:7a:96:fc:9d:af:5b:fa:b6:34:25:f8:2f:4a:b9:2a:cf:
         fb:1c:11:b3:06:f0:51:2c:df:39:77:ae:9f:40:45:f0:c0:2d:
         3b:e3:8f:00:0d:d7:dd:3f:64:f0:b5:47:b9:bb:f1:19:e9:ec:
         f0:8b:a1:16:1b:b7:a4:1e:07:dc:f9:7a:b8:32:6a:84:bf:32:
         1a:83:2a:e1:b8:8c:7a:2e:1e:e1:9f:94:6d:e1:76:14:d8:c0:
         b5:a3:fd:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAmOysu4p4wmoMlphZmz1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlOGIxMDcxMTMxNzYzYWFkYWIxZjI5NGUzN2NkNTBhZGFj
MDkzOWMwHhcNMjQwMTAyMDIzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzg1NzNiMDYwZWUxMGVkY2NjZDdiM2FlNmNjZGRjMmZkOWVhNDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRCE86p48CP5rest9Iw4pysjUQMo
GxgkTXr21CjltkgbydVYYnG1FFuXlPwJ4BTEYfPCnsfFKtvG62x4x15GpgHogj9F
C5ykFADjf3raIaRbOOXsYoeqsVYWpYglIB7QGwn1kK3nMuvaMqMfz4h3bIrfFm8u
pr0J3bfVRJ+K813tY4AH+Fw8jzLln4k2HrAcaJEa2DgwjDJXPIvn3HPkPeiXgurB
AaUOFl8+X6BVDq+rOeXT+CKOh+Wo3tPCxoya2ZwC3KgHch7HNQg1hFnvYQy1nNkv
Jw2LhWBf8MHkH/sz7sg8rdXp7WCyf3XPQ+O4xCcm0at2TkciTf7gIgmBlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNyFc7Bg7hDtzM17OubM3cL9nqQEMB8GA1UdIwQY
MBaAFI6LEHETF2Oq2rHylON81QrawJOcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam9zUWNSTVhZNnJhc2ZLVTQzelZDdHJBazV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8zMzMzOWYtNmQ5OC00YjVmLWFiNjAt
MWM5NGNiN2RmZWIzLzEvM0lWenNHRHVFTzNNelhzNjVzemR3djJlcEFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8zMzMzOWYtNmQ5OC00YjVmLWFiNjAtMWM5NGNiN2RmZWIz
LzEvam9zUWNSTVhZNnJhc2ZLVTQzelZDdHJBazV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTeEMA0G
CSqGSIb3DQEBCwUAA4IBAQDIT3fGF5vWTbkfin94G6aPTw/W1AZUMuVSyZHie08f
qqA2+RDkwypFV9J4Qzk5LiB/ide5TGoOa9NUsNKhqrQgUtCqOfnZY/drc5sb+UMT
mkELZMsW0XRstqQjSJY8O3/lXxwn9d7swz24XHkTHUqYfVIlZelfBmKYIVbneqkT
14csewqXs6rVTOMEsiUdzsAoFwsTvCregpMWyk59DgmsSi9B8XqW/J2vW/q2NCX4
L0q5Ks/7HBGzBvBRLN85d66fQEXwwC07448ADdfdP2TwtUe5u/EZ6ezwi6EWG7ek
Hgfc+Xq4MmqEvzIagyrhuIx6Lh7hn5Rt4XYU2MC1o/0O
-----END CERTIFICATE-----