Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/23de06-fc9a-43d3-ac95-37e64c07cc86/1/l8XQvTXjpuUnbDki44ku5vuQlmI.roa
File:                     l8XQvTXjpuUnbDki44ku5vuQlmI.roa (raw, json)
Hash identifier:          nz2OsZuqLvJ7YgCTwaj1GSPO53MFkMsPG+eCynn4jmU=
Subject key identifier:   97:C5:D0:BD:35:E3:A6:E5:27:6C:39:22:E3:89:2E:E6:FB:90:96:62
Certificate issuer:       /CN=3d1cc402349e191392d1ec7469c1bc8243634439
Certificate serial:       018CCA9942941B2C49C2AD75DCD16F5C7D01
Authority key identifier: 3D:1C:C4:02:34:9E:19:13:92:D1:EC:74:69:C1:BC:82:43:63:44:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PRzEAjSeGROS0ex0acG8gkNjRDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/23de06-fc9a-43d3-ac95-37e64c07cc86/1/l8XQvTXjpuUnbDki44ku5vuQlmI.roa
Signing time:             Tue 02 Jan 2024 14:34:50 +0000
ROA not before:           Tue 02 Jan 2024 14:34:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205400
IP address blocks:        185.219.164.0/22 maxlen: 22
                          85.132.136.0/22 maxlen: 22
                          2a0b:e7c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/23de06-fc9a-43d3-ac95-37e64c07cc86/1/PRzEAjSeGROS0ex0acG8gkNjRDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/23de06-fc9a-43d3-ac95-37e64c07cc86/1/PRzEAjSeGROS0ex0acG8gkNjRDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PRzEAjSeGROS0ex0acG8gkNjRDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:42:94:1b:2c:49:c2:ad:75:dc:d1:6f:5c:7d:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d1cc402349e191392d1ec7469c1bc8243634439
        Validity
            Not Before: Jan  2 14:34:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97c5d0bd35e3a6e5276c3922e3892ee6fb909662
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:24:84:53:64:b3:cc:08:4c:bc:30:08:d2:ea:
                    27:7f:08:93:8c:b8:95:e8:7d:13:ca:5c:44:4b:eb:
                    63:3c:6d:9f:37:a8:88:34:57:16:e3:f9:8d:69:4b:
                    67:0d:21:d3:ce:18:f2:0c:c3:66:5e:fa:59:1a:4f:
                    1d:2b:4a:07:64:da:a0:c7:88:e2:9e:74:fa:7d:96:
                    0c:63:0e:2b:a8:cc:ed:32:51:ae:69:e4:61:c2:38:
                    8c:2d:19:f9:4e:0d:54:81:9f:e6:94:a8:91:12:a4:
                    bb:0c:11:ff:b8:26:3f:e0:90:03:87:e0:6b:ca:e7:
                    42:f9:96:4a:eb:da:1a:0b:c8:23:5e:05:b1:fa:eb:
                    8a:36:94:13:a2:54:03:83:90:9c:b9:60:9f:75:59:
                    81:b2:55:2f:bd:9a:dd:b4:3f:69:39:23:1a:3b:5a:
                    b8:90:7d:d4:aa:be:16:ce:3d:ae:12:2f:ee:b0:85:
                    1a:32:6b:1d:2f:ad:02:7a:42:38:1c:72:a2:c4:73:
                    32:32:41:55:88:d2:65:75:04:be:af:b6:50:90:e0:
                    a2:8f:77:78:d3:fe:f4:26:16:c9:b5:e6:34:41:58:
                    6d:07:77:18:13:01:94:24:bb:5e:e0:bc:2d:1f:33:
                    dd:66:39:f7:85:c1:28:ba:4f:0d:84:89:c5:cb:f0:
                    9d:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:C5:D0:BD:35:E3:A6:E5:27:6C:39:22:E3:89:2E:E6:FB:90:96:62
            X509v3 Authority Key Identifier:
                keyid:3D:1C:C4:02:34:9E:19:13:92:D1:EC:74:69:C1:BC:82:43:63:44:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PRzEAjSeGROS0ex0acG8gkNjRDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/23de06-fc9a-43d3-ac95-37e64c07cc86/1/l8XQvTXjpuUnbDki44ku5vuQlmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/23de06-fc9a-43d3-ac95-37e64c07cc86/1/PRzEAjSeGROS0ex0acG8gkNjRDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.132.136.0/22
                  185.219.164.0/22
                IPv6:
                  2a0b:e7c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:c9:e7:92:cb:27:a1:41:e9:6b:99:b8:99:c3:3a:f6:15:eb:
         79:ea:90:4a:a3:53:b2:c2:3f:3a:dc:5b:e6:0b:ea:0b:89:03:
         36:a3:ce:83:8b:ef:99:7d:a9:ee:e9:b4:6a:e4:c8:e9:7c:82:
         50:b2:a0:29:7b:ee:9d:c7:cb:9e:dc:93:04:cc:0a:31:a1:2b:
         de:9d:7d:9b:ef:07:03:72:7c:00:f4:1e:d5:f9:80:ed:12:06:
         af:2a:da:21:cf:83:98:92:c2:66:db:78:10:55:45:47:95:19:
         7b:42:e3:37:f1:56:79:90:57:1d:78:44:97:88:f2:08:b0:cf:
         97:27:87:55:e8:e0:f9:05:33:cc:9b:b0:3a:5c:c1:45:3a:8b:
         05:1d:b8:4c:65:a2:82:5c:58:45:78:4c:d4:35:4c:28:3d:8f:
         2b:21:f1:de:e8:43:d7:96:7d:1b:20:84:9f:8e:77:40:d5:7f:
         80:96:26:7d:35:06:d8:10:0e:b4:76:12:6e:75:ee:a4:70:a1:
         7a:23:d3:e2:da:28:15:c9:64:11:70:1a:6f:3f:7a:08:26:24:
         5e:12:b5:8b:6f:26:0b:ea:0d:33:2b:58:8b:c9:af:be:e0:6e:
         21:09:6e:f7:1b:71:54:00:d1:53:e8:74:5b:82:a6:b4:d8:f9:
         1f:6b:e8:09
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzKmUKUGyxJwq113NFvXH0BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkMWNjNDAyMzQ5ZTE5MTM5MmQxZWM3NDY5YzFiYzgyNDM2
MzQ0MzkwHhcNMjQwMTAyMTQzNDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2M1ZDBiZDM1ZTNhNmU1Mjc2YzM5MjJlMzg5MmVlNmZiOTA5NjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCSEU2SzzAhMvDAI0uonfwiTjLiV
6H0TylxES+tjPG2fN6iINFcW4/mNaUtnDSHTzhjyDMNmXvpZGk8dK0oHZNqgx4ji
nnT6fZYMYw4rqMztMlGuaeRhwjiMLRn5Tg1UgZ/mlKiREqS7DBH/uCY/4JADh+Br
yudC+ZZK69oaC8gjXgWx+uuKNpQTolQDg5CcuWCfdVmBslUvvZrdtD9pOSMaO1q4
kH3Uqr4Wzj2uEi/usIUaMmsdL60CekI4HHKixHMyMkFViNJldQS+r7ZQkOCij3d4
0/70JhbJteY0QVhtB3cYEwGUJLte4LwtHzPdZjn3hcEouk8NhInFy/CdhQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJfF0L0146blJ2w5IuOJLub7kJZiMB8GA1UdIwQY
MBaAFD0cxAI0nhkTktHsdGnBvIJDY0Q5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFJ6RUFqU2VHUk9TMGV4MGFjRzhna05qUkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yM2RlMDYtZmM5YS00M2QzLWFjOTUt
MzdlNjRjMDdjYzg2LzEvbDhYUXZUWGpwdVVuYkRraTQ0a3U1dnVRbG1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yM2RlMDYtZmM5YS00M2QzLWFjOTUtMzdlNjRjMDdjYzg2
LzEvUFJ6RUFqU2VHUk9TMGV4MGFjRzhna05qUkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCVYSIAwQC
udukMA0EAgACMAcDBQMqC+fAMA0GCSqGSIb3DQEBCwUAA4IBAQBtyeeSyyehQelr
mbiZwzr2Fet56pBKo1Oywj863FvmC+oLiQM2o86Di++Zfanu6bRq5MjpfIJQsqAp
e+6dx8ue3JMEzAoxoSvenX2b7wcDcnwA9B7V+YDtEgavKtohz4OYksJm23gQVUVH
lRl7QuM38VZ5kFcdeESXiPIIsM+XJ4dV6OD5BTPMm7A6XMFFOosFHbhMZaKCXFhF
eEzUNUwoPY8rIfHe6EPXln0bIISfjndA1X+AliZ9NQbYEA60dhJude6kcKF6I9Pi
2igVyWQRcBpvP3oIJiReErWLbyYL6g0zK1iLya++4G4hCW73G3FUANFT6HRbgqa0
2Pkfa+gJ
-----END CERTIFICATE-----