Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/9c6546-5811-4194-bfeb-2ab9046ebc11/1/BP4hTioMt5assvWs26x3qcwrdbA.roa
File:                     BP4hTioMt5assvWs26x3qcwrdbA.roa (raw, json)
Hash identifier:          Nw7cses+oOrM5GuBRBZucjYzPBYqJfB81fFk0Cufu3g=
Subject key identifier:   04:FE:21:4E:2A:0C:B7:96:AC:B2:F5:AC:DB:AC:77:A9:CC:2B:75:B0
Certificate issuer:       /CN=524e5f7961225fbfe341f6bfd6be8e1a21ef8c0f
Certificate serial:       018CC2DADF0DB3A22FCFBF160CA96960C5B7
Authority key identifier: 52:4E:5F:79:61:22:5F:BF:E3:41:F6:BF:D6:BE:8E:1A:21:EF:8C:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uk5feWEiX7_jQfa_1r6OGiHvjA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/9c6546-5811-4194-bfeb-2ab9046ebc11/1/BP4hTioMt5assvWs26x3qcwrdbA.roa
Signing time:             Mon 01 Jan 2024 02:29:33 +0000
ROA not before:           Mon 01 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204515
IP address blocks:        185.230.76.0/22 maxlen: 22
                          2a0c:700::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/9c6546-5811-4194-bfeb-2ab9046ebc11/1/Uk5feWEiX7_jQfa_1r6OGiHvjA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/9c6546-5811-4194-bfeb-2ab9046ebc11/1/Uk5feWEiX7_jQfa_1r6OGiHvjA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uk5feWEiX7_jQfa_1r6OGiHvjA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:df:0d:b3:a2:2f:cf:bf:16:0c:a9:69:60:c5:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=524e5f7961225fbfe341f6bfd6be8e1a21ef8c0f
        Validity
            Not Before: Jan  1 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04fe214e2a0cb796acb2f5acdbac77a9cc2b75b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:ce:21:ae:f2:1e:84:25:a0:39:b1:e5:82:cc:
                    a1:d3:ba:07:7b:15:d1:72:f2:d2:79:ec:3a:05:4c:
                    1f:69:4c:26:06:4e:6f:7f:e1:96:7d:2e:e2:e8:3d:
                    ae:88:12:26:9e:5c:e2:2e:85:f8:8e:a3:06:21:40:
                    ce:0f:3c:9b:31:45:c9:6c:61:5e:25:9f:db:0f:d7:
                    7b:73:9a:d3:91:3a:4f:e1:53:a6:f0:e3:13:1c:8b:
                    4d:98:10:4a:c6:ff:c1:36:cf:34:57:eb:d2:39:ed:
                    44:f8:99:6d:e6:57:22:bf:f8:38:f9:cd:73:9d:d2:
                    2b:60:13:04:87:ad:3c:4d:75:5f:77:4d:74:f4:75:
                    e2:39:a8:a3:39:46:fe:06:48:5a:56:50:a8:9a:e9:
                    67:44:a8:13:d8:df:d3:0e:b9:26:71:40:7d:36:29:
                    3d:2e:af:7a:08:de:f3:4e:ab:54:48:6b:12:01:39:
                    07:13:e0:86:61:f9:84:b1:d9:e3:6f:a2:a7:7e:63:
                    0d:5c:df:88:20:9f:98:0c:05:eb:bf:61:81:4a:12:
                    b3:42:33:46:46:39:ef:34:66:1c:56:bc:3f:06:42:
                    74:31:de:f1:ff:73:10:b2:f2:e7:59:02:4f:a5:4a:
                    16:89:58:65:42:9c:33:a8:9c:9c:ed:50:92:6d:68:
                    c8:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:FE:21:4E:2A:0C:B7:96:AC:B2:F5:AC:DB:AC:77:A9:CC:2B:75:B0
            X509v3 Authority Key Identifier:
                keyid:52:4E:5F:79:61:22:5F:BF:E3:41:F6:BF:D6:BE:8E:1A:21:EF:8C:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uk5feWEiX7_jQfa_1r6OGiHvjA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/9c6546-5811-4194-bfeb-2ab9046ebc11/1/BP4hTioMt5assvWs26x3qcwrdbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/9c6546-5811-4194-bfeb-2ab9046ebc11/1/Uk5feWEiX7_jQfa_1r6OGiHvjA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.76.0/22
                IPv6:
                  2a0c:700::/32

    Signature Algorithm: sha256WithRSAEncryption
         83:08:af:b2:e5:77:f5:96:eb:f9:00:6e:b4:63:b4:dd:a1:aa:
         f8:8d:fe:78:24:44:2a:cc:a3:d7:aa:0f:6c:ab:58:6b:77:3e:
         4d:2d:61:7e:6a:6f:b6:c2:85:b8:fc:50:cc:4f:ec:8d:ad:1b:
         e5:50:33:64:74:1c:a3:60:0d:fa:3b:b8:44:5a:8e:9e:d7:b0:
         1d:32:5e:3a:10:a2:a6:fc:ea:a2:3f:68:39:42:5d:7f:50:88:
         de:52:aa:25:ed:4b:52:25:73:7c:b0:76:8f:52:ab:e3:a2:4e:
         1d:a6:c9:d2:65:96:51:57:08:11:83:9b:8d:81:9a:c2:af:67:
         d8:49:5d:78:40:6b:9b:cb:53:ea:a5:ca:d0:91:37:58:1b:51:
         67:dc:90:ae:81:4c:e0:cb:b7:47:6e:ae:a9:1e:73:89:fc:cc:
         4a:71:95:1c:2e:a1:d6:f9:47:2b:85:c0:9b:30:f5:c1:b5:ea:
         3a:1e:c9:13:03:ff:b9:54:e9:b1:c5:ab:33:7b:a2:36:40:57:
         d5:5a:5c:53:d7:99:2b:c6:c4:a2:cb:99:2b:ec:47:15:3c:85:
         13:9c:2f:ba:1e:93:7a:ee:5e:81:c6:54:7f:52:75:dd:f2:dc:
         c4:2c:7f:73:4b:05:6a:e2:19:e6:c9:39:1e:4c:3d:e7:05:77:
         d6:d3:0f:c3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2t8Ns6Ivz78WDKlpYMW3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNGU1Zjc5NjEyMjVmYmZlMzQxZjZiZmQ2YmU4ZTFhMjFl
ZjhjMGYwHhcNMjQwMTAxMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGZlMjE0ZTJhMGNiNzk2YWNiMmY1YWNkYmFjNzdhOWNjMmI3NWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5c4hrvIehCWgObHlgsyh07oHexXR
cvLSeew6BUwfaUwmBk5vf+GWfS7i6D2uiBImnlziLoX4jqMGIUDODzybMUXJbGFe
JZ/bD9d7c5rTkTpP4VOm8OMTHItNmBBKxv/BNs80V+vSOe1E+Jlt5lciv/g4+c1z
ndIrYBMEh608TXVfd0109HXiOaijOUb+BkhaVlComulnRKgT2N/TDrkmcUB9Nik9
Lq96CN7zTqtUSGsSATkHE+CGYfmEsdnjb6KnfmMNXN+IIJ+YDAXrv2GBShKzQjNG
RjnvNGYcVrw/BkJ0Md7x/3MQsvLnWQJPpUoWiVhlQpwzqJyc7VCSbWjIxQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAT+IU4qDLeWrLL1rNusd6nMK3WwMB8GA1UdIwQY
MBaAFFJOX3lhIl+/40H2v9a+jhoh74wPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWs1ZmVXRWlYN19qUWZhXzFyNk9HaUh2akE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi85YzY1NDYtNTgxMS00MTk0LWJmZWIt
MmFiOTA0NmViYzExLzEvQlA0aFRpb010NWFzc3ZXczI2eDNxY3dyZGJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi85YzY1NDYtNTgxMS00MTk0LWJmZWItMmFiOTA0NmViYzEx
LzEvVWs1ZmVXRWlYN19qUWZhXzFyNk9HaUh2akE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCueZMMA0E
AgACMAcDBQAqDAcAMA0GCSqGSIb3DQEBCwUAA4IBAQCDCK+y5Xf1luv5AG60Y7Td
oar4jf54JEQqzKPXqg9sq1hrdz5NLWF+am+2woW4/FDMT+yNrRvlUDNkdByjYA36
O7hEWo6e17AdMl46EKKm/OqiP2g5Ql1/UIjeUqol7UtSJXN8sHaPUqvjok4dpsnS
ZZZRVwgRg5uNgZrCr2fYSV14QGuby1PqpcrQkTdYG1Fn3JCugUzgy7dHbq6pHnOJ
/MxKcZUcLqHW+UcrhcCbMPXBteo6HskTA/+5VOmxxasze6I2QFfVWlxT15krxsSi
y5kr7EcVPIUTnC+6HpN67l6BxlR/UnXd8tzELH9zSwVq4hnmyTkeTD3nBXfW0w/D
-----END CERTIFICATE-----