Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/5719cc-e83e-433d-80d5-ff26a9883314/1/B63wK49tzT5FAPAyKxMbmmQYWNE.roa
File:                     B63wK49tzT5FAPAyKxMbmmQYWNE.roa (raw, json)
Hash identifier:          rSqR5bBZEKOHwKOqp3TGICUmY5bdIGYr+N1akWMDsnw=
Subject key identifier:   07:AD:F0:2B:8F:6D:CD:3E:45:00:F0:32:2B:13:1B:9A:64:18:58:D1
Certificate issuer:       /CN=cd3cd7c4dc95cb3e0d4e8703ef01404fe0a70780
Certificate serial:       018D407FF3F6F95FF5F45E07B5C3C09D0003
Authority key identifier: CD:3C:D7:C4:DC:95:CB:3E:0D:4E:87:03:EF:01:40:4F:E0:A7:07:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zTzXxNyVyz4NTocD7wFAT-CnB4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/5719cc-e83e-433d-80d5-ff26a9883314/1/B63wK49tzT5FAPAyKxMbmmQYWNE.roa
Signing time:             Thu 25 Jan 2024 12:02:23 +0000
ROA not before:           Thu 25 Jan 2024 12:02:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49223
IP address blocks:        185.146.120.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/5719cc-e83e-433d-80d5-ff26a9883314/1/zTzXxNyVyz4NTocD7wFAT-CnB4A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/5719cc-e83e-433d-80d5-ff26a9883314/1/zTzXxNyVyz4NTocD7wFAT-CnB4A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zTzXxNyVyz4NTocD7wFAT-CnB4A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:40:7f:f3:f6:f9:5f:f5:f4:5e:07:b5:c3:c0:9d:00:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd3cd7c4dc95cb3e0d4e8703ef01404fe0a70780
        Validity
            Not Before: Jan 25 12:02:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07adf02b8f6dcd3e4500f0322b131b9a641858d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:bc:cd:c2:00:68:0f:db:0b:8d:25:43:0e:ff:
                    50:14:d7:9a:c2:aa:0f:7a:59:29:54:da:e4:09:6c:
                    8f:f8:da:a0:11:f0:ac:bf:b7:35:f2:59:aa:0c:9e:
                    2a:68:ce:53:4b:dc:4c:ad:72:3b:0f:4a:ac:4f:54:
                    b1:04:29:6f:f4:d3:3d:15:dc:24:b9:88:62:34:ec:
                    f2:59:90:eb:95:ee:1b:d6:5b:aa:83:0c:14:5e:af:
                    e0:f5:dd:e5:eb:4a:7e:66:97:37:79:41:7e:45:86:
                    38:ae:e4:be:98:5b:cf:cf:c0:ef:7a:d4:79:35:04:
                    96:07:d6:08:05:40:52:6e:ce:28:bf:b6:5d:6b:d6:
                    04:ef:da:8e:ef:b2:bc:a0:90:b8:24:e6:09:84:b0:
                    a8:55:01:76:7b:35:fa:76:f9:8b:3e:4f:c9:a9:0e:
                    25:25:14:1c:6d:00:1b:c8:dc:b0:e1:0d:1b:e8:b0:
                    de:c1:02:d7:b9:e0:34:f9:a6:28:22:18:b9:fc:63:
                    64:52:f1:83:22:52:32:1d:d3:d1:e7:96:23:e7:a1:
                    8d:20:57:48:90:8c:46:c7:22:a2:44:0c:f0:02:a6:
                    9a:56:2b:76:d7:48:91:0b:c2:4c:78:b1:05:db:d6:
                    cd:c3:fe:c2:50:33:69:18:4f:e6:8b:24:c5:32:26:
                    f1:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:AD:F0:2B:8F:6D:CD:3E:45:00:F0:32:2B:13:1B:9A:64:18:58:D1
            X509v3 Authority Key Identifier:
                keyid:CD:3C:D7:C4:DC:95:CB:3E:0D:4E:87:03:EF:01:40:4F:E0:A7:07:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zTzXxNyVyz4NTocD7wFAT-CnB4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/5719cc-e83e-433d-80d5-ff26a9883314/1/B63wK49tzT5FAPAyKxMbmmQYWNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/5719cc-e83e-433d-80d5-ff26a9883314/1/zTzXxNyVyz4NTocD7wFAT-CnB4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:0b:2e:c5:4c:9d:55:01:a6:51:69:30:70:36:b8:d1:fc:1a:
         99:06:51:b3:c6:fe:30:9d:b2:3a:7f:49:a7:ec:37:96:49:9b:
         08:a8:ea:d6:10:4a:30:63:c5:9e:2a:8a:8d:cb:45:34:b2:0c:
         1c:8d:0b:d3:2d:5e:0e:fc:26:16:dc:09:7c:e2:11:b4:dc:fe:
         b3:92:2f:f7:f6:45:4a:c0:09:59:6e:2e:c3:2d:89:98:21:21:
         4f:d0:10:fd:20:a0:0a:dd:88:95:a7:58:e9:a6:84:d6:ec:3e:
         29:94:53:3d:5b:9a:50:77:84:a3:5e:b0:2b:ce:3d:81:63:93:
         25:31:0a:7c:c6:f2:88:cb:4c:07:66:d4:06:d5:a0:fd:2a:d4:
         a0:e3:33:e8:cc:80:1d:15:d3:5f:52:8c:54:95:10:d2:d5:05:
         40:99:12:84:10:e2:4a:d7:de:f1:fd:6a:64:d4:ab:70:9f:62:
         09:d4:16:35:ac:24:bf:8a:61:64:03:ff:25:c7:26:dc:08:f8:
         2e:41:b0:6d:e6:15:5d:4a:ff:12:10:be:b1:65:3b:5c:5b:65:
         70:ca:98:c2:e3:ad:ee:50:a3:21:46:b9:ce:0c:d9:52:31:c5:
         bb:e1:15:ae:d1:b2:4f:e3:b8:65:33:a7:c9:6d:f0:f4:52:e6:
         d8:81:0e:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1Af/P2+V/19F4HtcPAnQADMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkM2NkN2M0ZGM5NWNiM2UwZDRlODcwM2VmMDE0MDRmZTBh
NzA3ODAwHhcNMjQwMTI1MTIwMjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2FkZjAyYjhmNmRjZDNlNDUwMGYwMzIyYjEzMWI5YTY0MTg1OGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirzNwgBoD9sLjSVDDv9QFNeawqoP
elkpVNrkCWyP+NqgEfCsv7c18lmqDJ4qaM5TS9xMrXI7D0qsT1SxBClv9NM9Fdwk
uYhiNOzyWZDrle4b1luqgwwUXq/g9d3l60p+Zpc3eUF+RYY4ruS+mFvPz8DvetR5
NQSWB9YIBUBSbs4ov7Zda9YE79qO77K8oJC4JOYJhLCoVQF2ezX6dvmLPk/JqQ4l
JRQcbQAbyNyw4Q0b6LDewQLXueA0+aYoIhi5/GNkUvGDIlIyHdPR55Yj56GNIFdI
kIxGxyKiRAzwAqaaVit210iRC8JMeLEF29bNw/7CUDNpGE/miyTFMibx9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAet8CuPbc0+RQDwMisTG5pkGFjRMB8GA1UdIwQY
MBaAFM0818Tclcs+DU6HA+8BQE/gpweAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelR6WHhOeVZ5ejROVG9jRDd3RkFULUNuQjRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS81NzE5Y2MtZTgzZS00MzNkLTgwZDUt
ZmYyNmE5ODgzMzE0LzEvQjYzd0s0OXR6VDVGQVBBeUt4TWJtbVFZV05FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS81NzE5Y2MtZTgzZS00MzNkLTgwZDUtZmYyNmE5ODgzMzE0
LzEvelR6WHhOeVZ5ejROVG9jRDd3RkFULUNuQjRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZJ4MA0G
CSqGSIb3DQEBCwUAA4IBAQAhCy7FTJ1VAaZRaTBwNrjR/BqZBlGzxv4wnbI6f0mn
7DeWSZsIqOrWEEowY8WeKoqNy0U0sgwcjQvTLV4O/CYW3Al84hG03P6zki/39kVK
wAlZbi7DLYmYISFP0BD9IKAK3YiVp1jppoTW7D4plFM9W5pQd4SjXrArzj2BY5Ml
MQp8xvKIy0wHZtQG1aD9KtSg4zPozIAdFdNfUoxUlRDS1QVAmRKEEOJK197x/Wpk
1Ktwn2IJ1BY1rCS/imFkA/8lxybcCPguQbBt5hVdSv8SEL6xZTtcW2VwypjC463u
UKMhRrnODNlSMcW74RWu0bJP47hlM6fJbfD0UubYgQ7/
-----END CERTIFICATE-----