Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/20e5a2-0e64-4ea3-8c86-6c02ec19b809/1/N_qYUkaIb2FHrvhvuqZlAeCEGA0.roa
File:                     N_qYUkaIb2FHrvhvuqZlAeCEGA0.roa (raw, json)
Hash identifier:          XQGUSq+Gh7zamrvtmNUUJYmXfatCTQeJbPQVl12rKK8=
Subject key identifier:   37:FA:98:52:46:88:6F:61:47:AE:F8:6F:BA:A6:65:01:E0:84:18:0D
Certificate issuer:       /CN=cd3c110dfd77f57757391c0faedeebe36086571d
Certificate serial:       018CC26D18F3C1C657B1FF59375082FD4C4A
Authority key identifier: CD:3C:11:0D:FD:77:F5:77:57:39:1C:0F:AE:DE:EB:E3:60:86:57:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zTwRDf139XdXORwPrt7r42CGVx0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/20e5a2-0e64-4ea3-8c86-6c02ec19b809/1/N_qYUkaIb2FHrvhvuqZlAeCEGA0.roa
Signing time:             Mon 01 Jan 2024 00:29:38 +0000
ROA not before:           Mon 01 Jan 2024 00:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43598
IP address blocks:        193.187.192.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/20e5a2-0e64-4ea3-8c86-6c02ec19b809/1/zTwRDf139XdXORwPrt7r42CGVx0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/20e5a2-0e64-4ea3-8c86-6c02ec19b809/1/zTwRDf139XdXORwPrt7r42CGVx0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zTwRDf139XdXORwPrt7r42CGVx0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:18:f3:c1:c6:57:b1:ff:59:37:50:82:fd:4c:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd3c110dfd77f57757391c0faedeebe36086571d
        Validity
            Not Before: Jan  1 00:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37fa985246886f6147aef86fbaa66501e084180d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:33:11:92:87:f6:24:59:07:1b:31:35:b2:ff:
                    fb:15:f2:d8:86:d0:36:07:4d:7c:48:6e:41:6d:9c:
                    6c:f6:d6:dc:3d:f8:0d:99:d2:3c:69:1b:91:91:43:
                    4a:57:11:78:f8:d5:2f:3e:c8:c0:84:ff:5d:2e:b8:
                    ea:2a:2b:b4:6d:09:54:e1:d5:98:53:6c:ce:b9:03:
                    c7:f5:d2:0a:39:1d:71:fe:8e:03:cc:4e:6b:82:9f:
                    bc:87:b5:1a:37:aa:8e:2d:33:86:de:b7:06:6d:a9:
                    b8:b9:75:ca:c6:73:79:4d:3a:6c:52:61:ea:5d:7c:
                    86:ff:83:a0:29:16:8e:96:c6:2a:5c:e0:44:8b:fc:
                    08:68:2f:2c:43:4c:7e:5d:97:35:04:9c:04:bc:cd:
                    2b:b8:64:af:0d:65:d5:1a:10:ca:1a:5f:1b:8b:f1:
                    89:66:33:d5:4a:11:e0:94:83:33:f0:1f:5b:d9:48:
                    00:a8:c6:32:4c:ea:af:c6:78:c0:01:64:83:0b:55:
                    0a:b4:1a:1b:be:e4:2b:29:e7:1d:0f:a1:d7:11:60:
                    3a:51:b4:77:ae:64:94:56:a3:c5:16:6d:1a:b0:d7:
                    8e:c0:87:46:ce:3f:fd:c0:ec:88:bc:f9:23:d2:19:
                    e0:d5:f2:3e:23:23:70:ae:df:6f:ec:ba:ff:19:52:
                    9b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:FA:98:52:46:88:6F:61:47:AE:F8:6F:BA:A6:65:01:E0:84:18:0D
            X509v3 Authority Key Identifier:
                keyid:CD:3C:11:0D:FD:77:F5:77:57:39:1C:0F:AE:DE:EB:E3:60:86:57:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zTwRDf139XdXORwPrt7r42CGVx0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/20e5a2-0e64-4ea3-8c86-6c02ec19b809/1/N_qYUkaIb2FHrvhvuqZlAeCEGA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/20e5a2-0e64-4ea3-8c86-6c02ec19b809/1/zTwRDf139XdXORwPrt7r42CGVx0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.187.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:87:90:01:dc:89:8f:94:00:2c:76:fb:56:cb:58:3a:80:a0:
         22:77:6d:17:48:cb:f8:77:0e:b6:b6:16:3d:f6:9c:cb:cf:0e:
         08:43:af:1c:32:77:97:7b:1f:1d:13:e5:7f:21:d6:84:91:14:
         c7:58:66:fd:6f:bb:75:fd:c4:7e:6f:e2:7b:fb:d7:b6:6d:a2:
         2b:7b:13:c8:0b:24:ab:c1:8b:fb:d6:11:e5:05:8f:00:9b:73:
         5f:2f:5d:5c:2c:7b:c6:9a:dd:f8:ae:4a:6f:bf:fc:16:44:ad:
         55:d6:a9:c9:c9:ad:95:72:93:f6:49:a6:2f:63:9c:0f:61:ea:
         43:59:1e:74:7a:7d:6f:7a:9e:39:59:48:fe:ee:76:85:6c:85:
         33:2f:2d:30:f2:c3:96:a9:86:71:65:50:fa:8d:4a:70:80:5c:
         fa:be:0b:c4:fb:df:71:b3:b4:96:4e:5d:ce:7f:88:e0:68:0d:
         00:dc:1f:c6:95:ff:c2:7d:9d:39:a9:59:c7:48:f9:34:c6:39:
         89:4a:ff:89:f3:31:93:a0:82:6c:de:a4:9b:4d:bc:1b:8c:cc:
         97:98:4e:fd:fd:b7:06:48:6d:f5:49:fa:a5:0e:98:48:68:c7:
         20:01:12:11:1d:a6:ab:65:69:3d:22:75:9f:a2:53:06:11:e9:
         5c:6b:79:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRjzwcZXsf9ZN1CC/UxKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkM2MxMTBkZmQ3N2Y1Nzc1NzM5MWMwZmFlZGVlYmUzNjA4
NjU3MWQwHhcNMjQwMTAxMDAyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2ZhOTg1MjQ2ODg2ZjYxNDdhZWY4NmZiYWE2NjUwMWUwODQxODBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDMRkof2JFkHGzE1sv/7FfLYhtA2
B018SG5BbZxs9tbcPfgNmdI8aRuRkUNKVxF4+NUvPsjAhP9dLrjqKiu0bQlU4dWY
U2zOuQPH9dIKOR1x/o4DzE5rgp+8h7UaN6qOLTOG3rcGbam4uXXKxnN5TTpsUmHq
XXyG/4OgKRaOlsYqXOBEi/wIaC8sQ0x+XZc1BJwEvM0ruGSvDWXVGhDKGl8bi/GJ
ZjPVShHglIMz8B9b2UgAqMYyTOqvxnjAAWSDC1UKtBobvuQrKecdD6HXEWA6UbR3
rmSUVqPFFm0asNeOwIdGzj/9wOyIvPkj0hng1fI+IyNwrt9v7Lr/GVKbuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDf6mFJGiG9hR674b7qmZQHghBgNMB8GA1UdIwQY
MBaAFM08EQ39d/V3VzkcD67e6+NghlcdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelR3UkRmMTM5WGRYT1J3UHJ0N3I0MkNHVngwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8yMGU1YTItMGU2NC00ZWEzLThjODYt
NmMwMmVjMTliODA5LzEvTl9xWVVrYUliMkZIcnZodnVxWmxBZUNFR0EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8yMGU1YTItMGU2NC00ZWEzLThjODYtNmMwMmVjMTliODA5
LzEvelR3UkRmMTM5WGRYT1J3UHJ0N3I0MkNHVngwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwbvAMA0G
CSqGSIb3DQEBCwUAA4IBAQAhh5AB3ImPlAAsdvtWy1g6gKAid20XSMv4dw62thY9
9pzLzw4IQ68cMneXex8dE+V/IdaEkRTHWGb9b7t1/cR+b+J7+9e2baIrexPICySr
wYv71hHlBY8Am3NfL11cLHvGmt34rkpvv/wWRK1V1qnJya2VcpP2SaYvY5wPYepD
WR50en1vep45WUj+7naFbIUzLy0w8sOWqYZxZVD6jUpwgFz6vgvE+99xs7SWTl3O
f4jgaA0A3B/Glf/CfZ05qVnHSPk0xjmJSv+J8zGToIJs3qSbTbwbjMyXmE79/bcG
SG31SfqlDphIaMcgARIRHaarZWk9InWfolMGEelca3k0
-----END CERTIFICATE-----