Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b205f2-8d3c-457c-a63c-5f10ee5fd100/1/3t8s0HAUl2_npFuEJRMPKb_If3k.roa
File:                     3t8s0HAUl2_npFuEJRMPKb_If3k.roa (raw, json)
Hash identifier:          1cNJMLjAYxP8e8zeQxznqCwwKDYjhN2jF80aPkQqnBo=
Subject key identifier:   DE:DF:2C:D0:70:14:97:6F:E7:A4:5B:84:25:13:0F:29:BF:C8:7F:79
Certificate issuer:       /CN=62677ee08f4bb219804b673347c3a0b6a332d722
Certificate serial:       018D379BF7ED1C7C3BF7388C212A1507207B
Authority key identifier: 62:67:7E:E0:8F:4B:B2:19:80:4B:67:33:47:C3:A0:B6:A3:32:D7:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymd-4I9LshmAS2czR8OgtqMy1yI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/b205f2-8d3c-457c-a63c-5f10ee5fd100/1/3t8s0HAUl2_npFuEJRMPKb_If3k.roa
Signing time:             Tue 23 Jan 2024 18:36:24 +0000
ROA not before:           Tue 23 Jan 2024 18:36:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16354
IP address blocks:        134.19.136.0/21 maxlen: 21
                          171.22.96.0/22 maxlen: 22
                          185.30.120.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/b205f2-8d3c-457c-a63c-5f10ee5fd100/1/Ymd-4I9LshmAS2czR8OgtqMy1yI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/b205f2-8d3c-457c-a63c-5f10ee5fd100/1/Ymd-4I9LshmAS2czR8OgtqMy1yI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymd-4I9LshmAS2czR8OgtqMy1yI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:37:9b:f7:ed:1c:7c:3b:f7:38:8c:21:2a:15:07:20:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62677ee08f4bb219804b673347c3a0b6a332d722
        Validity
            Not Before: Jan 23 18:36:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dedf2cd07014976fe7a45b8425130f29bfc87f79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:33:fb:2b:82:07:71:e7:80:44:be:b0:9c:74:
                    5d:f5:e5:d2:24:df:11:31:0e:4f:97:23:70:ce:6a:
                    5d:48:6c:79:3d:7b:68:3e:02:f7:e2:46:2b:71:c9:
                    5c:c9:61:ad:4d:ee:28:34:bb:d0:e3:5a:62:44:16:
                    c8:2b:c3:9e:7c:74:5b:cf:64:b8:69:6e:20:7d:d9:
                    d0:e3:4d:00:63:8f:29:74:49:7e:f5:05:79:2c:11:
                    b3:a5:56:49:9f:8c:65:5c:bf:a7:6b:43:69:32:25:
                    04:b8:04:93:2b:c0:17:6e:14:c9:6e:35:6e:78:1f:
                    52:1d:3e:33:f6:1a:e1:09:51:a5:2b:9b:f5:83:ad:
                    53:50:37:60:cd:70:33:55:07:78:99:98:a4:20:4f:
                    60:6e:07:b9:a3:32:38:80:a0:10:ea:38:11:7e:67:
                    cc:df:bc:97:7e:82:94:fc:bf:88:0f:a1:20:4d:dd:
                    5e:1c:cd:7d:08:f8:de:4c:79:32:cf:13:7b:35:8a:
                    19:3c:67:e0:96:ad:67:b2:dc:55:cb:0f:c4:40:a8:
                    c6:c9:93:19:1a:58:cc:e6:2c:de:55:47:9c:b8:57:
                    2b:ec:79:4c:cd:83:57:74:d5:ff:20:ca:1a:1e:f5:
                    3d:eb:0b:b3:f6:1f:03:e4:3d:67:6b:91:de:dd:08:
                    e7:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:DF:2C:D0:70:14:97:6F:E7:A4:5B:84:25:13:0F:29:BF:C8:7F:79
            X509v3 Authority Key Identifier:
                keyid:62:67:7E:E0:8F:4B:B2:19:80:4B:67:33:47:C3:A0:B6:A3:32:D7:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymd-4I9LshmAS2czR8OgtqMy1yI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b205f2-8d3c-457c-a63c-5f10ee5fd100/1/3t8s0HAUl2_npFuEJRMPKb_If3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b205f2-8d3c-457c-a63c-5f10ee5fd100/1/Ymd-4I9LshmAS2czR8OgtqMy1yI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.19.136.0/21
                  171.22.96.0/22
                  185.30.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c0:15:15:30:bc:55:59:02:4a:94:1d:52:a2:60:a6:f0:c9:bb:
         f9:99:50:6c:d6:14:7c:67:23:b8:f0:d6:a8:c4:1a:76:62:50:
         7b:5d:ae:89:4c:bd:cb:a5:1f:d6:96:9f:17:64:19:7b:cb:3e:
         18:e9:5c:0d:65:11:a7:fa:68:8b:83:ce:bd:1c:52:a9:ed:1f:
         4d:96:ec:0b:7b:b9:0a:45:24:95:3c:bc:77:f6:42:d4:2c:38:
         c0:2f:42:29:4e:10:f7:95:a6:ec:86:5d:b6:82:91:0b:dc:6d:
         8b:48:8f:e7:5d:5e:1a:0b:bd:63:0b:f6:82:c6:d8:23:94:60:
         85:c3:e0:19:20:a2:21:44:a4:7c:49:0b:2c:d3:d6:0f:a2:16:
         0a:30:b5:1a:76:2f:0f:ea:ea:3c:fc:8f:c6:e0:8f:74:3a:8c:
         b5:5a:80:d5:1a:04:f8:d0:d4:3f:d4:73:c9:ff:d1:7d:f2:65:
         ea:41:af:59:9b:31:fc:aa:b0:12:ce:dd:8d:fd:d5:6a:19:61:
         a1:c0:d5:50:a2:56:54:19:46:ef:91:66:12:f1:ec:7a:bb:11:
         5a:ad:9d:bd:fc:cc:a4:f8:24:d6:c9:0f:d1:91:78:91:f7:88:
         15:6c:05:3f:7e:83:f0:52:63:b3:76:df:03:40:42:68:d7:e8:
         a3:60:1e:2e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY03m/ftHHw79ziMISoVByB7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNjc3ZWUwOGY0YmIyMTk4MDRiNjczMzQ3YzNhMGI2YTMz
MmQ3MjIwHhcNMjQwMTIzMTgzNjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWRmMmNkMDcwMTQ5NzZmZTdhNDViODQyNTEzMGYyOWJmYzg3Zjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzP7K4IHceeARL6wnHRd9eXSJN8R
MQ5PlyNwzmpdSGx5PXtoPgL34kYrcclcyWGtTe4oNLvQ41piRBbIK8OefHRbz2S4
aW4gfdnQ400AY48pdEl+9QV5LBGzpVZJn4xlXL+na0NpMiUEuASTK8AXbhTJbjVu
eB9SHT4z9hrhCVGlK5v1g61TUDdgzXAzVQd4mZikIE9gbge5ozI4gKAQ6jgRfmfM
37yXfoKU/L+ID6EgTd1eHM19CPjeTHkyzxN7NYoZPGfglq1nstxVyw/EQKjGyZMZ
GljM5izeVUecuFcr7HlMzYNXdNX/IMoaHvU96wuz9h8D5D1na5He3QjnFQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN7fLNBwFJdv56RbhCUTDym/yH95MB8GA1UdIwQY
MBaAFGJnfuCPS7IZgEtnM0fDoLajMtciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1kLTRJOUxzaG1BUzJjelI4T2d0cU15MXlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iMjA1ZjItOGQzYy00NTdjLWE2M2Mt
NWYxMGVlNWZkMTAwLzEvM3Q4czBIQVVsMl9ucEZ1RUpSTVBLYl9JZjNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iMjA1ZjItOGQzYy00NTdjLWE2M2MtNWYxMGVlNWZkMTAw
LzEvWW1kLTRJOUxzaG1BUzJjelI4T2d0cU15MXlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDhhOIAwQC
qxZgAwQCuR54MA0GCSqGSIb3DQEBCwUAA4IBAQDAFRUwvFVZAkqUHVKiYKbwybv5
mVBs1hR8ZyO48NaoxBp2YlB7Xa6JTL3LpR/Wlp8XZBl7yz4Y6VwNZRGn+miLg869
HFKp7R9NluwLe7kKRSSVPLx39kLULDjAL0IpThD3labshl22gpEL3G2LSI/nXV4a
C71jC/aCxtgjlGCFw+AZIKIhRKR8SQss09YPohYKMLUadi8P6uo8/I/G4I90Ooy1
WoDVGgT40NQ/1HPJ/9F98mXqQa9ZmzH8qrASzt2N/dVqGWGhwNVQolZUGUbvkWYS
8ex6uxFarZ29/Myk+CTWyQ/RkXiR94gVbAU/foPwUmOzdt8DQEJo1+ijYB4u
-----END CERTIFICATE-----