Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/qD32BeQmnZg3li2BG3SDXOa0bu4.roa
File:                     qD32BeQmnZg3li2BG3SDXOa0bu4.roa (raw, json)
Hash identifier:          nrHZB7nhvT6YsKz/HDzJ+ZHbFPjrYdoxHpGERJvKF4E=
Subject key identifier:   A8:3D:F6:05:E4:26:9D:98:37:96:2D:81:1B:74:83:5C:E6:B4:6E:EE
Certificate issuer:       /CN=dac633a14cac7c7a0922ffd980de5f278a3be267
Certificate serial:       018CC6B7808532DD049F83D3E4E15537F0C6
Authority key identifier: DA:C6:33:A1:4C:AC:7C:7A:09:22:FF:D9:80:DE:5F:27:8A:3B:E2:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2sYzoUysfHoJIv_ZgN5fJ4o74mc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/qD32BeQmnZg3li2BG3SDXOa0bu4.roa
Signing time:             Mon 01 Jan 2024 20:29:23 +0000
ROA not before:           Mon 01 Jan 2024 20:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        213.5.226.0/24 maxlen: 24
                          91.233.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/2sYzoUysfHoJIv_ZgN5fJ4o74mc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/2sYzoUysfHoJIv_ZgN5fJ4o74mc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2sYzoUysfHoJIv_ZgN5fJ4o74mc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:03:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:80:85:32:dd:04:9f:83:d3:e4:e1:55:37:f0:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dac633a14cac7c7a0922ffd980de5f278a3be267
        Validity
            Not Before: Jan  1 20:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a83df605e4269d9837962d811b74835ce6b46eee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:e6:ec:5f:21:30:0b:f7:90:b4:c1:91:b4:42:
                    03:2c:d6:3e:3d:f2:fe:53:02:12:75:8e:e8:14:9b:
                    98:05:b7:28:fa:46:eb:4a:5c:33:76:9e:1c:35:c6:
                    cb:d1:28:21:41:c8:0d:b4:f3:2f:45:85:88:5b:45:
                    0d:8c:14:d2:15:b5:d0:8b:84:d5:06:96:77:0e:c5:
                    e2:99:1f:ea:52:1d:1b:47:02:0f:76:b3:31:69:6c:
                    4c:bb:2f:79:f9:ed:98:8b:a6:fb:c9:ec:f8:a0:0b:
                    1a:89:c4:c6:99:6c:c2:ec:23:1b:5b:a7:6c:dc:b6:
                    00:18:2e:9c:e8:20:5c:0e:ca:1b:be:e9:bc:41:84:
                    e6:dd:a7:e5:78:ea:b2:a3:15:63:21:74:df:a1:42:
                    bb:28:c2:be:37:85:7d:2d:79:00:3e:ee:ce:13:66:
                    f3:ba:72:f1:f1:50:f0:2a:b9:e8:5e:65:1f:08:65:
                    41:32:16:ac:70:df:eb:72:43:08:b7:d7:c4:2f:b4:
                    30:ce:70:4c:bb:6b:39:be:2c:c4:d8:38:e2:60:d6:
                    8e:1e:ae:ee:11:b1:84:62:26:b5:bf:3c:79:d6:6b:
                    0a:0a:a0:8b:01:3b:10:cd:b5:5c:2e:c3:38:04:0c:
                    b1:68:02:58:2d:f5:0f:54:60:f0:69:cb:9a:01:96:
                    55:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:3D:F6:05:E4:26:9D:98:37:96:2D:81:1B:74:83:5C:E6:B4:6E:EE
            X509v3 Authority Key Identifier:
                keyid:DA:C6:33:A1:4C:AC:7C:7A:09:22:FF:D9:80:DE:5F:27:8A:3B:E2:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2sYzoUysfHoJIv_ZgN5fJ4o74mc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/qD32BeQmnZg3li2BG3SDXOa0bu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/2sYzoUysfHoJIv_ZgN5fJ4o74mc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.61.0/24
                  213.5.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:12:74:01:92:77:d0:b4:e4:2e:33:bc:33:ea:1b:f8:fb:8c:
         56:a5:9a:0e:a3:2b:fa:ea:77:6b:ca:ee:43:0c:d5:81:1c:d0:
         31:6c:2f:65:ad:a9:02:d8:dd:b9:47:82:78:11:f1:82:e6:f0:
         26:e0:02:ec:72:90:44:9b:c7:ca:28:16:fb:b3:c4:ec:40:31:
         b9:0a:bf:66:a6:37:be:8e:b4:b2:9f:b8:c6:19:23:24:1e:09:
         ed:03:b1:2c:13:f0:72:21:63:f4:06:1a:7b:b6:9a:f3:4c:7c:
         6e:94:6e:2d:55:f3:fc:84:a2:eb:34:62:7a:b7:1e:a5:03:50:
         73:5f:b6:33:1c:bd:17:28:82:c9:0c:5a:fe:ea:bb:c1:82:82:
         d1:40:ee:5c:b4:9b:66:2b:ad:72:ec:e0:e1:22:61:6a:93:5b:
         57:12:b8:c5:fa:02:ab:9a:97:10:5c:75:b1:48:72:4a:ba:a1:
         94:51:23:5e:a6:5e:9f:fe:4d:2d:d3:c9:76:94:f1:21:80:6e:
         1c:fc:53:27:a7:b3:51:98:ad:c0:aa:87:63:53:6a:3f:c9:eb:
         79:9e:cc:95:f0:46:e6:49:1c:de:b8:1a:3a:15:e0:fa:fe:f1:
         65:09:b6:b0:84:ee:85:3c:e2:c2:57:62:07:53:13:71:60:ba:
         b0:8e:75:a7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGt4CFMt0En4PT5OFVN/DGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYzYzM2ExNGNhYzdjN2EwOTIyZmZkOTgwZGU1ZjI3OGEz
YmUyNjcwHhcNMjQwMTAxMjAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODNkZjYwNWU0MjY5ZDk4Mzc5NjJkODExYjc0ODM1Y2U2YjQ2ZWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhObsXyEwC/eQtMGRtEIDLNY+PfL+
UwISdY7oFJuYBbco+kbrSlwzdp4cNcbL0SghQcgNtPMvRYWIW0UNjBTSFbXQi4TV
BpZ3DsXimR/qUh0bRwIPdrMxaWxMuy95+e2Yi6b7yez4oAsaicTGmWzC7CMbW6ds
3LYAGC6c6CBcDsobvum8QYTm3afleOqyoxVjIXTfoUK7KMK+N4V9LXkAPu7OE2bz
unLx8VDwKrnoXmUfCGVBMhascN/rckMIt9fEL7QwznBMu2s5vizE2DjiYNaOHq7u
EbGEYia1vzx51msKCqCLATsQzbVcLsM4BAyxaAJYLfUPVGDwacuaAZZVIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKg99gXkJp2YN5YtgRt0g1zmtG7uMB8GA1UdIwQY
MBaAFNrGM6FMrHx6CSL/2YDeXyeKO+JnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnNZem9VeXNmSG9KSXZfWmdONWZKNG83NG1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9jODUyYjUtYWNjNC00ZDcwLWFlZWIt
MjQ1MTVhMTRjNDU2LzEvcUQzMkJlUW1uWmczbGkyQkczU0RYT2EwYnU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9jODUyYjUtYWNjNC00ZDcwLWFlZWItMjQ1MTVhMTRjNDU2
LzEvMnNZem9VeXNmSG9KSXZfWmdONWZKNG83NG1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+k9AwQA
1QXiMA0GCSqGSIb3DQEBCwUAA4IBAQAsEnQBknfQtOQuM7wz6hv4+4xWpZoOoyv6
6ndryu5DDNWBHNAxbC9lrakC2N25R4J4EfGC5vAm4ALscpBEm8fKKBb7s8TsQDG5
Cr9mpje+jrSyn7jGGSMkHgntA7EsE/ByIWP0Bhp7tprzTHxulG4tVfP8hKLrNGJ6
tx6lA1BzX7YzHL0XKILJDFr+6rvBgoLRQO5ctJtmK61y7ODhImFqk1tXErjF+gKr
mpcQXHWxSHJKuqGUUSNepl6f/k0t08l2lPEhgG4c/FMnp7NRmK3AqodjU2o/yet5
nsyV8EbmSRzeuBo6FeD6/vFlCbawhO6FPOLCV2IHUxNxYLqwjnWn
-----END CERTIFICATE-----