Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/e13a01-c00b-4956-ab3a-309a4970bbfd/1/U4tKg60cqHUO3c5LPdq3E3kEOGs.roa
File:                     U4tKg60cqHUO3c5LPdq3E3kEOGs.roa (raw, json)
Hash identifier:          sMOmWKEkDi/TdYeeT1+PLYtxgmn3c2cny4miUNhXwN4=
Subject key identifier:   53:8B:4A:83:AD:1C:A8:75:0E:DD:CE:4B:3D:DA:B7:13:79:04:38:6B
Certificate issuer:       /CN=20f5307242fe3c95327b3220a1da5bffd12524fe
Certificate serial:       018D53773C031163510674146340C0978766
Authority key identifier: 20:F5:30:72:42:FE:3C:95:32:7B:32:20:A1:DA:5B:FF:D1:25:24:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IPUwckL-PJUyezIgodpb_9ElJP4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/e13a01-c00b-4956-ab3a-309a4970bbfd/1/U4tKg60cqHUO3c5LPdq3E3kEOGs.roa
Signing time:             Mon 29 Jan 2024 04:25:39 +0000
ROA not before:           Mon 29 Jan 2024 04:25:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202446
IP address blocks:        194.33.20.0/22 maxlen: 22
                          194.33.20.0/24 maxlen: 24
                          194.33.21.0/24 maxlen: 24
                          194.33.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/e13a01-c00b-4956-ab3a-309a4970bbfd/1/IPUwckL-PJUyezIgodpb_9ElJP4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/e13a01-c00b-4956-ab3a-309a4970bbfd/1/IPUwckL-PJUyezIgodpb_9ElJP4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IPUwckL-PJUyezIgodpb_9ElJP4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:53:77:3c:03:11:63:51:06:74:14:63:40:c0:97:87:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20f5307242fe3c95327b3220a1da5bffd12524fe
        Validity
            Not Before: Jan 29 04:25:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=538b4a83ad1ca8750eddce4b3ddab7137904386b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:fb:b3:26:fa:62:1e:8f:74:2e:f3:a8:ac:c1:
                    1b:84:07:80:01:0b:aa:52:a6:12:c9:1c:1c:18:e3:
                    ad:e5:76:a5:24:ac:37:b5:d6:77:bf:0c:a6:f8:c6:
                    09:1a:09:62:78:95:ee:6d:69:40:49:63:4b:c6:59:
                    93:eb:c8:fe:b3:18:31:82:16:0b:8f:90:3a:c9:02:
                    13:01:46:04:b1:89:e9:01:fa:7b:36:c8:e4:3c:44:
                    17:2e:5b:75:ec:3d:5f:23:ca:89:6c:54:b3:7a:be:
                    04:d9:20:17:89:46:3f:d2:c1:95:5d:c7:8b:e4:0c:
                    00:11:48:eb:fd:7d:04:95:ef:93:68:3e:6d:e2:43:
                    11:aa:e0:23:b9:35:70:4d:ae:3a:b4:9c:94:b2:45:
                    90:57:4d:54:ae:4e:6d:37:a3:d6:67:dd:13:33:06:
                    23:42:60:8f:53:b7:b8:90:0c:05:7f:7f:a1:bd:c7:
                    97:f5:69:e3:bf:07:02:9b:e6:9c:f3:7e:bd:8b:4b:
                    49:ce:0a:96:15:ab:e2:a6:ec:86:f2:5b:ea:45:75:
                    f8:bb:d7:3c:84:31:92:59:39:23:09:4d:4d:84:b6:
                    1d:c7:79:37:03:b1:d0:cc:81:72:b5:da:09:62:6b:
                    07:3e:de:35:7f:56:b0:c0:90:bf:c1:17:18:fa:1c:
                    b3:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:8B:4A:83:AD:1C:A8:75:0E:DD:CE:4B:3D:DA:B7:13:79:04:38:6B
            X509v3 Authority Key Identifier:
                keyid:20:F5:30:72:42:FE:3C:95:32:7B:32:20:A1:DA:5B:FF:D1:25:24:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IPUwckL-PJUyezIgodpb_9ElJP4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/e13a01-c00b-4956-ab3a-309a4970bbfd/1/U4tKg60cqHUO3c5LPdq3E3kEOGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/e13a01-c00b-4956-ab3a-309a4970bbfd/1/IPUwckL-PJUyezIgodpb_9ElJP4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:e3:4f:7d:79:91:5a:84:19:e9:15:f1:15:51:48:be:2a:de:
         a6:8a:07:e8:cc:68:1a:80:e2:77:f3:d2:55:59:90:8b:b2:36:
         fb:3b:71:26:ef:fb:63:55:db:25:15:41:31:97:ec:c1:f9:5a:
         3d:8d:af:ca:19:d9:2b:69:ce:af:ea:74:9c:7d:bf:2f:c5:70:
         e3:81:e5:ea:0c:a4:e3:90:a9:89:9b:ba:e8:ab:91:ad:30:48:
         26:34:f4:16:d0:41:a6:54:fc:a8:ee:2d:de:04:13:71:e8:50:
         6d:05:11:7c:70:a1:7b:f9:fc:bb:0e:23:c7:1e:48:4a:69:4f:
         8c:e8:62:01:ba:68:56:80:d7:ea:54:d1:de:c9:fd:51:f9:41:
         b7:5b:82:d1:c1:a7:39:15:9c:d0:40:d1:e8:23:ff:db:71:81:
         bf:14:dc:a8:2b:f6:38:a3:8e:ce:0d:33:1f:72:33:c4:92:de:
         ac:55:c9:41:c9:56:c2:01:bd:b0:bb:76:0c:c1:76:89:22:39:
         85:0a:4e:a3:56:e6:19:c1:58:c4:b0:57:85:ef:96:22:91:9f:
         fc:bf:b4:83:44:cd:e1:89:20:dc:53:78:f8:f1:72:c6:5e:23:
         5a:40:c7:bd:05:ef:8e:03:d4:05:e7:4c:f9:93:4c:8b:99:e1:
         21:1d:a8:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1TdzwDEWNRBnQUY0DAl4dmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZjUzMDcyNDJmZTNjOTUzMjdiMzIyMGExZGE1YmZmZDEy
NTI0ZmUwHhcNMjQwMTI5MDQyNTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzhiNGE4M2FkMWNhODc1MGVkZGNlNGIzZGRhYjcxMzc5MDQzODZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPuzJvpiHo90LvOorMEbhAeAAQuq
UqYSyRwcGOOt5XalJKw3tdZ3vwym+MYJGglieJXubWlASWNLxlmT68j+sxgxghYL
j5A6yQITAUYEsYnpAfp7NsjkPEQXLlt17D1fI8qJbFSzer4E2SAXiUY/0sGVXceL
5AwAEUjr/X0Ele+TaD5t4kMRquAjuTVwTa46tJyUskWQV01Urk5tN6PWZ90TMwYj
QmCPU7e4kAwFf3+hvceX9WnjvwcCm+ac8369i0tJzgqWFavipuyG8lvqRXX4u9c8
hDGSWTkjCU1NhLYdx3k3A7HQzIFytdoJYmsHPt41f1awwJC/wRcY+hyzvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFOLSoOtHKh1Dt3OSz3atxN5BDhrMB8GA1UdIwQY
MBaAFCD1MHJC/jyVMnsyIKHaW//RJST+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVBVd2NrTC1QSlV5ZXpJZ29kcGJfOUVsSlA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9lMTNhMDEtYzAwYi00OTU2LWFiM2Et
MzA5YTQ5NzBiYmZkLzEvVTR0S2c2MGNxSFVPM2M1TFBkcTNFM2tFT0dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9lMTNhMDEtYzAwYi00OTU2LWFiM2EtMzA5YTQ5NzBiYmZk
LzEvSVBVd2NrTC1QSlV5ZXpJZ29kcGJfOUVsSlA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiEUMA0G
CSqGSIb3DQEBCwUAA4IBAQBN4099eZFahBnpFfEVUUi+Kt6migfozGgagOJ389JV
WZCLsjb7O3Em7/tjVdslFUExl+zB+Vo9ja/KGdkrac6v6nScfb8vxXDjgeXqDKTj
kKmJm7roq5GtMEgmNPQW0EGmVPyo7i3eBBNx6FBtBRF8cKF7+fy7DiPHHkhKaU+M
6GIBumhWgNfqVNHeyf1R+UG3W4LRwac5FZzQQNHoI//bcYG/FNyoK/Y4o47ODTMf
cjPEkt6sVclByVbCAb2wu3YMwXaJIjmFCk6jVuYZwVjEsFeF75YikZ/8v7SDRM3h
iSDcU3j48XLGXiNaQMe9Be+OA9QF50z5k0yLmeEhHagk
-----END CERTIFICATE-----