Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/Z2yE6NUeekZ8H4-_pz5YUJJKeXo.roa
File:                     Z2yE6NUeekZ8H4-_pz5YUJJKeXo.roa (raw, json)
Hash identifier:          uRHj3HBHtXCygz215hpUQqz9ptAg+10jHpYMh5ZMHUo=
Subject key identifier:   67:6C:84:E8:D5:1E:7A:46:7C:1F:8F:BF:A7:3E:58:50:92:4A:79:7A
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       018EDCF462B07DDB655220A0D52D6BFC5492
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/Z2yE6NUeekZ8H4-_pz5YUJJKeXo.roa
Signing time:             Sun 14 Apr 2024 14:13:07 +0000
ROA not before:           Sun 14 Apr 2024 14:13:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13077
IP address blocks:        195.209.244.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:dc:f4:62:b0:7d:db:65:52:20:a0:d5:2d:6b:fc:54:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Apr 14 14:13:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=676c84e8d51e7a467c1f8fbfa73e5850924a797a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:0e:20:30:4d:c7:2b:93:3c:fe:3e:9b:e7:44:
                    93:71:fa:91:12:41:5e:b0:8e:df:df:30:91:43:9c:
                    0f:49:6b:18:f4:89:c2:c3:33:6f:19:fb:51:9e:04:
                    8f:f8:7f:32:e3:3e:92:16:8b:ff:6a:87:9f:69:32:
                    d2:dc:83:90:d1:0d:3b:7f:fe:2d:53:62:a8:ae:64:
                    0d:1e:58:a1:1e:a4:17:59:36:12:46:e9:72:06:36:
                    88:ae:fb:95:f7:0f:96:ae:6c:33:09:e1:4e:0e:19:
                    ca:43:10:a4:c8:10:d3:ae:9d:b9:1f:45:5d:7a:ae:
                    09:37:03:1f:18:56:ef:a1:11:87:88:dd:ff:dc:d3:
                    ef:f4:cd:3d:3b:d8:2a:8d:f6:53:be:35:f4:b6:bd:
                    fb:8c:e8:ee:ae:d2:3b:9f:9f:48:aa:01:4b:f0:a9:
                    ed:9c:07:c4:e4:80:7c:9d:71:6b:21:26:06:08:6e:
                    c1:6a:76:0a:d2:51:1e:cc:9b:2c:d2:38:e8:c8:2a:
                    1a:f9:68:1e:2f:7b:2c:5a:98:6f:b8:16:9e:6a:c5:
                    31:f3:99:8e:a3:c5:fa:3c:31:fd:7b:ce:58:84:e0:
                    9b:ff:fb:52:47:e7:98:a2:e2:a2:0d:3f:11:ab:35:
                    b9:bf:42:70:53:49:0e:ff:5b:df:5b:ae:42:6a:fe:
                    a9:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:6C:84:E8:D5:1E:7A:46:7C:1F:8F:BF:A7:3E:58:50:92:4A:79:7A
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/Z2yE6NUeekZ8H4-_pz5YUJJKeXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.209.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:8a:2a:23:d7:2d:9b:82:a6:85:4e:3a:1b:e2:c1:ff:f0:c3:
         5e:14:88:28:8a:3c:06:7f:fb:70:4f:3b:3d:89:a6:1a:b7:6f:
         b3:bd:18:6d:1b:be:11:a1:98:e5:94:25:d0:4c:21:2f:c3:a5:
         a2:56:ef:c8:7d:5e:8d:6a:31:95:46:95:9e:94:57:a3:fa:c3:
         a7:9c:75:7e:52:a0:16:21:c5:24:c4:3f:b6:d3:29:2d:94:b7:
         db:40:fe:2f:37:33:49:02:aa:b0:46:d7:fe:06:b9:e9:e7:c3:
         6f:2a:26:93:5f:00:46:bb:97:7e:0b:c6:65:64:82:4d:3e:7c:
         b3:26:ac:04:7a:f7:27:f8:b2:46:03:8b:19:e3:f3:ce:95:4c:
         a4:84:a3:29:52:26:ee:8e:53:f4:ad:4c:c6:54:36:51:a4:e5:
         3a:d4:03:73:cb:be:be:8b:06:24:67:15:e5:cc:84:56:4f:d5:
         2d:c3:c7:b9:8e:ea:86:cb:78:9f:30:f6:c0:8a:5f:4f:f2:ad:
         7b:7d:43:8e:04:65:b1:22:ec:f0:b5:f6:3c:ae:8d:e6:1b:6f:
         fd:72:d3:6a:97:0c:c3:13:2f:90:09:89:ca:cc:3e:71:3d:8d:
         92:15:17:06:49:2b:a4:9a:c7:91:25:b2:2f:70:53:04:80:d7:
         f0:1b:dc:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7c9GKwfdtlUiCg1S1r/FSSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwNDE0MTQxMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzZjODRlOGQ1MWU3YTQ2N2MxZjhmYmZhNzNlNTg1MDkyNGE3OTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQ4gME3HK5M8/j6b50STcfqREkFe
sI7f3zCRQ5wPSWsY9InCwzNvGftRngSP+H8y4z6SFov/aoefaTLS3IOQ0Q07f/4t
U2KormQNHlihHqQXWTYSRulyBjaIrvuV9w+WrmwzCeFODhnKQxCkyBDTrp25H0Vd
eq4JNwMfGFbvoRGHiN3/3NPv9M09O9gqjfZTvjX0tr37jOjurtI7n59IqgFL8Knt
nAfE5IB8nXFrISYGCG7BanYK0lEezJss0jjoyCoa+WgeL3ssWphvuBaeasUx85mO
o8X6PDH9e85YhOCb//tSR+eYouKiDT8RqzW5v0JwU0kO/1vfW65Cav6p0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGdshOjVHnpGfB+Pv6c+WFCSSnl6MB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvWjJ5RTZOVWVla1o4SDQtX3B6NVlVSkpLZVhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw9H0MA0G
CSqGSIb3DQEBCwUAA4IBAQBhiioj1y2bgqaFTjob4sH/8MNeFIgoijwGf/twTzs9
iaYat2+zvRhtG74RoZjllCXQTCEvw6WiVu/IfV6NajGVRpWelFej+sOnnHV+UqAW
IcUkxD+20yktlLfbQP4vNzNJAqqwRtf+Brnp58NvKiaTXwBGu5d+C8ZlZIJNPnyz
JqwEevcn+LJGA4sZ4/POlUykhKMpUibujlP0rUzGVDZRpOU61ANzy76+iwYkZxXl
zIRWT9Utw8e5juqGy3ifMPbAil9P8q17fUOOBGWxIuzwtfY8ro3mG2/9ctNqlwzD
Ey+QCYnKzD5xPY2SFRcGSSukmseRJbIvcFMEgNfwG9zR
-----END CERTIFICATE-----