Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/442101-780b-47ac-857d-f9e7cb03c527/1/3KDC5TLU0y1QGQcGPPZMmb6yj9U.roa
File:                     3KDC5TLU0y1QGQcGPPZMmb6yj9U.roa (raw, json)
Hash identifier:          eym6OzFtd3cU5o2WC3LcM42orFy7eeGqgNUhh0IOGrg=
Subject key identifier:   DC:A0:C2:E5:32:D4:D3:2D:50:19:07:06:3C:F6:4C:99:BE:B2:8F:D5
Certificate issuer:       /CN=bc65b4ba4d7869d5cb8f9574f0f4feee70ebc6c5
Certificate serial:       018CC424E5865312C8EFB071F114DE00F5E3
Authority key identifier: BC:65:B4:BA:4D:78:69:D5:CB:8F:95:74:F0:F4:FE:EE:70:EB:C6:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vGW0uk14adXLj5V08PT-7nDrxsU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/442101-780b-47ac-857d-f9e7cb03c527/1/3KDC5TLU0y1QGQcGPPZMmb6yj9U.roa
Signing time:             Mon 01 Jan 2024 08:30:01 +0000
ROA not before:           Mon 01 Jan 2024 08:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     394256
IP address blocks:        193.188.2.0/23 maxlen: 24
                          193.188.14.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/442101-780b-47ac-857d-f9e7cb03c527/1/vGW0uk14adXLj5V08PT-7nDrxsU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/442101-780b-47ac-857d-f9e7cb03c527/1/vGW0uk14adXLj5V08PT-7nDrxsU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vGW0uk14adXLj5V08PT-7nDrxsU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 10:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:e5:86:53:12:c8:ef:b0:71:f1:14:de:00:f5:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc65b4ba4d7869d5cb8f9574f0f4feee70ebc6c5
        Validity
            Not Before: Jan  1 08:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dca0c2e532d4d32d501907063cf64c99beb28fd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a7:26:89:fd:56:94:a6:98:7f:4c:e5:9a:97:
                    72:2d:b1:58:53:4b:a2:06:92:0a:01:c9:ca:d3:04:
                    8d:ee:a5:c3:a5:7f:02:2c:ad:17:73:83:19:a7:c8:
                    a3:c1:ee:3b:c3:ee:02:e1:61:a4:4f:df:7c:38:be:
                    c1:ea:62:31:38:99:00:40:b6:62:0e:54:b1:09:2e:
                    c5:80:e5:f0:57:57:d9:88:cd:6d:c6:86:04:9b:e9:
                    43:0a:f0:01:48:0a:52:09:e8:8a:90:19:03:a7:f3:
                    d6:55:fb:15:76:47:02:89:c2:aa:55:3f:b5:3a:be:
                    b9:32:a4:97:65:cc:9f:bd:2c:7e:1d:cc:9e:80:a9:
                    37:22:db:4f:97:4d:7b:14:53:3e:df:07:c4:83:f5:
                    60:49:b4:4f:99:bd:4d:84:98:d6:a3:3a:9b:33:ad:
                    6e:81:03:6f:32:ca:b4:b1:7b:2f:10:aa:aa:b9:f1:
                    c2:8e:7f:17:07:11:39:5d:26:e2:9a:8f:c1:b5:ef:
                    d6:e2:8f:80:15:cc:e0:d3:30:92:e5:6b:51:79:9d:
                    52:12:43:b6:3b:db:33:b0:69:13:63:cf:4e:99:47:
                    6e:44:15:63:13:93:a0:a1:18:92:18:92:b9:18:db:
                    2c:ef:6f:91:5f:69:0f:b5:29:31:79:ae:75:af:a5:
                    d1:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:A0:C2:E5:32:D4:D3:2D:50:19:07:06:3C:F6:4C:99:BE:B2:8F:D5
            X509v3 Authority Key Identifier:
                keyid:BC:65:B4:BA:4D:78:69:D5:CB:8F:95:74:F0:F4:FE:EE:70:EB:C6:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vGW0uk14adXLj5V08PT-7nDrxsU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/442101-780b-47ac-857d-f9e7cb03c527/1/3KDC5TLU0y1QGQcGPPZMmb6yj9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/442101-780b-47ac-857d-f9e7cb03c527/1/vGW0uk14adXLj5V08PT-7nDrxsU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.188.2.0/23
                  193.188.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:ae:bb:9f:38:19:26:66:d1:c1:51:dc:5a:a0:68:e2:9d:2b:
         1e:f2:fe:b1:78:3e:5a:19:b1:48:c6:ad:f3:d0:1d:f3:4e:7b:
         f2:6d:10:5d:7f:d2:c4:ef:d1:d9:97:7d:00:21:ef:05:ec:61:
         86:bc:b0:68:d1:ee:f7:09:ee:fb:e4:28:ca:50:15:65:9f:2b:
         05:4b:f8:14:1f:9e:90:8f:c9:0e:ca:b3:fc:77:e7:be:86:4b:
         50:81:5a:8a:b1:1e:a2:a6:f1:d9:05:7f:b0:29:79:be:c3:a0:
         28:16:6f:d2:ff:b4:1b:4e:3a:02:10:2c:48:82:95:a4:20:6e:
         76:0a:b3:75:75:49:21:4d:fe:4e:c9:4c:ad:29:06:de:8a:4f:
         64:32:cf:2d:01:4b:c4:8b:84:1c:21:e2:2e:5d:1c:31:8e:93:
         0e:3c:ea:51:2e:c4:5e:d9:2e:b4:65:6d:ff:55:5f:40:9d:59:
         a6:87:2b:dd:3f:be:6b:67:65:d8:fd:86:c2:0b:9b:c0:03:d4:
         76:8e:63:df:bf:17:2b:85:37:d3:88:de:e9:81:1b:9c:85:56:
         83:3c:ff:11:61:3b:c2:d7:c0:e1:f6:a3:7b:a7:bb:df:29:6a:
         5f:88:58:42:83:89:d6:a6:2e:8e:96:87:83:01:1d:09:8d:99:
         03:d0:7a:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJOWGUxLI77Bx8RTeAPXjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNjViNGJhNGQ3ODY5ZDVjYjhmOTU3NGYwZjRmZWVlNzBl
YmM2YzUwHhcNMjQwMTAxMDgzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2EwYzJlNTMyZDRkMzJkNTAxOTA3MDYzY2Y2NGM5OWJlYjI4ZmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6cmif1WlKaYf0zlmpdyLbFYU0ui
BpIKAcnK0wSN7qXDpX8CLK0Xc4MZp8ijwe47w+4C4WGkT998OL7B6mIxOJkAQLZi
DlSxCS7FgOXwV1fZiM1txoYEm+lDCvABSApSCeiKkBkDp/PWVfsVdkcCicKqVT+1
Or65MqSXZcyfvSx+HcyegKk3IttPl017FFM+3wfEg/VgSbRPmb1NhJjWozqbM61u
gQNvMsq0sXsvEKqqufHCjn8XBxE5XSbimo/Bte/W4o+AFczg0zCS5WtReZ1SEkO2
O9szsGkTY89OmUduRBVjE5OgoRiSGJK5GNss72+RX2kPtSkxea51r6XR6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNygwuUy1NMtUBkHBjz2TJm+so/VMB8GA1UdIwQY
MBaAFLxltLpNeGnVy4+VdPD0/u5w68bFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkdXMHVrMTRhZFhMajVWMDhQVC03bkRyeHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NDIxMDEtNzgwYi00N2FjLTg1N2Qt
ZjllN2NiMDNjNTI3LzEvM0tEQzVUTFUweTFRR1FjR1BQWk1tYjZ5ajlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NDIxMDEtNzgwYi00N2FjLTg1N2QtZjllN2NiMDNjNTI3
LzEvdkdXMHVrMTRhZFhMajVWMDhQVC03bkRyeHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwbwCAwQB
wbwOMA0GCSqGSIb3DQEBCwUAA4IBAQASrrufOBkmZtHBUdxaoGjinSse8v6xeD5a
GbFIxq3z0B3zTnvybRBdf9LE79HZl30AIe8F7GGGvLBo0e73Ce775CjKUBVlnysF
S/gUH56Qj8kOyrP8d+e+hktQgVqKsR6ipvHZBX+wKXm+w6AoFm/S/7QbTjoCECxI
gpWkIG52CrN1dUkhTf5OyUytKQbeik9kMs8tAUvEi4QcIeIuXRwxjpMOPOpRLsRe
2S60ZW3/VV9AnVmmhyvdP75rZ2XY/YbCC5vAA9R2jmPfvxcrhTfTiN7pgRuchVaD
PP8RYTvC18Dh9qN7p7vfKWpfiFhCg4nWpi6OloeDAR0JjZkD0HoA
-----END CERTIFICATE-----