Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/205BstXpV1lLvZN2i1gidjuu_U4.roa
File:                     205BstXpV1lLvZN2i1gidjuu_U4.roa (raw, json)
Hash identifier:          xZUhOrIWXAzPQ5e5D3y16FBNjwxj2ZPtuHTSQjFBaZs=
Subject key identifier:   DB:4E:41:B2:D5:E9:57:59:4B:BD:93:76:8B:58:22:76:3B:AE:FD:4E
Certificate issuer:       /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial:       018FD94B6442A5B962EB1B420B173D572125
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/205BstXpV1lLvZN2i1gidjuu_U4.roa
Signing time:             Sun 02 Jun 2024 14:12:27 +0000
ROA not before:           Sun 02 Jun 2024 14:12:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        92.53.160.0/20 maxlen: 24
                          92.53.184.0/22 maxlen: 24
                          92.53.188.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:d9:4b:64:42:a5:b9:62:eb:1b:42:0b:17:3d:57:21:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
        Validity
            Not Before: Jun  2 14:12:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db4e41b2d5e957594bbd93768b5822763baefd4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:bc:ce:04:4a:43:d4:2d:85:c4:0b:35:48:61:
                    c3:0f:0f:6f:d6:3e:f9:af:b7:77:f8:da:13:a3:fc:
                    e5:b0:bf:7a:b0:2c:06:89:9b:b6:94:ad:aa:46:15:
                    81:38:84:1d:32:14:73:d2:02:15:a2:fd:0c:3d:aa:
                    7f:ee:93:c0:c5:88:97:f4:a6:63:71:e2:61:7d:89:
                    83:87:e7:c0:17:10:22:ca:c1:c7:8d:8c:48:e1:6b:
                    17:3f:b8:2d:6c:d0:1f:08:d0:f2:f8:e1:16:a5:56:
                    63:7c:7a:0e:7e:e2:de:06:dc:4c:3f:0a:96:a0:65:
                    13:07:be:d3:b4:b8:19:fe:e0:9d:99:4d:40:f8:73:
                    61:7a:25:26:90:26:69:8a:46:2b:3c:d3:8b:be:e8:
                    00:00:bf:0d:62:18:39:8c:7b:85:78:ce:1a:93:b9:
                    91:2f:1c:40:99:d4:b6:d4:dd:27:bb:5b:2e:a5:df:
                    9b:5a:87:66:37:37:4a:6f:d6:a4:1e:b5:ca:74:4a:
                    34:45:92:90:f8:db:33:9b:35:95:72:ed:4a:2d:5d:
                    70:09:5c:83:64:bc:b7:13:56:98:1f:60:9c:94:0f:
                    63:8a:eb:7d:74:e2:01:5c:1d:2e:b0:47:b7:b5:0e:
                    a9:1f:f2:26:85:55:1e:42:a8:b7:51:3e:d5:e8:45:
                    96:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:4E:41:B2:D5:E9:57:59:4B:BD:93:76:8B:58:22:76:3B:AE:FD:4E
            X509v3 Authority Key Identifier:
                keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/205BstXpV1lLvZN2i1gidjuu_U4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.53.160.0/20
                  92.53.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a4:77:b6:0a:40:f6:e3:26:6a:38:ca:db:31:03:63:cb:eb:69:
         25:03:fb:95:cd:8a:98:97:88:5c:7a:8f:13:45:03:cc:24:fd:
         e3:70:d3:79:c4:8a:2a:c4:e2:fb:60:45:06:34:9a:a3:ca:58:
         6f:3c:e1:9d:39:53:a4:80:e8:b7:6d:50:92:9f:76:30:fa:ed:
         1c:11:70:d7:63:ac:52:1c:ec:99:aa:ce:c9:c5:94:76:8c:36:
         f2:14:87:79:c6:fe:b4:b6:b2:5d:38:3b:ed:f1:86:18:17:88:
         07:4e:ba:d4:12:4a:68:47:67:73:06:72:27:c2:c8:e4:ce:c4:
         12:e9:e7:4d:9e:f8:57:a1:dd:a2:b7:54:64:0b:53:e0:d5:3f:
         45:e5:b1:3c:ff:b4:7d:38:d0:b4:96:38:b1:1f:05:28:66:de:
         86:73:a7:5a:f4:68:3a:c9:49:48:e4:e8:2c:f2:da:3a:16:57:
         38:a1:e8:36:a0:c3:d3:f0:24:99:ad:7f:fa:38:e3:27:88:29:
         e4:02:63:9b:59:95:6b:ab:08:a7:f3:3f:66:ad:05:09:ca:ce:
         2e:bf:93:e0:50:db:3f:b2:be:84:4d:1b:7d:48:b1:89:95:bc:
         c7:b5:4c:8f:c3:da:47:d8:77:61:7d:ca:62:07:e4:29:3f:98:
         e8:60:e3:f1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY/ZS2RCpbli6xtCCxc9VyElMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjQwNjAyMTQxMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjRlNDFiMmQ1ZTk1NzU5NGJiZDkzNzY4YjU4MjI3NjNiYWVmZDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7zOBEpD1C2FxAs1SGHDDw9v1j75
r7d3+NoTo/zlsL96sCwGiZu2lK2qRhWBOIQdMhRz0gIVov0MPap/7pPAxYiX9KZj
ceJhfYmDh+fAFxAiysHHjYxI4WsXP7gtbNAfCNDy+OEWpVZjfHoOfuLeBtxMPwqW
oGUTB77TtLgZ/uCdmU1A+HNheiUmkCZpikYrPNOLvugAAL8NYhg5jHuFeM4ak7mR
LxxAmdS21N0nu1supd+bWodmNzdKb9akHrXKdEo0RZKQ+NszmzWVcu1KLV1wCVyD
ZLy3E1aYH2CclA9jiut9dOIBXB0usEe3tQ6pH/ImhVUeQqi3UT7V6EWWVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNtOQbLV6VdZS72TdotYInY7rv1OMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvMjA1QnN0WHBWMWxMdlpOMmkxZ2lkanV1X1U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEXDWgAwQD
XDW4MA0GCSqGSIb3DQEBCwUAA4IBAQCkd7YKQPbjJmo4ytsxA2PL62klA/uVzYqY
l4hceo8TRQPMJP3jcNN5xIoqxOL7YEUGNJqjylhvPOGdOVOkgOi3bVCSn3Yw+u0c
EXDXY6xSHOyZqs7JxZR2jDbyFId5xv60trJdODvt8YYYF4gHTrrUEkpoR2dzBnIn
wsjkzsQS6edNnvhXod2it1RkC1Pg1T9F5bE8/7R9ONC0ljixHwUoZt6Gc6da9Gg6
yUlI5Ogs8to6Flc4oeg2oMPT8CSZrX/6OOMniCnkAmObWZVrqwin8z9mrQUJys4u
v5PgUNs/sr6ETRt9SLGJlbzHtUyPw9pH2HdhfcpiB+QpP5joYOPx
-----END CERTIFICATE-----