Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/219449-f243-46e3-bba7-1d5513bff4d6/1/T5QrmGkMc5SgNRyACLB_jL5ghuE.roa
File:                     T5QrmGkMc5SgNRyACLB_jL5ghuE.roa (raw, json)
Hash identifier:          6GPN3OeYbA0LZmeCVNt+I7hCzhIkGWGDj/lHb1cY0Js=
Subject key identifier:   4F:94:2B:98:69:0C:73:94:A0:35:1C:80:08:B0:7F:8C:BE:60:86:E1
Certificate issuer:       /CN=b3e064e17335fdeb83a09862a735a6e97762d973
Certificate serial:       018CC26D1D1FCE7360A47E9D9EA1DCA4DC62
Authority key identifier: B3:E0:64:E1:73:35:FD:EB:83:A0:98:62:A7:35:A6:E9:77:62:D9:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s-Bk4XM1_euDoJhipzWm6Xdi2XM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/219449-f243-46e3-bba7-1d5513bff4d6/1/T5QrmGkMc5SgNRyACLB_jL5ghuE.roa
Signing time:             Mon 01 Jan 2024 00:29:39 +0000
ROA not before:           Mon 01 Jan 2024 00:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13287
IP address blocks:        155.133.195.0/24 maxlen: 24
                          153.92.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/219449-f243-46e3-bba7-1d5513bff4d6/1/s-Bk4XM1_euDoJhipzWm6Xdi2XM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/219449-f243-46e3-bba7-1d5513bff4d6/1/s-Bk4XM1_euDoJhipzWm6Xdi2XM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s-Bk4XM1_euDoJhipzWm6Xdi2XM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1d:1f:ce:73:60:a4:7e:9d:9e:a1:dc:a4:dc:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3e064e17335fdeb83a09862a735a6e97762d973
        Validity
            Not Before: Jan  1 00:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f942b98690c7394a0351c8008b07f8cbe6086e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:63:ae:73:20:75:e5:64:98:50:c0:54:bc:3c:
                    ca:ff:70:1b:01:48:1f:ab:3e:44:54:e6:48:00:38:
                    7d:d8:26:ec:7f:4f:c1:8a:22:bd:a2:a1:e6:24:cb:
                    da:e2:7e:37:62:d2:b5:5b:1d:16:96:b0:2a:5b:f4:
                    6f:00:79:5b:03:59:fe:27:b7:8b:57:4a:20:07:bd:
                    30:e5:01:f2:ed:74:fa:10:e6:1a:11:90:f7:b7:03:
                    30:e1:c6:2b:c9:ef:49:c8:4d:92:92:23:94:8f:99:
                    e8:9d:d0:00:41:31:4e:a7:5b:d6:12:58:5a:e2:02:
                    0d:ba:ea:aa:61:43:9a:90:c1:ab:6b:9d:38:62:c1:
                    08:2b:19:e2:18:48:3d:75:cc:50:c4:b2:06:8d:77:
                    54:02:d6:c8:87:7b:e9:9d:ea:46:48:cc:a2:88:94:
                    41:2b:9c:44:eb:57:3b:b8:3c:12:f7:40:bb:2b:9e:
                    a5:e5:d8:11:ab:11:f5:d2:06:7c:20:c0:8f:6e:dd:
                    15:c2:2f:68:6a:51:ef:1c:3f:fb:d4:26:81:de:f8:
                    85:26:52:9a:46:ef:97:e2:14:25:39:69:e8:59:8c:
                    12:d5:3a:0c:74:ba:91:4a:9a:85:3a:25:69:95:e3:
                    3b:47:d7:dc:c1:43:a8:c9:21:13:16:73:f6:63:e1:
                    90:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:94:2B:98:69:0C:73:94:A0:35:1C:80:08:B0:7F:8C:BE:60:86:E1
            X509v3 Authority Key Identifier:
                keyid:B3:E0:64:E1:73:35:FD:EB:83:A0:98:62:A7:35:A6:E9:77:62:D9:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s-Bk4XM1_euDoJhipzWm6Xdi2XM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/219449-f243-46e3-bba7-1d5513bff4d6/1/T5QrmGkMc5SgNRyACLB_jL5ghuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/219449-f243-46e3-bba7-1d5513bff4d6/1/s-Bk4XM1_euDoJhipzWm6Xdi2XM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.92.42.0/24
                  155.133.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:fe:15:69:da:bb:a0:a1:9c:e5:3a:d5:3d:5e:25:10:93:ee:
         4c:74:24:b0:67:67:f3:a6:a9:47:f9:b9:ef:84:84:27:9a:1b:
         90:99:a2:21:b6:b1:6f:c1:d0:3f:be:d0:ed:0c:15:b7:34:38:
         03:0f:eb:9c:6b:d0:39:82:ad:00:18:22:04:cc:eb:65:92:23:
         17:7d:60:14:c3:ee:93:9c:00:01:fa:01:a3:2e:f7:76:c3:46:
         5d:4e:2c:f8:70:9b:2e:16:6c:f0:91:37:4a:dc:23:46:fd:68:
         32:be:67:08:ba:0f:12:54:1e:7a:90:12:e8:4c:ab:53:74:c2:
         0c:a2:e8:ce:43:b1:be:f9:9e:61:21:97:3b:d7:f9:5a:c3:75:
         a8:55:98:a3:f9:f5:4c:a6:03:89:7c:e7:ae:80:1d:a8:40:11:
         c2:06:c9:95:9a:3b:ba:e3:38:b2:b9:48:00:64:d3:44:ef:5c:
         22:5b:be:be:d9:4d:ac:22:e8:97:50:95:a5:41:7f:70:c1:9d:
         29:5a:8f:fb:99:ab:7e:1c:3e:65:05:2e:b1:82:bc:60:3a:14:
         26:f3:60:94:95:74:bd:76:c6:0d:8e:fa:09:7a:ad:8b:43:13:
         cb:18:f3:04:c8:dc:2b:93:14:d0:cf:3c:32:f1:3c:63:53:21:
         ad:cf:e6:8d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbR0fznNgpH6dnqHcpNxiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZTA2NGUxNzMzNWZkZWI4M2EwOTg2MmE3MzVhNmU5Nzc2
MmQ5NzMwHhcNMjQwMTAxMDAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Zjk0MmI5ODY5MGM3Mzk0YTAzNTFjODAwOGIwN2Y4Y2JlNjA4NmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmOucyB15WSYUMBUvDzK/3AbAUgf
qz5EVOZIADh92Cbsf0/BiiK9oqHmJMva4n43YtK1Wx0WlrAqW/RvAHlbA1n+J7eL
V0ogB70w5QHy7XT6EOYaEZD3twMw4cYrye9JyE2SkiOUj5nondAAQTFOp1vWElha
4gINuuqqYUOakMGra504YsEIKxniGEg9dcxQxLIGjXdUAtbIh3vpnepGSMyiiJRB
K5xE61c7uDwS90C7K56l5dgRqxH10gZ8IMCPbt0Vwi9oalHvHD/71CaB3viFJlKa
Ru+X4hQlOWnoWYwS1ToMdLqRSpqFOiVpleM7R9fcwUOoySETFnP2Y+GQsQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE+UK5hpDHOUoDUcgAiwf4y+YIbhMB8GA1UdIwQY
MBaAFLPgZOFzNf3rg6CYYqc1pul3YtlzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcy1CazRYTTFfZXVEb0poaXB6V202WGRpMlhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yMTk0NDktZjI0My00NmUzLWJiYTct
MWQ1NTEzYmZmNGQ2LzEvVDVRcm1Ha01jNVNnTlJ5QUNMQl9qTDVnaHVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yMTk0NDktZjI0My00NmUzLWJiYTctMWQ1NTEzYmZmNGQ2
LzEvcy1CazRYTTFfZXVEb0poaXB6V202WGRpMlhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAmVwqAwQA
m4XDMA0GCSqGSIb3DQEBCwUAA4IBAQCy/hVp2rugoZzlOtU9XiUQk+5MdCSwZ2fz
pqlH+bnvhIQnmhuQmaIhtrFvwdA/vtDtDBW3NDgDD+uca9A5gq0AGCIEzOtlkiMX
fWAUw+6TnAAB+gGjLvd2w0ZdTiz4cJsuFmzwkTdK3CNG/WgyvmcIug8SVB56kBLo
TKtTdMIMoujOQ7G++Z5hIZc71/law3WoVZij+fVMpgOJfOeugB2oQBHCBsmVmju6
4ziyuUgAZNNE71wiW76+2U2sIuiXUJWlQX9wwZ0pWo/7mat+HD5lBS6xgrxgOhQm
82CUlXS9dsYNjvoJeq2LQxPLGPMEyNwrkxTQzzwy8TxjUyGtz+aN
-----END CERTIFICATE-----