Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/a74744-ed48-4707-a63e-52f6919139c4/1/j2TJmD1Cy9KhO1Ls2NOaHGYyFA4.roa
File:                     j2TJmD1Cy9KhO1Ls2NOaHGYyFA4.roa (raw, json)
Hash identifier:          aDaq3Di7x/RzXtZeLgsqgHFqufosi3b9aeYdhGQK4uk=
Subject key identifier:   8F:64:C9:98:3D:42:CB:D2:A1:3B:52:EC:D8:D3:9A:1C:66:32:14:0E
Certificate issuer:       /CN=a98eebed9753f580bea75b352e706325a18d1447
Certificate serial:       018CC4934D709D5DFF6132F2EE2CBFAAFD1A
Authority key identifier: A9:8E:EB:ED:97:53:F5:80:BE:A7:5B:35:2E:70:63:25:A1:8D:14:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qY7r7ZdT9YC-p1s1LnBjJaGNFEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/a74744-ed48-4707-a63e-52f6919139c4/1/j2TJmD1Cy9KhO1Ls2NOaHGYyFA4.roa
Signing time:             Mon 01 Jan 2024 10:30:37 +0000
ROA not before:           Mon 01 Jan 2024 10:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12552
IP address blocks:        185.57.136.0/22 maxlen: 24
                          2a04:ddc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/a74744-ed48-4707-a63e-52f6919139c4/1/qY7r7ZdT9YC-p1s1LnBjJaGNFEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/a74744-ed48-4707-a63e-52f6919139c4/1/qY7r7ZdT9YC-p1s1LnBjJaGNFEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qY7r7ZdT9YC-p1s1LnBjJaGNFEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:4d:70:9d:5d:ff:61:32:f2:ee:2c:bf:aa:fd:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a98eebed9753f580bea75b352e706325a18d1447
        Validity
            Not Before: Jan  1 10:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f64c9983d42cbd2a13b52ecd8d39a1c6632140e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:cb:95:b7:ab:b0:ed:d0:99:4e:c8:83:24:c8:
                    98:4b:d4:67:ce:78:cc:5b:73:4e:c5:ca:f1:70:4f:
                    ee:0f:ea:02:5a:6c:e0:d3:a8:86:a7:a3:8e:54:93:
                    ad:1d:c9:19:46:18:e6:ef:13:36:c8:da:16:93:72:
                    ac:17:c6:bf:4c:8d:26:fa:25:b1:ed:41:36:b8:9b:
                    7f:80:fa:51:f7:04:0f:eb:b1:52:d0:a7:31:84:cc:
                    9e:9e:6a:ed:a4:f0:20:7b:bd:80:d0:f7:f0:e6:96:
                    91:27:d9:71:b2:0c:b9:74:1a:d6:53:20:4c:1b:a3:
                    df:97:e4:35:fd:df:50:57:c4:86:c3:f4:1b:67:4d:
                    0d:d8:6c:9c:5a:e2:f3:26:f2:a4:e4:05:0a:16:72:
                    85:5f:f3:15:41:85:21:dd:90:67:4b:58:cf:b5:89:
                    da:36:3d:d3:92:88:a8:52:61:84:a0:47:55:1c:ff:
                    96:33:9b:df:dc:82:ac:91:0f:f7:a5:4c:2b:84:71:
                    30:56:b4:50:67:11:d4:57:7a:fd:e3:c4:a8:e7:af:
                    31:ca:9f:83:27:a5:28:38:5d:1e:f2:59:93:40:5c:
                    ab:74:b0:f3:84:a8:a9:ac:7f:84:98:60:46:61:5d:
                    92:81:93:07:4b:e9:0d:68:7b:50:8c:0a:c5:1a:00:
                    8b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:64:C9:98:3D:42:CB:D2:A1:3B:52:EC:D8:D3:9A:1C:66:32:14:0E
            X509v3 Authority Key Identifier:
                keyid:A9:8E:EB:ED:97:53:F5:80:BE:A7:5B:35:2E:70:63:25:A1:8D:14:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qY7r7ZdT9YC-p1s1LnBjJaGNFEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/a74744-ed48-4707-a63e-52f6919139c4/1/j2TJmD1Cy9KhO1Ls2NOaHGYyFA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/a74744-ed48-4707-a63e-52f6919139c4/1/qY7r7ZdT9YC-p1s1LnBjJaGNFEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.136.0/22
                IPv6:
                  2a04:ddc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         83:f4:e8:40:ed:02:1a:e4:3d:e7:10:33:c1:ef:ba:19:b0:7b:
         05:fa:cc:32:c2:70:bf:d3:c5:22:c7:16:94:e3:8e:02:19:d9:
         0d:da:20:65:a4:a7:ae:cb:d5:09:55:83:ea:7b:a4:c0:40:cf:
         ef:67:4c:88:8e:6f:be:06:bc:53:8b:1a:57:a8:fc:88:88:6d:
         39:cc:a5:5e:89:21:77:da:9e:80:b3:99:e2:9a:d7:1f:a5:97:
         86:ec:d4:80:0b:40:89:2c:bf:d0:03:7a:40:51:e2:89:aa:4b:
         c8:11:4d:34:8b:8d:0e:d3:32:53:79:73:c9:3e:0a:4d:8c:64:
         11:6a:82:97:1b:f0:9b:a7:dd:cb:3b:a6:ff:c6:b7:7f:a5:06:
         75:2f:d6:2a:8d:dc:3d:fa:26:e6:e5:b0:48:68:ee:d2:67:6b:
         17:d8:67:2d:75:79:68:3d:ce:3a:9b:1e:6a:5a:e1:23:9f:71:
         ca:ea:0c:3a:1a:05:ab:5c:2b:33:51:5c:ba:6b:8b:5f:32:9b:
         1e:71:e3:43:46:1e:5a:2f:e8:ed:ef:d1:5c:63:2a:6a:9b:4b:
         ac:41:fa:5d:9e:71:5c:17:82:3f:4b:56:d2:23:de:0d:01:ef:
         58:5c:12:5e:66:62:08:d7:43:40:4e:f4:d7:4e:71:7e:c4:63:
         d2:4e:41:4c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk01wnV3/YTLy7iy/qv0aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5OGVlYmVkOTc1M2Y1ODBiZWE3NWIzNTJlNzA2MzI1YTE4
ZDE0NDcwHhcNMjQwMTAxMTAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjY0Yzk5ODNkNDJjYmQyYTEzYjUyZWNkOGQzOWExYzY2MzIxNDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcuVt6uw7dCZTsiDJMiYS9RnznjM
W3NOxcrxcE/uD+oCWmzg06iGp6OOVJOtHckZRhjm7xM2yNoWk3KsF8a/TI0m+iWx
7UE2uJt/gPpR9wQP67FS0KcxhMyenmrtpPAge72A0Pfw5paRJ9lxsgy5dBrWUyBM
G6Pfl+Q1/d9QV8SGw/QbZ00N2GycWuLzJvKk5AUKFnKFX/MVQYUh3ZBnS1jPtYna
Nj3TkoioUmGEoEdVHP+WM5vf3IKskQ/3pUwrhHEwVrRQZxHUV3r948So568xyp+D
J6UoOF0e8lmTQFyrdLDzhKiprH+EmGBGYV2SgZMHS+kNaHtQjArFGgCLDQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI9kyZg9QsvSoTtS7NjTmhxmMhQOMB8GA1UdIwQY
MBaAFKmO6+2XU/WAvqdbNS5wYyWhjRRHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVk3cjdaZFQ5WUMtcDFzMUxuQmpKYUdORkVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9hNzQ3NDQtZWQ0OC00NzA3LWE2M2Ut
NTJmNjkxOTEzOWM0LzEvajJUSm1EMUN5OUtoTzFMczJOT2FIR1l5RkE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9hNzQ3NDQtZWQ0OC00NzA3LWE2M2UtNTJmNjkxOTEzOWM0
LzEvcVk3cjdaZFQ5WUMtcDFzMUxuQmpKYUdORkVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTmIMA0E
AgACMAcDBQMqBN3AMA0GCSqGSIb3DQEBCwUAA4IBAQCD9OhA7QIa5D3nEDPB77oZ
sHsF+swywnC/08UixxaU444CGdkN2iBlpKeuy9UJVYPqe6TAQM/vZ0yIjm++BrxT
ixpXqPyIiG05zKVeiSF32p6As5nimtcfpZeG7NSAC0CJLL/QA3pAUeKJqkvIEU00
i40O0zJTeXPJPgpNjGQRaoKXG/Cbp93LO6b/xrd/pQZ1L9Yqjdw9+ibm5bBIaO7S
Z2sX2GctdXloPc46mx5qWuEjn3HK6gw6GgWrXCszUVy6a4tfMpseceNDRh5aL+jt
79FcYypqm0usQfpdnnFcF4I/S1bSI94NAe9YXBJeZmII10NATvTXTnF+xGPSTkFM
-----END CERTIFICATE-----