Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/383be6-7c31-4dca-b3c1-dba6d7594c19/1/EUWieVOQDpb1uafQjhb-Qecg6f0.roa
File:                     EUWieVOQDpb1uafQjhb-Qecg6f0.roa (raw, json)
Hash identifier:          kq6QOegyYBQtp9xwrnRFT25zVE8OVSZt966aPbe9G5E=
Subject key identifier:   11:45:A2:79:53:90:0E:96:F5:B9:A7:D0:8E:16:FE:41:E7:20:E9:FD
Certificate issuer:       /CN=61041121ccc6e65d933961fd572d59e261f21a31
Certificate serial:       018CC801E186AC3B1FAFD0C24798744876A6
Authority key identifier: 61:04:11:21:CC:C6:E6:5D:93:39:61:FD:57:2D:59:E2:61:F2:1A:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YQQRIczG5l2TOWH9Vy1Z4mHyGjE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/383be6-7c31-4dca-b3c1-dba6d7594c19/1/EUWieVOQDpb1uafQjhb-Qecg6f0.roa
Signing time:             Tue 02 Jan 2024 02:30:15 +0000
ROA not before:           Tue 02 Jan 2024 02:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41960
IP address blocks:        185.160.4.0/22 maxlen: 24
                          2a02:d880::/32 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/383be6-7c31-4dca-b3c1-dba6d7594c19/1/YQQRIczG5l2TOWH9Vy1Z4mHyGjE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/383be6-7c31-4dca-b3c1-dba6d7594c19/1/YQQRIczG5l2TOWH9Vy1Z4mHyGjE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YQQRIczG5l2TOWH9Vy1Z4mHyGjE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:e1:86:ac:3b:1f:af:d0:c2:47:98:74:48:76:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61041121ccc6e65d933961fd572d59e261f21a31
        Validity
            Not Before: Jan  2 02:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1145a27953900e96f5b9a7d08e16fe41e720e9fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:62:b3:8b:18:20:c7:98:b3:a5:0e:18:f6:97:
                    00:c0:cd:23:7f:9b:95:1b:83:1d:62:9f:1b:df:11:
                    a2:31:ae:a8:5c:74:82:68:aa:5e:73:54:a0:27:34:
                    9a:b1:76:95:bb:9b:96:30:41:93:c4:26:51:e0:43:
                    38:81:eb:b1:ad:63:f2:9a:4e:83:02:b3:5f:e6:34:
                    35:d4:b6:2a:c0:f1:c9:12:ff:f4:fb:f8:9a:b8:73:
                    73:e3:d9:af:67:70:0b:ff:27:43:9b:b3:07:3c:16:
                    f8:ee:40:cc:7b:94:52:f6:66:7c:59:14:3d:17:1b:
                    30:b1:a3:8e:1a:43:76:85:93:7e:e1:b7:18:02:74:
                    aa:a6:f3:af:fa:15:69:be:ff:cc:eb:4a:ff:f5:93:
                    45:07:5e:7b:65:63:25:06:7b:ce:58:b2:cc:7b:96:
                    95:de:a7:51:25:5b:80:b9:93:c0:62:59:52:72:10:
                    a0:19:f2:5b:99:57:9a:cd:69:2f:fc:db:05:62:9d:
                    5f:4e:6e:2a:2d:0b:ab:0c:76:59:45:3c:da:4c:89:
                    45:16:07:d0:61:de:b9:6c:99:97:e6:b7:46:b2:af:
                    2d:7a:f9:94:47:37:ce:02:d3:37:f3:8d:07:ce:b6:
                    02:46:89:65:58:75:c5:96:74:d2:ee:7c:9f:fc:85:
                    e5:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:45:A2:79:53:90:0E:96:F5:B9:A7:D0:8E:16:FE:41:E7:20:E9:FD
            X509v3 Authority Key Identifier:
                keyid:61:04:11:21:CC:C6:E6:5D:93:39:61:FD:57:2D:59:E2:61:F2:1A:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YQQRIczG5l2TOWH9Vy1Z4mHyGjE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/383be6-7c31-4dca-b3c1-dba6d7594c19/1/EUWieVOQDpb1uafQjhb-Qecg6f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/383be6-7c31-4dca-b3c1-dba6d7594c19/1/YQQRIczG5l2TOWH9Vy1Z4mHyGjE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.4.0/22
                IPv6:
                  2a02:d880::/32

    Signature Algorithm: sha256WithRSAEncryption
         5d:43:c8:bf:80:8b:77:f9:fa:78:ed:ca:bf:f5:fe:7c:31:58:
         33:84:d0:cb:f9:45:4d:c8:43:bf:65:cc:91:27:ae:26:38:dc:
         ce:b6:c6:77:e1:61:f9:c8:1d:71:92:85:42:38:f6:7b:dd:00:
         a4:c1:89:20:34:7b:eb:72:b8:c3:d7:3c:1a:5e:f0:4e:43:96:
         6e:a9:02:16:18:f9:dd:2a:68:bc:79:67:ef:37:2e:56:b7:a1:
         9d:ea:ae:2f:1d:94:b4:27:97:8e:9f:c4:79:8a:83:d1:25:74:
         a7:07:7b:79:55:a0:be:06:5d:3a:24:1c:0c:b6:f4:22:b1:91:
         75:fb:88:11:eb:b5:98:06:a1:52:ee:13:18:55:5e:c9:31:cb:
         92:e3:70:5d:41:c0:7a:75:38:76:ac:8c:b1:09:44:bf:5b:fa:
         e2:2e:fd:34:b0:1a:50:b3:93:23:1d:a0:7f:45:79:1f:b9:4b:
         e5:01:36:75:09:eb:55:ec:d8:1a:25:06:f3:0a:be:39:85:fe:
         5e:84:49:aa:03:61:f9:4a:5f:93:26:9e:4b:23:2d:94:b7:eb:
         aa:da:b4:0a:d4:da:bf:4b:5f:ee:f6:04:dd:7f:ad:6f:a8:dd:
         46:de:ae:51:db:76:cc:79:83:11:51:12:82:00:0e:7c:7c:12:
         ba:16:ed:5f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAeGGrDsfr9DCR5h0SHamMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxMDQxMTIxY2NjNmU2NWQ5MzM5NjFmZDU3MmQ1OWUyNjFm
MjFhMzEwHhcNMjQwMTAyMDIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTQ1YTI3OTUzOTAwZTk2ZjViOWE3ZDA4ZTE2ZmU0MWU3MjBlOWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGKzixggx5izpQ4Y9pcAwM0jf5uV
G4MdYp8b3xGiMa6oXHSCaKpec1SgJzSasXaVu5uWMEGTxCZR4EM4geuxrWPymk6D
ArNf5jQ11LYqwPHJEv/0+/iauHNz49mvZ3AL/ydDm7MHPBb47kDMe5RS9mZ8WRQ9
FxswsaOOGkN2hZN+4bcYAnSqpvOv+hVpvv/M60r/9ZNFB157ZWMlBnvOWLLMe5aV
3qdRJVuAuZPAYllSchCgGfJbmVeazWkv/NsFYp1fTm4qLQurDHZZRTzaTIlFFgfQ
Yd65bJmX5rdGsq8tevmURzfOAtM3840HzrYCRollWHXFlnTS7nyf/IXlCQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBFFonlTkA6W9bmn0I4W/kHnIOn9MB8GA1UdIwQY
MBaAFGEEESHMxuZdkzlh/VctWeJh8hoxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVFRUkljekc1bDJUT1dIOVZ5MVo0bUh5R2pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zODNiZTYtN2MzMS00ZGNhLWIzYzEt
ZGJhNmQ3NTk0YzE5LzEvRVVXaWVWT1FEcGIxdWFmUWpoYi1RZWNnNmYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zODNiZTYtN2MzMS00ZGNhLWIzYzEtZGJhNmQ3NTk0YzE5
LzEvWVFRUkljekc1bDJUT1dIOVZ5MVo0bUh5R2pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaAEMA0E
AgACMAcDBQAqAtiAMA0GCSqGSIb3DQEBCwUAA4IBAQBdQ8i/gIt3+fp47cq/9f58
MVgzhNDL+UVNyEO/ZcyRJ64mONzOtsZ34WH5yB1xkoVCOPZ73QCkwYkgNHvrcrjD
1zwaXvBOQ5ZuqQIWGPndKmi8eWfvNy5Wt6Gd6q4vHZS0J5eOn8R5ioPRJXSnB3t5
VaC+Bl06JBwMtvQisZF1+4gR67WYBqFS7hMYVV7JMcuS43BdQcB6dTh2rIyxCUS/
W/riLv00sBpQs5MjHaB/RXkfuUvlATZ1CetV7NgaJQbzCr45hf5ehEmqA2H5Sl+T
Jp5LIy2Ut+uq2rQK1Nq/S1/u9gTdf61vqN1G3q5R23bMeYMRURKCAA58fBK6Fu1f
-----END CERTIFICATE-----