Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/rTv0KRGChzL9gvwpGGvt_hja_vM.roa
File:                     rTv0KRGChzL9gvwpGGvt_hja_vM.roa (raw, json)
Hash identifier:          3SS9j8kGonBOm1Jtv0pUDIukGAW3KKJl+4twEFwgAK0=
Subject key identifier:   AD:3B:F4:29:11:82:87:32:FD:82:FC:29:18:6B:ED:FE:18:DA:FE:F3
Certificate issuer:       /CN=37518d180923a7f3c00653ec12bc702b95aab907
Certificate serial:       018CC348ACED7220911365B4E0F8917CC9BA
Authority key identifier: 37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/rTv0KRGChzL9gvwpGGvt_hja_vM.roa
Signing time:             Mon 01 Jan 2024 04:29:29 +0000
ROA not before:           Mon 01 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212167
IP address blocks:        193.255.52.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ac:ed:72:20:91:13:65:b4:e0:f8:91:7c:c9:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37518d180923a7f3c00653ec12bc702b95aab907
        Validity
            Not Before: Jan  1 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad3bf42911828732fd82fc29186bedfe18dafef3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d3:c5:47:3d:74:f8:ad:d0:99:c0:24:df:e1:
                    f2:c7:24:07:bb:6e:6c:3b:d1:79:fa:17:91:d4:d7:
                    6d:55:2d:43:40:db:a1:00:03:e2:60:10:0a:c2:5c:
                    fd:ac:d2:68:02:25:8e:94:a4:d4:24:c4:a8:c4:f0:
                    f2:dd:61:c9:96:04:73:bf:24:cf:25:31:aa:48:09:
                    c7:34:66:b7:0d:2e:55:e4:af:62:13:a8:ff:f3:bb:
                    f9:98:e3:52:62:f2:45:31:19:00:c0:c5:0a:f9:58:
                    80:fa:c9:94:df:68:82:16:fc:aa:18:cf:95:8a:8b:
                    9b:23:ff:3d:86:14:9f:87:3a:09:63:05:d5:a4:7c:
                    98:c0:a5:23:2f:40:af:35:24:09:e1:5a:c9:84:5f:
                    54:f1:f3:94:7d:ce:95:3c:aa:96:c5:96:6c:ad:d0:
                    9d:cc:60:6d:29:d4:42:d5:a7:d5:2f:51:2a:2c:1d:
                    5d:71:8a:a8:0e:e1:72:7a:bc:ac:47:b5:76:62:b5:
                    a4:0b:7c:02:73:c1:7e:c7:53:dd:48:f7:6e:71:82:
                    fa:62:f5:c1:e9:17:72:86:37:ea:c0:ee:d0:2b:c7:
                    8f:ee:93:3f:f4:c3:ab:53:29:d6:98:c1:37:26:91:
                    1e:ca:4f:d5:86:37:ab:7c:e7:56:d1:59:06:dc:a5:
                    fb:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:3B:F4:29:11:82:87:32:FD:82:FC:29:18:6B:ED:FE:18:DA:FE:F3
            X509v3 Authority Key Identifier:
                keyid:37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/rTv0KRGChzL9gvwpGGvt_hja_vM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.255.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:01:ec:d4:9e:ec:4e:41:0e:db:58:cd:32:35:0c:6a:f3:f5:
         db:1d:f7:b8:48:f5:a1:eb:38:49:a7:95:3b:5b:46:e0:d7:3a:
         1b:49:73:8d:22:8e:43:3f:73:d9:a9:1b:6a:d0:74:4f:03:98:
         e9:4c:8a:5a:af:80:2b:a1:3c:67:a9:44:69:85:bc:6d:14:22:
         15:58:cc:7e:7b:a5:39:83:71:98:85:b8:ee:a8:6a:bf:37:50:
         23:60:1e:08:ee:c1:25:ba:df:ae:ec:5f:27:25:90:df:df:81:
         a8:3c:12:73:a6:09:85:33:2f:ef:75:50:ef:58:f7:19:9a:9a:
         81:66:8f:95:63:f1:7b:4d:66:a3:f8:89:68:18:a0:ff:21:5c:
         f1:4f:b3:5f:60:34:dc:5a:9f:26:b9:17:35:dd:9c:2d:b9:82:
         4c:aa:0e:f2:7a:56:0e:30:3a:1d:c5:2c:c1:35:3f:d9:f3:dc:
         a5:a9:75:1c:96:2c:fd:4e:16:44:15:82:82:8e:ab:d5:08:d9:
         86:52:92:79:56:fd:30:f8:69:4a:9a:e2:e0:80:61:c2:01:15:
         e1:fa:e2:ea:ba:17:09:51:7e:d2:8e:c9:76:2d:36:45:bd:33:
         8d:eb:98:86:f5:7a:5e:78:14:5e:f9:3b:a4:59:30:ec:b1:23:
         95:bb:4f:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKztciCRE2W04PiRfMm6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NTE4ZDE4MDkyM2E3ZjNjMDA2NTNlYzEyYmM3MDJiOTVh
YWI5MDcwHhcNMjQwMTAxMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDNiZjQyOTExODI4NzMyZmQ4MmZjMjkxODZiZWRmZTE4ZGFmZWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNPFRz10+K3QmcAk3+HyxyQHu25s
O9F5+heR1NdtVS1DQNuhAAPiYBAKwlz9rNJoAiWOlKTUJMSoxPDy3WHJlgRzvyTP
JTGqSAnHNGa3DS5V5K9iE6j/87v5mONSYvJFMRkAwMUK+ViA+smU32iCFvyqGM+V
ioubI/89hhSfhzoJYwXVpHyYwKUjL0CvNSQJ4VrJhF9U8fOUfc6VPKqWxZZsrdCd
zGBtKdRC1afVL1EqLB1dcYqoDuFyerysR7V2YrWkC3wCc8F+x1PdSPducYL6YvXB
6RdyhjfqwO7QK8eP7pM/9MOrUynWmME3JpEeyk/VhjerfOdW0VkG3KX7BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK079CkRgocy/YL8KRhr7f4Y2v7zMB8GA1UdIwQY
MBaAFDdRjRgJI6fzwAZT7BK8cCuVqrkHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgt
NTk2NzE5MjBmYjYwLzEvclR2MEtSR0Noekw5Z3Z3cEdHdnRfaGphX3ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgtNTk2NzE5MjBmYjYw
LzEvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwf80MA0G
CSqGSIb3DQEBCwUAA4IBAQAMAezUnuxOQQ7bWM0yNQxq8/XbHfe4SPWh6zhJp5U7
W0bg1zobSXONIo5DP3PZqRtq0HRPA5jpTIpar4AroTxnqURphbxtFCIVWMx+e6U5
g3GYhbjuqGq/N1AjYB4I7sElut+u7F8nJZDf34GoPBJzpgmFMy/vdVDvWPcZmpqB
Zo+VY/F7TWaj+IloGKD/IVzxT7NfYDTcWp8muRc13ZwtuYJMqg7yelYOMDodxSzB
NT/Z89ylqXUcliz9ThZEFYKCjqvVCNmGUpJ5Vv0w+GlKmuLggGHCARXh+uLquhcJ
UX7Sjsl2LTZFvTON65iG9XpeeBRe+TukWTDssSOVu08P
-----END CERTIFICATE-----