Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/3soqAOyD4tkoYZ9b3ULzUTC8Fjw.roa
File:                     3soqAOyD4tkoYZ9b3ULzUTC8Fjw.roa (raw, json)
Hash identifier:          QTEAFJBQ/edsTWa18AAlwRx6LUpziZhCg4uxr7hjrZQ=
Subject key identifier:   DE:CA:2A:00:EC:83:E2:D9:28:61:9F:5B:DD:42:F3:51:30:BC:16:3C
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       018CC72767FB9E54FA30B867C6CE8006D47C
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/3soqAOyD4tkoYZ9b3ULzUTC8Fjw.roa
Signing time:             Mon 01 Jan 2024 22:31:37 +0000
ROA not before:           Mon 01 Jan 2024 22:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197848
IP address blocks:        78.133.240.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:67:fb:9e:54:fa:30:b8:67:c6:ce:80:06:d4:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 22:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=deca2a00ec83e2d928619f5bdd42f35130bc163c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:ee:4b:88:3a:a2:c9:52:59:23:a4:0f:e8:38:
                    1d:69:62:53:fa:d7:e7:34:c3:02:4e:09:3e:8c:c2:
                    ec:1f:9b:4a:e7:cf:0a:9e:c0:ae:3b:ff:df:4b:0c:
                    17:07:f8:c5:fe:46:88:65:59:81:f5:37:a5:e8:61:
                    9d:35:6d:f8:20:61:fe:18:fb:bf:d2:1c:1b:f6:73:
                    40:b0:4c:0e:a7:aa:c0:27:73:fb:bf:98:79:cb:eb:
                    13:1d:75:f3:7a:97:16:b0:60:4b:6b:8a:7f:72:e2:
                    89:b2:86:39:30:80:99:70:72:b8:34:2e:30:d1:34:
                    1d:74:70:67:16:71:ba:71:5e:e5:c9:bc:64:69:9d:
                    79:de:0b:67:c6:86:a1:ff:a1:04:c8:d3:31:42:da:
                    c0:f4:07:f0:40:07:65:ac:df:e5:49:23:c2:d3:ee:
                    e6:b1:96:69:82:5c:40:31:d7:31:a0:03:8c:71:2f:
                    56:53:64:4e:1e:01:5f:9d:0b:ac:ec:b9:df:ce:82:
                    46:ae:37:7f:d0:a3:51:1b:04:34:4d:27:f3:38:38:
                    2d:c8:75:69:c0:45:c6:4b:90:a3:da:ab:40:55:fa:
                    5c:16:92:30:e9:2a:85:4c:d7:a2:28:67:fe:f2:76:
                    56:34:bd:3b:b5:35:23:05:46:82:47:2e:50:07:15:
                    3e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:CA:2A:00:EC:83:E2:D9:28:61:9F:5B:DD:42:F3:51:30:BC:16:3C
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/3soqAOyD4tkoYZ9b3ULzUTC8Fjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.133.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:91:c9:28:a5:d9:5e:a8:42:57:e3:a5:44:1a:42:4c:3e:79:
         56:5f:7d:bd:ed:75:9e:74:42:df:6c:3e:2b:e2:5e:c4:3f:83:
         02:82:12:d0:4e:db:e9:4f:5e:e9:38:ff:92:9b:1b:62:64:f6:
         5c:61:d9:91:6f:23:3c:d8:c3:26:20:2b:e1:b1:c0:fe:a1:b7:
         2f:9f:de:9b:1a:20:ae:df:55:93:40:39:21:7b:4e:f2:f1:78:
         eb:79:2c:b2:9b:ed:e4:95:02:4d:73:b0:42:47:6b:ba:8f:6c:
         86:e7:cc:ce:e2:f6:12:ab:21:c5:9f:43:b3:fa:dc:23:93:34:
         27:e4:9b:37:86:8f:25:89:8f:bb:aa:ff:ad:a0:6d:c4:f9:e7:
         18:3d:2b:bf:14:76:80:fc:51:95:8b:e7:75:19:fa:c8:22:59:
         80:6c:b5:61:ba:e3:42:13:1b:ea:7c:cc:2f:94:17:3e:a8:9b:
         58:6a:24:ac:7e:60:8d:53:d5:ca:70:33:db:2b:2d:ef:c7:17:
         1c:75:1a:78:72:63:d1:95:38:b9:00:4d:1d:1b:cd:2c:7e:5c:
         b6:c7:66:f9:5e:aa:3a:82:87:79:37:1a:6c:d3:5a:d1:bc:aa:
         37:6a:e6:c4:2e:23:ea:b0:40:d6:11:c1:73:2c:4f:23:ee:da:
         6a:47:ff:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2f7nlT6MLhnxs6ABtR8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjQwMTAxMjIzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWNhMmEwMGVjODNlMmQ5Mjg2MTlmNWJkZDQyZjM1MTMwYmMxNjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6e5LiDqiyVJZI6QP6DgdaWJT+tfn
NMMCTgk+jMLsH5tK588KnsCuO//fSwwXB/jF/kaIZVmB9Tel6GGdNW34IGH+GPu/
0hwb9nNAsEwOp6rAJ3P7v5h5y+sTHXXzepcWsGBLa4p/cuKJsoY5MICZcHK4NC4w
0TQddHBnFnG6cV7lybxkaZ153gtnxoah/6EEyNMxQtrA9AfwQAdlrN/lSSPC0+7m
sZZpglxAMdcxoAOMcS9WU2ROHgFfnQus7LnfzoJGrjd/0KNRGwQ0TSfzODgtyHVp
wEXGS5Cj2qtAVfpcFpIw6SqFTNeiKGf+8nZWNL07tTUjBUaCRy5QBxU+lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN7KKgDsg+LZKGGfW91C81EwvBY8MB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvM3NvcUFPeUQ0dGtvWVo5YjNVTHpVVEM4Rmp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCToXwMA0G
CSqGSIb3DQEBCwUAA4IBAQAfkckopdleqEJX46VEGkJMPnlWX3297XWedELfbD4r
4l7EP4MCghLQTtvpT17pOP+SmxtiZPZcYdmRbyM82MMmICvhscD+obcvn96bGiCu
31WTQDkhe07y8XjreSyym+3klQJNc7BCR2u6j2yG58zO4vYSqyHFn0Oz+twjkzQn
5Js3ho8liY+7qv+toG3E+ecYPSu/FHaA/FGVi+d1GfrIIlmAbLVhuuNCExvqfMwv
lBc+qJtYaiSsfmCNU9XKcDPbKy3vxxccdRp4cmPRlTi5AE0dG80sfly2x2b5Xqo6
god5Nxps01rRvKo3aubELiPqsEDWEcFzLE8j7tpqR/8V
-----END CERTIFICATE-----