Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/MpgPGG6XsdUbyfDKFdh1dixp-_c.roa
File:                     MpgPGG6XsdUbyfDKFdh1dixp-_c.roa (raw, json)
Hash identifier:          KUW3+pgFGHY4GVjIjVzSCDTxa8ph8EW1aIvD00MeJQ8=
Subject key identifier:   32:98:0F:18:6E:97:B1:D5:1B:C9:F0:CA:15:D8:75:76:2C:69:FB:F7
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       018CC3B6B13C0792A44AE4161FE70377717C
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/MpgPGG6XsdUbyfDKFdh1dixp-_c.roa
Signing time:             Mon 01 Jan 2024 06:29:39 +0000
ROA not before:           Mon 01 Jan 2024 06:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47886
IP address blocks:        185.52.4.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b1:3c:07:92:a4:4a:e4:16:1f:e7:03:77:71:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Jan  1 06:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32980f186e97b1d51bc9f0ca15d875762c69fbf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b1:fd:df:26:38:d9:12:98:43:ed:b2:58:24:
                    f9:ec:f5:de:2d:03:0c:e9:69:21:1a:b0:7b:be:dc:
                    f3:ff:5e:4e:ef:64:0a:dd:6e:48:48:fb:41:79:d3:
                    3d:4f:f9:d4:aa:7a:c4:98:b7:a0:14:12:0b:1e:7f:
                    69:5d:6c:2f:59:83:6d:30:3e:bc:3e:4f:e7:36:06:
                    ab:65:75:2e:92:5a:08:f7:7b:c6:e7:a6:98:f6:71:
                    e2:d7:34:de:20:26:e7:7f:2d:19:bf:73:e5:ea:c7:
                    a8:e2:66:5b:a9:9a:4f:37:b1:5f:85:19:3b:9f:c4:
                    8e:78:db:db:67:05:ac:19:a4:b0:54:fb:93:6d:6c:
                    52:c4:bd:9b:29:5f:68:8b:1e:25:cb:82:e9:48:cb:
                    03:cc:84:5e:35:b7:cc:89:0c:03:5b:44:07:84:7d:
                    0a:52:aa:b6:81:0b:84:ba:a0:04:2d:28:d0:17:73:
                    45:a0:9a:0a:4e:98:77:72:ad:a6:62:9e:9b:17:61:
                    14:6e:4d:62:d2:00:12:b2:16:35:00:da:2f:ce:05:
                    78:45:17:06:ae:f9:5a:63:a4:e9:2d:fc:bd:16:c2:
                    56:0d:3f:a0:59:fe:84:b4:ba:1e:a0:02:15:77:8a:
                    10:c6:90:a6:ab:3f:2b:9e:05:27:1f:60:52:75:54:
                    bc:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:98:0F:18:6E:97:B1:D5:1B:C9:F0:CA:15:D8:75:76:2C:69:FB:F7
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/MpgPGG6XsdUbyfDKFdh1dixp-_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.52.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cb:ee:e2:20:fb:5c:69:b9:ab:b6:f9:62:9d:4c:f5:a9:a9:89:
         a5:66:fc:04:95:15:c9:f0:48:e2:bd:c5:63:0d:ef:3f:a3:57:
         b2:71:bf:8f:be:49:1f:db:81:75:2b:3b:4a:ef:ac:89:2c:7c:
         6d:d0:b4:b4:ef:db:36:8f:34:a7:a0:69:ae:36:2b:1a:9d:43:
         b5:d2:94:fc:7f:ab:82:03:b2:84:d9:34:27:70:09:e1:eb:a0:
         c8:24:8a:a3:47:d7:1c:a8:bc:35:6f:3d:d7:9a:d3:13:df:ee:
         c5:ac:55:c9:1b:7d:16:8a:3f:be:28:44:46:60:3a:c4:95:5e:
         85:21:14:f1:f5:1f:fb:85:23:94:2a:ba:84:48:81:67:5f:aa:
         63:f4:74:02:6e:9b:5b:f9:f5:b7:57:2b:ac:fd:f5:7d:ae:ed:
         e3:a6:ad:82:92:c0:dd:e2:8d:01:25:0a:86:8d:26:e3:c8:72:
         38:d3:22:6b:0c:5d:d5:30:12:c4:c0:13:c6:e1:fc:1f:2c:da:
         0f:b3:f5:8d:c9:00:88:e4:8b:aa:62:27:66:6d:3c:23:6e:ee:
         d6:eb:cc:65:f4:8c:f8:9a:f9:88:17:ee:10:fb:c3:a5:c7:2b:
         46:2f:ab:64:7c:c8:25:06:de:1c:e4:bc:22:e0:cd:d0:61:b0:
         c0:b4:b4:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtrE8B5KkSuQWH+cDd3F8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjQwMTAxMDYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjk4MGYxODZlOTdiMWQ1MWJjOWYwY2ExNWQ4NzU3NjJjNjlmYmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7H93yY42RKYQ+2yWCT57PXeLQMM
6WkhGrB7vtzz/15O72QK3W5ISPtBedM9T/nUqnrEmLegFBILHn9pXWwvWYNtMD68
Pk/nNgarZXUukloI93vG56aY9nHi1zTeICbnfy0Zv3Pl6seo4mZbqZpPN7FfhRk7
n8SOeNvbZwWsGaSwVPuTbWxSxL2bKV9oix4ly4LpSMsDzIReNbfMiQwDW0QHhH0K
Uqq2gQuEuqAELSjQF3NFoJoKTph3cq2mYp6bF2EUbk1i0gASshY1ANovzgV4RRcG
rvlaY6TpLfy9FsJWDT+gWf6EtLoeoAIVd4oQxpCmqz8rngUnH2BSdVS8gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDKYDxhul7HVG8nwyhXYdXYsafv3MB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvTXBnUEdHNlhzZFVieWZES0ZkaDFkaXhwLV9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTQEMA0G
CSqGSIb3DQEBCwUAA4IBAQDL7uIg+1xpuau2+WKdTPWpqYmlZvwElRXJ8EjivcVj
De8/o1eycb+Pvkkf24F1KztK76yJLHxt0LS079s2jzSnoGmuNisanUO10pT8f6uC
A7KE2TQncAnh66DIJIqjR9ccqLw1bz3XmtMT3+7FrFXJG30Wij++KERGYDrElV6F
IRTx9R/7hSOUKrqESIFnX6pj9HQCbptb+fW3Vyus/fV9ru3jpq2CksDd4o0BJQqG
jSbjyHI40yJrDF3VMBLEwBPG4fwfLNoPs/WNyQCI5IuqYidmbTwjbu7W68xl9Iz4
mvmIF+4Q+8OlxytGL6tkfMglBt4c5Lwi4M3QYbDAtLT/
-----END CERTIFICATE-----