Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/bYEa7pr_6HDYYGV6uvjs3zQpLFs.roa
File:                     bYEa7pr_6HDYYGV6uvjs3zQpLFs.roa (raw, json)
Hash identifier:          4VUHDVLDdojeRXKPnEQOpQ49iDR3JDE+youNKElicEc=
Subject key identifier:   6D:81:1A:EE:9A:FF:E8:70:D8:60:65:7A:BA:F8:EC:DF:34:29:2C:5B
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       018CC3B6B29457309DD1CD0B1057C63D7F6F
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/bYEa7pr_6HDYYGV6uvjs3zQpLFs.roa
Signing time:             Mon 01 Jan 2024 06:29:39 +0000
ROA not before:           Mon 01 Jan 2024 06:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62003
IP address blocks:        185.52.4.0/22 maxlen: 24
                          2a04:9a00:1010::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b2:94:57:30:9d:d1:cd:0b:10:57:c6:3d:7f:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Jan  1 06:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d811aee9affe870d860657abaf8ecdf34292c5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:be:b8:08:63:e5:f9:b3:d8:ec:32:e7:28:b0:
                    fc:84:55:a6:50:30:08:12:3b:a2:0e:f7:45:80:78:
                    b6:5d:a6:48:83:44:98:a6:a7:a1:c2:b0:94:2c:24:
                    51:2e:26:85:7e:fc:a4:ab:9b:86:58:99:8e:30:5e:
                    47:ac:ee:40:88:6f:db:35:a8:37:c4:e1:85:2e:a3:
                    cc:49:70:bc:36:65:f8:23:b0:d2:4b:c3:10:b0:21:
                    33:0b:88:a3:3c:19:01:09:85:f9:f7:6a:09:b4:e7:
                    52:34:0d:0e:a3:f6:89:ff:1b:e8:ec:9f:e3:56:7c:
                    aa:99:20:5e:a0:6c:58:f0:66:a4:95:48:68:1d:99:
                    4c:7b:78:ec:47:66:29:f7:85:11:1b:7e:3c:03:f3:
                    7b:e4:9e:17:33:32:ac:3f:4a:79:9f:46:28:6b:d9:
                    b5:9a:87:9a:a0:dd:ce:03:46:95:4f:d0:fc:fa:3f:
                    6e:90:d7:93:18:5d:cf:c2:75:5e:5b:42:38:2d:cf:
                    52:62:d8:09:42:5e:ca:62:fb:5e:be:a2:1c:26:75:
                    8b:b8:01:08:81:94:8a:da:c9:af:c8:92:f3:b2:b6:
                    8f:94:f7:54:ff:46:f2:15:c1:28:54:15:51:b5:80:
                    a7:93:fc:c7:b0:3f:34:70:fe:9d:cd:e0:b4:fe:79:
                    79:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:81:1A:EE:9A:FF:E8:70:D8:60:65:7A:BA:F8:EC:DF:34:29:2C:5B
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/bYEa7pr_6HDYYGV6uvjs3zQpLFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.52.4.0/22
                IPv6:
                  2a04:9a00:1010::/44

    Signature Algorithm: sha256WithRSAEncryption
         57:8d:04:68:31:39:1c:e7:05:9f:94:c1:b5:d0:c4:ca:b7:5a:
         8c:d5:47:50:e9:94:8b:c1:3d:c1:21:aa:ae:62:5e:d7:0a:94:
         d9:91:27:dd:70:d1:6a:04:66:a0:1f:80:78:62:4a:5e:38:d2:
         d4:b3:2a:78:8e:22:2c:06:66:e9:df:43:41:45:4e:8e:be:9c:
         fd:50:71:e1:c3:5b:3c:d1:78:16:b6:12:e6:ee:f6:ff:09:4d:
         16:b0:0a:eb:39:2d:92:31:95:5b:cc:89:a2:7d:65:ec:a0:49:
         38:68:5a:ec:00:f8:9f:fb:4f:f2:1f:04:4f:e1:14:35:70:1e:
         bb:f3:49:8f:1b:29:60:84:d7:0b:a0:b3:cc:5d:13:e0:81:c1:
         63:07:c2:5c:02:19:2b:69:e7:2c:3a:99:46:88:ff:c0:a6:69:
         59:91:32:cd:3f:9a:5d:1d:66:23:25:80:f1:ef:f8:9f:67:e3:
         d6:a8:03:3f:c6:4a:11:ea:a0:d7:22:2c:74:d9:39:18:22:25:
         59:6f:62:ac:37:0d:f0:75:89:b4:21:2d:70:4b:a1:5e:32:b5:
         0f:e6:33:a9:b3:0f:9e:0c:30:68:4d:7f:af:12:c6:3f:33:0c:
         27:b6:3d:14:7e:61:f5:75:a2:da:c1:9e:db:9e:d7:e4:a7:3d:
         e7:86:cb:fe
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDtrKUVzCd0c0LEFfGPX9vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjQwMTAxMDYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDgxMWFlZTlhZmZlODcwZDg2MDY1N2FiYWY4ZWNkZjM0MjkyYzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh764CGPl+bPY7DLnKLD8hFWmUDAI
EjuiDvdFgHi2XaZIg0SYpqehwrCULCRRLiaFfvykq5uGWJmOMF5HrO5AiG/bNag3
xOGFLqPMSXC8NmX4I7DSS8MQsCEzC4ijPBkBCYX592oJtOdSNA0Oo/aJ/xvo7J/j
VnyqmSBeoGxY8GaklUhoHZlMe3jsR2Yp94URG348A/N75J4XMzKsP0p5n0Yoa9m1
moeaoN3OA0aVT9D8+j9ukNeTGF3PwnVeW0I4Lc9SYtgJQl7KYvtevqIcJnWLuAEI
gZSK2smvyJLzsraPlPdU/0byFcEoVBVRtYCnk/zHsD80cP6dzeC0/nl59wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFG2BGu6a/+hw2GBlerr47N80KSxbMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvYllFYTdwcl82SERZWUdWNnV2anMzelFwTEZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCuTQEMA8E
AgACMAkDBwQqBJoAEBAwDQYJKoZIhvcNAQELBQADggEBAFeNBGgxORznBZ+UwbXQ
xMq3WozVR1DplIvBPcEhqq5iXtcKlNmRJ91w0WoEZqAfgHhiSl440tSzKniOIiwG
ZunfQ0FFTo6+nP1QceHDWzzReBa2Eubu9v8JTRawCus5LZIxlVvMiaJ9ZeygSTho
WuwA+J/7T/IfBE/hFDVwHrvzSY8bKWCE1wugs8xdE+CBwWMHwlwCGStp5yw6mUaI
/8CmaVmRMs0/ml0dZiMlgPHv+J9n49aoAz/GShHqoNciLHTZORgiJVlvYqw3DfB1
ibQhLXBLoV4ytQ/mM6mzD54MMGhNf68Sxj8zDCe2PRR+YfV1otrBntue1+SnPeeG
y/4=
-----END CERTIFICATE-----