Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/debc29-5b2b-4bab-b4f7-e1c9198cdd88/1/He3V68PH7t-tTPQdtIpqpxGH-vw.roa
File:                     He3V68PH7t-tTPQdtIpqpxGH-vw.roa (raw, json)
Hash identifier:          13FCTTf2J9n+3MyQ6mEHsPXz4GhXo0c3nMYhy90HQrs=
Subject key identifier:   1D:ED:D5:EB:C3:C7:EE:DF:AD:4C:F4:1D:B4:8A:6A:A7:11:87:FA:FC
Certificate issuer:       /CN=fde72d43f4c82b1146737b116197231830bf65d6
Certificate serial:       018CC94D6E28447341DE84A6CBEC209F7EB3
Authority key identifier: FD:E7:2D:43:F4:C8:2B:11:46:73:7B:11:61:97:23:18:30:BF:65:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_ectQ_TIKxFGc3sRYZcjGDC_ZdY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/debc29-5b2b-4bab-b4f7-e1c9198cdd88/1/He3V68PH7t-tTPQdtIpqpxGH-vw.roa
Signing time:             Tue 02 Jan 2024 08:32:24 +0000
ROA not before:           Tue 02 Jan 2024 08:32:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209770
IP address blocks:        213.232.72.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/debc29-5b2b-4bab-b4f7-e1c9198cdd88/1/_ectQ_TIKxFGc3sRYZcjGDC_ZdY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/debc29-5b2b-4bab-b4f7-e1c9198cdd88/1/_ectQ_TIKxFGc3sRYZcjGDC_ZdY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_ectQ_TIKxFGc3sRYZcjGDC_ZdY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:6e:28:44:73:41:de:84:a6:cb:ec:20:9f:7e:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fde72d43f4c82b1146737b116197231830bf65d6
        Validity
            Not Before: Jan  2 08:32:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1dedd5ebc3c7eedfad4cf41db48a6aa71187fafc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:70:b8:be:da:ae:2a:15:5d:80:5e:6f:50:27:
                    d8:af:72:b2:00:b4:72:51:c1:c3:e9:52:62:2c:3e:
                    2a:0a:5c:91:1b:42:48:9e:ba:78:25:b5:97:42:bc:
                    9e:59:17:41:b0:9c:2d:2a:2f:92:b6:b1:5f:91:33:
                    54:cb:f8:45:00:71:e3:df:5b:6d:90:d7:9c:7e:1f:
                    d2:76:f6:f2:8e:40:31:32:39:9b:f9:45:5b:1f:5b:
                    3c:c8:17:59:b3:13:ce:33:6f:6b:2f:22:10:50:2b:
                    70:52:64:c9:78:58:1c:4d:0d:80:8d:82:37:d3:bd:
                    8e:54:17:66:7a:0f:cb:72:22:2a:1b:da:bd:bf:65:
                    6b:e4:73:04:48:da:01:ff:b2:c8:5a:7b:a2:79:bb:
                    b0:47:85:3e:b6:22:ca:05:a4:dc:c5:b5:f4:28:73:
                    2a:e6:61:c4:3f:dc:d8:21:c6:d9:68:04:b5:51:a8:
                    f4:fd:00:81:29:c7:fc:15:86:d1:53:92:7c:bf:5f:
                    63:55:cd:e8:d8:9a:f2:57:a8:9a:51:a4:19:90:43:
                    21:c8:17:92:69:84:60:c0:5f:e0:a3:89:d3:75:cc:
                    70:bc:40:fd:eb:c8:5f:94:01:82:21:a6:30:b3:4a:
                    29:3d:bf:dc:d3:d7:15:76:ab:9e:b7:aa:2b:48:14:
                    f5:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:ED:D5:EB:C3:C7:EE:DF:AD:4C:F4:1D:B4:8A:6A:A7:11:87:FA:FC
            X509v3 Authority Key Identifier:
                keyid:FD:E7:2D:43:F4:C8:2B:11:46:73:7B:11:61:97:23:18:30:BF:65:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_ectQ_TIKxFGc3sRYZcjGDC_ZdY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/debc29-5b2b-4bab-b4f7-e1c9198cdd88/1/He3V68PH7t-tTPQdtIpqpxGH-vw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/debc29-5b2b-4bab-b4f7-e1c9198cdd88/1/_ectQ_TIKxFGc3sRYZcjGDC_ZdY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.232.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:3f:1b:97:af:13:85:45:e1:dc:b2:37:82:ef:70:6f:2c:3c:
         f8:cb:91:d6:ac:b2:1c:f2:35:cd:ef:9a:cc:ce:76:47:81:09:
         07:7f:c8:68:c8:a5:15:83:44:94:d1:08:a8:bc:46:fb:5e:29:
         18:de:15:d2:a3:35:a5:e5:11:a3:2e:d4:40:cf:3c:73:6b:6c:
         8f:5a:b5:60:bd:84:fd:32:71:34:4e:49:15:de:d3:20:8d:e5:
         d2:80:38:e8:ce:1b:88:d7:f7:de:88:52:2f:81:0c:86:81:32:
         b7:1e:f0:35:7c:8f:d4:91:a9:4c:9b:af:8d:df:14:95:1b:43:
         e0:28:3e:be:61:ac:f7:b1:5e:3d:84:6a:d3:2c:64:57:6b:c9:
         5e:15:5e:d6:31:8f:32:d6:e4:79:2a:60:30:1f:04:3a:59:da:
         0e:9e:f3:cd:e8:55:91:31:34:7d:6c:c3:99:a5:53:27:6a:a5:
         83:2b:cf:3d:6e:e2:19:56:aa:14:ef:97:04:53:4e:67:b5:9d:
         4d:a8:ff:85:3b:db:80:d0:62:5a:d3:18:27:89:80:b3:00:1d:
         91:cc:77:21:66:db:8d:33:04:31:2b:0c:94:0c:61:2f:dc:fe:
         17:5e:2c:8f:91:94:4e:f1:ca:20:03:f7:d2:d7:9b:7f:6a:9b:
         07:78:f7:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTW4oRHNB3oSmy+wgn36zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZTcyZDQzZjRjODJiMTE0NjczN2IxMTYxOTcyMzE4MzBi
ZjY1ZDYwHhcNMjQwMTAyMDgzMjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGVkZDVlYmMzYzdlZWRmYWQ0Y2Y0MWRiNDhhNmFhNzExODdmYWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3C4vtquKhVdgF5vUCfYr3KyALRy
UcHD6VJiLD4qClyRG0JInrp4JbWXQryeWRdBsJwtKi+StrFfkTNUy/hFAHHj31tt
kNecfh/SdvbyjkAxMjmb+UVbH1s8yBdZsxPOM29rLyIQUCtwUmTJeFgcTQ2AjYI3
072OVBdmeg/LciIqG9q9v2Vr5HMESNoB/7LIWnuiebuwR4U+tiLKBaTcxbX0KHMq
5mHEP9zYIcbZaAS1Uaj0/QCBKcf8FYbRU5J8v19jVc3o2JryV6iaUaQZkEMhyBeS
aYRgwF/go4nTdcxwvED968hflAGCIaYws0opPb/c09cVdquet6orSBT1aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3t1evDx+7frUz0HbSKaqcRh/r8MB8GA1UdIwQY
MBaAFP3nLUP0yCsRRnN7EWGXIxgwv2XWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2VjdFFfVElLeEZHYzNzUllaY2pHRENfWmRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9kZWJjMjktNWIyYi00YmFiLWI0Zjct
ZTFjOTE5OGNkZDg4LzEvSGUzVjY4UEg3dC10VFBRZHRJcHFweEdILXZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9kZWJjMjktNWIyYi00YmFiLWI0ZjctZTFjOTE5OGNkZDg4
LzEvX2VjdFFfVElLeEZHYzNzUllaY2pHRENfWmRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1ehIMA0G
CSqGSIb3DQEBCwUAA4IBAQCTPxuXrxOFReHcsjeC73BvLDz4y5HWrLIc8jXN75rM
znZHgQkHf8hoyKUVg0SU0QiovEb7XikY3hXSozWl5RGjLtRAzzxza2yPWrVgvYT9
MnE0TkkV3tMgjeXSgDjozhuI1/feiFIvgQyGgTK3HvA1fI/UkalMm6+N3xSVG0Pg
KD6+Yaz3sV49hGrTLGRXa8leFV7WMY8y1uR5KmAwHwQ6WdoOnvPN6FWRMTR9bMOZ
pVMnaqWDK889buIZVqoU75cEU05ntZ1NqP+FO9uA0GJa0xgniYCzAB2RzHchZtuN
MwQxKwyUDGEv3P4XXiyPkZRO8cogA/fS15t/apsHePeo
-----END CERTIFICATE-----