Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/d07e9e-132a-48e2-9538-902aec440464/1/nqafh2irWEtbOE7zbpPQ4a_LMEo.roa
File:                     nqafh2irWEtbOE7zbpPQ4a_LMEo.roa (raw, json)
Hash identifier:          rzIAC4/TdaH5kivSLpJf/HzONWmP58oW0Zce6yUnTrc=
Subject key identifier:   9E:A6:9F:87:68:AB:58:4B:5B:38:4E:F3:6E:93:D0:E1:AF:CB:30:4A
Certificate issuer:       /CN=bcaf8ba59f7a3c5d00fe0ad4564d80524df7fa90
Certificate serial:       018EC7E27B0D82C5514681543190B99CEB05
Authority key identifier: BC:AF:8B:A5:9F:7A:3C:5D:00:FE:0A:D4:56:4D:80:52:4D:F7:FA:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vK-LpZ96PF0A_grUVk2AUk33-pA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/d07e9e-132a-48e2-9538-902aec440464/1/nqafh2irWEtbOE7zbpPQ4a_LMEo.roa
Signing time:             Wed 10 Apr 2024 12:01:32 +0000
ROA not before:           Wed 10 Apr 2024 12:01:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31673
IP address blocks:        185.52.212.0/22 maxlen: 24
                          2a01:baa0::/32 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/d07e9e-132a-48e2-9538-902aec440464/1/vK-LpZ96PF0A_grUVk2AUk33-pA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/d07e9e-132a-48e2-9538-902aec440464/1/vK-LpZ96PF0A_grUVk2AUk33-pA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vK-LpZ96PF0A_grUVk2AUk33-pA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c7:e2:7b:0d:82:c5:51:46:81:54:31:90:b9:9c:eb:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcaf8ba59f7a3c5d00fe0ad4564d80524df7fa90
        Validity
            Not Before: Apr 10 12:01:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ea69f8768ab584b5b384ef36e93d0e1afcb304a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:88:42:9e:fe:d6:5b:ed:07:b8:3b:e0:b2:e4:
                    92:8e:bc:60:25:cf:10:ac:30:4e:ad:72:e7:52:0c:
                    d4:f0:c8:13:09:00:35:e3:e7:00:f9:3f:c8:de:0d:
                    df:db:3f:cf:74:19:7d:7c:a3:bf:1c:db:b9:bc:60:
                    9f:38:27:8f:3a:c1:44:7e:fe:c8:a7:44:5f:b2:f0:
                    ae:f0:80:ec:10:55:01:7f:e0:cc:ba:bd:cb:33:7b:
                    3c:31:2f:52:4a:1b:74:4e:e9:8e:eb:76:b8:78:7c:
                    5f:2c:02:0d:ed:75:37:96:82:c5:49:1d:82:ae:9a:
                    03:58:e0:97:9e:19:e8:9a:b1:0c:5c:11:d1:9f:0a:
                    3a:9b:e4:4d:92:3a:3e:33:56:e7:50:cb:bf:6a:db:
                    b0:f5:9a:6f:12:67:ed:e2:5a:14:b2:96:5a:85:93:
                    8a:00:25:3f:dd:d7:f0:6c:51:6b:4a:46:6e:a6:dc:
                    51:41:ee:e2:03:93:95:90:17:04:31:ae:ef:6d:a9:
                    f1:4b:af:62:8f:52:a1:a2:57:36:ad:71:54:c4:88:
                    71:48:2d:54:db:42:90:57:bb:26:85:9e:48:ba:f8:
                    94:e8:af:b2:8d:f6:8b:90:6b:b8:ea:b0:aa:fb:ac:
                    ce:2d:81:ff:7f:f0:97:46:1f:eb:85:f7:cc:00:7b:
                    b7:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:A6:9F:87:68:AB:58:4B:5B:38:4E:F3:6E:93:D0:E1:AF:CB:30:4A
            X509v3 Authority Key Identifier:
                keyid:BC:AF:8B:A5:9F:7A:3C:5D:00:FE:0A:D4:56:4D:80:52:4D:F7:FA:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vK-LpZ96PF0A_grUVk2AUk33-pA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d07e9e-132a-48e2-9538-902aec440464/1/nqafh2irWEtbOE7zbpPQ4a_LMEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d07e9e-132a-48e2-9538-902aec440464/1/vK-LpZ96PF0A_grUVk2AUk33-pA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.52.212.0/22
                IPv6:
                  2a01:baa0::/32

    Signature Algorithm: sha256WithRSAEncryption
         38:9f:f6:98:d9:ca:fe:ec:7b:90:5f:bd:50:65:06:c9:4b:80:
         f2:44:24:7c:e9:3f:b0:4d:67:98:03:83:61:80:60:65:3f:91:
         e2:ca:17:02:77:23:fa:6f:8b:a9:d1:23:72:af:f9:91:60:ab:
         06:1e:a5:e0:5f:d5:e1:77:84:5e:9f:0a:d7:e4:7a:79:82:19:
         39:69:75:84:ed:49:52:f4:ae:95:93:55:11:c8:05:e7:ac:b4:
         91:8e:7f:bf:4c:ed:ef:ab:1c:fb:b3:eb:c2:92:2c:67:16:bb:
         54:ce:5d:0e:fa:11:1b:0f:37:ed:a5:ff:39:43:ec:48:cd:c9:
         01:9a:d9:9d:f7:21:02:e9:4f:44:c0:a9:77:1d:11:17:ea:c0:
         01:b6:9e:b5:e5:82:48:45:b6:18:27:b6:b4:ce:0f:69:6f:05:
         9c:f0:3d:91:52:c5:d6:28:8a:9c:70:8c:3e:fc:62:30:48:ec:
         f5:d3:f3:1b:e0:f6:20:07:d5:20:e1:d3:ec:4d:56:46:53:6c:
         87:df:d6:12:64:dc:5f:65:d2:8b:ed:d6:90:48:30:69:3e:c4:
         1f:5f:87:2b:a1:06:8f:80:82:aa:d2:86:17:5c:eb:b2:d6:26:
         c2:8f:eb:a4:4b:f9:d6:32:e7:15:1a:a3:6c:c7:fa:b1:28:6e:
         50:a3:3d:da
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY7H4nsNgsVRRoFUMZC5nOsFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjYWY4YmE1OWY3YTNjNWQwMGZlMGFkNDU2NGQ4MDUyNGRm
N2ZhOTAwHhcNMjQwNDEwMTIwMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWE2OWY4NzY4YWI1ODRiNWIzODRlZjM2ZTkzZDBlMWFmY2IzMDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqohCnv7WW+0HuDvgsuSSjrxgJc8Q
rDBOrXLnUgzU8MgTCQA14+cA+T/I3g3f2z/PdBl9fKO/HNu5vGCfOCePOsFEfv7I
p0RfsvCu8IDsEFUBf+DMur3LM3s8MS9SSht0TumO63a4eHxfLAIN7XU3loLFSR2C
rpoDWOCXnhnomrEMXBHRnwo6m+RNkjo+M1bnUMu/atuw9ZpvEmft4loUspZahZOK
ACU/3dfwbFFrSkZuptxRQe7iA5OVkBcEMa7vbanxS69ij1Kholc2rXFUxIhxSC1U
20KQV7smhZ5IuviU6K+yjfaLkGu46rCq+6zOLYH/f/CXRh/rhffMAHu31wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ6mn4doq1hLWzhO826T0OGvyzBKMB8GA1UdIwQY
MBaAFLyvi6WfejxdAP4K1FZNgFJN9/qQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkstTHBaOTZQRjBBX2dyVVZrMkFVazMzLXBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kMDdlOWUtMTMyYS00OGUyLTk1Mzgt
OTAyYWVjNDQwNDY0LzEvbnFhZmgyaXJXRXRiT0U3emJwUFE0YV9MTUVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kMDdlOWUtMTMyYS00OGUyLTk1MzgtOTAyYWVjNDQwNDY0
LzEvdkstTHBaOTZQRjBBX2dyVVZrMkFVazMzLXBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTTUMA0E
AgACMAcDBQAqAbqgMA0GCSqGSIb3DQEBCwUAA4IBAQA4n/aY2cr+7HuQX71QZQbJ
S4DyRCR86T+wTWeYA4NhgGBlP5HiyhcCdyP6b4up0SNyr/mRYKsGHqXgX9Xhd4Re
nwrX5Hp5ghk5aXWE7UlS9K6Vk1URyAXnrLSRjn+/TO3vqxz7s+vCkixnFrtUzl0O
+hEbDzftpf85Q+xIzckBmtmd9yEC6U9EwKl3HREX6sABtp615YJIRbYYJ7a0zg9p
bwWc8D2RUsXWKIqccIw+/GIwSOz10/Mb4PYgB9Ug4dPsTVZGU2yH39YSZNxfZdKL
7daQSDBpPsQfX4croQaPgIKq0oYXXOuy1ibCj+ukS/nWMucVGqNsx/qxKG5Qoz3a
-----END CERTIFICATE-----