Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/d30eef-495e-43bd-919c-a2a0e2db49d0/1/jErvgUF6v4KAPkF-z4-vNsv9dO8.roa
File:                     jErvgUF6v4KAPkF-z4-vNsv9dO8.roa (raw, json)
Hash identifier:          pkQVmVGqNGLcMm5h/66JMYUYnXu5RnIZzzQNMDFUkjU=
Subject key identifier:   8C:4A:EF:81:41:7A:BF:82:80:3E:41:7E:CF:8F:AF:36:CB:FD:74:EF
Certificate issuer:       /CN=d99a47cdc89f46342f90b0da3c30d9ec5fd63238
Certificate serial:       018D5B11A54E24CBE12205C26C0FF377493E
Authority key identifier: D9:9A:47:CD:C8:9F:46:34:2F:90:B0:DA:3C:30:D9:EC:5F:D6:32:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ZpHzcifRjQvkLDaPDDZ7F_WMjg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/d30eef-495e-43bd-919c-a2a0e2db49d0/1/jErvgUF6v4KAPkF-z4-vNsv9dO8.roa
Signing time:             Tue 30 Jan 2024 15:51:39 +0000
ROA not before:           Tue 30 Jan 2024 15:51:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45015
IP address blocks:        185.100.12.0/22 maxlen: 22
                          195.32.12.0/22 maxlen: 22
                          195.32.72.0/21 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/d30eef-495e-43bd-919c-a2a0e2db49d0/1/2ZpHzcifRjQvkLDaPDDZ7F_WMjg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/d30eef-495e-43bd-919c-a2a0e2db49d0/1/2ZpHzcifRjQvkLDaPDDZ7F_WMjg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ZpHzcifRjQvkLDaPDDZ7F_WMjg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:03:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5b:11:a5:4e:24:cb:e1:22:05:c2:6c:0f:f3:77:49:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d99a47cdc89f46342f90b0da3c30d9ec5fd63238
        Validity
            Not Before: Jan 30 15:51:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c4aef81417abf82803e417ecf8faf36cbfd74ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:27:39:8a:72:ac:03:6f:8b:00:b3:6d:1d:e7:
                    40:0a:11:47:cb:29:88:d2:ac:e7:53:59:2b:2b:90:
                    2d:9e:cf:bd:6b:c9:22:c0:a7:98:21:28:38:27:9c:
                    74:c2:75:37:3d:b1:49:e8:84:ae:53:7d:8d:9a:e2:
                    d4:af:72:38:1d:c7:59:16:44:cf:37:ec:b2:eb:dd:
                    ea:88:71:cb:99:59:d2:e0:f4:cf:cd:c1:a0:1b:cc:
                    71:82:92:cd:c2:b0:44:54:87:ed:c0:9f:b5:84:e5:
                    22:89:fa:b5:c8:54:81:c2:3a:21:37:a9:02:55:b6:
                    66:c8:df:1f:92:31:8a:e7:f5:d5:7c:b6:94:62:c3:
                    90:b5:fc:db:7e:b0:67:e6:8f:16:81:fa:8b:60:9b:
                    c8:0b:9e:12:4f:98:ab:05:cf:a6:bd:5d:88:5e:1c:
                    5d:68:ce:61:7c:5e:6e:a8:2c:8a:b7:64:8f:e9:80:
                    b0:e5:e2:06:db:5b:08:90:d9:89:9c:81:f2:4f:09:
                    e7:46:b9:74:1f:d2:a5:54:9c:ed:35:7a:60:db:95:
                    b6:d8:28:55:6d:bc:91:c4:20:f9:63:14:6a:b1:78:
                    49:39:3a:76:ad:89:cf:1f:d3:93:9b:0f:6b:33:34:
                    c9:8a:54:15:6a:6a:05:b7:7a:45:17:f4:a0:e9:17:
                    68:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:4A:EF:81:41:7A:BF:82:80:3E:41:7E:CF:8F:AF:36:CB:FD:74:EF
            X509v3 Authority Key Identifier:
                keyid:D9:9A:47:CD:C8:9F:46:34:2F:90:B0:DA:3C:30:D9:EC:5F:D6:32:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ZpHzcifRjQvkLDaPDDZ7F_WMjg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d30eef-495e-43bd-919c-a2a0e2db49d0/1/jErvgUF6v4KAPkF-z4-vNsv9dO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d30eef-495e-43bd-919c-a2a0e2db49d0/1/2ZpHzcifRjQvkLDaPDDZ7F_WMjg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.12.0/22
                  195.32.12.0/22
                  195.32.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         48:cd:6e:e6:f3:ec:6a:ee:3f:a8:3e:dd:3f:c6:00:38:8c:45:
         8b:c6:93:d0:35:c2:bf:29:63:e2:53:bf:84:26:4b:fb:e8:14:
         9c:b4:10:11:9d:bf:93:8d:15:33:54:b5:49:7a:f4:30:2e:ea:
         9d:35:dd:d0:4a:8b:50:28:dc:7c:4a:b4:00:eb:27:99:fc:06:
         57:3f:bb:66:f8:db:e0:66:61:39:f4:a9:bb:86:15:3d:45:4c:
         68:7d:76:00:aa:17:c4:39:33:d4:21:78:37:31:0b:7f:df:e6:
         60:f1:c5:57:2c:9e:e7:79:4f:5b:fd:fa:46:44:aa:a9:e0:6f:
         6b:39:f3:0b:b1:dd:ed:49:f4:54:5e:4a:66:24:bc:26:2c:04:
         ef:27:4f:c7:51:67:32:55:11:e6:f2:24:5f:d5:94:96:dc:2f:
         4b:de:a3:29:77:40:2b:f4:d6:37:ba:52:83:63:96:c9:bc:ff:
         52:37:5f:90:b9:49:a6:ec:f3:d5:ca:ee:17:ef:9e:4e:bb:e9:
         4c:e9:2e:25:5a:38:0c:8d:d7:0d:71:f7:72:e6:1d:7f:6a:72:
         d3:73:71:13:bc:67:9f:73:01:12:23:21:6b:3b:36:6e:f0:8a:
         e5:7f:90:ec:00:c2:02:6e:3b:02:df:2d:4c:6c:5e:51:a6:81:
         c8:d5:fe:74
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY1bEaVOJMvhIgXCbA/zd0k+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5OWE0N2NkYzg5ZjQ2MzQyZjkwYjBkYTNjMzBkOWVjNWZk
NjMyMzgwHhcNMjQwMTMwMTU1MTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzRhZWY4MTQxN2FiZjgyODAzZTQxN2VjZjhmYWYzNmNiZmQ3NGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzyc5inKsA2+LALNtHedAChFHyymI
0qznU1krK5Atns+9a8kiwKeYISg4J5x0wnU3PbFJ6ISuU32NmuLUr3I4HcdZFkTP
N+yy693qiHHLmVnS4PTPzcGgG8xxgpLNwrBEVIftwJ+1hOUiifq1yFSBwjohN6kC
VbZmyN8fkjGK5/XVfLaUYsOQtfzbfrBn5o8WgfqLYJvIC54ST5irBc+mvV2IXhxd
aM5hfF5uqCyKt2SP6YCw5eIG21sIkNmJnIHyTwnnRrl0H9KlVJztNXpg25W22ChV
bbyRxCD5YxRqsXhJOTp2rYnPH9OTmw9rMzTJilQVamoFt3pFF/Sg6RdomQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIxK74FBer+CgD5Bfs+PrzbL/XTvMB8GA1UdIwQY
MBaAFNmaR83In0Y0L5Cw2jww2exf1jI4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlpwSHpjaWZSalF2a0xEYVBERFo3Rl9XTWpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kMzBlZWYtNDk1ZS00M2JkLTkxOWMt
YTJhMGUyZGI0OWQwLzEvakVydmdVRjZ2NEtBUGtGLXo0LXZOc3Y5ZE84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kMzBlZWYtNDk1ZS00M2JkLTkxOWMtYTJhMGUyZGI0OWQw
LzEvMlpwSHpjaWZSalF2a0xEYVBERFo3Rl9XTWpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuWQMAwQC
wyAMAwQDwyBIMA0GCSqGSIb3DQEBCwUAA4IBAQBIzW7m8+xq7j+oPt0/xgA4jEWL
xpPQNcK/KWPiU7+EJkv76BSctBARnb+TjRUzVLVJevQwLuqdNd3QSotQKNx8SrQA
6yeZ/AZXP7tm+NvgZmE59Km7hhU9RUxofXYAqhfEOTPUIXg3MQt/3+Zg8cVXLJ7n
eU9b/fpGRKqp4G9rOfMLsd3tSfRUXkpmJLwmLATvJ0/HUWcyVRHm8iRf1ZSW3C9L
3qMpd0Ar9NY3ulKDY5bJvP9SN1+QuUmm7PPVyu4X755Ou+lM6S4lWjgMjdcNcfdy
5h1/anLTc3ETvGefcwESIyFrOzZu8Irlf5DsAMICbjsC3y1MbF5RpoHI1f50
-----END CERTIFICATE-----