Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/975e68-8662-43b9-8ed2-aae97e65015c/1/P_Q8crevVPiE0CPMdJxpaDsoTdU.roa
File:                     P_Q8crevVPiE0CPMdJxpaDsoTdU.roa (raw, json)
Hash identifier:          vcJ8+K87bVV27uNvVYRjXiWk5dgyW8yRpmpPfCGqzWg=
Subject key identifier:   3F:F4:3C:72:B7:AF:54:F8:84:D0:23:CC:74:9C:69:68:3B:28:4D:D5
Certificate issuer:       /CN=65e0062e54a5fcb6a0c99e598557fed6f37a4629
Certificate serial:       018CC5012DA5CBA743C1DC34DF625D4F9369
Authority key identifier: 65:E0:06:2E:54:A5:FC:B6:A0:C9:9E:59:85:57:FE:D6:F3:7A:46:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZeAGLlSl_LagyZ5ZhVf-1vN6Rik.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/975e68-8662-43b9-8ed2-aae97e65015c/1/P_Q8crevVPiE0CPMdJxpaDsoTdU.roa
Signing time:             Mon 01 Jan 2024 12:30:37 +0000
ROA not before:           Mon 01 Jan 2024 12:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211491
IP address blocks:        193.22.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/975e68-8662-43b9-8ed2-aae97e65015c/1/ZeAGLlSl_LagyZ5ZhVf-1vN6Rik.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/975e68-8662-43b9-8ed2-aae97e65015c/1/ZeAGLlSl_LagyZ5ZhVf-1vN6Rik.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZeAGLlSl_LagyZ5ZhVf-1vN6Rik.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2d:a5:cb:a7:43:c1:dc:34:df:62:5d:4f:93:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65e0062e54a5fcb6a0c99e598557fed6f37a4629
        Validity
            Not Before: Jan  1 12:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ff43c72b7af54f884d023cc749c69683b284dd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a3:b1:f2:65:11:ec:9e:4b:1a:99:7c:63:d1:
                    43:db:1d:05:2b:28:40:a3:ce:de:6a:c4:49:ed:07:
                    ab:d2:3e:a5:da:57:ad:13:45:02:f3:6a:b8:32:9e:
                    fb:f0:38:45:f7:ea:d6:ef:0e:fa:af:70:6e:e5:e8:
                    60:c2:3b:f7:2a:56:4f:3c:38:6c:8c:d0:ec:90:1d:
                    67:1a:cb:c5:b2:f7:47:20:aa:17:1e:ba:93:3e:ed:
                    7f:70:70:71:44:4b:48:7f:36:c7:83:85:bb:b3:f5:
                    1f:d8:e1:bc:ea:0f:0b:de:62:7f:e7:8f:58:11:9e:
                    41:e2:cf:3c:22:28:d0:d4:29:86:16:8d:75:6d:33:
                    92:b0:30:0c:f4:f0:31:20:02:11:f9:09:e8:0e:6c:
                    59:0a:37:5a:37:9d:b1:32:e2:4a:e0:a0:e0:6c:e7:
                    d9:35:50:97:80:bd:9a:19:e7:b7:68:c4:0d:d2:03:
                    f2:cd:eb:90:f6:ea:61:ad:bf:b9:e5:65:e9:85:c9:
                    b8:46:db:3d:2a:e0:8d:1f:43:83:00:e2:21:52:2f:
                    06:7d:60:2e:8e:c4:2a:bd:6a:7d:06:8a:6f:0d:d2:
                    8b:6f:8a:d9:08:9c:5c:fe:f0:b2:1d:e8:53:46:6f:
                    8a:39:b1:d9:c6:0b:c8:57:b2:ec:d6:6a:fe:bd:5f:
                    7c:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:F4:3C:72:B7:AF:54:F8:84:D0:23:CC:74:9C:69:68:3B:28:4D:D5
            X509v3 Authority Key Identifier:
                keyid:65:E0:06:2E:54:A5:FC:B6:A0:C9:9E:59:85:57:FE:D6:F3:7A:46:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZeAGLlSl_LagyZ5ZhVf-1vN6Rik.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/975e68-8662-43b9-8ed2-aae97e65015c/1/P_Q8crevVPiE0CPMdJxpaDsoTdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/975e68-8662-43b9-8ed2-aae97e65015c/1/ZeAGLlSl_LagyZ5ZhVf-1vN6Rik.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:b6:78:ea:f3:75:80:53:43:59:d4:7c:14:ad:9b:65:f4:c9:
         f3:55:c6:1f:e7:20:66:a9:d9:00:b4:08:e4:1d:2c:06:00:40:
         c3:a5:b7:50:42:96:a0:54:89:7e:e9:09:8d:bb:48:00:14:47:
         31:4b:73:40:60:5c:15:4c:6b:c5:5b:97:0d:c1:e1:3e:99:f9:
         79:da:1f:7a:b4:b1:25:1d:fa:cb:c0:0f:5f:b8:e0:b1:1d:ea:
         5b:36:bd:b7:a0:6d:7d:a7:35:54:e2:5c:3c:71:71:f3:20:a7:
         ef:33:6c:24:0f:9c:2e:a6:a8:a9:49:5a:1a:6b:27:92:77:89:
         2a:f3:2c:bc:bd:90:2e:b8:86:7e:b2:01:02:f1:f1:7a:9b:3b:
         db:60:da:4b:f1:4c:53:b0:52:fa:40:64:53:cb:b4:23:5b:4f:
         9e:d3:4f:f3:2a:7d:a1:f7:a1:0b:71:30:49:e4:9d:18:5e:81:
         40:be:60:07:23:53:0b:10:1d:b7:c6:1e:19:34:93:48:65:b6:
         55:0a:ca:f5:87:f2:24:fd:f8:bf:06:73:56:dc:8a:be:3c:32:
         dc:0b:82:74:02:c4:27:7b:01:7b:84:3d:69:3c:1a:6f:1d:bc:
         c4:91:fc:3a:a4:f1:3d:d2:21:d1:5f:38:1e:7a:70:94:27:8e:
         c7:9b:bd:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAS2ly6dDwdw032JdT5NpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ZTAwNjJlNTRhNWZjYjZhMGM5OWU1OTg1NTdmZWQ2ZjM3
YTQ2MjkwHhcNMjQwMTAxMTIzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmY0M2M3MmI3YWY1NGY4ODRkMDIzY2M3NDljNjk2ODNiMjg0ZGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaOx8mUR7J5LGpl8Y9FD2x0FKyhA
o87easRJ7Qer0j6l2letE0UC82q4Mp778DhF9+rW7w76r3Bu5ehgwjv3KlZPPDhs
jNDskB1nGsvFsvdHIKoXHrqTPu1/cHBxREtIfzbHg4W7s/Uf2OG86g8L3mJ/549Y
EZ5B4s88IijQ1CmGFo11bTOSsDAM9PAxIAIR+QnoDmxZCjdaN52xMuJK4KDgbOfZ
NVCXgL2aGee3aMQN0gPyzeuQ9uphrb+55WXphcm4Rts9KuCNH0ODAOIhUi8GfWAu
jsQqvWp9BopvDdKLb4rZCJxc/vCyHehTRm+KObHZxgvIV7Ls1mr+vV98AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD/0PHK3r1T4hNAjzHScaWg7KE3VMB8GA1UdIwQY
MBaAFGXgBi5Upfy2oMmeWYVX/tbzekYpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmVBR0xsU2xfTGFneVo1WmhWZi0xdk42UmlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC85NzVlNjgtODY2Mi00M2I5LThlZDIt
YWFlOTdlNjUwMTVjLzEvUF9ROGNyZXZWUGlFMENQTWRKeHBhRHNvVGRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC85NzVlNjgtODY2Mi00M2I5LThlZDItYWFlOTdlNjUwMTVj
LzEvWmVBR0xsU2xfTGFneVo1WmhWZi0xdk42UmlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRYUMA0G
CSqGSIb3DQEBCwUAA4IBAQACtnjq83WAU0NZ1HwUrZtl9MnzVcYf5yBmqdkAtAjk
HSwGAEDDpbdQQpagVIl+6QmNu0gAFEcxS3NAYFwVTGvFW5cNweE+mfl52h96tLEl
HfrLwA9fuOCxHepbNr23oG19pzVU4lw8cXHzIKfvM2wkD5wupqipSVoaayeSd4kq
8yy8vZAuuIZ+sgEC8fF6mzvbYNpL8UxTsFL6QGRTy7QjW0+e00/zKn2h96ELcTBJ
5J0YXoFAvmAHI1MLEB23xh4ZNJNIZbZVCsr1h/Ik/fi/BnNW3Iq+PDLcC4J0AsQn
ewF7hD1pPBpvHbzEkfw6pPE90iHRXzgeenCUJ47Hm72D
-----END CERTIFICATE-----