Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/1SAGuPBOHXw0nAEjhPcuz1HjUIc.roa
File:                     1SAGuPBOHXw0nAEjhPcuz1HjUIc.roa (raw, json)
Hash identifier:          swoSrwluBrDpCyfOkuQI6j0JQ+30e1sEGhnLXMwBmuM=
Subject key identifier:   D5:20:06:B8:F0:4E:1D:7C:34:9C:01:23:84:F7:2E:CF:51:E3:50:87
Certificate issuer:       /CN=80bd00829536d47745f47da9d1a8a72f6dd462d4
Certificate serial:       018CC94DC9104B6625B34618F916476757E0
Authority key identifier: 80:BD:00:82:95:36:D4:77:45:F4:7D:A9:D1:A8:A7:2F:6D:D4:62:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gL0AgpU21HdF9H2p0ainL23UYtQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/1SAGuPBOHXw0nAEjhPcuz1HjUIc.roa
Signing time:             Tue 02 Jan 2024 08:32:47 +0000
ROA not before:           Tue 02 Jan 2024 08:32:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203008
IP address blocks:        185.110.134.0/24 maxlen: 24
                          185.110.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/gL0AgpU21HdF9H2p0ainL23UYtQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/gL0AgpU21HdF9H2p0ainL23UYtQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gL0AgpU21HdF9H2p0ainL23UYtQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:c9:10:4b:66:25:b3:46:18:f9:16:47:67:57:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80bd00829536d47745f47da9d1a8a72f6dd462d4
        Validity
            Not Before: Jan  2 08:32:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d52006b8f04e1d7c349c012384f72ecf51e35087
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:19:84:d9:a7:24:85:71:66:ef:b1:8b:61:23:
                    be:93:0c:86:84:fd:33:09:64:e1:6e:b7:90:cf:25:
                    cc:a3:db:e5:37:74:cb:1d:84:75:ca:5d:2c:ac:b4:
                    df:ad:b3:04:82:9d:12:3b:a2:fc:1b:97:19:0f:52:
                    58:f5:c4:08:78:47:af:e4:bb:64:4c:44:52:72:68:
                    f3:76:cc:e9:af:7c:a1:a0:55:49:3a:0b:99:89:ed:
                    ca:75:c9:98:3e:f3:53:c1:ad:f3:1c:f5:0e:e1:37:
                    e4:72:00:93:51:ad:82:c9:26:11:74:84:f4:bd:10:
                    f8:2b:4e:f3:98:72:79:94:e6:30:7f:9e:96:bf:85:
                    44:74:73:a1:c7:e7:6b:8e:8a:d6:34:6c:eb:1c:bb:
                    8c:a5:a2:1f:41:16:1e:8b:fc:54:ab:0b:ba:34:38:
                    2e:b8:31:6f:8a:84:96:23:68:7b:a5:96:06:b0:6f:
                    6e:13:96:bc:62:fa:8b:eb:32:e2:f8:38:6b:b6:c2:
                    ce:5a:1b:ff:58:3d:10:7a:4d:30:83:48:6b:a6:d0:
                    4f:f4:ad:08:4e:63:89:5e:ea:f5:48:f1:09:21:5b:
                    64:cb:56:ed:26:dd:36:d6:5d:6c:27:3c:90:76:97:
                    a3:a9:2f:dd:c7:70:fe:7a:eb:76:d9:0e:6c:6f:c0:
                    8d:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:20:06:B8:F0:4E:1D:7C:34:9C:01:23:84:F7:2E:CF:51:E3:50:87
            X509v3 Authority Key Identifier:
                keyid:80:BD:00:82:95:36:D4:77:45:F4:7D:A9:D1:A8:A7:2F:6D:D4:62:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gL0AgpU21HdF9H2p0ainL23UYtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/1SAGuPBOHXw0nAEjhPcuz1HjUIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/gL0AgpU21HdF9H2p0ainL23UYtQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.133.0-185.110.134.255

    Signature Algorithm: sha256WithRSAEncryption
         19:2b:4d:1e:87:8f:53:40:32:34:8a:24:fc:d0:1d:72:a7:01:
         3c:12:09:7a:8d:d1:1c:c4:12:54:fc:7a:0e:ad:4e:e8:17:72:
         87:35:d7:e2:a6:b9:9a:c9:ac:c0:d5:63:26:e2:30:b0:86:c8:
         94:af:2a:ac:53:bf:c3:48:65:d7:0b:f1:f3:cc:a1:8f:38:68:
         dc:0c:23:e4:88:a3:7a:80:fc:57:e0:c9:af:ef:e1:5e:01:0a:
         ea:cb:da:0b:80:7e:91:d6:29:6c:ac:48:ad:45:b1:75:27:16:
         af:c4:4f:cc:0c:d5:d1:b4:c0:ba:4e:53:c3:18:cb:3b:f3:0d:
         6d:21:1c:bb:4a:1b:0b:d7:d5:50:65:93:88:72:0e:38:50:40:
         ca:0c:73:24:59:97:6c:f5:32:15:a6:5f:40:94:0c:8a:fa:f8:
         ed:73:ae:c8:e9:14:d2:5c:98:2f:8b:06:92:bc:66:dd:fe:c1:
         50:88:b9:78:68:55:f3:0f:11:d4:06:ce:cb:c2:40:fc:c5:b7:
         4f:af:08:1c:7d:15:e4:33:9d:be:cc:d8:78:79:30:0b:90:e7:
         41:d4:98:33:a3:f6:ca:0e:d5:d9:a0:4b:56:23:cb:33:15:85:
         5e:27:6c:54:9f:96:d6:9e:0a:1e:63:da:4e:10:4c:ad:62:93:
         4b:43:09:48
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJTckQS2Yls0YY+RZHZ1fgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwYmQwMDgyOTUzNmQ0Nzc0NWY0N2RhOWQxYThhNzJmNmRk
NDYyZDQwHhcNMjQwMTAyMDgzMjQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTIwMDZiOGYwNGUxZDdjMzQ5YzAxMjM4NGY3MmVjZjUxZTM1MDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7xmE2ackhXFm77GLYSO+kwyGhP0z
CWThbreQzyXMo9vlN3TLHYR1yl0srLTfrbMEgp0SO6L8G5cZD1JY9cQIeEev5Ltk
TERScmjzdszpr3yhoFVJOguZie3KdcmYPvNTwa3zHPUO4TfkcgCTUa2CySYRdIT0
vRD4K07zmHJ5lOYwf56Wv4VEdHOhx+drjorWNGzrHLuMpaIfQRYei/xUqwu6NDgu
uDFvioSWI2h7pZYGsG9uE5a8YvqL6zLi+DhrtsLOWhv/WD0Qek0wg0hrptBP9K0I
TmOJXur1SPEJIVtky1btJt021l1sJzyQdpejqS/dx3D+eut22Q5sb8CNrwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNUgBrjwTh18NJwBI4T3Ls9R41CHMB8GA1UdIwQY
MBaAFIC9AIKVNtR3RfR9qdGopy9t1GLUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0wwQWdwVTIxSGRGOUgycDBhaW5MMjNVWXRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi82NGUxOWYtZmU1NC00MmNkLTg5MjMt
MDliOTkyMGZlMDBmLzEvMVNBR3VQQk9IWHcwbkFFamhQY3V6MUhqVUljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi82NGUxOWYtZmU1NC00MmNkLTg5MjMtMDliOTkyMGZlMDBm
LzEvZ0wwQWdwVTIxSGRGOUgycDBhaW5MMjNVWXRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5boUD
BAC5boYwDQYJKoZIhvcNAQELBQADggEBABkrTR6Hj1NAMjSKJPzQHXKnATwSCXqN
0RzEElT8eg6tTugXcoc11+KmuZrJrMDVYybiMLCGyJSvKqxTv8NIZdcL8fPMoY84
aNwMI+SIo3qA/Ffgya/v4V4BCurL2guAfpHWKWysSK1FsXUnFq/ET8wM1dG0wLpO
U8MYyzvzDW0hHLtKGwvX1VBlk4hyDjhQQMoMcyRZl2z1MhWmX0CUDIr6+O1zrsjp
FNJcmC+LBpK8Zt3+wVCIuXhoVfMPEdQGzsvCQPzFt0+vCBx9FeQznb7M2Hh5MAuQ
50HUmDOj9soO1dmgS1YjyzMVhV4nbFSfltaeCh5j2k4QTK1ik0tDCUg=
-----END CERTIFICATE-----