Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/d4d8dd-50d8-43c7-9b55-9aa7cd6505e5/1/aAq3Bt5BJ_h0KiNu_5bxFSguLfQ.roa
File:                     aAq3Bt5BJ_h0KiNu_5bxFSguLfQ.roa (raw, json)
Hash identifier:          rMl12EXpxLp9FPIJY+FfSuZfIC4RGE9sfm8GUZNDkg4=
Subject key identifier:   68:0A:B7:06:DE:41:27:F8:74:2A:23:6E:FF:96:F1:15:28:2E:2D:F4
Certificate issuer:       /CN=a8153b3d5612234fe260fe60bc7ce028062227a3
Certificate serial:       018CC871423D61D2A2526BDDB793F578B104
Authority key identifier: A8:15:3B:3D:56:12:23:4F:E2:60:FE:60:BC:7C:E0:28:06:22:27:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qBU7PVYSI0_iYP5gvHzgKAYiJ6M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/d4d8dd-50d8-43c7-9b55-9aa7cd6505e5/1/aAq3Bt5BJ_h0KiNu_5bxFSguLfQ.roa
Signing time:             Tue 02 Jan 2024 04:31:54 +0000
ROA not before:           Tue 02 Jan 2024 04:31:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51681
IP address blocks:        185.220.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/d4d8dd-50d8-43c7-9b55-9aa7cd6505e5/1/qBU7PVYSI0_iYP5gvHzgKAYiJ6M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/d4d8dd-50d8-43c7-9b55-9aa7cd6505e5/1/qBU7PVYSI0_iYP5gvHzgKAYiJ6M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qBU7PVYSI0_iYP5gvHzgKAYiJ6M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:42:3d:61:d2:a2:52:6b:dd:b7:93:f5:78:b1:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8153b3d5612234fe260fe60bc7ce028062227a3
        Validity
            Not Before: Jan  2 04:31:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=680ab706de4127f8742a236eff96f115282e2df4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:88:d6:a9:36:2f:16:81:75:bc:cd:dd:fd:3a:
                    76:13:58:00:50:cc:66:c1:c5:ba:15:af:e5:c0:42:
                    a5:f6:d1:87:af:94:1f:c9:1e:83:25:96:91:fe:40:
                    cc:8f:bf:74:1d:a4:1a:6d:93:c7:cd:21:31:56:00:
                    d3:85:33:23:62:fb:53:21:91:ba:bc:3c:d7:5a:83:
                    01:9a:f6:85:46:2b:95:1e:2a:4c:8e:35:de:c7:4d:
                    41:fc:93:ea:57:48:95:34:76:84:86:37:a0:04:26:
                    1d:58:56:12:4d:51:8b:9f:3f:77:ab:ea:62:fd:d7:
                    60:33:db:63:08:ff:c6:8a:af:a5:ec:b1:9b:27:ad:
                    81:be:15:e8:ca:ac:29:e5:26:00:72:c1:45:17:84:
                    3b:f8:6a:fe:cc:aa:21:6e:ec:e6:c6:71:b5:48:fc:
                    49:ea:b4:40:af:f9:0e:35:a7:72:f9:f1:fd:34:a0:
                    14:69:94:bb:a7:23:f7:c9:3e:f0:f7:6f:ec:97:b6:
                    a2:ee:91:cb:45:c3:af:05:70:bb:40:db:0c:e6:71:
                    77:14:5e:73:c2:20:98:eb:fd:94:3e:7f:1e:c7:3b:
                    f0:76:2e:72:4a:06:77:2f:c5:63:5d:84:be:42:b2:
                    6a:e2:94:64:bb:d1:d3:05:2e:5c:ae:61:bd:40:87:
                    9f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:0A:B7:06:DE:41:27:F8:74:2A:23:6E:FF:96:F1:15:28:2E:2D:F4
            X509v3 Authority Key Identifier:
                keyid:A8:15:3B:3D:56:12:23:4F:E2:60:FE:60:BC:7C:E0:28:06:22:27:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qBU7PVYSI0_iYP5gvHzgKAYiJ6M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/d4d8dd-50d8-43c7-9b55-9aa7cd6505e5/1/aAq3Bt5BJ_h0KiNu_5bxFSguLfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/d4d8dd-50d8-43c7-9b55-9aa7cd6505e5/1/qBU7PVYSI0_iYP5gvHzgKAYiJ6M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:a3:40:5a:9b:78:c7:a5:97:bf:9e:00:a1:17:2e:37:7e:11:
         0c:7e:9e:93:71:61:83:b5:1a:04:b7:fc:82:d6:64:80:32:e1:
         07:5d:d5:b3:39:b6:dd:f0:b1:4d:b2:2d:77:04:85:ce:40:5c:
         5c:44:b3:17:40:32:25:3c:d3:97:db:85:8d:8e:26:8e:0d:d7:
         a2:91:29:c5:42:9f:94:fc:c9:82:f4:5c:27:2d:eb:bf:73:ec:
         ed:f0:a3:64:09:9b:43:01:d1:c7:3a:3c:bf:b8:51:08:cf:f1:
         95:2d:63:60:59:92:91:e4:d6:ac:7b:22:74:5b:4b:0f:4c:c9:
         26:1a:94:f7:64:46:2c:de:42:19:ad:84:6e:35:de:31:b1:2f:
         6f:0f:10:dc:70:89:0a:d5:81:77:f7:14:83:3b:dd:04:77:b6:
         04:92:50:9e:46:97:34:5e:7d:96:0b:a6:ed:41:8a:b8:14:45:
         2a:f6:52:9e:c4:00:10:f5:ac:de:59:7c:47:a9:a2:75:ec:f5:
         5c:e6:21:ec:4f:dc:32:5e:08:e7:08:1c:76:95:47:fb:9c:28:
         8e:95:1f:b6:c7:c0:10:3d:09:cd:2b:48:a4:dc:27:33:20:dd:
         82:d1:1e:5f:1d:47:eb:18:80:69:93:60:ab:1c:0b:a5:6d:db:
         0c:84:3b:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcUI9YdKiUmvdt5P1eLEEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MTUzYjNkNTYxMjIzNGZlMjYwZmU2MGJjN2NlMDI4MDYy
MjI3YTMwHhcNMjQwMTAyMDQzMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODBhYjcwNmRlNDEyN2Y4NzQyYTIzNmVmZjk2ZjExNTI4MmUyZGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYjWqTYvFoF1vM3d/Tp2E1gAUMxm
wcW6Fa/lwEKl9tGHr5QfyR6DJZaR/kDMj790HaQabZPHzSExVgDThTMjYvtTIZG6
vDzXWoMBmvaFRiuVHipMjjXex01B/JPqV0iVNHaEhjegBCYdWFYSTVGLnz93q+pi
/ddgM9tjCP/Giq+l7LGbJ62BvhXoyqwp5SYAcsFFF4Q7+Gr+zKohbuzmxnG1SPxJ
6rRAr/kONady+fH9NKAUaZS7pyP3yT7w92/sl7ai7pHLRcOvBXC7QNsM5nF3FF5z
wiCY6/2UPn8exzvwdi5ySgZ3L8VjXYS+QrJq4pRku9HTBS5crmG9QIef6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGgKtwbeQSf4dCojbv+W8RUoLi30MB8GA1UdIwQY
MBaAFKgVOz1WEiNP4mD+YLx84CgGIiejMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUJVN1BWWVNJMF9pWVA1Z3ZIemdLQVlpSjZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9kNGQ4ZGQtNTBkOC00M2M3LTliNTUt
OWFhN2NkNjUwNWU1LzEvYUFxM0J0NUJKX2gwS2lOdV81YnhGU2d1TGZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9kNGQ4ZGQtNTBkOC00M2M3LTliNTUtOWFhN2NkNjUwNWU1
LzEvcUJVN1BWWVNJMF9pWVA1Z3ZIemdLQVlpSjZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudwLMA0G
CSqGSIb3DQEBCwUAA4IBAQAqo0Bam3jHpZe/ngChFy43fhEMfp6TcWGDtRoEt/yC
1mSAMuEHXdWzObbd8LFNsi13BIXOQFxcRLMXQDIlPNOX24WNjiaODdeikSnFQp+U
/MmC9FwnLeu/c+zt8KNkCZtDAdHHOjy/uFEIz/GVLWNgWZKR5NaseyJ0W0sPTMkm
GpT3ZEYs3kIZrYRuNd4xsS9vDxDccIkK1YF39xSDO90Ed7YEklCeRpc0Xn2WC6bt
QYq4FEUq9lKexAAQ9azeWXxHqaJ17PVc5iHsT9wyXgjnCBx2lUf7nCiOlR+2x8AQ
PQnNK0ik3CczIN2C0R5fHUfrGIBpk2CrHAulbdsMhDtf
-----END CERTIFICATE-----