Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/67df1c-c9e1-4c5b-b640-8ccc1952eb4f/1/sxRQIO4m3Udj9XWJXk550_KnUR4.roa
File:                     sxRQIO4m3Udj9XWJXk550_KnUR4.roa (raw, json)
Hash identifier:          9wbu3GwXVN1urIYpN3wMH8kERRx2Dc2vW5stVE7f7Gg=
Subject key identifier:   B3:14:50:20:EE:26:DD:47:63:F5:75:89:5E:4E:79:D3:F2:A7:51:1E
Certificate issuer:       /CN=ef2c5c4b61d78af998cce9b7c357bcfcf4181a4c
Certificate serial:       018CC3B682E629011D784AD2AB70DCA44465
Authority key identifier: EF:2C:5C:4B:61:D7:8A:F9:98:CC:E9:B7:C3:57:BC:FC:F4:18:1A:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7yxcS2HXivmYzOm3w1e8_PQYGkw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/67df1c-c9e1-4c5b-b640-8ccc1952eb4f/1/sxRQIO4m3Udj9XWJXk550_KnUR4.roa
Signing time:             Mon 01 Jan 2024 06:29:27 +0000
ROA not before:           Mon 01 Jan 2024 06:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197954
IP address blocks:        37.10.80.0/20 maxlen: 20
                          31.44.112.0/20 maxlen: 20
                          185.49.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/67df1c-c9e1-4c5b-b640-8ccc1952eb4f/1/7yxcS2HXivmYzOm3w1e8_PQYGkw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/67df1c-c9e1-4c5b-b640-8ccc1952eb4f/1/7yxcS2HXivmYzOm3w1e8_PQYGkw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7yxcS2HXivmYzOm3w1e8_PQYGkw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:82:e6:29:01:1d:78:4a:d2:ab:70:dc:a4:44:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef2c5c4b61d78af998cce9b7c357bcfcf4181a4c
        Validity
            Not Before: Jan  1 06:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3145020ee26dd4763f575895e4e79d3f2a7511e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:d6:a7:82:00:0c:9e:7e:6f:11:ef:3e:53:48:
                    5c:c4:cf:71:30:18:ec:37:fa:6f:67:5c:cf:13:33:
                    21:19:7c:4d:53:81:27:8d:f3:b5:af:92:a4:b8:df:
                    a5:f8:a9:81:e0:fc:97:63:df:56:30:9d:93:90:95:
                    11:d5:f8:e9:82:ad:b7:90:5a:64:00:8d:c4:7c:49:
                    1e:05:3a:48:ce:b3:37:f9:9e:28:65:06:6a:57:83:
                    c6:0f:68:91:5f:41:8b:07:8c:ac:a1:ce:37:8e:1a:
                    fc:97:55:5d:c2:0d:9a:26:95:70:8e:07:15:c8:8d:
                    e5:b9:30:73:67:90:41:10:43:aa:9e:8f:51:e9:be:
                    f4:e9:bf:60:af:ba:6c:b6:07:a0:e7:39:29:f2:91:
                    63:cc:ee:c5:a6:8e:35:5a:b6:cf:d9:c4:55:4d:19:
                    0c:10:da:19:4f:fb:60:ed:98:91:fa:bd:f0:bc:05:
                    38:fb:81:40:54:69:3f:6c:78:f7:ef:01:ef:00:34:
                    4a:a0:3a:e4:66:ee:14:b8:c5:4a:ff:59:ee:76:31:
                    e3:b1:5b:fb:6e:00:1f:46:c8:be:bf:26:06:7d:8d:
                    7a:52:b1:c7:4a:f0:1c:90:ab:62:2d:96:f9:b3:25:
                    53:fb:a4:8a:10:28:ca:58:10:d8:8b:6a:18:f8:0a:
                    59:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:14:50:20:EE:26:DD:47:63:F5:75:89:5E:4E:79:D3:F2:A7:51:1E
            X509v3 Authority Key Identifier:
                keyid:EF:2C:5C:4B:61:D7:8A:F9:98:CC:E9:B7:C3:57:BC:FC:F4:18:1A:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7yxcS2HXivmYzOm3w1e8_PQYGkw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/67df1c-c9e1-4c5b-b640-8ccc1952eb4f/1/sxRQIO4m3Udj9XWJXk550_KnUR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/67df1c-c9e1-4c5b-b640-8ccc1952eb4f/1/7yxcS2HXivmYzOm3w1e8_PQYGkw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.44.112.0/20
                  37.10.80.0/20
                  185.49.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:68:7a:63:5c:83:84:5d:5f:ac:ca:b6:b6:f7:6b:2e:b7:70:
         b6:96:a3:af:b3:94:25:39:4e:b2:bc:64:3e:f3:25:99:0e:e0:
         33:a0:17:9f:dc:c9:5c:cb:66:85:51:1b:0c:dc:cb:d7:5b:7f:
         bf:5f:88:ac:e6:7b:d9:88:60:2c:5d:8c:3a:65:49:48:34:69:
         5e:41:58:2b:25:39:0b:2e:f8:b9:8b:c7:c4:c1:8a:78:4d:d0:
         12:5e:59:e8:57:37:67:23:ed:9f:1b:1b:f3:4f:12:35:b3:ae:
         1d:b6:8b:85:7e:e0:25:03:2a:9b:d7:fe:2f:28:e4:8b:9c:38:
         94:9c:ce:de:65:89:29:8e:2e:31:65:46:d7:f9:6e:1d:25:56:
         72:a8:f0:a9:51:64:7e:3d:6d:48:a3:96:aa:e2:08:ed:a6:81:
         2d:39:f0:79:c2:fb:5b:ac:5c:e1:9e:6f:46:2c:83:d7:68:b5:
         68:f1:11:c8:ee:4a:92:0a:50:c2:94:df:33:f3:1b:0c:4e:64:
         ef:95:7b:4f:52:5f:74:c0:c9:7a:02:a8:80:83:b5:8d:12:1c:
         4a:56:fd:70:17:fc:23:39:9a:22:eb:53:c1:c3:2b:1a:fc:ef:
         62:e5:5d:68:6f:8e:93:6e:60:22:b7:36:df:59:ef:3c:a8:30:
         1f:51:36:a9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDtoLmKQEdeErSq3DcpERlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMmM1YzRiNjFkNzhhZjk5OGNjZTliN2MzNTdiY2ZjZjQx
ODFhNGMwHhcNMjQwMTAxMDYyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzE0NTAyMGVlMjZkZDQ3NjNmNTc1ODk1ZTRlNzlkM2YyYTc1MTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtanggAMnn5vEe8+U0hcxM9xMBjs
N/pvZ1zPEzMhGXxNU4EnjfO1r5KkuN+l+KmB4PyXY99WMJ2TkJUR1fjpgq23kFpk
AI3EfEkeBTpIzrM3+Z4oZQZqV4PGD2iRX0GLB4ysoc43jhr8l1Vdwg2aJpVwjgcV
yI3luTBzZ5BBEEOqno9R6b706b9gr7pstgeg5zkp8pFjzO7Fpo41WrbP2cRVTRkM
ENoZT/tg7ZiR+r3wvAU4+4FAVGk/bHj37wHvADRKoDrkZu4UuMVK/1nudjHjsVv7
bgAfRsi+vyYGfY16UrHHSvAckKtiLZb5syVT+6SKECjKWBDYi2oY+ApZ1QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLMUUCDuJt1HY/V1iV5OedPyp1EeMB8GA1UdIwQY
MBaAFO8sXEth14r5mMzpt8NXvPz0GBpMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3l4Y1MySFhpdm1Zek9tM3cxZThfUFFZR2t3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS82N2RmMWMtYzllMS00YzViLWI2NDAt
OGNjYzE5NTJlYjRmLzEvc3hSUUlPNG0zVWRqOVhXSlhrNTUwX0tuVVI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS82N2RmMWMtYzllMS00YzViLWI2NDAtOGNjYzE5NTJlYjRm
LzEvN3l4Y1MySFhpdm1Zek9tM3cxZThfUFFZR2t3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEHyxwAwQE
JQpQAwQCuTHUMA0GCSqGSIb3DQEBCwUAA4IBAQCZaHpjXIOEXV+syra292sut3C2
lqOvs5QlOU6yvGQ+8yWZDuAzoBef3Mlcy2aFURsM3MvXW3+/X4is5nvZiGAsXYw6
ZUlINGleQVgrJTkLLvi5i8fEwYp4TdASXlnoVzdnI+2fGxvzTxI1s64dtouFfuAl
Ayqb1/4vKOSLnDiUnM7eZYkpji4xZUbX+W4dJVZyqPCpUWR+PW1Io5aq4gjtpoEt
OfB5wvtbrFzhnm9GLIPXaLVo8RHI7kqSClDClN8z8xsMTmTvlXtPUl90wMl6AqiA
g7WNEhxKVv1wF/wjOZoi61PBwysa/O9i5V1ob46TbmAitzbfWe88qDAfUTap
-----END CERTIFICATE-----