Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/ad050f-a22d-4a77-958c-357a61361dcb/1/Y7NgkCWBb9YgqL9DznsTuQ79tmw.roa
File:                     Y7NgkCWBb9YgqL9DznsTuQ79tmw.roa (raw, json)
Hash identifier:          6dczwfpqyC9vhPTbxIV1BVyYNGse9e/kQNus5kFAMf0=
Subject key identifier:   63:B3:60:90:25:81:6F:D6:20:A8:BF:43:CE:7B:13:B9:0E:FD:B6:6C
Certificate issuer:       /CN=33cfbfbf2eccd393aa30c221369965b847192da8
Certificate serial:       018CC8712A235115DE7488350B4027CD3AE3
Authority key identifier: 33:CF:BF:BF:2E:CC:D3:93:AA:30:C2:21:36:99:65:B8:47:19:2D:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M8-_vy7M05OqMMIhNplluEcZLag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/ad050f-a22d-4a77-958c-357a61361dcb/1/Y7NgkCWBb9YgqL9DznsTuQ79tmw.roa
Signing time:             Tue 02 Jan 2024 04:31:48 +0000
ROA not before:           Tue 02 Jan 2024 04:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21277
IP address blocks:        185.38.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/ad050f-a22d-4a77-958c-357a61361dcb/1/M8-_vy7M05OqMMIhNplluEcZLag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/ad050f-a22d-4a77-958c-357a61361dcb/1/M8-_vy7M05OqMMIhNplluEcZLag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M8-_vy7M05OqMMIhNplluEcZLag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:2a:23:51:15:de:74:88:35:0b:40:27:cd:3a:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33cfbfbf2eccd393aa30c221369965b847192da8
        Validity
            Not Before: Jan  2 04:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63b3609025816fd620a8bf43ce7b13b90efdb66c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:36:75:6d:f8:24:50:17:f0:66:cf:4e:bb:ba:
                    20:7f:11:d7:84:f5:46:e6:c3:0e:07:89:eb:11:1a:
                    d8:29:b6:01:cd:b8:f5:2e:ce:00:2f:93:ce:fa:77:
                    55:0a:4c:5c:6b:c6:7a:af:93:55:a3:ae:4c:f8:b3:
                    0f:6c:f5:8a:37:5a:98:5e:8e:c1:db:a1:47:ec:32:
                    09:3a:0b:41:21:cf:a6:74:55:0c:90:21:be:20:01:
                    cf:9c:e4:7e:ba:63:29:37:d0:e5:f2:dd:a8:23:e2:
                    03:60:b9:df:ea:e6:91:84:69:81:a7:c6:f0:0a:1a:
                    6e:00:ac:ce:d8:19:fd:b4:4c:25:16:d4:ab:36:67:
                    d4:ff:d4:5a:f0:d2:6c:2b:c6:d7:49:af:52:f5:12:
                    f9:83:ac:e4:1f:f1:7e:91:7e:f1:38:59:d1:7b:0a:
                    4d:00:6f:3b:e8:2d:b4:d9:9e:b7:3c:51:30:30:45:
                    0a:10:87:66:ca:d8:a7:23:97:a8:a9:e0:0e:e4:64:
                    67:25:b7:b1:fd:7d:cd:00:5d:e9:9d:71:86:69:14:
                    d8:dc:80:63:5f:dc:da:3b:94:f3:d9:9a:4e:f9:7a:
                    8a:c3:3b:dc:26:eb:18:89:f4:42:0d:f3:c5:cc:37:
                    2f:b0:a5:21:c8:3c:a1:04:b9:90:e2:96:27:44:a9:
                    61:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:B3:60:90:25:81:6F:D6:20:A8:BF:43:CE:7B:13:B9:0E:FD:B6:6C
            X509v3 Authority Key Identifier:
                keyid:33:CF:BF:BF:2E:CC:D3:93:AA:30:C2:21:36:99:65:B8:47:19:2D:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M8-_vy7M05OqMMIhNplluEcZLag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/ad050f-a22d-4a77-958c-357a61361dcb/1/Y7NgkCWBb9YgqL9DznsTuQ79tmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/ad050f-a22d-4a77-958c-357a61361dcb/1/M8-_vy7M05OqMMIhNplluEcZLag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.38.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:72:eb:25:ee:8d:ad:b1:73:fd:8a:7a:64:90:ea:f2:39:9f:
         70:8d:00:e9:5b:49:22:ab:d7:31:53:f2:ef:98:e6:16:6f:d4:
         d9:18:45:d0:e4:e9:89:02:3d:83:db:57:7c:f8:03:2d:3c:1c:
         a7:61:23:bc:b2:af:9d:78:3c:2a:75:53:73:69:94:1c:c0:00:
         ae:8e:d0:83:63:23:44:95:c7:92:70:2d:0c:f2:d1:a0:9b:e8:
         1f:7d:d9:88:a6:b8:32:f9:e9:d6:0c:f7:e0:27:2a:f1:3f:69:
         7d:40:08:05:e5:a4:5b:f8:65:59:ba:fd:da:76:8a:80:64:56:
         a5:e2:21:90:da:b3:de:d0:90:07:a9:b9:9f:17:6d:c0:a7:80:
         e0:66:11:86:60:57:a1:97:b8:38:2a:dc:91:65:29:a8:ef:d6:
         8c:4d:f2:07:b9:06:93:89:ec:1c:b7:44:6b:4e:53:66:1b:06:
         ad:84:54:8b:64:d6:c3:53:76:c9:2f:0e:1e:3a:50:ba:66:52:
         e2:1b:77:67:13:65:6f:e5:e3:13:87:f7:3a:be:33:52:fa:b3:
         87:0b:2f:67:a9:8f:e6:ae:76:11:11:4e:42:a5:e0:35:4f:8c:
         d4:e4:6f:ae:12:7b:ae:a3:39:5f:b7:a7:85:4a:53:1b:fd:fb:
         85:12:9a:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcSojURXedIg1C0AnzTrjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzY2ZiZmJmMmVjY2QzOTNhYTMwYzIyMTM2OTk2NWI4NDcx
OTJkYTgwHhcNMjQwMTAyMDQzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2IzNjA5MDI1ODE2ZmQ2MjBhOGJmNDNjZTdiMTNiOTBlZmRiNjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwzZ1bfgkUBfwZs9Ou7ogfxHXhPVG
5sMOB4nrERrYKbYBzbj1Ls4AL5PO+ndVCkxca8Z6r5NVo65M+LMPbPWKN1qYXo7B
26FH7DIJOgtBIc+mdFUMkCG+IAHPnOR+umMpN9Dl8t2oI+IDYLnf6uaRhGmBp8bw
ChpuAKzO2Bn9tEwlFtSrNmfU/9Ra8NJsK8bXSa9S9RL5g6zkH/F+kX7xOFnRewpN
AG876C202Z63PFEwMEUKEIdmytinI5eoqeAO5GRnJbex/X3NAF3pnXGGaRTY3IBj
X9zaO5Tz2ZpO+XqKwzvcJusYifRCDfPFzDcvsKUhyDyhBLmQ4pYnRKlhDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGOzYJAlgW/WIKi/Q857E7kO/bZsMB8GA1UdIwQY
MBaAFDPPv78uzNOTqjDCITaZZbhHGS2oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTgtX3Z5N00wNU9xTU1JaE5wbGx1RWNaTGFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9hZDA1MGYtYTIyZC00YTc3LTk1OGMt
MzU3YTYxMzYxZGNiLzEvWTdOZ2tDV0JiOVlncUw5RHpuc1R1UTc5dG13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9hZDA1MGYtYTIyZC00YTc3LTk1OGMtMzU3YTYxMzYxZGNi
LzEvTTgtX3Z5N00wNU9xTU1JaE5wbGx1RWNaTGFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSbUMA0G
CSqGSIb3DQEBCwUAA4IBAQAwcusl7o2tsXP9inpkkOryOZ9wjQDpW0kiq9cxU/Lv
mOYWb9TZGEXQ5OmJAj2D21d8+AMtPBynYSO8sq+deDwqdVNzaZQcwACujtCDYyNE
lceScC0M8tGgm+gffdmIprgy+enWDPfgJyrxP2l9QAgF5aRb+GVZuv3adoqAZFal
4iGQ2rPe0JAHqbmfF23Ap4DgZhGGYFehl7g4KtyRZSmo79aMTfIHuQaTiewct0Rr
TlNmGwathFSLZNbDU3bJLw4eOlC6ZlLiG3dnE2Vv5eMTh/c6vjNS+rOHCy9nqY/m
rnYREU5CpeA1T4zU5G+uEnuuozlft6eFSlMb/fuFEpps
-----END CERTIFICATE-----