Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/M-N59dC2LyrQtfsH4MAezEx0DYs.roa
File:                     M-N59dC2LyrQtfsH4MAezEx0DYs.roa (raw, json)
Hash identifier:          00TfN23v90LE3eSjKQcZlXJGAQsbswrFg80to41Cock=
Subject key identifier:   33:E3:79:F5:D0:B6:2F:2A:D0:B5:FB:07:E0:C0:1E:CC:4C:74:0D:8B
Certificate issuer:       /CN=f5cf73b3e45f772fae1b915690b317344c3f442b
Certificate serial:       018E57812574B50F2693D7FD93C6E90FD1EF
Authority key identifier: F5:CF:73:B3:E4:5F:77:2F:AE:1B:91:56:90:B3:17:34:4C:3F:44:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/M-N59dC2LyrQtfsH4MAezEx0DYs.roa
Signing time:             Tue 19 Mar 2024 16:17:45 +0000
ROA not before:           Tue 19 Mar 2024 16:17:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60144
IP address blocks:        185.197.160.0/22 maxlen: 24
                          193.42.108.0/22 maxlen: 24
                          2a0f:ea80::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:57:81:25:74:b5:0f:26:93:d7:fd:93:c6:e9:0f:d1:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5cf73b3e45f772fae1b915690b317344c3f442b
        Validity
            Not Before: Mar 19 16:17:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33e379f5d0b62f2ad0b5fb07e0c01ecc4c740d8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:3c:82:73:50:27:87:95:10:77:6d:01:5f:69:
                    9e:2a:e0:1e:dc:88:39:30:7e:51:75:89:36:77:21:
                    1f:1f:e3:b6:93:13:e6:7c:72:bd:aa:33:10:f8:fc:
                    0a:b1:fe:82:12:30:53:6b:68:1f:6e:6e:64:cc:03:
                    46:11:cb:94:a7:06:fd:de:49:d0:14:5c:99:d5:c5:
                    cc:a7:58:2b:82:8f:fb:fd:a9:1e:5e:aa:9b:95:c8:
                    95:d6:f3:c4:73:d9:93:29:da:7a:09:cb:0f:dd:9d:
                    4d:54:be:67:13:72:30:66:8a:69:16:6f:c8:c3:63:
                    df:67:f2:01:47:b9:19:1d:f7:bc:cb:70:d7:39:7c:
                    ba:15:81:d7:68:61:f3:51:3a:bc:e9:1f:95:15:89:
                    2c:06:80:df:05:aa:38:74:1a:e0:29:10:b4:0d:5d:
                    00:9d:86:91:f6:dc:36:6d:cd:1d:52:3f:ee:bb:c3:
                    c7:30:60:a1:bd:7d:5c:62:4e:34:66:83:aa:fb:bd:
                    92:78:45:6f:43:49:35:d4:ca:3d:43:f1:c7:89:4a:
                    b7:52:b3:03:2c:15:b8:09:ed:04:b4:f5:b8:a6:ca:
                    72:e1:c3:5a:93:df:44:34:40:98:18:e6:3e:0f:df:
                    20:52:32:46:8c:21:55:cf:d1:e1:f1:e5:a3:fd:c0:
                    f4:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:E3:79:F5:D0:B6:2F:2A:D0:B5:FB:07:E0:C0:1E:CC:4C:74:0D:8B
            X509v3 Authority Key Identifier:
                keyid:F5:CF:73:B3:E4:5F:77:2F:AE:1B:91:56:90:B3:17:34:4C:3F:44:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/M-N59dC2LyrQtfsH4MAezEx0DYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.160.0/22
                  193.42.108.0/22
                IPv6:
                  2a0f:ea80::/32

    Signature Algorithm: sha256WithRSAEncryption
         d4:c1:85:ad:84:4d:54:c7:07:31:f0:1f:8e:68:62:29:25:3d:
         0b:cb:30:60:91:b9:ef:4d:db:83:53:a8:ed:8c:1d:52:12:dd:
         ea:3d:98:48:55:ed:bf:a2:85:25:37:2b:9f:bf:e1:c0:c4:6e:
         73:d0:76:87:c3:a8:74:88:bf:e2:7b:1a:8e:8a:c7:b7:d3:a2:
         2e:88:df:9d:07:03:7b:89:5b:ea:8d:61:45:04:8c:0b:6f:2c:
         4f:19:29:26:a1:8f:12:61:ec:a6:31:67:5e:51:c0:ba:16:ea:
         af:eb:e2:9a:de:fd:e2:ed:cc:14:a4:c5:96:2a:15:49:15:4f:
         3e:3d:5d:85:e1:aa:e4:7a:d3:5b:c2:1e:cd:16:05:26:53:89:
         64:60:55:08:38:e6:98:ed:af:c6:72:42:59:79:66:28:c6:25:
         67:3c:8f:f6:05:46:50:82:30:58:53:9d:87:04:f1:d2:e6:46:
         be:9b:ba:0d:bb:cd:65:a3:25:54:6d:bf:73:ed:63:1f:30:0e:
         d1:5b:00:b0:72:be:4e:c6:63:98:0d:c0:c7:cc:85:13:60:6f:
         44:e6:8a:71:16:9a:f9:65:c7:93:35:fb:00:45:e4:16:46:69:
         86:ff:4a:47:49:2e:d5:00:e7:1a:6b:1b:82:19:e5:41:47:ed:
         f9:7e:5e:21
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY5XgSV0tQ8mk9f9k8bpD9HvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1Y2Y3M2IzZTQ1Zjc3MmZhZTFiOTE1NjkwYjMxNzM0NGMz
ZjQ0MmIwHhcNMjQwMzE5MTYxNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2UzNzlmNWQwYjYyZjJhZDBiNWZiMDdlMGMwMWVjYzRjNzQwZDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgjyCc1Anh5UQd20BX2meKuAe3Ig5
MH5RdYk2dyEfH+O2kxPmfHK9qjMQ+PwKsf6CEjBTa2gfbm5kzANGEcuUpwb93knQ
FFyZ1cXMp1grgo/7/akeXqqblciV1vPEc9mTKdp6CcsP3Z1NVL5nE3IwZoppFm/I
w2PfZ/IBR7kZHfe8y3DXOXy6FYHXaGHzUTq86R+VFYksBoDfBao4dBrgKRC0DV0A
nYaR9tw2bc0dUj/uu8PHMGChvX1cYk40ZoOq+72SeEVvQ0k11Mo9Q/HHiUq3UrMD
LBW4Ce0EtPW4pspy4cNak99ENECYGOY+D98gUjJGjCFVz9Hh8eWj/cD00wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDPjefXQti8q0LX7B+DAHsxMdA2LMB8GA1UdIwQY
MBaAFPXPc7PkX3cvrhuRVpCzFzRMP0QrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWM5enMtUmZkeS11RzVGV2tMTVhORXdfUkNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS8zYmU4NjUtNWM3OS00N2MwLWFhNGQt
MWM2NTRlMDJkNzVkLzEvTS1ONTlkQzJMeXJRdGZzSDRNQWV6RXgwRFlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS8zYmU4NjUtNWM3OS00N2MwLWFhNGQtMWM2NTRlMDJkNzVk
LzEvOWM5enMtUmZkeS11RzVGV2tMTVhORXdfUkNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCucWgAwQC
wSpsMA0EAgACMAcDBQAqD+qAMA0GCSqGSIb3DQEBCwUAA4IBAQDUwYWthE1Uxwcx
8B+OaGIpJT0LyzBgkbnvTduDU6jtjB1SEt3qPZhIVe2/ooUlNyufv+HAxG5z0HaH
w6h0iL/iexqOise306IuiN+dBwN7iVvqjWFFBIwLbyxPGSkmoY8SYeymMWdeUcC6
Fuqv6+Ka3v3i7cwUpMWWKhVJFU8+PV2F4arketNbwh7NFgUmU4lkYFUIOOaY7a/G
ckJZeWYoxiVnPI/2BUZQgjBYU52HBPHS5ka+m7oNu81loyVUbb9z7WMfMA7RWwCw
cr5OxmOYDcDHzIUTYG9E5opxFpr5ZceTNfsAReQWRmmG/0pHSS7VAOcaaxuCGeVB
R+35fl4h
-----END CERTIFICATE-----