Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/fe1b28-1519-4055-b0fb-7497e5a8f11b/1/3YBLl4AvSxpFx0dml-ctqDYyJgw.roa
File:                     3YBLl4AvSxpFx0dml-ctqDYyJgw.roa (raw, json)
Hash identifier:          7RtCYP2qg50RCYoeH2oYmc1vIVP+rL8xvVsBcKFG5og=
Subject key identifier:   DD:80:4B:97:80:2F:4B:1A:45:C7:47:66:97:E7:2D:A8:36:32:26:0C
Certificate issuer:       /CN=bbffc9a9832667ac0d6d1e2406550533c3b55618
Certificate serial:       018CC9BCBF61DE329A9AFBFE03F1640A0DE4
Authority key identifier: BB:FF:C9:A9:83:26:67:AC:0D:6D:1E:24:06:55:05:33:C3:B5:56:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u__JqYMmZ6wNbR4kBlUFM8O1Vhg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/fe1b28-1519-4055-b0fb-7497e5a8f11b/1/3YBLl4AvSxpFx0dml-ctqDYyJgw.roa
Signing time:             Tue 02 Jan 2024 10:33:59 +0000
ROA not before:           Tue 02 Jan 2024 10:33:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8881
IP address blocks:        194.115.182.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/fe1b28-1519-4055-b0fb-7497e5a8f11b/1/u__JqYMmZ6wNbR4kBlUFM8O1Vhg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/fe1b28-1519-4055-b0fb-7497e5a8f11b/1/u__JqYMmZ6wNbR4kBlUFM8O1Vhg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u__JqYMmZ6wNbR4kBlUFM8O1Vhg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:bf:61:de:32:9a:9a:fb:fe:03:f1:64:0a:0d:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbffc9a9832667ac0d6d1e2406550533c3b55618
        Validity
            Not Before: Jan  2 10:33:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd804b97802f4b1a45c7476697e72da83632260c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e1:2b:a7:4d:b8:c0:17:ea:af:0a:22:48:0f:
                    68:79:17:b5:85:f2:6b:9b:ed:d7:d5:56:f6:be:ae:
                    8d:b0:94:1c:7d:5c:64:aa:1c:0b:63:72:4e:ed:cc:
                    0e:0e:41:c9:be:cb:69:44:d4:b3:40:60:f4:29:06:
                    2b:cf:65:ee:a8:7c:31:46:3a:5d:5c:13:1e:b2:2f:
                    6a:0d:ef:ce:97:55:ed:81:4e:07:a2:0b:d1:7f:44:
                    66:08:64:6f:af:a4:ef:f2:e2:57:60:da:18:88:7f:
                    f9:b5:48:80:66:da:95:d0:4c:de:f0:ee:b3:73:99:
                    47:ab:25:3e:0c:e0:6d:d2:65:7d:d4:8e:cd:ee:58:
                    5d:b4:7f:fc:c3:42:31:f1:f6:e2:f2:44:fb:db:99:
                    33:74:47:4e:66:4c:de:2d:e7:d5:60:0c:1a:20:37:
                    1a:a9:f2:8c:25:5e:ac:ba:c8:32:cf:9e:55:90:8e:
                    8f:f7:06:fd:76:a1:11:e5:78:5b:03:04:2f:0f:be:
                    c2:fe:34:6f:11:e9:32:a4:b0:56:e8:be:c9:09:82:
                    f4:ae:c2:17:a9:a2:6a:a4:f2:c8:fe:4b:a1:63:78:
                    0f:63:87:f5:5d:e0:31:80:c3:29:d0:4b:9a:0b:ad:
                    35:b9:c1:71:38:82:39:69:ca:01:68:39:fb:00:f9:
                    c4:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:80:4B:97:80:2F:4B:1A:45:C7:47:66:97:E7:2D:A8:36:32:26:0C
            X509v3 Authority Key Identifier:
                keyid:BB:FF:C9:A9:83:26:67:AC:0D:6D:1E:24:06:55:05:33:C3:B5:56:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u__JqYMmZ6wNbR4kBlUFM8O1Vhg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/fe1b28-1519-4055-b0fb-7497e5a8f11b/1/3YBLl4AvSxpFx0dml-ctqDYyJgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/fe1b28-1519-4055-b0fb-7497e5a8f11b/1/u__JqYMmZ6wNbR4kBlUFM8O1Vhg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.115.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1e:af:2b:90:43:75:cb:b6:20:5f:7a:79:f1:50:44:93:a6:98:
         3d:ed:0e:06:55:fd:29:5d:ff:5d:38:0d:3a:a3:98:5a:ab:1b:
         5e:48:30:27:0c:88:2f:49:e8:0a:d8:71:75:76:f8:3c:15:4a:
         5a:cc:8a:7a:94:eb:21:18:1d:4d:27:42:2c:01:f3:10:28:61:
         65:7c:7a:96:5b:fa:a1:b6:85:67:f1:10:ac:a2:f3:75:a2:2e:
         65:24:d5:45:5d:b3:fb:e5:09:6d:40:3d:5d:af:81:40:03:ae:
         45:15:34:93:e6:62:72:ec:43:79:0a:88:0c:e4:84:06:0a:73:
         5c:f7:bb:e9:b7:93:1d:18:2c:55:0f:47:df:99:05:08:57:22:
         2a:e5:50:74:4d:71:b2:20:cc:2f:cd:8b:50:93:3d:f7:89:00:
         0b:90:fa:e5:57:a2:82:ba:82:b1:ec:41:a9:f2:7d:a3:4f:78:
         fc:8c:0d:75:22:aa:d9:e1:ac:67:dd:ba:7a:88:7a:aa:b3:8d:
         00:88:7f:fa:05:7b:dc:50:63:da:7a:2e:d6:ea:5d:9e:8b:05:
         75:43:aa:e9:03:af:46:42:d6:2f:f4:e5:26:52:0f:62:76:d1:
         67:33:70:b0:63:a7:a6:7f:06:76:d4:c0:1a:ea:8e:26:b7:16:
         b0:b8:06:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvL9h3jKamvv+A/FkCg3kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZmZjOWE5ODMyNjY3YWMwZDZkMWUyNDA2NTUwNTMzYzNi
NTU2MTgwHhcNMjQwMTAyMTAzMzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDgwNGI5NzgwMmY0YjFhNDVjNzQ3NjY5N2U3MmRhODM2MzIyNjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoeErp024wBfqrwoiSA9oeRe1hfJr
m+3X1Vb2vq6NsJQcfVxkqhwLY3JO7cwODkHJvstpRNSzQGD0KQYrz2XuqHwxRjpd
XBMesi9qDe/Ol1XtgU4HogvRf0RmCGRvr6Tv8uJXYNoYiH/5tUiAZtqV0Eze8O6z
c5lHqyU+DOBt0mV91I7N7lhdtH/8w0Ix8fbi8kT725kzdEdOZkzeLefVYAwaIDca
qfKMJV6susgyz55VkI6P9wb9dqER5XhbAwQvD77C/jRvEekypLBW6L7JCYL0rsIX
qaJqpPLI/kuhY3gPY4f1XeAxgMMp0EuaC601ucFxOII5acoBaDn7APnEfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN2AS5eAL0saRcdHZpfnLag2MiYMMB8GA1UdIwQY
MBaAFLv/yamDJmesDW0eJAZVBTPDtVYYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdV9fSnFZTW1aNndOYlI0a0JsVUZNOE8xVmhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9mZTFiMjgtMTUxOS00MDU1LWIwZmIt
NzQ5N2U1YThmMTFiLzEvM1lCTGw0QXZTeHBGeDBkbWwtY3RxRFl5Smd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9mZTFiMjgtMTUxOS00MDU1LWIwZmItNzQ5N2U1YThmMTFi
LzEvdV9fSnFZTW1aNndOYlI0a0JsVUZNOE8xVmhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwnO2MA0G
CSqGSIb3DQEBCwUAA4IBAQAeryuQQ3XLtiBfennxUESTppg97Q4GVf0pXf9dOA06
o5haqxteSDAnDIgvSegK2HF1dvg8FUpazIp6lOshGB1NJ0IsAfMQKGFlfHqWW/qh
toVn8RCsovN1oi5lJNVFXbP75QltQD1dr4FAA65FFTST5mJy7EN5CogM5IQGCnNc
97vpt5MdGCxVD0ffmQUIVyIq5VB0TXGyIMwvzYtQkz33iQALkPrlV6KCuoKx7EGp
8n2jT3j8jA11IqrZ4axn3bp6iHqqs40AiH/6BXvcUGPaei7W6l2eiwV1Q6rpA69G
QtYv9OUmUg9idtFnM3CwY6emfwZ21MAa6o4mtxawuAbi
-----END CERTIFICATE-----