Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/n3E_ygliaFebRJtpvbPFIQd9C38.roa
File:                     n3E_ygliaFebRJtpvbPFIQd9C38.roa (raw, json)
Hash identifier:          xMqT2Clq1wBuhGCLpjOigEsy0dM8G2sog/ku61wkwQA=
Subject key identifier:   9F:71:3F:CA:09:62:68:57:9B:44:9B:69:BD:B3:C5:21:07:7D:0B:7F
Certificate issuer:       /CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
Certificate serial:       018CC94D8FC1BDDB168025448588C011027A
Authority key identifier: 4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/n3E_ygliaFebRJtpvbPFIQd9C38.roa
Signing time:             Tue 02 Jan 2024 08:32:32 +0000
ROA not before:           Tue 02 Jan 2024 08:32:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10122
IP address blocks:        185.22.40.0/22 maxlen: 22
                          5.150.156.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:8f:c1:bd:db:16:80:25:44:85:88:c0:11:02:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
        Validity
            Not Before: Jan  2 08:32:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f713fca096268579b449b69bdb3c521077d0b7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:3f:46:b3:00:11:ca:a4:9d:17:1c:07:bd:3b:
                    c9:af:42:59:81:9c:aa:78:cd:9b:19:9e:0a:67:21:
                    2d:f6:4c:2a:88:d8:c1:ab:29:f8:a7:de:96:3b:d4:
                    0b:5f:69:15:2a:0c:15:f3:ea:13:76:aa:5e:07:89:
                    fb:b2:25:6b:fe:b0:78:69:fe:ef:a5:85:8f:0c:f1:
                    4e:c0:c6:7b:0b:1b:e9:ef:f8:99:4f:e6:6f:29:d8:
                    52:c6:22:76:64:2b:ca:1f:b6:02:de:98:56:ee:4b:
                    c8:cd:49:4e:7a:3d:c2:20:53:f1:3f:bf:25:ae:72:
                    4b:f4:bf:e3:7b:44:91:ee:fd:78:da:1b:80:55:72:
                    0b:4b:1a:93:32:07:61:43:0e:17:2a:60:64:b5:26:
                    af:cf:0a:2b:40:33:73:56:b7:00:71:4f:9a:57:a2:
                    d4:22:b2:90:53:9c:b1:87:96:5d:dc:34:90:8e:55:
                    a4:c4:77:a3:9b:24:10:08:db:5b:ee:07:29:14:0f:
                    fb:81:1b:e2:39:ec:a8:35:f4:49:1c:57:bf:95:ce:
                    53:bc:83:63:4a:64:7a:ee:d2:a1:51:b7:d5:f9:40:
                    66:3a:24:96:c5:6a:f9:71:2e:a8:e7:db:8f:24:c5:
                    41:a1:c1:86:56:58:f7:63:bb:c6:52:92:72:90:23:
                    95:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:71:3F:CA:09:62:68:57:9B:44:9B:69:BD:B3:C5:21:07:7D:0B:7F
            X509v3 Authority Key Identifier:
                keyid:4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/n3E_ygliaFebRJtpvbPFIQd9C38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.150.156.0/22
                  185.22.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:c3:de:e7:56:7d:96:e0:a9:09:4f:97:c2:75:5b:a5:72:b3:
         6d:41:2f:67:c4:98:83:fc:87:ee:f8:f3:60:f7:cb:e3:d2:40:
         0b:c7:02:74:93:1d:46:6a:a0:24:a4:b2:82:ed:87:f8:2b:39:
         73:2b:6b:da:89:d6:77:0f:41:a0:a0:05:37:e2:93:40:58:b0:
         22:5a:1e:48:2a:b5:62:6a:bf:be:d8:cf:c4:e6:9c:0f:8a:c6:
         29:6f:e2:f6:42:06:a3:68:6c:8c:f5:a7:6f:c8:94:c8:ac:a6:
         b9:69:ea:33:64:2a:1c:ef:a2:91:c4:dc:64:67:cf:12:a1:89:
         5a:33:49:d2:a7:91:c3:f1:51:be:bb:da:d7:93:c4:21:9c:73:
         65:fb:f8:ed:cd:6a:b9:43:ee:4b:fa:b9:1d:1a:48:c1:55:33:
         70:b9:8f:41:8d:89:cb:7e:24:68:27:53:72:b1:b1:00:83:9d:
         2d:5d:66:ac:34:6f:3a:83:77:1f:49:a1:67:a8:26:8d:13:d8:
         bc:38:5d:d6:35:ff:60:32:82:67:84:7e:fb:41:3d:12:3d:38:
         30:7d:a9:c3:50:db:11:23:1d:b9:37:4d:54:11:fc:86:94:c4:
         15:97:6b:40:f7:9b:1d:24:14:6f:ea:c1:d9:8d:6b:30:7c:25:
         f0:99:9c:51
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTY/BvdsWgCVEhYjAEQJ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYjJiYjdiYWQ1MGYxOTIxODEwYTAyOGU3OGVkZDY1Zjgx
ZjZhN2QwHhcNMjQwMTAyMDgzMjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjcxM2ZjYTA5NjI2ODU3OWI0NDliNjliZGIzYzUyMTA3N2QwYjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhz9GswARyqSdFxwHvTvJr0JZgZyq
eM2bGZ4KZyEt9kwqiNjBqyn4p96WO9QLX2kVKgwV8+oTdqpeB4n7siVr/rB4af7v
pYWPDPFOwMZ7Cxvp7/iZT+ZvKdhSxiJ2ZCvKH7YC3phW7kvIzUlOej3CIFPxP78l
rnJL9L/je0SR7v142huAVXILSxqTMgdhQw4XKmBktSavzworQDNzVrcAcU+aV6LU
IrKQU5yxh5Zd3DSQjlWkxHejmyQQCNtb7gcpFA/7gRviOeyoNfRJHFe/lc5TvINj
SmR67tKhUbfV+UBmOiSWxWr5cS6o59uPJMVBocGGVlj3Y7vGUpJykCOVpwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ9xP8oJYmhXm0Sbab2zxSEHfQt/MB8GA1UdIwQY
MBaAFE+yu3utUPGSGBCgKOeO3WX4H2p9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYt
MjdmYmM5OWVhM2M2LzEvbjNFX3lnbGlhRmViUkp0cHZiUEZJUWQ5QzM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYtMjdmYmM5OWVhM2M2
LzEvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBZacAwQC
uRYoMA0GCSqGSIb3DQEBCwUAA4IBAQCqw97nVn2W4KkJT5fCdVulcrNtQS9nxJiD
/Ifu+PNg98vj0kALxwJ0kx1GaqAkpLKC7Yf4KzlzK2vaidZ3D0GgoAU34pNAWLAi
Wh5IKrViar++2M/E5pwPisYpb+L2QgajaGyM9advyJTIrKa5aeozZCoc76KRxNxk
Z88SoYlaM0nSp5HD8VG+u9rXk8QhnHNl+/jtzWq5Q+5L+rkdGkjBVTNwuY9BjYnL
fiRoJ1NysbEAg50tXWasNG86g3cfSaFnqCaNE9i8OF3WNf9gMoJnhH77QT0SPTgw
fanDUNsRIx25N01UEfyGlMQVl2tA95sdJBRv6sHZjWswfCXwmZxR
-----END CERTIFICATE-----