Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/ac3260-7069-44f2-9ea9-394ff928f570/1/3CBK99Hf0wIIXcqB7zA3j3oEzgo.roa
File:                     3CBK99Hf0wIIXcqB7zA3j3oEzgo.roa (raw, json)
Hash identifier:          6qw9ELTjRfdotQfrppQsrkysu6mtw0kGXL26RgMm5ZE=
Subject key identifier:   DC:20:4A:F7:D1:DF:D3:02:08:5D:CA:81:EF:30:37:8F:7A:04:CE:0A
Certificate issuer:       /CN=9e4fae6d2c25dd5f2fb16b4fbea284e6658c12ba
Certificate serial:       018CC86EF5363C2B1222CF6D3A7EA6131CEC
Authority key identifier: 9E:4F:AE:6D:2C:25:DD:5F:2F:B1:6B:4F:BE:A2:84:E6:65:8C:12:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nk-ubSwl3V8vsWtPvqKE5mWMEro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/ac3260-7069-44f2-9ea9-394ff928f570/1/3CBK99Hf0wIIXcqB7zA3j3oEzgo.roa
Signing time:             Tue 02 Jan 2024 04:29:24 +0000
ROA not before:           Tue 02 Jan 2024 04:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196895
IP address blocks:        193.105.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/ac3260-7069-44f2-9ea9-394ff928f570/1/nk-ubSwl3V8vsWtPvqKE5mWMEro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/ac3260-7069-44f2-9ea9-394ff928f570/1/nk-ubSwl3V8vsWtPvqKE5mWMEro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nk-ubSwl3V8vsWtPvqKE5mWMEro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:f5:36:3c:2b:12:22:cf:6d:3a:7e:a6:13:1c:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e4fae6d2c25dd5f2fb16b4fbea284e6658c12ba
        Validity
            Not Before: Jan  2 04:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc204af7d1dfd302085dca81ef30378f7a04ce0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:fa:7c:78:2e:7f:ed:f0:1a:56:a4:c9:9d:d4:
                    75:ab:fd:de:0d:df:43:55:48:c7:77:91:27:64:ef:
                    92:f3:38:1e:5d:a7:40:71:d8:cc:68:e0:a1:db:de:
                    26:82:ab:f3:be:a1:95:99:05:37:fe:f0:2c:e0:75:
                    6b:58:f1:bf:84:31:7f:1d:bd:5f:0b:c0:d9:e4:46:
                    f4:5a:14:d2:ed:d3:f0:2c:e2:76:f1:d4:f0:f6:c2:
                    be:ea:43:69:68:78:f5:92:a1:97:33:af:d3:0d:70:
                    c6:15:ef:52:f0:eb:40:cf:3a:20:32:78:3a:f0:a8:
                    23:c9:6c:a7:15:a8:85:dc:2e:94:3f:58:f0:e4:76:
                    94:53:07:73:2b:01:5c:be:3c:30:b7:74:31:97:36:
                    7a:ea:fd:39:2b:13:06:16:1b:ed:1f:38:90:27:e7:
                    41:79:99:c9:62:7a:59:a4:c4:12:89:a3:1b:cb:27:
                    70:27:9f:0e:bd:5c:42:b2:f9:4e:8a:e4:8b:ec:92:
                    bd:ad:1d:f9:af:f7:f7:6e:5f:b7:01:26:b7:c7:40:
                    73:31:8e:cd:49:33:0b:7f:99:ef:44:01:49:3b:7d:
                    9a:17:4f:50:ab:dc:3f:f7:10:88:8b:f6:3c:20:c5:
                    4e:ce:2d:8c:46:3e:1a:3a:15:c3:d3:8d:fa:91:69:
                    38:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:20:4A:F7:D1:DF:D3:02:08:5D:CA:81:EF:30:37:8F:7A:04:CE:0A
            X509v3 Authority Key Identifier:
                keyid:9E:4F:AE:6D:2C:25:DD:5F:2F:B1:6B:4F:BE:A2:84:E6:65:8C:12:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nk-ubSwl3V8vsWtPvqKE5mWMEro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/ac3260-7069-44f2-9ea9-394ff928f570/1/3CBK99Hf0wIIXcqB7zA3j3oEzgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/ac3260-7069-44f2-9ea9-394ff928f570/1/nk-ubSwl3V8vsWtPvqKE5mWMEro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:03:e8:fe:73:4a:a4:aa:cf:a2:51:c7:e8:86:e4:d7:40:d0:
         d5:42:10:78:88:f0:47:a9:07:af:e3:b3:8d:f7:73:9d:f2:1a:
         83:c4:2e:41:79:42:c9:fa:25:57:2a:18:74:cb:00:e8:ae:a3:
         dc:ff:55:18:ae:2a:85:97:25:3f:54:02:85:d5:3e:55:ae:18:
         68:2f:fa:dd:a2:e8:92:a0:65:0b:0e:40:01:f4:82:0b:61:e3:
         29:dd:06:53:43:c3:7c:34:f8:d3:3c:26:b5:e1:8e:38:00:2c:
         c1:9a:1c:8d:6e:aa:a7:32:7a:09:41:ae:39:a9:89:00:85:5f:
         70:89:b8:a9:27:ff:8b:9b:d8:43:4c:84:36:21:43:ba:7e:f3:
         d7:d0:32:45:be:fb:7a:01:38:0d:7d:df:00:f6:3a:c1:3b:98:
         37:ed:e8:7f:d9:6e:6c:83:7d:06:a4:be:f0:5d:45:c6:0d:7c:
         d9:8f:a4:15:11:78:88:59:dc:11:88:5c:ee:7a:3c:a2:0f:dd:
         17:ab:15:1b:0d:77:4c:9b:f9:34:11:b0:d2:38:f2:2a:e6:8f:
         32:36:83:32:c0:c0:6a:80:fd:c7:a8:c4:9d:d7:48:5d:7a:d8:
         24:e7:f7:02:42:8a:05:b3:0a:30:7a:62:d7:f1:74:7d:04:2d:
         15:79:c0:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbvU2PCsSIs9tOn6mExzsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNGZhZTZkMmMyNWRkNWYyZmIxNmI0ZmJlYTI4NGU2NjU4
YzEyYmEwHhcNMjQwMTAyMDQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzIwNGFmN2QxZGZkMzAyMDg1ZGNhODFlZjMwMzc4ZjdhMDRjZTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/p8eC5/7fAaVqTJndR1q/3eDd9D
VUjHd5EnZO+S8zgeXadAcdjMaOCh294mgqvzvqGVmQU3/vAs4HVrWPG/hDF/Hb1f
C8DZ5Eb0WhTS7dPwLOJ28dTw9sK+6kNpaHj1kqGXM6/TDXDGFe9S8OtAzzogMng6
8KgjyWynFaiF3C6UP1jw5HaUUwdzKwFcvjwwt3QxlzZ66v05KxMGFhvtHziQJ+dB
eZnJYnpZpMQSiaMbyydwJ58OvVxCsvlOiuSL7JK9rR35r/f3bl+3ASa3x0BzMY7N
STMLf5nvRAFJO32aF09Qq9w/9xCIi/Y8IMVOzi2MRj4aOhXD0436kWk4/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNwgSvfR39MCCF3Kge8wN496BM4KMB8GA1UdIwQY
MBaAFJ5Prm0sJd1fL7FrT76ihOZljBK6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmstdWJTd2wzVjh2c1d0UHZxS0U1bVdNRXJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9hYzMyNjAtNzA2OS00NGYyLTllYTkt
Mzk0ZmY5MjhmNTcwLzEvM0NCSzk5SGYwd0lJWGNxQjd6QTNqM29FemdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9hYzMyNjAtNzA2OS00NGYyLTllYTktMzk0ZmY5MjhmNTcw
LzEvbmstdWJTd2wzVjh2c1d0UHZxS0U1bVdNRXJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWkWMA0G
CSqGSIb3DQEBCwUAA4IBAQCBA+j+c0qkqs+iUcfohuTXQNDVQhB4iPBHqQev47ON
93Od8hqDxC5BeULJ+iVXKhh0ywDorqPc/1UYriqFlyU/VAKF1T5VrhhoL/rdouiS
oGULDkAB9IILYeMp3QZTQ8N8NPjTPCa14Y44ACzBmhyNbqqnMnoJQa45qYkAhV9w
ibipJ/+Lm9hDTIQ2IUO6fvPX0DJFvvt6ATgNfd8A9jrBO5g37eh/2W5sg30GpL7w
XUXGDXzZj6QVEXiIWdwRiFzuejyiD90XqxUbDXdMm/k0EbDSOPIq5o8yNoMywMBq
gP3HqMSd10hdetgk5/cCQooFswowemLX8XR9BC0VecBT
-----END CERTIFICATE-----