Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/aTy8_Vydz7ZHZrLD9QkbgbdDIuY.roa
File:                     aTy8_Vydz7ZHZrLD9QkbgbdDIuY.roa (raw, json)
Hash identifier:          dfhc1CNGgIahH4CkFPd7iwgnK1tUajmZmVbBkRXHQ64=
Subject key identifier:   69:3C:BC:FD:5C:9D:CF:B6:47:66:B2:C3:F5:09:1B:81:B7:43:22:E6
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019010E5346C40F128652B00E2251C5C0E5B
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/aTy8_Vydz7ZHZrLD9QkbgbdDIuY.roa
Signing time:             Thu 13 Jun 2024 09:19:34 +0000
ROA not before:           Thu 13 Jun 2024 09:19:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215826
IP address blocks:        147.45.45.0/24 maxlen: 24
                          193.233.112.0/23 maxlen: 23
                          193.233.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 17:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:10:e5:34:6c:40:f1:28:65:2b:00:e2:25:1c:5c:0e:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jun 13 09:19:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=693cbcfd5c9dcfb64766b2c3f5091b81b74322e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ad:d2:2a:73:11:f5:e4:e3:a8:b5:95:c1:10:
                    99:e1:dc:37:7a:6e:fe:2a:86:e9:33:03:6b:2e:6a:
                    d6:1f:7f:11:11:03:09:3c:61:50:dc:73:96:53:fe:
                    81:f1:d1:32:02:7a:16:b5:81:9c:3f:33:ad:d9:62:
                    4f:4f:9a:2f:fd:6b:ee:7a:b9:6d:91:de:4a:40:5e:
                    60:2f:ed:ae:25:d5:c0:4f:7a:6e:b3:95:9a:29:f5:
                    e3:4e:16:19:c0:6e:94:07:31:a9:01:b7:5c:3a:88:
                    44:98:f4:34:35:61:c7:b9:5e:df:ad:83:58:d9:63:
                    27:2b:dd:f8:43:05:d9:80:18:ea:45:40:67:6b:8e:
                    29:98:f2:cd:5f:15:bf:69:5b:44:46:7e:a9:8d:20:
                    6d:64:da:3f:c0:78:68:fb:c8:df:60:9e:3f:fb:88:
                    c5:28:ab:5d:03:87:00:36:23:bc:6a:24:fc:9c:f7:
                    6c:31:dd:3d:30:f8:5b:22:06:3f:3d:4e:c3:dd:54:
                    8e:18:f3:53:22:fa:f8:22:51:4f:ca:49:d8:10:fa:
                    e5:e5:00:61:f6:ec:b5:49:f3:20:5e:de:7c:1b:37:
                    73:ff:6e:dc:20:fd:51:44:9b:54:7d:c8:82:2d:5e:
                    3f:87:ee:24:4b:78:89:e7:84:c9:e9:b7:90:90:31:
                    97:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:3C:BC:FD:5C:9D:CF:B6:47:66:B2:C3:F5:09:1B:81:B7:43:22:E6
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/aTy8_Vydz7ZHZrLD9QkbgbdDIuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.45.0/24
                  193.233.112.0/23
                  193.233.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:7c:91:fe:c8:49:1a:a6:3d:25:99:f2:b7:d3:67:df:10:d0:
         30:42:bb:55:e1:93:a8:4b:6b:dc:e9:62:2c:1a:3c:1b:ce:ec:
         68:c4:55:21:27:46:7b:44:0d:d7:7e:11:10:52:3a:94:97:a0:
         84:5b:fb:e4:27:36:c6:fb:1f:7b:b5:2b:62:1f:6e:06:b2:99:
         d2:29:d2:df:5e:07:d5:b6:3f:9b:a8:a0:3e:91:55:51:59:00:
         4d:6c:07:73:1b:63:73:63:29:82:b3:c8:6a:c7:56:f1:91:0a:
         49:93:dc:98:d4:3c:05:ef:2a:3d:71:b2:4b:53:2f:2c:75:65:
         14:03:63:0f:ab:f0:43:f9:72:bf:5a:19:f4:6c:a6:c0:52:78:
         1c:09:41:c7:37:c9:11:d0:de:95:73:1b:33:e6:ea:55:22:48:
         fc:d0:8b:e9:9d:7d:e6:7c:d2:f0:2a:e0:a8:4d:bc:96:70:e5:
         fd:61:7c:8c:07:30:c1:62:85:9d:61:be:7e:73:55:60:9d:05:
         51:0d:01:5e:78:0c:d9:dc:bf:9f:34:83:8b:7e:36:99:98:e8:
         f7:46:08:e3:37:0e:fb:89:d9:48:96:22:02:03:72:af:d8:bf:
         96:f3:fe:e9:f6:51:2f:8f:cc:4a:73:ec:a1:4f:b3:6a:1f:d3:
         24:7a:7b:85
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZAQ5TRsQPEoZSsA4iUcXA5bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwNjEzMDkxOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTNjYmNmZDVjOWRjZmI2NDc2NmIyYzNmNTA5MWI4MWI3NDMyMmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxa3SKnMR9eTjqLWVwRCZ4dw3em7+
KobpMwNrLmrWH38REQMJPGFQ3HOWU/6B8dEyAnoWtYGcPzOt2WJPT5ov/Wvuerlt
kd5KQF5gL+2uJdXAT3pus5WaKfXjThYZwG6UBzGpAbdcOohEmPQ0NWHHuV7frYNY
2WMnK934QwXZgBjqRUBna44pmPLNXxW/aVtERn6pjSBtZNo/wHho+8jfYJ4/+4jF
KKtdA4cANiO8aiT8nPdsMd09MPhbIgY/PU7D3VSOGPNTIvr4IlFPyknYEPrl5QBh
9uy1SfMgXt58Gzdz/27cIP1RRJtUfciCLV4/h+4kS3iJ54TJ6beQkDGXNQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGk8vP1cnc+2R2ayw/UJG4G3QyLmMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvYVR5OF9WeWR6N1pIWnJMRDlRa2JnYmRESXVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAky0tAwQB
welwAwQAwen+MA0GCSqGSIb3DQEBCwUAA4IBAQBmfJH+yEkapj0lmfK302ffENAw
QrtV4ZOoS2vc6WIsGjwbzuxoxFUhJ0Z7RA3XfhEQUjqUl6CEW/vkJzbG+x97tSti
H24GspnSKdLfXgfVtj+bqKA+kVVRWQBNbAdzG2NzYymCs8hqx1bxkQpJk9yY1DwF
7yo9cbJLUy8sdWUUA2MPq/BD+XK/Whn0bKbAUngcCUHHN8kR0N6Vcxsz5upVIkj8
0IvpnX3mfNLwKuCoTbyWcOX9YXyMBzDBYoWdYb5+c1VgnQVRDQFeeAzZ3L+fNIOL
fjaZmOj3RgjjNw77idlIliICA3Kv2L+W8/7p9lEvj8xKc+yhT7NqH9MkenuF
-----END CERTIFICATE-----