Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/LDM4HpmUR5qhsycM6vjBWA9uB30.roa
File:                     LDM4HpmUR5qhsycM6vjBWA9uB30.roa (raw, json)
Hash identifier:          kK8S6QA4+6JnjvMJIl/2svzHFqhIr84nA/W08oa+QRo=
Subject key identifier:   2C:33:38:1E:99:94:47:9A:A1:B3:27:0C:EA:F8:C1:58:0F:6E:07:7D
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018FE382233A7EE74ABFB03F58DC278F2327
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/LDM4HpmUR5qhsycM6vjBWA9uB30.roa
Signing time:             Tue 04 Jun 2024 13:48:27 +0000
ROA not before:           Tue 04 Jun 2024 13:48:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214774
IP address blocks:        193.30.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e3:82:23:3a:7e:e7:4a:bf:b0:3f:58:dc:27:8f:23:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jun  4 13:48:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c33381e9994479aa1b3270ceaf8c1580f6e077d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:94:b2:b7:37:6d:4a:13:f6:9b:07:00:bf:79:
                    20:2a:9f:b1:ff:9f:4a:24:05:4e:1a:f5:81:4c:23:
                    72:44:69:4e:3a:98:c3:84:0e:db:ef:46:4b:fd:b6:
                    99:ad:49:6e:4e:b4:30:99:49:13:c6:75:80:91:ba:
                    fd:4f:b4:47:04:be:b7:83:b5:52:da:69:bf:a4:f8:
                    96:62:8b:8c:99:1a:2b:62:ca:4b:e5:f9:d7:d0:65:
                    c7:ce:4e:f1:4b:4f:9d:dd:8b:28:42:93:c5:0d:32:
                    6d:36:56:43:57:19:c4:47:53:3a:ff:5b:94:13:d2:
                    12:43:52:8e:c0:79:0e:12:3d:ca:d7:5e:df:05:50:
                    a2:6c:3c:39:1f:fe:b4:b0:43:e8:f2:2e:dd:e6:1c:
                    57:5a:81:d7:15:14:74:2e:1d:bb:28:0e:c8:7c:bc:
                    f0:58:4e:36:4a:da:3f:9b:19:b3:b7:8d:e7:3e:41:
                    93:d6:f7:e6:3e:a0:a9:c6:73:ed:e6:fe:58:38:58:
                    8d:5f:db:8e:af:80:af:5d:22:8a:44:88:25:09:44:
                    c9:27:7b:eb:6e:55:4f:97:a3:a2:8a:b9:91:15:68:
                    23:47:3f:c3:fb:69:94:9c:9a:fe:1e:25:c8:d7:fc:
                    13:31:ad:9e:46:47:42:ea:b0:a2:34:3f:3c:1d:8a:
                    d0:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:33:38:1E:99:94:47:9A:A1:B3:27:0C:EA:F8:C1:58:0F:6E:07:7D
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/LDM4HpmUR5qhsycM6vjBWA9uB30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:5e:a2:a9:64:7c:7e:a6:f0:ee:32:db:c6:f8:13:bb:cf:18:
         ab:74:26:2a:1e:c3:6f:61:47:4e:de:1f:59:0f:19:fb:e6:4a:
         e4:2c:d0:0d:02:74:23:20:ae:a7:47:cb:ef:c4:a5:8d:b6:c4:
         12:f4:0a:36:3e:36:08:64:79:b7:01:71:f1:0e:57:b1:15:b9:
         ce:b5:ed:48:dd:92:79:7a:2b:91:ad:f8:bd:5d:3a:8b:c6:dd:
         fb:a4:72:74:bc:08:4d:29:ca:1d:a0:c3:5c:52:9d:dc:0a:db:
         4c:ba:0a:43:cb:62:38:3f:2b:9a:d0:f9:98:06:5f:c7:2e:a3:
         68:46:37:fc:84:15:32:21:d2:b4:80:b7:3a:1e:a0:09:a3:05:
         38:a4:9c:fd:17:50:5d:c1:df:ca:bf:d1:18:76:45:fe:41:49:
         2b:36:9a:a6:6d:af:93:d9:78:a4:5d:e3:d7:29:c1:88:75:0d:
         be:62:03:96:6a:8a:33:10:1d:ab:38:04:f4:8c:d5:a1:47:d1:
         f2:4b:79:8a:62:34:f0:b4:81:2c:4e:ca:0a:81:e5:07:83:66:
         e1:74:81:bd:a5:c3:f1:e9:46:b7:c9:e3:53:70:a0:3f:bc:38:
         1d:90:38:e0:4c:d1:98:62:e9:eb:29:ad:43:79:d6:fc:ab:c0:
         31:38:b9:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/jgiM6fudKv7A/WNwnjyMnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwNjA0MTM0ODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzMzMzgxZTk5OTQ0NzlhYTFiMzI3MGNlYWY4YzE1ODBmNmUwNzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZSytzdtShP2mwcAv3kgKp+x/59K
JAVOGvWBTCNyRGlOOpjDhA7b70ZL/baZrUluTrQwmUkTxnWAkbr9T7RHBL63g7VS
2mm/pPiWYouMmRorYspL5fnX0GXHzk7xS0+d3YsoQpPFDTJtNlZDVxnER1M6/1uU
E9ISQ1KOwHkOEj3K117fBVCibDw5H/60sEPo8i7d5hxXWoHXFRR0Lh27KA7IfLzw
WE42Sto/mxmzt43nPkGT1vfmPqCpxnPt5v5YOFiNX9uOr4CvXSKKRIglCUTJJ3vr
blVPl6OiirmRFWgjRz/D+2mUnJr+HiXI1/wTMa2eRkdC6rCiND88HYrQ/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCwzOB6ZlEeaobMnDOr4wVgPbgd9MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvTERNNEhwbVVSNXFoc3ljTTZ2akJXQTl1QjMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR7xMA0G
CSqGSIb3DQEBCwUAA4IBAQBsXqKpZHx+pvDuMtvG+BO7zxirdCYqHsNvYUdO3h9Z
Dxn75krkLNANAnQjIK6nR8vvxKWNtsQS9Ao2PjYIZHm3AXHxDlexFbnOte1I3ZJ5
eiuRrfi9XTqLxt37pHJ0vAhNKcodoMNcUp3cCttMugpDy2I4Pyua0PmYBl/HLqNo
Rjf8hBUyIdK0gLc6HqAJowU4pJz9F1Bdwd/Kv9EYdkX+QUkrNpqmba+T2XikXePX
KcGIdQ2+YgOWaoozEB2rOAT0jNWhR9HyS3mKYjTwtIEsTsoKgeUHg2bhdIG9pcPx
6Ua3yeNTcKA/vDgdkDjgTNGYYunrKa1Dedb8q8AxOLk0
-----END CERTIFICATE-----