Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/SdIN5M7kSh3zYizSVFTzYxjzqAc.roa
File:                     SdIN5M7kSh3zYizSVFTzYxjzqAc.roa (raw, json)
Hash identifier:          WUiyRoqUEhnR0MCuu4pCFCqUmxkTWYtZqfJimBSpaks=
Subject key identifier:   49:D2:0D:E4:CE:E4:4A:1D:F3:62:2C:D2:54:54:F3:63:18:F3:A8:07
Certificate issuer:       /CN=9863354a111af6d5e1ad10da38ad8144b6be868e
Certificate serial:       0191F623D47C34DE8063F77940D21C9A485E
Authority key identifier: 98:63:35:4A:11:1A:F6:D5:E1:AD:10:DA:38:AD:81:44:B6:BE:86:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mGM1ShEa9tXhrRDaOK2BRLa-ho4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/SdIN5M7kSh3zYizSVFTzYxjzqAc.roa
Signing time:             Sun 15 Sep 2024 14:43:48 +0000
ROA not before:           Sun 15 Sep 2024 14:43:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212368
IP address blocks:        193.134.253.0/24 maxlen: 24
                          193.135.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/mGM1ShEa9tXhrRDaOK2BRLa-ho4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/mGM1ShEa9tXhrRDaOK2BRLa-ho4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mGM1ShEa9tXhrRDaOK2BRLa-ho4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:f6:23:d4:7c:34:de:80:63:f7:79:40:d2:1c:9a:48:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9863354a111af6d5e1ad10da38ad8144b6be868e
        Validity
            Not Before: Sep 15 14:43:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49d20de4cee44a1df3622cd25454f36318f3a807
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f4:80:20:7b:d4:10:46:27:4c:d7:55:6a:df:
                    5a:12:ec:a3:6b:07:61:69:12:d6:2a:5f:64:be:90:
                    bb:2b:08:78:04:d7:c6:ce:48:d1:10:d5:57:bd:06:
                    84:bb:2f:b2:8a:81:61:34:3d:6f:dd:d0:63:93:25:
                    38:63:37:2e:85:8c:88:39:e0:13:5c:63:db:f1:b6:
                    b0:30:7d:78:30:1a:86:8e:ef:73:2c:0f:de:1e:52:
                    b9:f8:c6:9a:7b:d4:13:6b:8f:28:45:ac:0f:d5:0c:
                    89:dc:21:9f:c8:19:66:b3:a1:a3:ad:e6:be:ac:e2:
                    b0:c4:9d:d6:f1:64:c3:16:ec:aa:54:5f:c3:0f:11:
                    4a:d8:b2:fd:ae:37:8b:cf:b1:31:ce:b2:00:c8:19:
                    d2:f6:4c:82:b8:02:2c:f2:0b:1d:7d:dc:a9:8a:50:
                    8b:86:7d:12:28:6e:ea:8d:bb:e0:47:d2:f4:d4:29:
                    5e:a0:a1:61:b2:84:7e:0b:e0:5e:24:3c:2a:1c:71:
                    58:d4:a4:1d:bb:4a:af:ce:d3:41:fb:74:24:2c:ac:
                    1f:8c:7f:1c:36:78:24:5d:f5:d5:5a:61:23:b3:b9:
                    df:79:fd:e2:8b:eb:d2:a4:3c:f0:03:97:29:14:40:
                    24:98:95:c3:82:99:ea:26:9e:3c:9a:87:e0:a5:36:
                    29:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:D2:0D:E4:CE:E4:4A:1D:F3:62:2C:D2:54:54:F3:63:18:F3:A8:07
            X509v3 Authority Key Identifier:
                keyid:98:63:35:4A:11:1A:F6:D5:E1:AD:10:DA:38:AD:81:44:B6:BE:86:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mGM1ShEa9tXhrRDaOK2BRLa-ho4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/SdIN5M7kSh3zYizSVFTzYxjzqAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/bea847-a783-489d-ae4b-53f57504ef35/1/mGM1ShEa9tXhrRDaOK2BRLa-ho4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.134.253.0/24
                  193.135.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:85:1e:a4:a7:f3:0f:1c:88:42:01:68:49:38:de:05:d3:b7:
         e0:18:69:4a:7f:76:0f:87:7e:83:2f:cd:e2:90:02:0d:6e:28:
         77:c4:a2:ad:9b:34:dd:f7:ce:15:98:b7:55:fa:4d:f1:f5:d1:
         5b:36:ea:35:e4:ad:4e:9a:69:d2:03:55:8a:32:3b:e8:45:d1:
         e4:f6:13:1d:0b:4d:f8:d7:ee:7c:03:83:bb:66:3c:f9:d5:b3:
         14:d8:9b:b9:00:b1:c2:ac:91:f8:b5:92:e3:ed:67:d6:b1:9b:
         f3:19:c2:45:93:98:83:62:eb:2d:d2:c7:3d:b2:5e:cc:46:c6:
         10:98:50:2c:9a:ac:a1:3c:0b:34:0d:e9:11:fb:8d:52:7a:f3:
         f5:17:d7:4e:aa:bf:fa:90:e5:e2:a8:11:c5:15:36:fd:bd:4d:
         88:24:10:5b:1c:88:64:8c:fb:a3:31:c9:55:91:02:31:02:ff:
         d2:06:11:ab:5d:87:2e:b3:21:0a:9e:8e:2a:6f:72:fa:ba:71:
         f6:60:3d:06:23:0b:0d:b5:bb:74:ee:d4:e5:9f:4c:e7:a4:9b:
         ce:e3:42:04:ba:65:af:ce:2b:29:5b:71:c4:17:45:aa:7b:d3:
         5f:69:e3:0d:0d:7e:86:00:5b:a3:7f:db:43:0f:07:87:b6:c1:
         cb:7e:f0:80
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZH2I9R8NN6AY/d5QNIcmkheMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NjMzNTRhMTExYWY2ZDVlMWFkMTBkYTM4YWQ4MTQ0YjZi
ZTg2OGUwHhcNMjQwOTE1MTQ0MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWQyMGRlNGNlZTQ0YTFkZjM2MjJjZDI1NDU0ZjM2MzE4ZjNhODA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvSAIHvUEEYnTNdVat9aEuyjawdh
aRLWKl9kvpC7Kwh4BNfGzkjRENVXvQaEuy+yioFhND1v3dBjkyU4YzcuhYyIOeAT
XGPb8bawMH14MBqGju9zLA/eHlK5+Maae9QTa48oRawP1QyJ3CGfyBlms6Gjrea+
rOKwxJ3W8WTDFuyqVF/DDxFK2LL9rjeLz7ExzrIAyBnS9kyCuAIs8gsdfdypilCL
hn0SKG7qjbvgR9L01CleoKFhsoR+C+BeJDwqHHFY1KQdu0qvztNB+3QkLKwfjH8c
NngkXfXVWmEjs7nfef3ii+vSpDzwA5cpFEAkmJXDgpnqJp48mofgpTYpnQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEnSDeTO5Eod82Is0lRU82MY86gHMB8GA1UdIwQY
MBaAFJhjNUoRGvbV4a0Q2jitgUS2voaOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUdNMVNoRWE5dFhoclJEYU9LMkJSTGEtaG80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9iZWE4NDctYTc4My00ODlkLWFlNGIt
NTNmNTc1MDRlZjM1LzEvU2RJTjVNN2tTaDN6WWl6U1ZGVHpZeGp6cUFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9iZWE4NDctYTc4My00ODlkLWFlNGItNTNmNTc1MDRlZjM1
LzEvbUdNMVNoRWE5dFhoclJEYU9LMkJSTGEtaG80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwYb9AwQA
wYdlMA0GCSqGSIb3DQEBCwUAA4IBAQCdhR6kp/MPHIhCAWhJON4F07fgGGlKf3YP
h36DL83ikAINbih3xKKtmzTd984VmLdV+k3x9dFbNuo15K1OmmnSA1WKMjvoRdHk
9hMdC0341+58A4O7Zjz51bMU2Ju5ALHCrJH4tZLj7WfWsZvzGcJFk5iDYust0sc9
sl7MRsYQmFAsmqyhPAs0DekR+41SevP1F9dOqr/6kOXiqBHFFTb9vU2IJBBbHIhk
jPujMclVkQIxAv/SBhGrXYcusyEKno4qb3L6unH2YD0GIwsNtbt07tTln0znpJvO
40IEumWvzispW3HEF0Wqe9NfaeMNDX6GAFujf9tDDweHtsHLfvCA
-----END CERTIFICATE-----