Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/72de35-338d-4a43-b719-8b4d08d37c5f/1/9k5Gm2iBIEGixS8tZKz1UhmZNIc.roa
File:                     9k5Gm2iBIEGixS8tZKz1UhmZNIc.roa (raw, json)
Hash identifier:          oUcrq3hXtmxzD7tPTaHQuhOe5VoUNJwdpkuF7Ome1Ps=
Subject key identifier:   F6:4E:46:9B:68:81:20:41:A2:C5:2F:2D:64:AC:F5:52:19:99:34:87
Certificate issuer:       /CN=a679160a0449e8b50fc01c85dcfce54b2c629b51
Certificate serial:       018CC5DC5FB22A9956CE1B5395541A4F543F
Authority key identifier: A6:79:16:0A:04:49:E8:B5:0F:C0:1C:85:DC:FC:E5:4B:2C:62:9B:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pnkWCgRJ6LUPwByF3PzlSyxim1E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/72de35-338d-4a43-b719-8b4d08d37c5f/1/9k5Gm2iBIEGixS8tZKz1UhmZNIc.roa
Signing time:             Mon 01 Jan 2024 16:30:03 +0000
ROA not before:           Mon 01 Jan 2024 16:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210649
IP address blocks:        193.38.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/72de35-338d-4a43-b719-8b4d08d37c5f/1/pnkWCgRJ6LUPwByF3PzlSyxim1E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/72de35-338d-4a43-b719-8b4d08d37c5f/1/pnkWCgRJ6LUPwByF3PzlSyxim1E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pnkWCgRJ6LUPwByF3PzlSyxim1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:5f:b2:2a:99:56:ce:1b:53:95:54:1a:4f:54:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a679160a0449e8b50fc01c85dcfce54b2c629b51
        Validity
            Not Before: Jan  1 16:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f64e469b68812041a2c52f2d64acf55219993487
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:71:fb:8a:b5:eb:4c:8f:22:74:12:30:93:d4:
                    56:05:c0:e1:52:67:58:be:83:a3:c8:72:6c:3b:01:
                    fd:bb:c3:50:5c:59:a2:ef:41:ae:97:bb:dc:4d:86:
                    20:4f:77:e5:f6:0d:f8:35:e3:7d:4f:42:39:42:4e:
                    9b:09:6e:4a:9b:98:5e:ae:69:2e:69:44:e0:a2:b1:
                    d6:ee:61:71:50:94:f7:6f:20:15:7a:e8:50:40:5f:
                    02:3a:ff:e3:04:77:24:fc:73:86:a4:a4:86:56:ea:
                    b3:70:e6:41:b1:49:53:28:a4:e6:ad:aa:56:56:00:
                    57:d2:3a:a0:17:fc:e5:23:41:65:3e:01:90:b1:96:
                    44:8f:d4:39:f5:36:b5:3b:ef:65:71:4c:a6:ea:eb:
                    47:af:2a:26:3a:28:38:5d:ce:c1:ea:db:a3:66:a7:
                    17:fe:0c:0f:24:b2:bd:55:72:51:f4:37:c2:db:9a:
                    ff:bb:da:29:8e:fc:ec:94:5e:e8:05:43:33:79:f0:
                    9d:24:e9:18:23:40:fc:7b:e9:65:83:6a:09:3d:31:
                    79:b4:22:8e:75:78:c8:12:63:0b:c1:a3:e4:17:36:
                    95:e4:2e:ae:3b:7a:10:0d:33:f2:ec:18:ac:78:49:
                    d3:88:41:48:76:ca:ac:39:08:26:64:a2:4f:c9:ed:
                    ff:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:4E:46:9B:68:81:20:41:A2:C5:2F:2D:64:AC:F5:52:19:99:34:87
            X509v3 Authority Key Identifier:
                keyid:A6:79:16:0A:04:49:E8:B5:0F:C0:1C:85:DC:FC:E5:4B:2C:62:9B:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pnkWCgRJ6LUPwByF3PzlSyxim1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/72de35-338d-4a43-b719-8b4d08d37c5f/1/9k5Gm2iBIEGixS8tZKz1UhmZNIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/72de35-338d-4a43-b719-8b4d08d37c5f/1/pnkWCgRJ6LUPwByF3PzlSyxim1E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.38.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:0f:31:a2:a2:d3:c7:4c:ea:35:35:75:d2:28:bc:e0:c8:5e:
         10:fc:03:95:b8:c6:56:08:0e:ef:06:0e:ab:11:3c:ef:02:96:
         0d:75:1d:d6:68:17:12:f4:43:d5:9d:66:10:ea:77:dc:ef:98:
         9d:40:bc:ef:e8:d4:bc:38:70:e8:2c:58:7f:eb:01:05:ce:ed:
         b9:05:fc:5a:9d:91:d5:0c:59:4f:bb:b1:89:45:0c:39:f0:7a:
         76:ce:3c:b5:99:32:ab:78:90:4e:9d:06:46:91:7b:43:41:ca:
         8d:bb:f0:02:6b:21:b4:71:73:56:c5:64:01:4e:0c:48:20:7a:
         64:e1:65:e3:58:21:c6:22:2e:51:68:49:35:bf:81:0b:3f:56:
         4e:fe:63:12:38:51:b4:c0:49:0e:c0:86:cb:96:35:28:a6:8d:
         92:12:3c:da:55:89:49:78:09:5b:3b:b6:73:c4:2e:66:e4:6b:
         f6:c0:34:fa:b3:68:57:6a:bf:ce:3e:f5:6d:fc:12:73:03:8c:
         e1:a8:0a:0d:bd:8f:c2:34:be:b3:28:44:ac:e6:69:18:0c:8b:
         50:f4:32:00:92:91:59:48:83:ff:1c:6c:13:bc:92:46:49:ac:
         39:04:e2:8c:2a:99:89:96:e8:ff:fd:e3:c6:7f:9a:3a:3f:51:
         3f:7c:dc:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3F+yKplWzhtTlVQaT1Q/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NzkxNjBhMDQ0OWU4YjUwZmMwMWM4NWRjZmNlNTRiMmM2
MjliNTEwHhcNMjQwMTAxMTYzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjRlNDY5YjY4ODEyMDQxYTJjNTJmMmQ2NGFjZjU1MjE5OTkzNDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnH7irXrTI8idBIwk9RWBcDhUmdY
voOjyHJsOwH9u8NQXFmi70Gul7vcTYYgT3fl9g34NeN9T0I5Qk6bCW5Km5hermku
aUTgorHW7mFxUJT3byAVeuhQQF8COv/jBHck/HOGpKSGVuqzcOZBsUlTKKTmrapW
VgBX0jqgF/zlI0FlPgGQsZZEj9Q59Ta1O+9lcUym6utHryomOig4Xc7B6tujZqcX
/gwPJLK9VXJR9DfC25r/u9opjvzslF7oBUMzefCdJOkYI0D8e+llg2oJPTF5tCKO
dXjIEmMLwaPkFzaV5C6uO3oQDTPy7BiseEnTiEFIdsqsOQgmZKJPye3/GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPZORptogSBBosUvLWSs9VIZmTSHMB8GA1UdIwQY
MBaAFKZ5FgoESei1D8Achdz85UssYptRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG5rV0NnUko2TFVQd0J5RjNQemxTeXhpbTFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83MmRlMzUtMzM4ZC00YTQzLWI3MTkt
OGI0ZDA4ZDM3YzVmLzEvOWs1R20yaUJJRUdpeFM4dFpLejFVaG1aTkljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83MmRlMzUtMzM4ZC00YTQzLWI3MTktOGI0ZDA4ZDM3YzVm
LzEvcG5rV0NnUko2TFVQd0J5RjNQemxTeXhpbTFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSaZMA0G
CSqGSIb3DQEBCwUAA4IBAQAXDzGiotPHTOo1NXXSKLzgyF4Q/AOVuMZWCA7vBg6r
ETzvApYNdR3WaBcS9EPVnWYQ6nfc75idQLzv6NS8OHDoLFh/6wEFzu25BfxanZHV
DFlPu7GJRQw58Hp2zjy1mTKreJBOnQZGkXtDQcqNu/ACayG0cXNWxWQBTgxIIHpk
4WXjWCHGIi5RaEk1v4ELP1ZO/mMSOFG0wEkOwIbLljUopo2SEjzaVYlJeAlbO7Zz
xC5m5Gv2wDT6s2hXar/OPvVt/BJzA4zhqAoNvY/CNL6zKESs5mkYDItQ9DIAkpFZ
SIP/HGwTvJJGSaw5BOKMKpmJluj//ePGf5o6P1E/fNyP
-----END CERTIFICATE-----