Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/0trQqXMVnjFw40BwOHfs0a02TGU.roa
File:                     0trQqXMVnjFw40BwOHfs0a02TGU.roa (raw, json)
Hash identifier:          TXUIZEMJ0IO5ZQK89Fzziszg8ZYPFCCsoZyxrWuz81U=
Subject key identifier:   D2:DA:D0:A9:73:15:9E:31:70:E3:40:70:38:77:EC:D1:AD:36:4C:65
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B93D62342BDBE5678334498BA2AE4
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/0trQqXMVnjFw40BwOHfs0a02TGU.roa
Signing time:             Mon 01 Jan 2024 18:31:30 +0000
ROA not before:           Mon 01 Jan 2024 18:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203613
IP address blocks:        193.192.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:93:d6:23:42:bd:be:56:78:33:44:98:ba:2a:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2dad0a973159e3170e340703877ecd1ad364c65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:b2:28:e7:38:47:7a:f9:53:5e:b2:c1:58:45:
                    d0:d3:1d:2d:09:ad:d7:ce:43:99:70:80:80:3d:74:
                    8c:c2:6c:fa:d5:03:6a:60:96:e4:69:01:27:f2:0a:
                    65:62:74:ee:b2:52:74:8b:e5:87:1d:3e:0c:ca:2a:
                    45:01:39:54:b0:2b:5a:40:56:e8:a5:10:2a:8f:7c:
                    e3:e8:a9:54:bd:20:40:43:27:12:00:5f:0e:d4:c7:
                    d8:6f:b6:4b:82:00:83:72:a0:14:0d:9f:c5:67:b7:
                    84:87:87:4c:e5:e5:30:a9:9a:8a:31:50:51:70:53:
                    13:43:94:3e:c5:6a:10:05:9c:20:81:3f:29:06:fc:
                    8f:4e:aa:de:a8:12:56:f7:9c:3b:fb:77:be:a5:3d:
                    1c:5b:6a:e4:1a:bf:cc:df:c4:9b:5c:8a:ee:28:71:
                    b7:66:b5:2a:2b:9c:c8:00:0a:f7:1e:cd:32:c3:e2:
                    d7:83:b3:cc:54:31:cd:fb:96:a1:1e:b7:d9:ea:ae:
                    ad:64:c8:13:c1:e9:9e:11:3e:57:00:d7:6e:b0:46:
                    6a:53:23:42:0b:2d:ec:1f:8f:fe:ea:4c:55:67:cc:
                    54:2d:dc:19:f4:6e:29:40:cf:e5:98:44:66:e1:11:
                    75:a4:15:ef:2d:d0:4a:e5:f7:b5:32:d7:6a:e6:ce:
                    10:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:DA:D0:A9:73:15:9E:31:70:E3:40:70:38:77:EC:D1:AD:36:4C:65
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/0trQqXMVnjFw40BwOHfs0a02TGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.192.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:83:88:55:8e:99:5f:20:65:44:4f:43:36:33:b6:61:bc:af:
         d3:27:35:fe:54:4b:9f:8d:5d:f9:34:73:82:32:bd:0c:ff:df:
         de:ce:68:16:f5:2b:44:a4:8f:1e:5f:19:09:87:33:7e:94:e3:
         fc:3c:a8:23:89:f0:c7:63:dd:97:a5:2f:1e:8b:64:bf:00:3e:
         1e:32:04:d7:3f:3b:44:f7:4b:09:e2:03:83:11:f5:0d:0d:c0:
         11:b4:b5:bc:b8:fb:86:b2:f0:38:21:5d:a9:cc:bf:08:cd:63:
         15:b8:08:93:72:c7:9c:3c:50:4a:d1:3e:f5:31:36:19:f7:ea:
         01:0c:27:f2:d8:00:39:ab:6d:84:20:c0:1b:83:c5:fd:4b:72:
         c4:7d:12:23:e5:9d:09:d6:0c:9a:10:d4:34:fc:78:89:3e:1f:
         3f:a0:6c:db:6e:1d:de:37:83:70:86:df:58:54:3c:1a:a0:55:
         76:db:4d:f4:d5:d4:3c:39:36:25:bc:8e:8b:17:1b:a6:c4:7c:
         cb:a3:c6:af:eb:ad:3f:f2:23:93:be:fe:f0:b2:7e:4d:56:86:
         e2:2c:96:a3:a5:d3:a9:8e:8c:95:6e:34:c8:52:15:d6:5e:8a:
         e1:36:fb:0f:f0:04:10:9b:44:b9:8f:6e:ee:a4:63:ca:cc:4d:
         a2:90:25:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS5PWI0K9vlZ4M0SYuirkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmRhZDBhOTczMTU5ZTMxNzBlMzQwNzAzODc3ZWNkMWFkMzY0YzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1LIo5zhHevlTXrLBWEXQ0x0tCa3X
zkOZcICAPXSMwmz61QNqYJbkaQEn8gplYnTuslJ0i+WHHT4MyipFATlUsCtaQFbo
pRAqj3zj6KlUvSBAQycSAF8O1MfYb7ZLggCDcqAUDZ/FZ7eEh4dM5eUwqZqKMVBR
cFMTQ5Q+xWoQBZwggT8pBvyPTqreqBJW95w7+3e+pT0cW2rkGr/M38SbXIruKHG3
ZrUqK5zIAAr3Hs0yw+LXg7PMVDHN+5ahHrfZ6q6tZMgTwemeET5XANdusEZqUyNC
Cy3sH4/+6kxVZ8xULdwZ9G4pQM/lmERm4RF1pBXvLdBK5fe1Mtdq5s4QOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNLa0KlzFZ4xcONAcDh37NGtNkxlMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvMHRyUXFYTVZuakZ3NDBCd09IZnMwYTAyVEdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcC5MA0G
CSqGSIb3DQEBCwUAA4IBAQA1g4hVjplfIGVET0M2M7ZhvK/TJzX+VEufjV35NHOC
Mr0M/9/ezmgW9StEpI8eXxkJhzN+lOP8PKgjifDHY92XpS8ei2S/AD4eMgTXPztE
90sJ4gODEfUNDcARtLW8uPuGsvA4IV2pzL8IzWMVuAiTcsecPFBK0T71MTYZ9+oB
DCfy2AA5q22EIMAbg8X9S3LEfRIj5Z0J1gyaENQ0/HiJPh8/oGzbbh3eN4Nwht9Y
VDwaoFV220301dQ8OTYlvI6LFxumxHzLo8av660/8iOTvv7wsn5NVobiLJajpdOp
joyVbjTIUhXWXorhNvsP8AQQm0S5j27upGPKzE2ikCVO
-----END CERTIFICATE-----