Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/DbhWhDVdtBbSI__KZ7P44FDrbng.roa
File:                     DbhWhDVdtBbSI__KZ7P44FDrbng.roa (raw, json)
Hash identifier:          jXN1XQ5StYyJ8JbWiTi9gUJ9kRCOny1yRFzhJQXOBCE=
Subject key identifier:   0D:B8:56:84:35:5D:B4:16:D2:23:FF:CA:67:B3:F8:E0:50:EB:6E:78
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B8F793A2B111C378526F0586D96E4
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/DbhWhDVdtBbSI__KZ7P44FDrbng.roa
Signing time:             Mon 01 Jan 2024 18:31:29 +0000
ROA not before:           Mon 01 Jan 2024 18:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200745
IP address blocks:        193.192.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:8f:79:3a:2b:11:1c:37:85:26:f0:58:6d:96:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0db85684355db416d223ffca67b3f8e050eb6e78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:7e:27:84:df:48:55:02:4a:0b:57:eb:ed:d8:
                    a7:8e:4b:16:b5:c3:44:4c:04:61:31:35:cd:b7:01:
                    26:db:6b:aa:0a:02:72:5f:c5:54:5f:92:11:f7:8d:
                    a7:a8:a5:53:3d:b5:23:a5:59:40:e0:ac:e5:0d:40:
                    8b:a1:ec:be:0e:e1:97:38:d0:f8:c1:83:36:d9:88:
                    28:30:4f:4e:40:33:08:3d:4a:d0:ae:d6:cd:3b:1b:
                    f2:f3:c0:e5:2f:0a:56:fd:9a:3f:87:32:02:3d:12:
                    17:e2:e5:0d:50:66:52:96:ca:44:bf:96:42:1d:f2:
                    32:1b:98:c4:0f:73:0e:8b:8d:27:d7:3a:4a:00:7e:
                    7c:75:55:8e:f8:69:e4:66:2d:2f:6f:cc:8e:9f:1f:
                    df:4c:39:5c:dc:fd:f4:3c:0e:88:08:4a:3b:f4:43:
                    3b:ab:a7:8f:8c:f8:ee:b0:f1:e0:9f:ee:fc:4f:b2:
                    72:e3:71:85:ef:88:7d:7b:fe:50:7b:50:41:a9:ae:
                    ca:4b:9d:33:2b:ef:39:38:98:4c:7f:1b:78:0d:2c:
                    76:a6:72:85:f2:8e:ec:a7:e7:14:34:47:5a:29:9c:
                    0f:8b:f7:c4:42:09:b1:61:a1:18:03:bb:72:d3:5f:
                    f2:71:00:4b:58:87:bc:35:bf:77:4e:a9:b5:a0:b7:
                    52:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:B8:56:84:35:5D:B4:16:D2:23:FF:CA:67:B3:F8:E0:50:EB:6E:78
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/DbhWhDVdtBbSI__KZ7P44FDrbng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.192.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:0d:64:90:ab:fe:72:9f:d1:a8:11:f3:5f:1d:f6:20:3c:e4:
         f0:25:4a:bf:55:ea:36:e7:f8:23:bc:39:de:f5:d3:ef:9c:af:
         ee:0f:42:74:d8:18:e4:78:86:1b:83:f0:35:ec:44:ff:e9:00:
         0b:9f:ad:ab:d8:3f:c8:50:b9:2c:6f:a3:a7:5f:54:03:fe:83:
         be:0c:e0:bb:60:ce:2c:68:45:a9:dd:b9:39:fd:45:e2:73:5f:
         bc:f5:a4:55:89:56:ad:e5:cc:33:5f:cd:a5:f2:b1:69:68:74:
         e2:23:2e:e4:8b:23:c5:d2:ed:87:9d:da:94:92:55:b2:fc:ed:
         79:56:9d:91:25:81:31:d8:2d:74:ed:3a:ea:18:78:b7:b8:4a:
         13:1e:00:2a:4e:07:30:4e:42:3f:64:9e:fc:9f:d4:1b:8f:9b:
         9f:fd:57:5a:33:49:bc:9e:22:15:78:28:e1:5d:bf:b7:b9:36:
         ab:a4:62:f1:d8:a1:54:1b:62:0f:c2:56:18:e1:e5:ad:1e:93:
         a7:4e:72:93:b7:f5:90:62:65:ed:d4:e4:19:35:85:25:b6:65:
         fc:82:3f:ea:47:ec:99:fd:69:5c:d7:84:d4:c7:f3:bc:36:bb:
         69:21:2a:c1:a9:35:ce:0d:1a:5a:55:bd:5e:5f:82:fe:c6:95:
         e1:f7:4d:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS495OisRHDeFJvBYbZbkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGI4NTY4NDM1NWRiNDE2ZDIyM2ZmY2E2N2IzZjhlMDUwZWI2ZTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmH4nhN9IVQJKC1fr7dinjksWtcNE
TARhMTXNtwEm22uqCgJyX8VUX5IR942nqKVTPbUjpVlA4KzlDUCLoey+DuGXOND4
wYM22YgoME9OQDMIPUrQrtbNOxvy88DlLwpW/Zo/hzICPRIX4uUNUGZSlspEv5ZC
HfIyG5jED3MOi40n1zpKAH58dVWO+GnkZi0vb8yOnx/fTDlc3P30PA6ICEo79EM7
q6ePjPjusPHgn+78T7Jy43GF74h9e/5Qe1BBqa7KS50zK+85OJhMfxt4DSx2pnKF
8o7sp+cUNEdaKZwPi/fEQgmxYaEYA7ty01/ycQBLWIe8Nb93Tqm1oLdSSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA24VoQ1XbQW0iP/ymez+OBQ6254MB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvRGJoV2hEVmR0QmJTSV9fS1o3UDQ0RkRyYm5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcClMA0G
CSqGSIb3DQEBCwUAA4IBAQBjDWSQq/5yn9GoEfNfHfYgPOTwJUq/Veo25/gjvDne
9dPvnK/uD0J02BjkeIYbg/A17ET/6QALn62r2D/IULksb6OnX1QD/oO+DOC7YM4s
aEWp3bk5/UXic1+89aRViVat5cwzX82l8rFpaHTiIy7kiyPF0u2HndqUklWy/O15
Vp2RJYEx2C107TrqGHi3uEoTHgAqTgcwTkI/ZJ78n9Qbj5uf/VdaM0m8niIVeCjh
Xb+3uTarpGLx2KFUG2IPwlYY4eWtHpOnTnKTt/WQYmXt1OQZNYUltmX8gj/qR+yZ
/Wlc14TUx/O8NrtpISrBqTXODRpaVb1eX4L+xpXh902E
-----END CERTIFICATE-----