Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/I6JhSyqgFJSKeVNRaUVNQdTvswA.roa
File:                     I6JhSyqgFJSKeVNRaUVNQdTvswA.roa (raw, json)
Hash identifier:          77i56pIztKzrHBTIgidQMaEuSzHs0tR22CSwFbhXGvg=
Subject key identifier:   23:A2:61:4B:2A:A0:14:94:8A:79:53:51:69:45:4D:41:D4:EF:B3:00
Certificate issuer:       /CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
Certificate serial:       018CC94DA42060EB120AF86E06E7FFDF99DF
Authority key identifier: DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/I6JhSyqgFJSKeVNRaUVNQdTvswA.roa
Signing time:             Tue 02 Jan 2024 08:32:37 +0000
ROA not before:           Tue 02 Jan 2024 08:32:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207083
IP address blocks:        193.142.146.0/24 maxlen: 24
                          193.142.59.0/24 maxlen: 24
                          2a0f:ca80::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 10:03:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:a4:20:60:eb:12:0a:f8:6e:06:e7:ff:df:99:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
        Validity
            Not Before: Jan  2 08:32:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23a2614b2aa014948a79535169454d41d4efb300
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ba:cd:8d:3d:51:3d:e7:96:7e:d3:83:5a:78:
                    9d:1b:2e:f2:ca:bf:f0:08:29:ce:71:a1:4b:8f:8a:
                    3a:6f:89:1f:e9:5d:4f:ce:ba:dd:b8:df:96:a4:47:
                    c2:3f:0d:26:29:c4:62:fb:68:da:31:68:82:bc:eb:
                    1c:06:fa:68:af:3f:23:44:b9:79:a9:24:a9:de:3f:
                    56:7a:64:c2:04:0e:88:85:b0:af:99:f9:d2:13:14:
                    94:96:aa:ed:68:95:3c:ad:d4:c9:da:09:c1:ad:d7:
                    1e:52:1f:5d:35:9d:c1:27:64:72:bc:08:75:b2:92:
                    25:55:c7:a1:35:92:78:26:7a:51:00:c3:04:23:1c:
                    08:48:60:fa:ad:60:76:44:aa:da:94:ab:4f:f1:6b:
                    22:d2:d3:b1:ba:8c:d6:05:41:6e:f3:c1:33:69:9a:
                    eb:fc:80:b8:f5:9e:19:9e:75:bc:48:a0:43:e2:f6:
                    8a:0b:e7:ce:ba:6b:f1:d6:29:33:e1:5d:6d:37:c4:
                    80:2e:6f:36:28:46:71:47:c4:f2:72:46:e3:92:7e:
                    d4:2d:4a:48:98:7e:ac:c9:9a:82:43:fa:ec:a6:3e:
                    be:12:50:30:25:8c:74:ae:6d:63:e6:49:5b:92:92:
                    a8:83:3a:21:95:ca:07:dc:fc:df:a1:a1:24:75:3e:
                    5c:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:A2:61:4B:2A:A0:14:94:8A:79:53:51:69:45:4D:41:D4:EF:B3:00
            X509v3 Authority Key Identifier:
                keyid:DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/I6JhSyqgFJSKeVNRaUVNQdTvswA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.59.0/24
                  193.142.146.0/24
                IPv6:
                  2a0f:ca80::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:eb:2d:8d:9d:6c:6a:e0:ed:93:51:d4:d0:05:4f:27:96:70:
         b7:be:1f:f3:60:e5:09:9a:5b:6c:92:f0:32:53:a6:11:7f:51:
         28:ed:2b:f4:15:c7:38:7f:f8:dd:71:59:f5:c2:b7:3a:a1:84:
         d6:3a:5f:7c:ad:9d:bd:f5:53:dc:46:72:35:21:cf:2f:cf:f2:
         22:b2:e1:7b:95:83:a1:aa:d4:8e:ae:0f:76:66:9b:4a:74:48:
         f8:bf:1f:96:a0:0c:66:d8:97:37:84:38:dd:05:6d:7b:14:06:
         de:46:54:b3:fe:44:ef:4e:ba:8b:9f:f8:19:77:bc:50:ea:8c:
         82:3c:2e:01:4c:a1:b0:5c:e0:43:4b:2e:ee:e3:19:16:1b:46:
         c0:22:a2:d4:7f:48:04:06:1d:a9:52:1c:2e:b7:49:fc:6e:4c:
         1c:e3:0e:bd:2d:16:2a:7b:7f:d4:1b:da:3c:e3:57:df:72:d3:
         ba:39:75:0c:6d:46:e2:88:80:95:27:5c:3b:8a:4c:6f:41:40:
         66:36:30:b8:a7:63:36:a3:80:1c:07:78:97:0f:3b:ed:42:5e:
         c1:41:16:5d:48:5c:6b:fe:be:14:8c:cb:08:13:e4:a1:fb:89:
         d7:5b:99:fe:46:11:78:da:4d:a1:d8:07:23:8c:59:67:3e:2c:
         81:87:25:f1
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzJTaQgYOsSCvhuBuf/35nfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZTZhYjhlMGM0NmU4NDFiNDRkMmI5YzZiMDNiYjY1ZjU2
MjFkYjEwHhcNMjQwMTAyMDgzMjM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2EyNjE0YjJhYTAxNDk0OGE3OTUzNTE2OTQ1NGQ0MWQ0ZWZiMzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk7rNjT1RPeeWftODWnidGy7yyr/w
CCnOcaFLj4o6b4kf6V1PzrrduN+WpEfCPw0mKcRi+2jaMWiCvOscBvporz8jRLl5
qSSp3j9WemTCBA6IhbCvmfnSExSUlqrtaJU8rdTJ2gnBrdceUh9dNZ3BJ2RyvAh1
spIlVcehNZJ4JnpRAMMEIxwISGD6rWB2RKralKtP8Wsi0tOxuozWBUFu88EzaZrr
/IC49Z4ZnnW8SKBD4vaKC+fOumvx1ikz4V1tN8SALm82KEZxR8Tyckbjkn7ULUpI
mH6syZqCQ/rspj6+ElAwJYx0rm1j5klbkpKogzohlcoH3PzfoaEkdT5cVwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFCOiYUsqoBSUinlTUWlFTUHU77MAMB8GA1UdIwQY
MBaAFNvmq44MRuhBtE0rnGsDu2X1Yh2xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2Mt
ZmIxMDMwNjUxMDY3LzEvSTZKaFN5cWdGSlNLZVZOUmFVVk5RZFR2c3dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2MtZmIxMDMwNjUxMDY3
LzEvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAwY47AwQA
wY6SMA8EAgACMAkDBwAqD8qAAAAwDQYJKoZIhvcNAQELBQADggEBAIzrLY2dbGrg
7ZNR1NAFTyeWcLe+H/Ng5QmaW2yS8DJTphF/USjtK/QVxzh/+N1xWfXCtzqhhNY6
X3ytnb31U9xGcjUhzy/P8iKy4XuVg6Gq1I6uD3Zmm0p0SPi/H5agDGbYlzeEON0F
bXsUBt5GVLP+RO9Ououf+Bl3vFDqjII8LgFMobBc4ENLLu7jGRYbRsAiotR/SAQG
HalSHC63SfxuTBzjDr0tFip7f9Qb2jzjV99y07o5dQxtRuKIgJUnXDuKTG9BQGY2
MLinYzajgBwHeJcPO+1CXsFBFl1IXGv+vhSMywgT5KH7iddbmf5GEXjaTaHYByOM
WWc+LIGHJfE=
-----END CERTIFICATE-----