Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/RQlVD8ylEDLkaDa1M4ikMQxGGTY.roa
File:                     RQlVD8ylEDLkaDa1M4ikMQxGGTY.roa (raw, json)
Hash identifier:          184ORqhZQzIFwHJ3W/Bf4pGg/0ZA5PgTt0vFYsHwpWA=
Subject key identifier:   45:09:55:0F:CC:A5:10:32:E4:68:36:B5:33:88:A4:31:0C:46:19:36
Certificate issuer:       /CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
Certificate serial:       018CC94DA32766BF3AB97B963D4A14F42EE8
Authority key identifier: DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/RQlVD8ylEDLkaDa1M4ikMQxGGTY.roa
Signing time:             Tue 02 Jan 2024 08:32:37 +0000
ROA not before:           Tue 02 Jan 2024 08:32:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        193.142.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 04:37:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:a3:27:66:bf:3a:b9:7b:96:3d:4a:14:f4:2e:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
        Validity
            Not Before: Jan  2 08:32:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4509550fcca51032e46836b53388a4310c461936
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:50:fa:08:83:69:70:ab:33:03:e4:d7:7d:64:
                    19:c2:46:e4:d3:a8:a0:f5:2d:09:5f:f5:93:17:52:
                    25:c9:f9:e0:0c:d5:8a:a8:ac:4d:32:3d:bd:44:4a:
                    89:ad:2e:93:55:4f:9a:b7:83:a6:e7:e0:7e:51:28:
                    a0:03:55:9d:a5:90:23:36:97:ed:89:2b:2e:af:45:
                    b7:b1:3e:ba:bd:7e:00:14:12:33:6a:02:7d:0b:d2:
                    ca:93:66:82:80:09:38:71:16:e6:de:77:06:37:89:
                    36:bc:55:7b:fb:46:b6:7c:f2:7b:93:d7:da:72:97:
                    06:f3:21:1c:f6:06:da:1b:4c:5e:e3:c7:0c:fc:12:
                    ea:c0:c6:c3:0f:29:61:e6:c5:4f:d1:1a:3e:83:6f:
                    73:29:74:84:13:1f:8a:b9:f7:ba:c1:89:ab:3d:64:
                    c9:f9:b1:0c:6c:7f:b9:69:49:3d:1b:e1:97:38:35:
                    98:fe:dc:c7:f7:ec:12:ef:2b:cc:ee:05:b3:5a:79:
                    16:31:a6:55:bb:ca:b8:9a:a5:63:19:57:a6:0f:7f:
                    9b:59:73:01:9a:ce:ed:83:7b:72:b4:27:49:5e:e6:
                    2a:bd:dd:cc:bb:b0:03:81:d9:47:64:5c:fa:1f:4f:
                    65:7b:69:ab:4b:d0:5a:24:d3:4d:ca:80:4e:69:f9:
                    96:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:09:55:0F:CC:A5:10:32:E4:68:36:B5:33:88:A4:31:0C:46:19:36
            X509v3 Authority Key Identifier:
                keyid:DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/RQlVD8ylEDLkaDa1M4ikMQxGGTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:5b:e5:6f:e4:b3:1c:44:e5:2b:1b:af:bd:60:9c:3d:97:e1:
         99:54:60:5a:db:33:b5:27:c7:27:11:c8:ea:58:b8:54:45:b8:
         5b:f9:a5:c2:3e:c5:c9:46:b9:6a:97:cd:09:40:26:fa:84:e6:
         87:06:df:53:3d:eb:d8:69:a1:a1:58:30:1b:db:29:44:c3:08:
         46:6c:62:92:fe:48:8f:f7:b4:f5:c3:f3:af:cf:d7:de:39:04:
         cc:90:35:c5:43:99:d1:6e:f1:40:6b:da:a8:20:dd:71:d1:2a:
         b9:65:63:43:b3:22:ef:78:4e:81:4e:a9:c8:32:5c:19:0a:bd:
         ca:69:d3:be:18:13:8f:95:fe:d4:e1:ab:3b:ce:a3:7b:1a:9a:
         2b:44:8f:e7:3f:e5:92:24:0a:7c:97:71:9c:47:2b:b0:20:d8:
         76:72:d8:6a:94:b5:7b:aa:f8:9e:6d:3f:e1:e4:4b:af:ae:7c:
         59:11:3b:ec:9c:26:3a:ab:68:2f:d0:aa:25:1c:4b:9d:30:c8:
         3d:ea:63:e5:f9:ec:71:17:7d:0c:65:fd:07:6e:3a:05:d8:d9:
         60:81:e2:42:af:ef:92:ce:8e:53:16:7e:1b:b9:f2:80:b8:0b:
         64:05:b8:6f:40:9e:9f:15:37:56:b0:ba:b6:fc:40:e2:30:8e:
         ff:64:25:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTaMnZr86uXuWPUoU9C7oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZTZhYjhlMGM0NmU4NDFiNDRkMmI5YzZiMDNiYjY1ZjU2
MjFkYjEwHhcNMjQwMTAyMDgzMjM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTA5NTUwZmNjYTUxMDMyZTQ2ODM2YjUzMzg4YTQzMTBjNDYxOTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAilD6CINpcKszA+TXfWQZwkbk06ig
9S0JX/WTF1IlyfngDNWKqKxNMj29REqJrS6TVU+at4Om5+B+USigA1WdpZAjNpft
iSsur0W3sT66vX4AFBIzagJ9C9LKk2aCgAk4cRbm3ncGN4k2vFV7+0a2fPJ7k9fa
cpcG8yEc9gbaG0xe48cM/BLqwMbDDylh5sVP0Ro+g29zKXSEEx+Kufe6wYmrPWTJ
+bEMbH+5aUk9G+GXODWY/tzH9+wS7yvM7gWzWnkWMaZVu8q4mqVjGVemD3+bWXMB
ms7tg3tytCdJXuYqvd3Mu7ADgdlHZFz6H09le2mrS9BaJNNNyoBOafmWWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEUJVQ/MpRAy5Gg2tTOIpDEMRhk2MB8GA1UdIwQY
MBaAFNvmq44MRuhBtE0rnGsDu2X1Yh2xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2Mt
ZmIxMDMwNjUxMDY3LzEvUlFsVkQ4eWxFRExrYURhMU00aWtNUXhHR1RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2MtZmIxMDMwNjUxMDY3
LzEvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwY46MA0G
CSqGSIb3DQEBCwUAA4IBAQBjW+Vv5LMcROUrG6+9YJw9l+GZVGBa2zO1J8cnEcjq
WLhURbhb+aXCPsXJRrlql80JQCb6hOaHBt9TPevYaaGhWDAb2ylEwwhGbGKS/kiP
97T1w/Ovz9feOQTMkDXFQ5nRbvFAa9qoIN1x0Sq5ZWNDsyLveE6BTqnIMlwZCr3K
adO+GBOPlf7U4as7zqN7GporRI/nP+WSJAp8l3GcRyuwINh2cthqlLV7qviebT/h
5EuvrnxZETvsnCY6q2gv0KolHEudMMg96mPl+exxF30MZf0HbjoF2NlggeJCr++S
zo5TFn4bufKAuAtkBbhvQJ6fFTdWsLq2/EDiMI7/ZCU/
-----END CERTIFICATE-----