Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/1lu41Fz0_vy4RvziQXrtmgu9Wjg.roa
File:                     1lu41Fz0_vy4RvziQXrtmgu9Wjg.roa (raw, json)
Hash identifier:          +k+dF5GZ/D15j6Vu4qonsTwB2C9sqYbV38CPZozbw6A=
Subject key identifier:   D6:5B:B8:D4:5C:F4:FE:FC:B8:46:FC:E2:41:7A:ED:9A:0B:BD:5A:38
Certificate issuer:       /CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
Certificate serial:       01916F233034233A4DAF3097277DBE155633
Authority key identifier: 09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/1lu41Fz0_vy4RvziQXrtmgu9Wjg.roa
Signing time:             Tue 20 Aug 2024 09:34:22 +0000
ROA not before:           Tue 20 Aug 2024 09:34:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215672
IP address blocks:        80.93.193.0/24 maxlen: 24
                          80.93.199.0/24 maxlen: 24
                          80.93.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6f:23:30:34:23:3a:4d:af:30:97:27:7d:be:15:56:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
        Validity
            Not Before: Aug 20 09:34:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d65bb8d45cf4fefcb846fce2417aed9a0bbd5a38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:0a:67:79:eb:46:cf:7c:fc:59:d0:ea:57:87:
                    78:58:31:cd:4a:19:0a:a5:34:ce:0e:be:19:07:67:
                    14:12:0d:88:77:ac:c3:b5:ba:e6:d1:0b:3b:a6:92:
                    0e:a4:0a:f0:fa:41:96:cc:37:2a:37:b6:26:37:77:
                    a3:b5:86:6a:50:b6:9b:e7:72:6e:d7:f4:97:89:68:
                    0b:ab:57:71:8e:c3:e7:c7:36:6d:5f:da:80:7e:29:
                    92:bc:65:6f:eb:2b:11:4f:90:f2:26:7d:7d:9f:ec:
                    6d:41:07:82:f9:c6:83:1e:4d:76:f9:ce:ff:03:b5:
                    85:57:a4:8e:ab:3f:c9:24:64:9d:76:ea:51:c6:70:
                    93:2e:14:66:f7:96:e5:12:1f:4c:73:e8:73:76:83:
                    4d:7d:07:96:c4:d6:1e:e0:e9:d4:8a:99:c7:ee:f3:
                    23:bd:6d:23:c0:a0:1b:6e:c9:b2:27:13:9e:5d:7b:
                    f9:8d:d2:e7:8e:30:d9:97:ed:d0:b9:ae:23:19:af:
                    f1:fc:45:23:64:18:b2:cd:8d:ce:41:ba:c1:71:54:
                    35:85:d3:fe:28:42:7e:0c:a3:1b:53:c2:04:e7:c5:
                    9c:7d:df:f9:a7:89:c3:6f:83:36:72:46:61:02:6e:
                    f4:61:cb:84:0b:72:13:1f:55:1e:14:1a:fb:d2:e9:
                    ea:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:5B:B8:D4:5C:F4:FE:FC:B8:46:FC:E2:41:7A:ED:9A:0B:BD:5A:38
            X509v3 Authority Key Identifier:
                keyid:09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/1lu41Fz0_vy4RvziQXrtmgu9Wjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.93.193.0/24
                  80.93.199.0/24
                  80.93.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:8d:5c:0d:6b:7c:4d:20:f3:11:54:d3:73:52:27:7c:27:34:
         db:bd:78:3f:95:aa:41:17:51:df:51:66:49:ec:7f:17:d6:52:
         fc:21:3d:d7:14:cf:06:16:2a:f3:22:50:72:4e:48:8c:01:82:
         88:76:59:9f:22:60:0f:66:52:e1:c0:4f:ee:13:a9:10:8b:ea:
         d6:0a:8c:14:a0:95:74:06:44:c7:fa:7d:fa:e2:af:6f:18:bb:
         24:d4:c5:45:57:56:15:c4:12:d5:85:21:2c:15:c9:f9:13:a9:
         e0:5c:9e:84:dd:ab:97:3f:66:19:1d:9a:1e:24:8f:52:56:25:
         58:74:3f:2d:4d:27:19:95:24:86:a4:95:75:fc:cb:aa:d7:3c:
         e7:73:e6:51:95:7f:97:6e:40:4e:92:cb:d3:2e:08:8a:82:5f:
         c9:6b:05:ba:23:e9:c5:ba:83:c3:72:63:15:9c:ff:bb:f2:da:
         85:7b:d1:df:83:de:43:36:d6:d8:af:dc:08:d5:1c:a8:31:2a:
         75:22:3d:90:07:f9:c3:27:51:86:0c:fe:e3:41:d0:5c:65:c7:
         9b:41:89:9b:e7:4e:85:49:52:3a:ce:fe:8a:3d:dc:cf:49:ce:
         45:23:c5:b4:9a:b5:cf:eb:41:0d:82:7f:fb:2a:e1:43:66:98:
         5d:90:4d:db
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZFvIzA0IzpNrzCXJ32+FVYzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OGY3YmEzNGJjNjU2N2JkMzYxNmQ1NzRmNzI4NWRkNzU1
NmRiZmQwHhcNMjQwODIwMDkzNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjViYjhkNDVjZjRmZWZjYjg0NmZjZTI0MTdhZWQ5YTBiYmQ1YTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ApneetGz3z8WdDqV4d4WDHNShkK
pTTODr4ZB2cUEg2Id6zDtbrm0Qs7ppIOpArw+kGWzDcqN7YmN3ejtYZqULab53Ju
1/SXiWgLq1dxjsPnxzZtX9qAfimSvGVv6ysRT5DyJn19n+xtQQeC+caDHk12+c7/
A7WFV6SOqz/JJGSddupRxnCTLhRm95blEh9Mc+hzdoNNfQeWxNYe4OnUipnH7vMj
vW0jwKAbbsmyJxOeXXv5jdLnjjDZl+3Qua4jGa/x/EUjZBiyzY3OQbrBcVQ1hdP+
KEJ+DKMbU8IE58Wcfd/5p4nDb4M2ckZhAm70YcuEC3ITH1UeFBr70unqBwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNZbuNRc9P78uEb84kF67ZoLvVo4MB8GA1UdIwQY
MBaAFAmPe6NLxlZ702FtV09yhd11Vtv9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMt
ZTIxNjZhZDc0ZTNmLzEvMWx1NDFGejBfdnk0UnZ6aVFYcnRtZ3U5V2pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMtZTIxNjZhZDc0ZTNm
LzEvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUF3BAwQA
UF3HAwQAUF3LMA0GCSqGSIb3DQEBCwUAA4IBAQBHjVwNa3xNIPMRVNNzUid8JzTb
vXg/lapBF1HfUWZJ7H8X1lL8IT3XFM8GFirzIlByTkiMAYKIdlmfImAPZlLhwE/u
E6kQi+rWCowUoJV0BkTH+n364q9vGLsk1MVFV1YVxBLVhSEsFcn5E6ngXJ6E3auX
P2YZHZoeJI9SViVYdD8tTScZlSSGpJV1/Muq1zznc+ZRlX+XbkBOksvTLgiKgl/J
awW6I+nFuoPDcmMVnP+78tqFe9Hfg95DNtbYr9wI1RyoMSp1Ij2QB/nDJ1GGDP7j
QdBcZcebQYmb506FSVI6zv6KPdzPSc5FI8W0mrXP60ENgn/7KuFDZphdkE3b
-----END CERTIFICATE-----