Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/E3eSTt4MCk5sTtaLwT8MxAsl_tI.roa
File:                     E3eSTt4MCk5sTtaLwT8MxAsl_tI.roa (raw, json)
Hash identifier:          6whLAddzgrjE0bJ7lMwxkRyiksJRE+gKBpUUZxDa7KU=
Subject key identifier:   13:77:92:4E:DE:0C:0A:4E:6C:4E:D6:8B:C1:3F:0C:C4:0B:25:FE:D2
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC803039A9D7AC1C85BEBBB0D3161EF2B
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/E3eSTt4MCk5sTtaLwT8MxAsl_tI.roa
Signing time:             Tue 02 Jan 2024 02:31:29 +0000
ROA not before:           Tue 02 Jan 2024 02:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206941
IP address blocks:        193.235.58.0/24 maxlen: 24
                          194.14.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:03:9a:9d:7a:c1:c8:5b:eb:bb:0d:31:61:ef:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1377924ede0c0a4e6c4ed68bc13f0cc40b25fed2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:48:c6:2a:dc:d7:79:74:58:08:c2:27:b7:f9:
                    51:0a:8f:35:f1:14:17:50:b2:7f:e9:d3:47:51:95:
                    ae:71:5b:29:95:02:96:19:23:72:cd:61:3e:91:13:
                    6a:ae:d4:b5:c0:67:24:dd:6a:4f:b1:af:c1:e2:af:
                    d0:c1:38:a6:c3:01:9d:56:6c:5a:7d:5d:2c:5c:6b:
                    13:f4:1b:0b:4d:5b:12:ce:6a:63:a7:82:8f:5b:4f:
                    a2:b2:2e:81:ef:16:f7:19:2a:c2:4b:59:10:99:65:
                    16:32:73:ae:4c:28:05:c5:0e:9e:54:9f:ef:11:33:
                    21:7d:da:c2:81:dc:73:e5:5b:06:7a:28:fa:27:d9:
                    98:5a:50:33:47:f1:51:83:8d:af:b1:bb:d7:59:fc:
                    72:d5:eb:72:e6:44:d7:a0:a4:fc:05:94:f8:21:a6:
                    e9:53:b6:90:d5:ec:b2:b9:02:0f:40:e4:8d:8d:d5:
                    cd:df:36:9e:4c:69:d6:4a:13:9b:d0:c3:75:96:b1:
                    4d:ad:c3:5b:20:5a:af:ab:59:52:90:e0:6b:ad:dc:
                    e8:d0:b3:31:a1:d7:7f:ac:0b:e0:7d:48:87:65:bf:
                    4a:62:b8:6d:2e:75:6d:dd:32:69:dd:7b:49:cf:f7:
                    5f:4f:d5:55:41:44:03:88:d0:a1:42:43:87:a6:6a:
                    81:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:77:92:4E:DE:0C:0A:4E:6C:4E:D6:8B:C1:3F:0C:C4:0B:25:FE:D2
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/E3eSTt4MCk5sTtaLwT8MxAsl_tI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.235.58.0/24
                  194.14.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:a8:19:46:f0:f1:c9:b5:ac:bf:70:ca:60:f6:5a:7f:75:c9:
         16:d0:73:75:c2:63:09:7e:d1:b2:78:1b:e0:d5:d7:ad:bb:95:
         75:32:26:46:50:17:31:5a:6f:f7:2e:23:dd:20:15:8b:6a:ae:
         da:d5:10:f4:f1:8b:f9:aa:0c:da:f7:01:7d:c5:9d:64:2b:bd:
         c1:cd:91:44:24:03:d0:0a:a2:d6:2a:e0:ab:ec:df:a0:32:b0:
         25:90:0d:56:70:66:e0:9e:e7:07:ce:84:8a:86:4b:98:0f:a4:
         f8:a2:7e:45:11:9d:7e:f5:c5:5e:50:11:f5:7c:c9:c3:e6:02:
         af:f4:0f:74:45:e6:2d:b1:a0:70:57:30:9c:d8:95:d7:92:80:
         b7:50:35:4a:d7:a8:5d:e0:8b:8b:fd:75:71:cf:1a:60:43:54:
         b6:f8:02:99:41:2c:f3:18:eb:2a:84:59:30:62:2e:81:a3:49:
         78:01:41:59:1b:ac:1c:02:6c:e3:41:c2:96:37:72:2d:25:3e:
         2d:76:34:78:7e:61:7a:bb:ba:27:35:5a:1f:a4:3d:d8:27:d8:
         f7:f4:08:65:69:38:ee:0c:ad:f1:e8:18:f0:00:bd:f4:ec:31:
         3c:f9:a4:0e:15:d2:2e:4a:67:1b:bc:e4:0f:61:98:87:8c:21:
         37:2b:8f:e8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAwOanXrByFvruw0xYe8rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzc3OTI0ZWRlMGMwYTRlNmM0ZWQ2OGJjMTNmMGNjNDBiMjVmZWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA40jGKtzXeXRYCMInt/lRCo818RQX
ULJ/6dNHUZWucVsplQKWGSNyzWE+kRNqrtS1wGck3WpPsa/B4q/QwTimwwGdVmxa
fV0sXGsT9BsLTVsSzmpjp4KPW0+isi6B7xb3GSrCS1kQmWUWMnOuTCgFxQ6eVJ/v
ETMhfdrCgdxz5VsGeij6J9mYWlAzR/FRg42vsbvXWfxy1ety5kTXoKT8BZT4Iabp
U7aQ1eyyuQIPQOSNjdXN3zaeTGnWShOb0MN1lrFNrcNbIFqvq1lSkOBrrdzo0LMx
odd/rAvgfUiHZb9KYrhtLnVt3TJp3XtJz/dfT9VVQUQDiNChQkOHpmqBXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBN3kk7eDApObE7Wi8E/DMQLJf7SMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvRTNlU1R0NE1DazVzVHRhTHdUOE14QXNsX3RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwes6AwQA
wg7SMA0GCSqGSIb3DQEBCwUAA4IBAQCUqBlG8PHJtay/cMpg9lp/dckW0HN1wmMJ
ftGyeBvg1detu5V1MiZGUBcxWm/3LiPdIBWLaq7a1RD08Yv5qgza9wF9xZ1kK73B
zZFEJAPQCqLWKuCr7N+gMrAlkA1WcGbgnucHzoSKhkuYD6T4on5FEZ1+9cVeUBH1
fMnD5gKv9A90ReYtsaBwVzCc2JXXkoC3UDVK16hd4IuL/XVxzxpgQ1S2+AKZQSzz
GOsqhFkwYi6Bo0l4AUFZG6wcAmzjQcKWN3ItJT4tdjR4fmF6u7onNVofpD3YJ9j3
9AhlaTjuDK3x6BjwAL307DE8+aQOFdIuSmcbvOQPYZiHjCE3K4/o
-----END CERTIFICATE-----