Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/d97d28-a2e2-401d-8ff0-59fc73d60322/1/aBz0viA-Vaw4ADc1P8oiYH-xpPY.roa
File:                     aBz0viA-Vaw4ADc1P8oiYH-xpPY.roa (raw, json)
Hash identifier:          W1eZXQiVascglNrvXdANSxP7jBkBXYXKQNoeYKfyTBM=
Subject key identifier:   68:1C:F4:BE:20:3E:55:AC:38:00:37:35:3F:CA:22:60:7F:B1:A4:F6
Certificate issuer:       /CN=eb51359c9989b963e9594c1929c820367de322dd
Certificate serial:       018CC80140B080E0CB7AE4CA2F8826524DCE
Authority key identifier: EB:51:35:9C:99:89:B9:63:E9:59:4C:19:29:C8:20:36:7D:E3:22:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/61E1nJmJuWPpWUwZKcggNn3jIt0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/d97d28-a2e2-401d-8ff0-59fc73d60322/1/aBz0viA-Vaw4ADc1P8oiYH-xpPY.roa
Signing time:             Tue 02 Jan 2024 02:29:34 +0000
ROA not before:           Tue 02 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60339
IP address blocks:        92.41.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/d97d28-a2e2-401d-8ff0-59fc73d60322/1/61E1nJmJuWPpWUwZKcggNn3jIt0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/d97d28-a2e2-401d-8ff0-59fc73d60322/1/61E1nJmJuWPpWUwZKcggNn3jIt0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/61E1nJmJuWPpWUwZKcggNn3jIt0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:40:b0:80:e0:cb:7a:e4:ca:2f:88:26:52:4d:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb51359c9989b963e9594c1929c820367de322dd
        Validity
            Not Before: Jan  2 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=681cf4be203e55ac380037353fca22607fb1a4f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:19:bc:9e:99:e6:eb:6a:19:38:40:9d:02:d8:
                    09:e5:0a:33:3c:7e:d5:86:ab:ab:1e:f1:3f:e8:d9:
                    fd:95:f4:80:f3:94:83:0c:a1:83:9f:28:ea:ee:6d:
                    e8:89:47:39:be:6b:e8:5e:05:7a:96:5b:d1:f3:83:
                    65:be:87:85:a9:e5:6a:24:14:be:71:05:dd:bc:89:
                    0e:d1:e3:4a:37:d5:5e:56:da:75:3d:3a:b8:2a:00:
                    e9:47:5e:15:a7:cc:71:90:7b:c9:02:76:0d:17:a3:
                    f4:2b:af:11:a8:4f:b3:7b:a5:0a:30:4e:80:9c:cd:
                    80:96:22:7d:a6:73:24:c5:ca:41:c0:cd:72:60:47:
                    72:e6:96:64:a4:28:0f:fb:68:dd:2a:6d:3e:3a:dc:
                    86:c5:8c:ef:59:57:dd:2f:04:c6:89:6a:71:ff:e7:
                    26:a9:7a:67:3a:15:5e:7b:f7:59:0c:04:1d:8d:cc:
                    ad:bd:81:2a:3e:18:ff:1e:14:fc:3d:df:35:b9:c9:
                    f8:dd:7a:cb:87:d8:67:17:c5:b5:0b:d3:46:93:96:
                    f2:5a:4b:13:80:eb:16:a4:66:2d:cd:63:66:16:c3:
                    cb:8b:8d:9e:fa:89:2a:4e:f3:77:0a:89:28:d4:bf:
                    a1:1a:fa:6f:2d:de:86:91:c3:44:b2:60:b6:fc:ed:
                    f9:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:1C:F4:BE:20:3E:55:AC:38:00:37:35:3F:CA:22:60:7F:B1:A4:F6
            X509v3 Authority Key Identifier:
                keyid:EB:51:35:9C:99:89:B9:63:E9:59:4C:19:29:C8:20:36:7D:E3:22:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/61E1nJmJuWPpWUwZKcggNn3jIt0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/d97d28-a2e2-401d-8ff0-59fc73d60322/1/aBz0viA-Vaw4ADc1P8oiYH-xpPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/d97d28-a2e2-401d-8ff0-59fc73d60322/1/61E1nJmJuWPpWUwZKcggNn3jIt0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.41.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:e4:73:08:45:aa:da:da:11:07:b4:42:14:d0:56:f1:54:44:
         4b:05:50:18:72:1b:56:32:51:91:6d:eb:2c:83:45:2b:37:bf:
         cc:5b:cc:03:31:75:14:e9:ac:76:96:b6:5b:a6:c4:31:e0:9c:
         63:da:d4:ec:03:2e:8c:30:e2:94:54:28:db:da:56:b8:b1:9e:
         35:48:eb:b6:57:be:12:9f:80:30:3c:09:fc:a8:94:7c:6a:e5:
         f9:8f:18:ab:69:be:3d:40:71:d4:83:9c:23:f2:da:5f:23:44:
         e2:e4:9e:53:a1:83:70:6b:8e:09:45:f6:58:73:9c:d5:3a:fd:
         50:e2:fa:50:f9:03:bf:ba:cf:81:65:17:b0:e9:b5:de:33:4a:
         a3:a7:1b:d2:77:a5:b4:c9:91:69:25:32:f9:fa:c9:4c:c9:4b:
         ef:be:fb:83:68:81:b4:bf:11:84:55:2f:bd:cf:84:94:7d:de:
         f1:bd:27:12:d3:be:41:c0:46:bf:c1:1e:97:c5:3c:c4:44:3e:
         0e:f8:b0:c9:af:b4:26:d4:0c:35:a2:c1:e9:93:b1:3e:c1:ee:
         b4:70:7d:af:19:a3:a4:99:2a:d5:2c:0a:83:09:ad:07:a9:f4:
         05:7a:f7:a6:f4:c4:17:9e:9d:ca:c3:52:73:4d:54:88:7e:6f:
         e8:82:d5:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAUCwgODLeuTKL4gmUk3OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViNTEzNTljOTk4OWI5NjNlOTU5NGMxOTI5YzgyMDM2N2Rl
MzIyZGQwHhcNMjQwMTAyMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODFjZjRiZTIwM2U1NWFjMzgwMDM3MzUzZmNhMjI2MDdmYjFhNGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhm8npnm62oZOECdAtgJ5QozPH7V
hqurHvE/6Nn9lfSA85SDDKGDnyjq7m3oiUc5vmvoXgV6llvR84NlvoeFqeVqJBS+
cQXdvIkO0eNKN9VeVtp1PTq4KgDpR14Vp8xxkHvJAnYNF6P0K68RqE+ze6UKME6A
nM2AliJ9pnMkxcpBwM1yYEdy5pZkpCgP+2jdKm0+OtyGxYzvWVfdLwTGiWpx/+cm
qXpnOhVee/dZDAQdjcytvYEqPhj/HhT8Pd81ucn43XrLh9hnF8W1C9NGk5byWksT
gOsWpGYtzWNmFsPLi42e+okqTvN3Coko1L+hGvpvLd6GkcNEsmC2/O354QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGgc9L4gPlWsOAA3NT/KImB/saT2MB8GA1UdIwQY
MBaAFOtRNZyZiblj6VlMGSnIIDZ94yLdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjFFMW5KbUp1V1BwV1V3WktjZ2dObjNqSXQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9kOTdkMjgtYTJlMi00MDFkLThmZjAt
NTlmYzczZDYwMzIyLzEvYUJ6MHZpQS1WYXc0QURjMVA4b2lZSC14cFBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9kOTdkMjgtYTJlMi00MDFkLThmZjAtNTlmYzczZDYwMzIy
LzEvNjFFMW5KbUp1V1BwV1V3WktjZ2dObjNqSXQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCn/MA0G
CSqGSIb3DQEBCwUAA4IBAQCN5HMIRara2hEHtEIU0FbxVERLBVAYchtWMlGRbess
g0UrN7/MW8wDMXUU6ax2lrZbpsQx4Jxj2tTsAy6MMOKUVCjb2la4sZ41SOu2V74S
n4AwPAn8qJR8auX5jxirab49QHHUg5wj8tpfI0Ti5J5ToYNwa44JRfZYc5zVOv1Q
4vpQ+QO/us+BZRew6bXeM0qjpxvSd6W0yZFpJTL5+slMyUvvvvuDaIG0vxGEVS+9
z4SUfd7xvScS075BwEa/wR6XxTzERD4O+LDJr7Qm1Aw1osHpk7E+we60cH2vGaOk
mSrVLAqDCa0HqfQFevem9MQXnp3Kw1JzTVSIfm/ogtXa
-----END CERTIFICATE-----