Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/4f7680-81ab-4c1f-a07b-7c62d5c315bf/1/DeSBN9nSPjlxegcQgzXzUB16arI.roa
File:                     DeSBN9nSPjlxegcQgzXzUB16arI.roa (raw, json)
Hash identifier:          ipZ8FcpaYRWxWS6hHY1ujd934urcDhcbf4AvD7JrYYI=
Subject key identifier:   0D:E4:81:37:D9:D2:3E:39:71:7A:07:10:83:35:F3:50:1D:7A:6A:B2
Certificate issuer:       /CN=90f76537ff745893e3142fa0984f449b725b8fd3
Certificate serial:       018CC72715E84C99546A6F20D080C5F20675
Authority key identifier: 90:F7:65:37:FF:74:58:93:E3:14:2F:A0:98:4F:44:9B:72:5B:8F:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kPdlN_90WJPjFC-gmE9Em3Jbj9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/4f7680-81ab-4c1f-a07b-7c62d5c315bf/1/DeSBN9nSPjlxegcQgzXzUB16arI.roa
Signing time:             Mon 01 Jan 2024 22:31:16 +0000
ROA not before:           Mon 01 Jan 2024 22:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29008
IP address blocks:        194.156.20.0/23 maxlen: 23
                          213.166.224.0/19 maxlen: 19
                          2a02:958::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/4f7680-81ab-4c1f-a07b-7c62d5c315bf/1/kPdlN_90WJPjFC-gmE9Em3Jbj9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/4f7680-81ab-4c1f-a07b-7c62d5c315bf/1/kPdlN_90WJPjFC-gmE9Em3Jbj9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kPdlN_90WJPjFC-gmE9Em3Jbj9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 12:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:15:e8:4c:99:54:6a:6f:20:d0:80:c5:f2:06:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90f76537ff745893e3142fa0984f449b725b8fd3
        Validity
            Not Before: Jan  1 22:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0de48137d9d23e39717a07108335f3501d7a6ab2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:3c:a6:66:53:5c:bb:c4:34:42:4e:49:ac:58:
                    38:7b:07:95:94:45:c6:03:29:88:7a:8b:cc:5b:70:
                    6f:2f:fb:69:3b:33:59:0c:7d:2a:78:68:bb:e6:72:
                    03:79:49:24:b6:7d:e1:27:33:01:23:82:a6:56:e3:
                    7c:fe:b1:cf:f7:7e:ac:f7:cd:bc:46:d0:ad:cf:1f:
                    69:1c:f5:07:d4:66:cc:b3:8b:09:1d:0c:ec:3a:cb:
                    9e:08:89:3b:de:ed:0c:3d:df:3c:f2:27:9a:96:a6:
                    d2:6b:b6:ef:78:6f:25:5c:64:f7:90:b3:6b:0e:af:
                    5a:18:b1:c2:76:2f:34:93:8b:6b:fb:5f:2e:d3:98:
                    fc:cf:6b:17:71:68:7c:09:08:aa:01:56:cc:fb:ea:
                    30:6b:0e:0c:96:b2:52:32:db:9e:a7:89:88:09:6f:
                    f6:25:5a:67:bd:ac:67:57:be:fe:74:55:10:dd:a8:
                    07:2d:d3:f0:63:c7:4b:91:5f:5a:5d:84:15:8f:00:
                    82:e6:33:1e:41:74:02:47:18:77:1a:bf:75:3e:37:
                    97:da:b0:de:74:e3:25:e4:50:fa:6c:d8:92:d7:fa:
                    5f:1f:87:b4:c4:25:c4:f9:ba:43:2a:04:8d:98:4b:
                    a5:f4:86:a7:ee:5d:4f:f9:c5:7f:ee:a7:8a:88:13:
                    89:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:E4:81:37:D9:D2:3E:39:71:7A:07:10:83:35:F3:50:1D:7A:6A:B2
            X509v3 Authority Key Identifier:
                keyid:90:F7:65:37:FF:74:58:93:E3:14:2F:A0:98:4F:44:9B:72:5B:8F:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kPdlN_90WJPjFC-gmE9Em3Jbj9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/4f7680-81ab-4c1f-a07b-7c62d5c315bf/1/DeSBN9nSPjlxegcQgzXzUB16arI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/4f7680-81ab-4c1f-a07b-7c62d5c315bf/1/kPdlN_90WJPjFC-gmE9Em3Jbj9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.20.0/23
                  213.166.224.0/19
                IPv6:
                  2a02:958::/32

    Signature Algorithm: sha256WithRSAEncryption
         72:34:62:03:69:5f:92:7d:1b:12:45:0e:8c:85:61:64:ec:34:
         5d:c1:a5:4c:4d:5d:d1:48:44:f1:e0:b8:5f:77:62:04:6f:81:
         b2:9f:97:a4:76:43:01:1f:1b:0a:9b:8b:b6:49:42:56:ad:f2:
         62:ac:23:83:38:81:2b:df:1f:83:e1:62:41:c7:6b:f6:c0:f8:
         78:ef:4b:9e:18:9b:ff:41:58:a8:29:55:42:ad:01:26:a3:f9:
         d2:53:43:c0:77:4d:29:eb:87:82:58:84:ef:f1:e5:8c:98:1e:
         4e:e4:42:b2:d1:87:d8:95:6e:e8:86:f6:a8:77:a3:dd:ca:ee:
         20:f3:1b:f1:07:33:0c:de:42:e9:cd:0a:4f:8b:f1:5e:80:99:
         d5:2e:ce:25:7f:65:5f:32:78:5b:dd:ac:8a:05:54:aa:3d:8a:
         01:81:dd:76:1c:ba:d2:59:28:c0:0b:bf:5d:66:4c:4e:14:e5:
         33:0e:cc:3b:65:cd:db:ca:47:5c:a1:89:7e:36:46:39:44:22:
         ec:c6:82:ec:8c:e0:6c:2b:b5:d9:3f:d1:c3:7b:bb:c6:66:86:
         c6:06:72:b5:75:fd:bf:74:d2:7f:f1:23:15:f6:12:fb:2c:85:
         d4:84:1b:5b:13:3f:29:eb:57:a4:2d:f8:fd:00:51:66:0e:48:
         74:63:d1:26
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHJxXoTJlUam8g0IDF8gZ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZjc2NTM3ZmY3NDU4OTNlMzE0MmZhMDk4NGY0NDliNzI1
YjhmZDMwHhcNMjQwMTAxMjIzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGU0ODEzN2Q5ZDIzZTM5NzE3YTA3MTA4MzM1ZjM1MDFkN2E2YWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgjymZlNcu8Q0Qk5JrFg4eweVlEXG
AymIeovMW3BvL/tpOzNZDH0qeGi75nIDeUkktn3hJzMBI4KmVuN8/rHP936s9828
RtCtzx9pHPUH1GbMs4sJHQzsOsueCIk73u0MPd888iealqbSa7bveG8lXGT3kLNr
Dq9aGLHCdi80k4tr+18u05j8z2sXcWh8CQiqAVbM++owaw4MlrJSMtuep4mICW/2
JVpnvaxnV77+dFUQ3agHLdPwY8dLkV9aXYQVjwCC5jMeQXQCRxh3Gr91PjeX2rDe
dOMl5FD6bNiS1/pfH4e0xCXE+bpDKgSNmEul9Ian7l1P+cV/7qeKiBOJYwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFA3kgTfZ0j45cXoHEIM181AdemqyMB8GA1UdIwQY
MBaAFJD3ZTf/dFiT4xQvoJhPRJtyW4/TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1BkbE5fOTBXSlBqRkMtZ21FOUVtM0piajlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi80Zjc2ODAtODFhYi00YzFmLWEwN2It
N2M2MmQ1YzMxNWJmLzEvRGVTQk45blNQamx4ZWdjUWd6WHpVQjE2YXJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi80Zjc2ODAtODFhYi00YzFmLWEwN2ItN2M2MmQ1YzMxNWJm
LzEva1BkbE5fOTBXSlBqRkMtZ21FOUVtM0piajlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBwpwUAwQF
1abgMA0EAgACMAcDBQAqAglYMA0GCSqGSIb3DQEBCwUAA4IBAQByNGIDaV+SfRsS
RQ6MhWFk7DRdwaVMTV3RSETx4Lhfd2IEb4Gyn5ekdkMBHxsKm4u2SUJWrfJirCOD
OIEr3x+D4WJBx2v2wPh470ueGJv/QVioKVVCrQEmo/nSU0PAd00p64eCWITv8eWM
mB5O5EKy0YfYlW7ohvaod6Pdyu4g8xvxBzMM3kLpzQpPi/FegJnVLs4lf2VfMnhb
3ayKBVSqPYoBgd12HLrSWSjAC79dZkxOFOUzDsw7Zc3bykdcoYl+NkY5RCLsxoLs
jOBsK7XZP9HDe7vGZobGBnK1df2/dNJ/8SMV9hL7LIXUhBtbEz8p61ekLfj9AFFm
Dkh0Y9Em
-----END CERTIFICATE-----