Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/445ed0-48b3-408e-a1bc-9979df52b018/1/DH5fLipzXBIcyjH1A7M2f7u-T_k.roa
File:                     DH5fLipzXBIcyjH1A7M2f7u-T_k.roa (raw, json)
Hash identifier:          axuBIpjnZTs9DMigNilhuZ+dPunuYVUNysn8M4aocb0=
Subject key identifier:   0C:7E:5F:2E:2A:73:5C:12:1C:CA:31:F5:03:B3:36:7F:BB:BE:4F:F9
Certificate issuer:       /CN=d27b877f899341269bec67c6e3a0a888ba7ae98d
Certificate serial:       018CC3B6EBEA9682FC9FDC5693B65367652F
Authority key identifier: D2:7B:87:7F:89:93:41:26:9B:EC:67:C6:E3:A0:A8:88:BA:7A:E9:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0nuHf4mTQSab7GfG46CoiLp66Y0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/445ed0-48b3-408e-a1bc-9979df52b018/1/DH5fLipzXBIcyjH1A7M2f7u-T_k.roa
Signing time:             Mon 01 Jan 2024 06:29:54 +0000
ROA not before:           Mon 01 Jan 2024 06:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        193.17.178.0/24 maxlen: 24
                          195.234.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/445ed0-48b3-408e-a1bc-9979df52b018/1/0nuHf4mTQSab7GfG46CoiLp66Y0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/445ed0-48b3-408e-a1bc-9979df52b018/1/0nuHf4mTQSab7GfG46CoiLp66Y0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0nuHf4mTQSab7GfG46CoiLp66Y0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:eb:ea:96:82:fc:9f:dc:56:93:b6:53:67:65:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d27b877f899341269bec67c6e3a0a888ba7ae98d
        Validity
            Not Before: Jan  1 06:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c7e5f2e2a735c121cca31f503b3367fbbbe4ff9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c3:5e:57:49:76:c8:40:78:e7:96:de:d2:86:
                    de:fb:a6:01:dc:ee:10:d7:aa:ff:a7:b0:1b:66:41:
                    54:8e:86:9b:54:48:d2:d8:2f:dc:38:46:d2:89:5f:
                    9b:b1:48:1c:dd:e4:5d:d6:8f:50:ab:3e:1e:9f:d8:
                    82:c5:17:60:d7:cf:d8:73:1e:84:ef:40:9a:70:22:
                    88:ae:58:a9:d7:7a:95:a9:f0:91:f0:c7:a2:9d:72:
                    a9:d3:d4:25:f6:ba:1e:05:19:45:75:e8:e8:1e:fa:
                    a1:f1:13:fb:1f:3b:0d:79:1d:40:12:a9:3f:92:23:
                    08:38:45:92:b9:32:1b:36:79:c9:4f:1f:eb:df:8c:
                    19:65:b6:3b:4c:71:c4:60:94:24:9b:d7:10:9c:d9:
                    3c:09:ff:7f:86:22:29:a6:78:a7:27:2e:84:68:5c:
                    31:6d:56:97:2b:6d:20:fa:6b:3b:e4:49:30:b6:1f:
                    21:ab:f2:67:ac:af:2c:2c:7d:4c:40:76:fe:c6:12:
                    13:a5:b0:ba:9f:90:f1:86:95:51:50:ca:43:94:20:
                    70:04:b4:87:9d:11:f3:5f:02:bc:ce:1c:de:be:4a:
                    71:df:8c:ad:cd:15:87:04:dd:65:ca:b1:ab:f7:d9:
                    be:0e:29:ea:26:f8:7d:b7:86:3f:a5:9e:52:16:a1:
                    75:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:7E:5F:2E:2A:73:5C:12:1C:CA:31:F5:03:B3:36:7F:BB:BE:4F:F9
            X509v3 Authority Key Identifier:
                keyid:D2:7B:87:7F:89:93:41:26:9B:EC:67:C6:E3:A0:A8:88:BA:7A:E9:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0nuHf4mTQSab7GfG46CoiLp66Y0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/445ed0-48b3-408e-a1bc-9979df52b018/1/DH5fLipzXBIcyjH1A7M2f7u-T_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/445ed0-48b3-408e-a1bc-9979df52b018/1/0nuHf4mTQSab7GfG46CoiLp66Y0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.178.0/24
                  195.234.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:21:d3:71:c3:46:9f:dd:7a:60:10:dc:f0:6b:03:ee:41:a7:
         6c:ca:98:cb:8c:d5:ea:f9:f4:30:10:4e:52:c1:4c:b6:5a:d8:
         8e:10:be:99:a9:67:e0:b9:99:0c:ab:d6:7b:80:d7:86:7a:0a:
         79:08:a0:98:24:09:9e:f2:bf:34:ba:b7:43:ae:3c:ae:8d:a1:
         b8:28:ce:dc:57:73:d6:63:79:86:5b:7e:94:f1:e2:61:00:fa:
         e5:8a:37:5b:70:0e:a2:5d:8d:38:04:55:78:7d:88:f7:99:55:
         dd:3f:82:d3:5d:cc:bc:a3:15:23:10:a2:f0:5a:e0:ed:7f:cd:
         93:73:99:93:47:01:b1:37:18:08:a2:fd:35:a7:84:ed:7a:f5:
         c5:e8:ec:8e:fd:41:3a:ef:41:a9:5c:5e:49:12:af:11:5b:1a:
         37:4b:ae:98:fa:12:8e:bd:4a:01:88:50:dc:96:49:ea:5a:a2:
         bd:82:78:d7:db:76:23:5f:03:73:c7:6d:fc:0f:2c:73:e8:1e:
         ea:ab:6a:ce:6a:54:b5:3c:e7:6f:7f:d3:e5:c8:ba:ac:f0:0a:
         e8:52:c3:12:de:86:23:51:58:3c:a1:4e:e9:9c:80:71:0c:d2:
         58:7f:b1:c1:3c:87:02:f2:55:cd:34:6f:be:0c:6b:9e:65:56:
         6e:b8:ec:db
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtuvqloL8n9xWk7ZTZ2UvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyN2I4NzdmODk5MzQxMjY5YmVjNjdjNmUzYTBhODg4YmE3
YWU5OGQwHhcNMjQwMTAxMDYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzdlNWYyZTJhNzM1YzEyMWNjYTMxZjUwM2IzMzY3ZmJiYmU0ZmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsNeV0l2yEB455be0obe+6YB3O4Q
16r/p7AbZkFUjoabVEjS2C/cOEbSiV+bsUgc3eRd1o9Qqz4en9iCxRdg18/Ycx6E
70CacCKIrlip13qVqfCR8MeinXKp09Ql9roeBRlFdejoHvqh8RP7HzsNeR1AEqk/
kiMIOEWSuTIbNnnJTx/r34wZZbY7THHEYJQkm9cQnNk8Cf9/hiIppninJy6EaFwx
bVaXK20g+ms75Ekwth8hq/JnrK8sLH1MQHb+xhITpbC6n5DxhpVRUMpDlCBwBLSH
nRHzXwK8zhzevkpx34ytzRWHBN1lyrGr99m+DinqJvh9t4Y/pZ5SFqF13QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAx+Xy4qc1wSHMox9QOzNn+7vk/5MB8GA1UdIwQY
MBaAFNJ7h3+Jk0Emm+xnxuOgqIi6eumNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG51SGY0bVRRU2FiN0dmRzQ2Q29pTHA2NlkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS80NDVlZDAtNDhiMy00MDhlLWExYmMt
OTk3OWRmNTJiMDE4LzEvREg1ZkxpcHpYQkljeWpIMUE3TTJmN3UtVF9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS80NDVlZDAtNDhiMy00MDhlLWExYmMtOTk3OWRmNTJiMDE4
LzEvMG51SGY0bVRRU2FiN0dmRzQ2Q29pTHA2NlkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRGyAwQA
w+oiMA0GCSqGSIb3DQEBCwUAA4IBAQAoIdNxw0af3XpgENzwawPuQadsypjLjNXq
+fQwEE5SwUy2WtiOEL6ZqWfguZkMq9Z7gNeGegp5CKCYJAme8r80urdDrjyujaG4
KM7cV3PWY3mGW36U8eJhAPrlijdbcA6iXY04BFV4fYj3mVXdP4LTXcy8oxUjEKLw
WuDtf82Tc5mTRwGxNxgIov01p4TtevXF6OyO/UE670GpXF5JEq8RWxo3S66Y+hKO
vUoBiFDclknqWqK9gnjX23YjXwNzx238Dyxz6B7qq2rOalS1POdvf9PlyLqs8Aro
UsMS3oYjUVg8oU7pnIBxDNJYf7HBPIcC8lXNNG++DGueZVZuuOzb
-----END CERTIFICATE-----