Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/dcddfa-a059-4ff0-a809-5eabfb1e5130/1/N5Qw1IeFtL2JJfxnxi0MxFpnLMs.roa
File:                     N5Qw1IeFtL2JJfxnxi0MxFpnLMs.roa (raw, json)
Hash identifier:          LoExIjFHGVfHFzAWAToVxKaqj+P9kn9u+Q727pnxab0=
Subject key identifier:   37:94:30:D4:87:85:B4:BD:89:25:FC:67:C6:2D:0C:C4:5A:67:2C:CB
Certificate issuer:       /CN=c9d11b707878bd77fbff15f27752c08a4aa556f4
Certificate serial:       018F19ED3E73150D89593A0D15606A1BF3B5
Authority key identifier: C9:D1:1B:70:78:78:BD:77:FB:FF:15:F2:77:52:C0:8A:4A:A5:56:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydEbcHh4vXf7_xXyd1LAikqlVvQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/dcddfa-a059-4ff0-a809-5eabfb1e5130/1/N5Qw1IeFtL2JJfxnxi0MxFpnLMs.roa
Signing time:             Fri 26 Apr 2024 10:22:09 +0000
ROA not before:           Fri 26 Apr 2024 10:22:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201228
IP address blocks:        193.247.208.0/24 maxlen: 24
                          193.247.209.0/24 maxlen: 24
                          193.247.210.0/24 maxlen: 24
                          193.247.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/dcddfa-a059-4ff0-a809-5eabfb1e5130/1/ydEbcHh4vXf7_xXyd1LAikqlVvQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/dcddfa-a059-4ff0-a809-5eabfb1e5130/1/ydEbcHh4vXf7_xXyd1LAikqlVvQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydEbcHh4vXf7_xXyd1LAikqlVvQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 04:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:19:ed:3e:73:15:0d:89:59:3a:0d:15:60:6a:1b:f3:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d11b707878bd77fbff15f27752c08a4aa556f4
        Validity
            Not Before: Apr 26 10:22:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=379430d48785b4bd8925fc67c62d0cc45a672ccb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:6c:5a:38:43:07:a3:61:f7:c6:93:ff:0e:b6:
                    cc:48:0a:4f:f9:51:b9:f9:67:99:9d:62:58:00:b6:
                    91:12:74:fe:cc:2e:28:81:d6:06:2d:79:66:d4:e8:
                    18:71:b0:c0:08:67:eb:b8:63:13:ae:84:b5:64:46:
                    10:bc:cf:37:b7:6e:1f:3e:9b:96:8c:fe:81:79:b4:
                    9c:f2:0c:d7:77:84:f7:df:57:e2:d2:be:ff:48:3c:
                    a6:f6:9a:4c:30:f5:cb:41:9d:1d:cb:ad:49:0d:48:
                    3e:ec:fe:df:89:28:23:c6:19:b4:92:95:21:de:d1:
                    12:41:b3:ab:aa:6f:85:fe:8c:1e:7c:4f:36:6b:8f:
                    8b:2d:6d:f0:92:8d:77:98:37:92:f5:25:cc:5a:db:
                    ea:0b:5a:19:53:e4:76:d6:6e:97:8b:05:81:de:bc:
                    c0:6c:b6:94:e4:89:5d:45:18:d8:61:7e:5b:33:54:
                    57:80:b8:5d:3b:85:ae:ed:00:2c:d1:1e:cf:88:f2:
                    79:ea:d5:d2:85:a3:c2:c0:5f:5a:ca:fc:2f:cc:82:
                    1a:44:28:6f:b0:03:49:76:f1:16:73:f1:86:dc:61:
                    08:eb:92:a3:6d:c5:76:e1:bc:d3:23:9d:5e:05:c6:
                    70:6f:e1:5a:11:c1:54:72:39:fd:38:7b:e0:c0:f2:
                    c3:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:94:30:D4:87:85:B4:BD:89:25:FC:67:C6:2D:0C:C4:5A:67:2C:CB
            X509v3 Authority Key Identifier:
                keyid:C9:D1:1B:70:78:78:BD:77:FB:FF:15:F2:77:52:C0:8A:4A:A5:56:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydEbcHh4vXf7_xXyd1LAikqlVvQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/dcddfa-a059-4ff0-a809-5eabfb1e5130/1/N5Qw1IeFtL2JJfxnxi0MxFpnLMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/dcddfa-a059-4ff0-a809-5eabfb1e5130/1/ydEbcHh4vXf7_xXyd1LAikqlVvQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.247.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:97:26:8e:38:ad:28:1f:6c:75:da:73:6b:e7:96:3b:76:1f:
         75:92:9b:10:7a:4b:2e:2a:3c:b6:4b:28:5e:15:8b:1e:37:1e:
         5f:e5:86:71:1e:79:49:b9:16:87:3b:11:a5:f2:e4:a9:5d:49:
         3f:5f:6e:51:d6:f5:ec:b3:09:84:04:3d:2d:e4:35:15:3f:5a:
         55:aa:3b:da:71:37:1d:f5:a7:16:48:58:b0:35:45:a0:43:94:
         eb:87:57:52:3b:a8:67:41:bc:5e:1e:c1:52:2a:ff:e3:9b:1c:
         af:6a:fd:64:1f:a3:5e:93:36:47:d9:e7:13:87:23:cd:56:fd:
         bd:98:27:21:7b:55:b7:75:c8:d7:84:89:8b:1a:3d:8a:d4:b7:
         1e:55:ef:38:40:ef:29:a8:51:6d:0e:cd:04:9d:54:2e:8b:42:
         e2:18:ca:b6:8c:ba:98:5d:16:03:8f:6c:32:af:be:7c:ac:4b:
         6a:74:75:4d:c8:37:3f:0f:46:7a:91:e2:68:42:38:11:37:32:
         68:f2:39:a1:5a:23:4c:9d:12:0c:ea:d5:7d:c5:b3:82:09:6a:
         a0:e7:66:c4:1b:c1:bb:dc:ea:64:2c:84:ba:bb:83:66:e2:08:
         b4:0b:0e:ce:eb:39:18:d3:e3:c3:ca:48:12:b5:1b:36:e8:45:
         05:b6:ff:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8Z7T5zFQ2JWToNFWBqG/O1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDExYjcwNzg3OGJkNzdmYmZmMTVmMjc3NTJjMDhhNGFh
NTU2ZjQwHhcNMjQwNDI2MTAyMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzk0MzBkNDg3ODViNGJkODkyNWZjNjdjNjJkMGNjNDVhNjcyY2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmxaOEMHo2H3xpP/DrbMSApP+VG5
+WeZnWJYALaREnT+zC4ogdYGLXlm1OgYcbDACGfruGMTroS1ZEYQvM83t24fPpuW
jP6BebSc8gzXd4T331fi0r7/SDym9ppMMPXLQZ0dy61JDUg+7P7fiSgjxhm0kpUh
3tESQbOrqm+F/owefE82a4+LLW3wko13mDeS9SXMWtvqC1oZU+R21m6XiwWB3rzA
bLaU5IldRRjYYX5bM1RXgLhdO4Wu7QAs0R7PiPJ56tXShaPCwF9ayvwvzIIaRChv
sANJdvEWc/GG3GEI65KjbcV24bzTI51eBcZwb+FaEcFUcjn9OHvgwPLDSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDeUMNSHhbS9iSX8Z8YtDMRaZyzLMB8GA1UdIwQY
MBaAFMnRG3B4eL13+/8V8ndSwIpKpVb0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRFYmNIaDR2WGY3X3hYeWQxTEFpa3FsVnZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9kY2RkZmEtYTA1OS00ZmYwLWE4MDkt
NWVhYmZiMWU1MTMwLzEvTjVRdzFJZUZ0TDJKSmZ4bnhpME14RnBuTE1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9kY2RkZmEtYTA1OS00ZmYwLWE4MDktNWVhYmZiMWU1MTMw
LzEveWRFYmNIaDR2WGY3X3hYeWQxTEFpa3FsVnZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwffQMA0G
CSqGSIb3DQEBCwUAA4IBAQBnlyaOOK0oH2x12nNr55Y7dh91kpsQeksuKjy2Syhe
FYseNx5f5YZxHnlJuRaHOxGl8uSpXUk/X25R1vXsswmEBD0t5DUVP1pVqjvacTcd
9acWSFiwNUWgQ5Trh1dSO6hnQbxeHsFSKv/jmxyvav1kH6NekzZH2ecThyPNVv29
mCche1W3dcjXhImLGj2K1LceVe84QO8pqFFtDs0EnVQui0LiGMq2jLqYXRYDj2wy
r758rEtqdHVNyDc/D0Z6keJoQjgRNzJo8jmhWiNMnRIM6tV9xbOCCWqg52bEG8G7
3OpkLIS6u4Nm4gi0Cw7O6zkY0+PDykgStRs26EUFtv94
-----END CERTIFICATE-----