Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/101126-1d32-42a6-87fe-9223846ff30b/1/P5ZgSEJ7r39a_ZS3Q-xNmoNumHI.roa
File:                     P5ZgSEJ7r39a_ZS3Q-xNmoNumHI.roa (raw, json)
Hash identifier:          4PXeAx+hTh+LpMDV/Et0PpgI1tZebTtIuketCbT2y/o=
Subject key identifier:   3F:96:60:48:42:7B:AF:7F:5A:FD:94:B7:43:EC:4D:9A:83:6E:98:72
Certificate issuer:       /CN=f8035ec9de2570c1e7a7db40e272e45548c9202b
Certificate serial:       018CC4253B92BB0E9E7044BAEA26B4CF15CA
Authority key identifier: F8:03:5E:C9:DE:25:70:C1:E7:A7:DB:40:E2:72:E4:55:48:C9:20:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-ANeyd4lcMHnp9tA4nLkVUjJICs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/101126-1d32-42a6-87fe-9223846ff30b/1/P5ZgSEJ7r39a_ZS3Q-xNmoNumHI.roa
Signing time:             Mon 01 Jan 2024 08:30:23 +0000
ROA not before:           Mon 01 Jan 2024 08:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210255
IP address blocks:        193.22.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/101126-1d32-42a6-87fe-9223846ff30b/1/1-ANeyd4lcMHnp9tA4nLkVUjJICs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/101126-1d32-42a6-87fe-9223846ff30b/1/1-ANeyd4lcMHnp9tA4nLkVUjJICs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-ANeyd4lcMHnp9tA4nLkVUjJICs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 22:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:3b:92:bb:0e:9e:70:44:ba:ea:26:b4:cf:15:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8035ec9de2570c1e7a7db40e272e45548c9202b
        Validity
            Not Before: Jan  1 08:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f966048427baf7f5afd94b743ec4d9a836e9872
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:84:d8:6c:91:43:8a:68:9a:b1:50:98:17:9f:
                    a2:7c:38:b7:ad:e8:ec:ce:32:28:b6:f9:82:8f:f0:
                    b8:d3:1a:5f:a3:f2:eb:27:9a:fd:76:3c:6c:05:9b:
                    00:9c:5c:57:69:65:19:40:78:22:ac:ab:70:b8:da:
                    c9:18:f8:4a:53:46:32:a6:5f:e2:2e:ec:26:db:65:
                    85:80:ee:1c:f3:59:bc:42:ac:ce:f3:b1:46:ac:a1:
                    10:b2:9b:8e:25:a2:20:00:c2:dc:f3:45:8b:7d:1c:
                    ad:5a:a3:b4:5a:84:2f:44:fc:3b:18:f9:79:cf:11:
                    b0:bd:20:e4:f9:9b:73:29:6e:a6:94:ee:53:7d:4e:
                    a3:ee:e4:06:96:90:e4:7f:82:aa:f6:0f:fc:84:2c:
                    cd:c8:0c:57:3f:8c:b8:a4:fc:01:e5:03:73:a3:8a:
                    47:ec:c8:28:d3:70:bf:3a:43:8e:35:7e:24:fe:8f:
                    07:35:5f:db:ff:cc:46:37:72:1b:c5:51:7f:57:55:
                    b8:58:58:b0:43:3d:79:37:d8:14:64:10:29:6f:dd:
                    7f:04:bc:3c:ef:02:21:c4:a2:d7:31:4b:c9:f7:92:
                    c9:73:84:a0:41:89:79:2b:4e:aa:31:02:ef:c4:be:
                    f1:8f:03:ce:b9:56:6c:f1:ff:27:08:5a:fa:48:d9:
                    7d:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:96:60:48:42:7B:AF:7F:5A:FD:94:B7:43:EC:4D:9A:83:6E:98:72
            X509v3 Authority Key Identifier:
                keyid:F8:03:5E:C9:DE:25:70:C1:E7:A7:DB:40:E2:72:E4:55:48:C9:20:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-ANeyd4lcMHnp9tA4nLkVUjJICs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/101126-1d32-42a6-87fe-9223846ff30b/1/P5ZgSEJ7r39a_ZS3Q-xNmoNumHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/101126-1d32-42a6-87fe-9223846ff30b/1/1-ANeyd4lcMHnp9tA4nLkVUjJICs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:94:c0:ed:c0:88:59:54:5c:bf:e8:54:43:16:b4:7f:c5:08:
         a2:65:a1:a1:51:19:02:55:54:57:3c:e3:6b:16:77:95:cf:51:
         ba:e6:c1:23:7e:14:19:3c:6e:44:a3:5f:8a:cd:83:a7:c7:1f:
         ee:82:e7:9f:22:ba:4a:dd:07:b9:52:60:6e:34:65:77:f4:55:
         0d:8e:71:df:a1:26:1c:9b:6a:28:f5:c7:2d:6b:b2:52:72:f0:
         81:89:95:d5:2c:2e:a3:7e:66:dd:bc:84:a1:e2:65:99:89:51:
         c2:86:97:1d:2f:46:95:48:2a:9f:99:c2:e4:66:cb:a1:d3:a2:
         99:ae:31:c4:a3:30:99:84:27:98:4f:7c:06:e3:1d:da:2e:12:
         c4:80:61:06:0d:7f:30:55:02:b8:8d:c9:ef:76:0a:8a:ff:87:
         e1:f1:2e:57:a6:22:02:c2:ab:63:84:e6:50:b7:ce:d8:62:46:
         ce:46:df:90:0d:79:c6:ed:b1:6d:d1:99:c1:e2:05:c3:18:02:
         70:2c:db:58:a2:9d:01:54:a1:ac:a2:74:af:4d:8a:8a:48:1e:
         2a:1b:37:6a:9b:20:62:8c:4a:d5:81:66:b7:18:3c:7d:9b:3a:
         16:6d:9f:f9:68:4e:e4:93:0b:a1:46:90:2d:98:55:c7:d1:50:
         6e:3a:4f:86
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEJTuSuw6ecES66ia0zxXKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MDM1ZWM5ZGUyNTcwYzFlN2E3ZGI0MGUyNzJlNDU1NDhj
OTIwMmIwHhcNMjQwMTAxMDgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjk2NjA0ODQyN2JhZjdmNWFmZDk0Yjc0M2VjNGQ5YTgzNmU5ODcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYTYbJFDimiasVCYF5+ifDi3rejs
zjIotvmCj/C40xpfo/LrJ5r9djxsBZsAnFxXaWUZQHgirKtwuNrJGPhKU0Yypl/i
Luwm22WFgO4c81m8QqzO87FGrKEQspuOJaIgAMLc80WLfRytWqO0WoQvRPw7GPl5
zxGwvSDk+ZtzKW6mlO5TfU6j7uQGlpDkf4Kq9g/8hCzNyAxXP4y4pPwB5QNzo4pH
7Mgo03C/OkOONX4k/o8HNV/b/8xGN3IbxVF/V1W4WFiwQz15N9gUZBApb91/BLw8
7wIhxKLXMUvJ95LJc4SgQYl5K06qMQLvxL7xjwPOuVZs8f8nCFr6SNl9bQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFD+WYEhCe69/Wv2Ut0PsTZqDbphyMB8GA1UdIwQY
MBaAFPgDXsneJXDB56fbQOJy5FVIySArMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1BTmV5ZDRsY01IbnA5dEE0bkxrVlVqSklDcy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDAvMTAxMTI2LTFkMzItNDJhNi04N2Zl
LTkyMjM4NDZmZjMwYi8xL1A1WmdTRUo3cjM5YV9aUzNRLXhObW9OdW1ISS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDAvMTAxMTI2LTFkMzItNDJhNi04N2ZlLTkyMjM4NDZmZjMw
Yi8xLzEtQU5leWQ0bGNNSG5wOXRBNG5Ma1ZVakpJQ3MuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBFuAw
DQYJKoZIhvcNAQELBQADggEBABuUwO3AiFlUXL/oVEMWtH/FCKJloaFRGQJVVFc8
42sWd5XPUbrmwSN+FBk8bkSjX4rNg6fHH+6C558iukrdB7lSYG40ZXf0VQ2Ocd+h
Jhybaij1xy1rslJy8IGJldUsLqN+Zt28hKHiZZmJUcKGlx0vRpVIKp+ZwuRmy6HT
opmuMcSjMJmEJ5hPfAbjHdouEsSAYQYNfzBVAriNye92Cor/h+HxLlemIgLCq2OE
5lC3zthiRs5G35ANecbtsW3RmcHiBcMYAnAs21iinQFUoayidK9NiopIHiobN2qb
IGKMStWBZrcYPH2bOhZtn/loTuSTC6FGkC2YVcfRUG46T4Y=
-----END CERTIFICATE-----