Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/3b65ab-a0e2-4684-b981-a86a7af368da/1/9jRjdTO7fBkjcFHt1fnUnaX_T3k.roa
File:                     9jRjdTO7fBkjcFHt1fnUnaX_T3k.roa (raw, json)
Hash identifier:          3WY7AgxSwDZyrJrZX0H0mFMYrwb18tzFjzAuAbCSY+Q=
Subject key identifier:   F6:34:63:75:33:BB:7C:19:23:70:51:ED:D5:F9:D4:9D:A5:FF:4F:79
Certificate issuer:       /CN=f6451af11120d8fa898cb6212cea8ca61dc59b92
Certificate serial:       0194228DA7256042FA28440138DA07438717
Authority key identifier: F6:45:1A:F1:11:20:D8:FA:89:8C:B6:21:2C:EA:8C:A6:1D:C5:9B:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9kUa8REg2PqJjLYhLOqMph3Fm5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/3b65ab-a0e2-4684-b981-a86a7af368da/1/9jRjdTO7fBkjcFHt1fnUnaX_T3k.roa
Signing time:             Wed 01 Jan 2025 15:48:16 +0000
ROA not before:           Wed 01 Jan 2025 15:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35503
IP address blocks:        193.192.56.0/23 maxlen: 24
                          193.192.56.0/24 maxlen: 24
                          193.192.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/3b65ab-a0e2-4684-b981-a86a7af368da/1/9kUa8REg2PqJjLYhLOqMph3Fm5I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/3b65ab-a0e2-4684-b981-a86a7af368da/1/9kUa8REg2PqJjLYhLOqMph3Fm5I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9kUa8REg2PqJjLYhLOqMph3Fm5I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:a7:25:60:42:fa:28:44:01:38:da:07:43:87:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6451af11120d8fa898cb6212cea8ca61dc59b92
        Validity
            Not Before: Jan  1 15:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f634637533bb7c19237051edd5f9d49da5ff4f79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b2:b9:57:1e:f3:bc:aa:25:75:09:bb:02:2f:
                    d9:42:d4:87:94:48:92:32:e5:78:74:c0:f7:f4:d7:
                    aa:30:ca:90:dc:e8:30:e6:a0:cd:0b:3e:33:12:3a:
                    33:0e:3f:6a:35:6b:ad:ce:64:58:95:fe:23:9d:f6:
                    96:63:d4:9c:14:79:6b:63:8d:5e:ab:f2:7a:14:71:
                    b6:4c:6f:0f:8a:96:e6:ef:a8:93:e3:f7:98:82:c5:
                    e7:98:34:68:72:6e:40:27:2d:7a:ff:39:f2:2d:55:
                    7b:41:5c:3c:6e:d6:40:f6:16:70:14:ab:4d:c4:16:
                    27:c7:74:20:9e:78:cd:46:93:e1:54:3c:e9:91:41:
                    6c:7f:d2:4d:9d:e7:38:04:8f:57:89:c4:50:0a:1f:
                    30:20:9a:6a:31:16:95:2a:db:13:1b:70:1a:86:39:
                    12:4f:cd:e7:b4:35:32:c9:f9:2f:d2:30:76:90:3c:
                    1b:09:44:b1:da:ca:ac:a9:47:e6:69:b1:f2:ab:bc:
                    60:35:95:d5:76:93:fd:5d:01:f9:eb:91:48:6c:d3:
                    2b:db:1c:b5:32:28:61:01:7e:d4:1c:a4:eb:52:f2:
                    f0:ed:78:97:98:18:85:80:0d:d9:c6:a0:c5:db:f5:
                    23:af:a0:2e:04:c0:98:90:fc:ce:87:1a:e1:ce:b2:
                    e7:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:34:63:75:33:BB:7C:19:23:70:51:ED:D5:F9:D4:9D:A5:FF:4F:79
            X509v3 Authority Key Identifier:
                keyid:F6:45:1A:F1:11:20:D8:FA:89:8C:B6:21:2C:EA:8C:A6:1D:C5:9B:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9kUa8REg2PqJjLYhLOqMph3Fm5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/3b65ab-a0e2-4684-b981-a86a7af368da/1/9jRjdTO7fBkjcFHt1fnUnaX_T3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/3b65ab-a0e2-4684-b981-a86a7af368da/1/9kUa8REg2PqJjLYhLOqMph3Fm5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.192.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:54:a8:02:02:ee:c6:e1:78:c6:59:db:12:b3:60:4d:22:80:
         86:6a:88:9c:b0:99:32:cd:6c:1b:cc:d6:ee:6a:db:b1:83:a5:
         81:29:59:af:b3:b8:1e:7b:9b:53:b0:0f:e0:84:f7:8f:d6:2d:
         db:03:91:7d:32:ee:43:6c:07:8e:e6:06:89:e4:95:11:fd:c9:
         4a:9f:a0:6c:9a:a3:ea:6c:3e:f8:da:a7:d1:2f:bf:a5:42:7b:
         c8:9a:11:ac:a0:52:17:9d:a6:46:69:0c:68:6b:16:ba:09:ac:
         17:97:d4:2f:5f:23:51:38:ea:27:c4:50:3a:4f:79:4a:69:41:
         dd:ab:53:fa:ce:47:89:ee:f4:4c:00:c9:9e:82:e8:ff:b3:2f:
         58:1f:a9:ce:f3:c5:89:ee:e9:46:99:51:7f:78:7f:7e:b8:0d:
         65:ff:5e:ca:32:10:cd:38:9f:bd:3b:68:36:12:69:b7:56:01:
         81:d9:02:8c:e1:ac:34:07:a5:b7:7a:dc:57:9b:ff:8d:23:20:
         1e:09:40:ea:ad:23:ba:75:a9:9a:ab:56:4a:42:9e:19:2f:1b:
         32:24:f6:15:52:d1:ff:7b:9d:48:e3:0f:1e:a9:74:77:5f:eb:
         f0:ab:f5:a4:8a:e1:2a:4e:0b:a6:4a:10:0a:8b:7f:1b:6a:3b:
         71:cc:78:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijaclYEL6KEQBONoHQ4cXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2NDUxYWYxMTEyMGQ4ZmE4OThjYjYyMTJjZWE4Y2E2MWRj
NTliOTIwHhcNMjUwMTAxMTU0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjM0NjM3NTMzYmI3YzE5MjM3MDUxZWRkNWY5ZDQ5ZGE1ZmY0Zjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7K5Vx7zvKoldQm7Ai/ZQtSHlEiS
MuV4dMD39NeqMMqQ3Ogw5qDNCz4zEjozDj9qNWutzmRYlf4jnfaWY9ScFHlrY41e
q/J6FHG2TG8Pipbm76iT4/eYgsXnmDRocm5AJy16/znyLVV7QVw8btZA9hZwFKtN
xBYnx3QgnnjNRpPhVDzpkUFsf9JNnec4BI9XicRQCh8wIJpqMRaVKtsTG3AahjkS
T83ntDUyyfkv0jB2kDwbCUSx2sqsqUfmabHyq7xgNZXVdpP9XQH565FIbNMr2xy1
MihhAX7UHKTrUvLw7XiXmBiFgA3ZxqDF2/Ujr6AuBMCYkPzOhxrhzrLnewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPY0Y3Uzu3wZI3BR7dX51J2l/095MB8GA1UdIwQY
MBaAFPZFGvERINj6iYy2ISzqjKYdxZuSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWtVYThSRWcyUHFKakxZaExPcU1waDNGbTVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC8zYjY1YWItYTBlMi00Njg0LWI5ODEt
YTg2YTdhZjM2OGRhLzEvOWpSamRUTzdmQmtqY0ZIdDFmblVuYVhfVDNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC8zYjY1YWItYTBlMi00Njg0LWI5ODEtYTg2YTdhZjM2OGRh
LzEvOWtVYThSRWcyUHFKakxZaExPcU1waDNGbTVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwcA4MA0G
CSqGSIb3DQEBCwUAA4IBAQCOVKgCAu7G4XjGWdsSs2BNIoCGaoicsJkyzWwbzNbu
atuxg6WBKVmvs7gee5tTsA/ghPeP1i3bA5F9Mu5DbAeO5gaJ5JUR/clKn6BsmqPq
bD742qfRL7+lQnvImhGsoFIXnaZGaQxoaxa6CawXl9QvXyNROOonxFA6T3lKaUHd
q1P6zkeJ7vRMAMmeguj/sy9YH6nO88WJ7ulGmVF/eH9+uA1l/17KMhDNOJ+9O2g2
Emm3VgGB2QKM4aw0B6W3etxXm/+NIyAeCUDqrSO6damaq1ZKQp4ZLxsyJPYVUtH/
e51I4w8eqXR3X+vwq/WkiuEqTgumShAKi38bajtxzHh3
-----END CERTIFICATE-----