Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/06ac4f-9833-4e8d-b352-77140d09783c/1/xPlhtt53GhDIVXeCJFWJ_KduDAo.roa
File:                     xPlhtt53GhDIVXeCJFWJ_KduDAo.roa (raw, json)
Hash identifier:          ioYqW83JnB7ILtcNCTe5GrwzojCFdv5UCVxHiJsrD2g=
Subject key identifier:   C4:F9:61:B6:DE:77:1A:10:C8:55:77:82:24:55:89:FC:A7:6E:0C:0A
Certificate issuer:       /CN=6ccf360df9a1f61e23327da0d2c09112e0a9bd69
Certificate serial:       018EBCCF6CBCBDE9BB37BD1BB71854D56305
Authority key identifier: 6C:CF:36:0D:F9:A1:F6:1E:23:32:7D:A0:D2:C0:91:12:E0:A9:BD:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM82Dfmh9h4jMn2g0sCREuCpvWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/06ac4f-9833-4e8d-b352-77140d09783c/1/xPlhtt53GhDIVXeCJFWJ_KduDAo.roa
Signing time:             Mon 08 Apr 2024 08:24:54 +0000
ROA not before:           Mon 08 Apr 2024 08:24:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35574
IP address blocks:        93.101.0.0/20 maxlen: 24
                          185.40.12.0/22 maxlen: 24
                          2a04:a9c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/06ac4f-9833-4e8d-b352-77140d09783c/1/bM82Dfmh9h4jMn2g0sCREuCpvWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/06ac4f-9833-4e8d-b352-77140d09783c/1/bM82Dfmh9h4jMn2g0sCREuCpvWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM82Dfmh9h4jMn2g0sCREuCpvWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 23:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bc:cf:6c:bc:bd:e9:bb:37:bd:1b:b7:18:54:d5:63:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccf360df9a1f61e23327da0d2c09112e0a9bd69
        Validity
            Not Before: Apr  8 08:24:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4f961b6de771a10c8557782245589fca76e0c0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d3:7e:d7:66:dc:85:e7:2f:19:15:62:b7:62:
                    e0:5c:bf:79:66:cc:e8:80:86:f5:51:98:35:05:df:
                    fd:b8:e7:42:21:10:98:a0:fc:6d:d8:dc:f8:5d:b7:
                    02:30:59:f4:64:f1:5e:61:36:5c:c4:1d:d8:87:50:
                    da:64:51:01:f0:b8:9f:06:8e:c3:98:e7:f8:22:f2:
                    8b:f1:a2:07:a0:84:b6:45:96:87:78:6e:d5:d8:43:
                    c1:d6:1f:d8:77:8e:f2:71:88:f7:58:f7:07:40:ec:
                    8f:25:2b:dc:73:4b:52:c6:73:df:e6:7f:15:b3:7a:
                    e5:e9:33:eb:57:28:83:d5:a8:69:59:aa:bb:f0:11:
                    af:f5:90:c7:47:87:ea:4d:d2:34:34:79:9c:ac:46:
                    f9:9e:cb:b9:bc:c6:18:61:9a:a6:47:5e:02:44:53:
                    77:da:22:92:c3:85:fe:3c:25:5c:0a:63:ab:2c:a8:
                    c8:8d:55:da:67:3f:b5:98:61:33:11:13:1b:e0:30:
                    81:f9:0b:5a:87:98:5d:01:b2:e0:1b:8e:1f:e9:b1:
                    73:ec:39:fc:e9:51:b8:59:41:15:be:59:bc:bf:bf:
                    71:0b:00:e3:41:77:18:ae:88:09:73:47:63:a9:61:
                    f2:a2:d9:9d:ad:96:1c:7d:88:2c:96:66:29:e2:a8:
                    77:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:F9:61:B6:DE:77:1A:10:C8:55:77:82:24:55:89:FC:A7:6E:0C:0A
            X509v3 Authority Key Identifier:
                keyid:6C:CF:36:0D:F9:A1:F6:1E:23:32:7D:A0:D2:C0:91:12:E0:A9:BD:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM82Dfmh9h4jMn2g0sCREuCpvWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/06ac4f-9833-4e8d-b352-77140d09783c/1/xPlhtt53GhDIVXeCJFWJ_KduDAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/06ac4f-9833-4e8d-b352-77140d09783c/1/bM82Dfmh9h4jMn2g0sCREuCpvWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.101.0.0/20
                  185.40.12.0/22
                IPv6:
                  2a04:a9c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a1:f2:b5:a3:51:53:79:56:5e:6d:cc:f1:7f:48:15:b0:cf:bf:
         e7:31:7d:80:10:32:ae:2c:bb:6e:a5:11:f2:cd:d2:86:ce:d5:
         31:44:77:c0:84:53:6c:2f:35:07:1d:ba:ed:89:05:48:92:8d:
         a3:44:e1:91:1d:fc:2a:f3:36:b6:6b:89:e3:f6:a1:14:6f:ae:
         c5:ec:3b:fb:43:c6:3e:9d:45:c0:80:ab:90:69:7f:1d:7a:5e:
         5d:fd:cb:79:7c:cc:b7:f1:21:fe:56:00:49:71:46:18:79:09:
         50:c2:ad:cb:ef:f0:98:09:5e:a3:ae:f7:47:10:dd:a4:66:9d:
         df:b4:76:e3:4e:99:c7:34:42:c5:cb:79:aa:15:85:b0:43:e9:
         0e:0d:a8:b7:d1:da:ff:91:b9:15:e3:40:36:17:f1:d4:3a:5d:
         23:f8:48:36:a4:4d:a5:fd:d4:48:b0:b0:cd:f3:fa:76:02:4d:
         9f:10:33:f6:c3:11:8a:23:7b:87:f8:49:7d:13:e9:26:56:57:
         fb:5d:2d:67:04:95:fe:ed:54:e7:72:29:44:38:63:04:c7:3b:
         97:1e:23:c9:cc:9c:5e:bc:c4:f5:0d:df:16:d3:ee:d6:d5:a0:
         40:41:32:d9:73:bb:c0:34:53:9d:26:3b:90:a5:f9:f9:4c:92:
         fe:7c:42:d0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY68z2y8vem7N70btxhU1WMFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjY2YzNjBkZjlhMWY2MWUyMzMyN2RhMGQyYzA5MTEyZTBh
OWJkNjkwHhcNMjQwNDA4MDgyNDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGY5NjFiNmRlNzcxYTEwYzg1NTc3ODIyNDU1ODlmY2E3NmUwYzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodN+12bchecvGRVit2LgXL95Zszo
gIb1UZg1Bd/9uOdCIRCYoPxt2Nz4XbcCMFn0ZPFeYTZcxB3Yh1DaZFEB8LifBo7D
mOf4IvKL8aIHoIS2RZaHeG7V2EPB1h/Yd47ycYj3WPcHQOyPJSvcc0tSxnPf5n8V
s3rl6TPrVyiD1ahpWaq78BGv9ZDHR4fqTdI0NHmcrEb5nsu5vMYYYZqmR14CRFN3
2iKSw4X+PCVcCmOrLKjIjVXaZz+1mGEzERMb4DCB+Qtah5hdAbLgG44f6bFz7Dn8
6VG4WUEVvlm8v79xCwDjQXcYrogJc0djqWHyotmdrZYcfYgslmYp4qh3xwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMT5YbbedxoQyFV3giRVifynbgwKMB8GA1UdIwQY
MBaAFGzPNg35ofYeIzJ9oNLAkRLgqb1pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk04MkRmbWg5aDRqTW4yZzBzQ1JFdUNwdldrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8wNmFjNGYtOTgzMy00ZThkLWIzNTIt
NzcxNDBkMDk3ODNjLzEveFBsaHR0NTNHaERJVlhlQ0pGV0pfS2R1REFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8wNmFjNGYtOTgzMy00ZThkLWIzNTItNzcxNDBkMDk3ODNj
LzEvYk04MkRmbWg5aDRqTW4yZzBzQ1JFdUNwdldrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEXWUAAwQC
uSgMMA0EAgACMAcDBQMqBKnAMA0GCSqGSIb3DQEBCwUAA4IBAQCh8rWjUVN5Vl5t
zPF/SBWwz7/nMX2AEDKuLLtupRHyzdKGztUxRHfAhFNsLzUHHbrtiQVIko2jROGR
Hfwq8za2a4nj9qEUb67F7Dv7Q8Y+nUXAgKuQaX8del5d/ct5fMy38SH+VgBJcUYY
eQlQwq3L7/CYCV6jrvdHEN2kZp3ftHbjTpnHNELFy3mqFYWwQ+kODai30dr/kbkV
40A2F/HUOl0j+Eg2pE2l/dRIsLDN8/p2Ak2fEDP2wxGKI3uH+El9E+kmVlf7XS1n
BJX+7VTncilEOGMExzuXHiPJzJxevMT1Dd8W0+7W1aBAQTLZc7vANFOdJjuQpfn5
TJL+fELQ
-----END CERTIFICATE-----