Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/2f034c-23d4-469a-a006-cbed01781fce/1/eA3Iml9daMrmSRua1K_ZqYRDYp4.roa
File:                     eA3Iml9daMrmSRua1K_ZqYRDYp4.roa (raw, json)
Hash identifier:          PY/aGBHsPhADle9n2VIOomwF7gFC740WkI2dpIvZGsA=
Subject key identifier:   78:0D:C8:9A:5F:5D:68:CA:E6:49:1B:9A:D4:AF:D9:A9:84:43:62:9E
Certificate issuer:       /CN=d9ec085baa8caa7b5b934eca29c17961fc88db1b
Certificate serial:       018CC6B7B1D0AB69A89AF1FC3951553FD676
Authority key identifier: D9:EC:08:5B:AA:8C:AA:7B:5B:93:4E:CA:29:C1:79:61:FC:88:DB:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ewIW6qMqntbk07KKcF5YfyI2xs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/2f034c-23d4-469a-a006-cbed01781fce/1/eA3Iml9daMrmSRua1K_ZqYRDYp4.roa
Signing time:             Mon 01 Jan 2024 20:29:36 +0000
ROA not before:           Mon 01 Jan 2024 20:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202766
IP address blocks:        193.34.240.0/24 maxlen: 24
                          193.34.242.0/24 maxlen: 24
                          193.34.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/2f034c-23d4-469a-a006-cbed01781fce/1/2ewIW6qMqntbk07KKcF5YfyI2xs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/2f034c-23d4-469a-a006-cbed01781fce/1/2ewIW6qMqntbk07KKcF5YfyI2xs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ewIW6qMqntbk07KKcF5YfyI2xs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 18:17:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b1:d0:ab:69:a8:9a:f1:fc:39:51:55:3f:d6:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9ec085baa8caa7b5b934eca29c17961fc88db1b
        Validity
            Not Before: Jan  1 20:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=780dc89a5f5d68cae6491b9ad4afd9a98443629e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:78:df:37:19:2c:80:a6:83:47:9f:a2:ea:66:
                    df:81:97:75:05:db:ea:a1:d4:1d:2b:88:f1:38:67:
                    13:b9:2c:40:11:0e:b8:13:54:3d:63:f5:45:16:64:
                    e1:7f:a7:c3:be:4e:00:4e:32:7e:7d:31:b1:b8:66:
                    54:54:f8:5f:d0:07:55:41:68:de:eb:96:e9:8e:08:
                    54:f7:12:62:09:74:c2:01:7f:64:cb:eb:92:95:fd:
                    72:32:20:4e:e5:3e:a0:18:37:9a:74:fb:62:6c:99:
                    33:15:9f:83:c6:5d:63:b0:e0:49:41:c8:ec:22:f4:
                    21:95:44:d4:61:7f:36:88:a9:ec:12:b6:ea:e4:f2:
                    9f:67:47:92:86:a8:47:3e:00:20:8a:7d:ed:0f:d4:
                    65:db:37:f2:16:97:92:cb:55:b0:71:44:03:4d:79:
                    8e:d7:bb:f2:2b:ef:2b:97:ce:4e:84:2a:2a:91:22:
                    99:cc:09:36:1f:cc:8e:ca:0b:f7:95:37:5a:d6:15:
                    93:25:c1:f3:6d:70:52:f9:63:94:98:66:f2:82:4d:
                    ae:03:f0:a6:4a:57:16:e0:0c:7e:13:88:5f:b8:55:
                    05:85:3a:1b:6f:fd:ad:c4:74:52:72:c3:16:26:06:
                    a3:7a:33:79:bd:29:59:79:0a:a0:d4:93:37:0e:a9:
                    95:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:0D:C8:9A:5F:5D:68:CA:E6:49:1B:9A:D4:AF:D9:A9:84:43:62:9E
            X509v3 Authority Key Identifier:
                keyid:D9:EC:08:5B:AA:8C:AA:7B:5B:93:4E:CA:29:C1:79:61:FC:88:DB:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ewIW6qMqntbk07KKcF5YfyI2xs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/2f034c-23d4-469a-a006-cbed01781fce/1/eA3Iml9daMrmSRua1K_ZqYRDYp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/2f034c-23d4-469a-a006-cbed01781fce/1/2ewIW6qMqntbk07KKcF5YfyI2xs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.240.0-193.34.242.255

    Signature Algorithm: sha256WithRSAEncryption
         38:2b:df:0b:fe:10:ff:17:b9:9c:38:0c:17:bb:fb:38:77:80:
         74:62:94:ca:88:90:7b:26:02:63:00:c8:df:03:f3:de:d2:fd:
         48:f3:74:17:ac:ba:21:27:0a:40:ba:9e:28:eb:16:78:5c:30:
         f3:34:d0:ac:75:89:19:55:f2:85:25:2c:1b:6d:55:7f:7f:4f:
         7e:ab:98:7a:63:69:f3:8f:29:ab:84:99:f5:e3:d7:bc:05:dc:
         98:c9:5b:94:02:6e:bb:a5:7d:cf:bd:fc:5f:68:28:7f:6e:5b:
         1d:2b:f2:13:46:6e:7c:8f:e6:68:2e:69:3b:f6:bf:2a:f2:24:
         f0:36:03:b7:17:5b:47:d1:dc:d2:9a:22:c3:05:1e:08:6a:2b:
         c6:72:90:a3:98:8e:27:82:85:82:f6:d2:af:e3:65:e8:ee:e4:
         98:9c:42:cd:c4:f3:6f:ef:fa:b6:dd:dc:95:7e:7c:dd:42:9a:
         61:76:2a:a1:10:71:25:e2:92:45:8d:8a:77:e2:71:b4:c4:67:
         0e:72:a5:fe:90:00:5f:d6:d8:d7:1a:b2:27:f8:d9:67:2b:96:
         b9:93:f9:2f:a1:67:86:3a:1e:cd:4e:03:9c:a7:36:c5:4c:00:
         d8:d1:10:17:a6:26:37:45:53:b7:44:cf:27:b2:ca:e4:d6:4e:
         3e:bd:fa:1e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGt7HQq2momvH8OVFVP9Z2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZWMwODViYWE4Y2FhN2I1YjkzNGVjYTI5YzE3OTYxZmM4
OGRiMWIwHhcNMjQwMTAxMjAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODBkYzg5YTVmNWQ2OGNhZTY0OTFiOWFkNGFmZDlhOTg0NDM2MjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXjfNxksgKaDR5+i6mbfgZd1Bdvq
odQdK4jxOGcTuSxAEQ64E1Q9Y/VFFmThf6fDvk4ATjJ+fTGxuGZUVPhf0AdVQWje
65bpjghU9xJiCXTCAX9ky+uSlf1yMiBO5T6gGDeadPtibJkzFZ+Dxl1jsOBJQcjs
IvQhlUTUYX82iKnsErbq5PKfZ0eShqhHPgAgin3tD9Rl2zfyFpeSy1WwcUQDTXmO
17vyK+8rl85OhCoqkSKZzAk2H8yOygv3lTda1hWTJcHzbXBS+WOUmGbygk2uA/Cm
SlcW4Ax+E4hfuFUFhTobb/2txHRScsMWJgajejN5vSlZeQqg1JM3DqmVywIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHgNyJpfXWjK5kkbmtSv2amEQ2KeMB8GA1UdIwQY
MBaAFNnsCFuqjKp7W5NOyinBeWH8iNsbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmV3SVc2cU1xbnRiazA3S0tjRjVZZnlJMnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8yZjAzNGMtMjNkNC00NjlhLWEwMDYt
Y2JlZDAxNzgxZmNlLzEvZUEzSW1sOWRhTXJtU1J1YTFLX1pxWVJEWXA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8yZjAzNGMtMjNkNC00NjlhLWEwMDYtY2JlZDAxNzgxZmNl
LzEvMmV3SVc2cU1xbnRiazA3S0tjRjVZZnlJMnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBATBIvAD
BADBIvIwDQYJKoZIhvcNAQELBQADggEBADgr3wv+EP8XuZw4DBe7+zh3gHRilMqI
kHsmAmMAyN8D897S/UjzdBesuiEnCkC6nijrFnhcMPM00Kx1iRlV8oUlLBttVX9/
T36rmHpjafOPKauEmfXj17wF3JjJW5QCbrulfc+9/F9oKH9uWx0r8hNGbnyP5mgu
aTv2vyryJPA2A7cXW0fR3NKaIsMFHghqK8ZykKOYjieChYL20q/jZeju5JicQs3E
82/v+rbd3JV+fN1CmmF2KqEQcSXikkWNinficbTEZw5ypf6QAF/W2Ncasif42Wcr
lrmT+S+hZ4Y6Hs1OA5ynNsVMANjREBemJjdFU7dEzyeyyuTWTj69+h4=
-----END CERTIFICATE-----