Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/2f034c-23d4-469a-a006-cbed01781fce/1/gAfIx-xnDxuyj8iOJ2Abmyua-Kk.roa
File:                     gAfIx-xnDxuyj8iOJ2Abmyua-Kk.roa (raw, json)
Hash identifier:          m6NxtFgMxKiNgV3JjoiFOYfDMzi9vOnRp52AvxW8m5o=
Subject key identifier:   80:07:C8:C7:EC:67:0F:1B:B2:8F:C8:8E:27:60:1B:9B:2B:9A:F8:A9
Certificate issuer:       /CN=d9ec085baa8caa7b5b934eca29c17961fc88db1b
Certificate serial:       018CC6B7B2125298198F14A6FEB4CC0BFBB0
Authority key identifier: D9:EC:08:5B:AA:8C:AA:7B:5B:93:4E:CA:29:C1:79:61:FC:88:DB:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ewIW6qMqntbk07KKcF5YfyI2xs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/2f034c-23d4-469a-a006-cbed01781fce/1/gAfIx-xnDxuyj8iOJ2Abmyua-Kk.roa
Signing time:             Mon 01 Jan 2024 20:29:36 +0000
ROA not before:           Mon 01 Jan 2024 20:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203709
IP address blocks:        193.34.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/2f034c-23d4-469a-a006-cbed01781fce/1/2ewIW6qMqntbk07KKcF5YfyI2xs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/2f034c-23d4-469a-a006-cbed01781fce/1/2ewIW6qMqntbk07KKcF5YfyI2xs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ewIW6qMqntbk07KKcF5YfyI2xs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b2:12:52:98:19:8f:14:a6:fe:b4:cc:0b:fb:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9ec085baa8caa7b5b934eca29c17961fc88db1b
        Validity
            Not Before: Jan  1 20:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8007c8c7ec670f1bb28fc88e27601b9b2b9af8a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:91:e2:1c:6d:ac:be:c2:50:c3:cf:a0:e0:03:
                    60:e0:b8:45:d9:5f:4b:4b:f3:81:60:78:15:cf:ab:
                    e8:d6:41:d5:b8:83:61:2f:c0:ca:4e:01:1b:a6:25:
                    41:45:28:95:dc:16:67:17:40:a5:9e:fd:24:31:b9:
                    05:ae:5f:bb:94:ad:26:13:c7:0d:71:3e:aa:29:04:
                    2f:88:80:d2:1f:2f:c3:c8:37:ed:00:4c:1e:c0:cf:
                    10:79:ea:a0:95:5d:d0:a0:94:4f:d7:96:21:fc:c3:
                    f6:08:39:9a:00:56:7e:e0:85:07:72:c8:42:4d:e6:
                    43:a8:37:39:fd:b3:96:3e:64:aa:c3:5c:c1:33:60:
                    64:be:2a:c9:8f:33:e9:f0:5e:42:8c:f6:02:07:f6:
                    6f:92:f6:1c:21:3e:1a:fc:dd:d0:e9:d1:06:c2:15:
                    06:f6:89:76:69:52:6c:24:c7:b1:d7:58:6a:4e:78:
                    60:5f:b1:27:e4:66:ef:ec:ed:4f:aa:4c:fa:a7:bf:
                    25:da:a4:c5:73:ba:1f:3a:b7:7a:2e:0c:74:04:9d:
                    01:1a:5f:62:d7:6a:af:bc:37:10:5b:1b:2a:93:54:
                    49:ae:c2:51:d0:3b:3b:b4:81:1b:36:a2:7f:7e:cb:
                    b6:9b:ab:ca:b4:9e:b9:d4:b1:aa:ef:76:0c:e5:4f:
                    14:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:07:C8:C7:EC:67:0F:1B:B2:8F:C8:8E:27:60:1B:9B:2B:9A:F8:A9
            X509v3 Authority Key Identifier:
                keyid:D9:EC:08:5B:AA:8C:AA:7B:5B:93:4E:CA:29:C1:79:61:FC:88:DB:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ewIW6qMqntbk07KKcF5YfyI2xs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/2f034c-23d4-469a-a006-cbed01781fce/1/gAfIx-xnDxuyj8iOJ2Abmyua-Kk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/2f034c-23d4-469a-a006-cbed01781fce/1/2ewIW6qMqntbk07KKcF5YfyI2xs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:07:2b:6f:6b:76:4e:32:e3:65:64:3c:99:bb:20:14:2a:1f:
         af:2b:81:03:ab:63:4e:1f:3b:5c:b9:80:78:7a:07:f4:a8:4b:
         1f:d4:84:af:33:a3:f2:f8:d7:69:89:a2:b7:c8:7c:c2:5e:ee:
         4b:11:d8:24:f9:95:70:ba:25:ab:e9:cd:77:5a:ad:c1:47:c4:
         61:17:02:6a:27:86:2e:32:80:f3:3b:9a:1f:ee:87:b1:3b:f6:
         18:12:9f:eb:81:1a:bf:fe:59:35:1b:6a:bd:26:63:92:fa:d2:
         f0:98:71:53:d6:c4:35:38:1d:96:57:74:02:31:96:b3:c3:d9:
         5f:76:63:52:0e:1e:6f:9a:70:f3:da:d8:3d:2e:11:9c:6b:46:
         af:4d:82:42:65:c0:b6:b9:34:84:17:3f:7e:9f:9d:b8:34:a1:
         9e:c7:6b:4a:b0:2c:a3:47:33:63:b2:9c:72:ad:72:23:a9:33:
         0d:57:6c:75:d0:bb:c6:5c:2a:8a:a5:e6:2e:8d:27:f9:ed:c0:
         d0:30:73:5c:83:0c:b2:ed:71:c6:6d:94:92:d1:5a:7b:cd:9c:
         51:44:ee:b6:1c:e2:70:92:79:8a:4b:e0:5f:77:19:47:9c:04:
         c0:00:fe:19:7c:59:04:fa:05:fd:f0:db:10:8c:91:ff:a9:b0:
         d3:c6:3d:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt7ISUpgZjxSm/rTMC/uwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZWMwODViYWE4Y2FhN2I1YjkzNGVjYTI5YzE3OTYxZmM4
OGRiMWIwHhcNMjQwMTAxMjAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDA3YzhjN2VjNjcwZjFiYjI4ZmM4OGUyNzYwMWI5YjJiOWFmOGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJHiHG2svsJQw8+g4ANg4LhF2V9L
S/OBYHgVz6vo1kHVuINhL8DKTgEbpiVBRSiV3BZnF0Clnv0kMbkFrl+7lK0mE8cN
cT6qKQQviIDSHy/DyDftAEwewM8QeeqglV3QoJRP15Yh/MP2CDmaAFZ+4IUHcshC
TeZDqDc5/bOWPmSqw1zBM2BkvirJjzPp8F5CjPYCB/ZvkvYcIT4a/N3Q6dEGwhUG
9ol2aVJsJMex11hqTnhgX7En5Gbv7O1Pqkz6p78l2qTFc7ofOrd6Lgx0BJ0BGl9i
12qvvDcQWxsqk1RJrsJR0Ds7tIEbNqJ/fsu2m6vKtJ651LGq73YM5U8U5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIAHyMfsZw8bso/IjidgG5srmvipMB8GA1UdIwQY
MBaAFNnsCFuqjKp7W5NOyinBeWH8iNsbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmV3SVc2cU1xbnRiazA3S0tjRjVZZnlJMnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8yZjAzNGMtMjNkNC00NjlhLWEwMDYt
Y2JlZDAxNzgxZmNlLzEvZ0FmSXgteG5EeHV5ajhpT0oyQWJteXVhLUtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8yZjAzNGMtMjNkNC00NjlhLWEwMDYtY2JlZDAxNzgxZmNl
LzEvMmV3SVc2cU1xbnRiazA3S0tjRjVZZnlJMnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSLzMA0G
CSqGSIb3DQEBCwUAA4IBAQBiBytva3ZOMuNlZDyZuyAUKh+vK4EDq2NOHztcuYB4
egf0qEsf1ISvM6Py+NdpiaK3yHzCXu5LEdgk+ZVwuiWr6c13Wq3BR8RhFwJqJ4Yu
MoDzO5of7oexO/YYEp/rgRq//lk1G2q9JmOS+tLwmHFT1sQ1OB2WV3QCMZazw9lf
dmNSDh5vmnDz2tg9LhGca0avTYJCZcC2uTSEFz9+n524NKGex2tKsCyjRzNjspxy
rXIjqTMNV2x10LvGXCqKpeYujSf57cDQMHNcgwyy7XHGbZSS0Vp7zZxRRO62HOJw
knmKS+BfdxlHnATAAP4ZfFkE+gX98NsQjJH/qbDTxj3R
-----END CERTIFICATE-----