Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/_1OYZ48jvoTMTuysBZpqpK_Sr78.roa
File:                     _1OYZ48jvoTMTuysBZpqpK_Sr78.roa (raw, json)
Hash identifier:          TbNMwemPGhU9DQp6X+sBigAuC+Eokx5ueYdgG/FNDLc=
Subject key identifier:   FF:53:98:67:8F:23:BE:84:CC:4E:EC:AC:05:9A:6A:A4:AF:D2:AF:BF
Certificate issuer:       /CN=ecf7ca9ffafe72a30966f7e43d92b58e774ce741
Certificate serial:       018CC26D0671814C833007ED1B481ADE552B
Authority key identifier: EC:F7:CA:9F:FA:FE:72:A3:09:66:F7:E4:3D:92:B5:8E:77:4C:E7:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7PfKn_r-cqMJZvfkPZK1jndM50E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/_1OYZ48jvoTMTuysBZpqpK_Sr78.roa
Signing time:             Mon 01 Jan 2024 00:29:34 +0000
ROA not before:           Mon 01 Jan 2024 00:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207713
IP address blocks:        193.32.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/7PfKn_r-cqMJZvfkPZK1jndM50E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/7PfKn_r-cqMJZvfkPZK1jndM50E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7PfKn_r-cqMJZvfkPZK1jndM50E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:06:71:81:4c:83:30:07:ed:1b:48:1a:de:55:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecf7ca9ffafe72a30966f7e43d92b58e774ce741
        Validity
            Not Before: Jan  1 00:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff5398678f23be84cc4eecac059a6aa4afd2afbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:2b:14:96:7e:18:27:f6:f5:51:7f:a7:45:00:
                    96:59:51:7a:b8:aa:b0:a0:45:c8:5f:ee:4a:b7:5e:
                    51:54:ec:14:97:50:f6:c2:90:aa:d1:71:d0:a4:aa:
                    00:d8:6d:ff:78:69:7a:b3:f1:7d:3f:fc:53:00:23:
                    5b:25:fd:16:e1:e2:87:97:27:cb:64:7f:fe:3f:3d:
                    88:41:1a:18:92:b6:db:92:ea:e9:bf:15:17:e2:a9:
                    e5:95:e9:e4:03:bc:1e:ae:94:bc:c1:c8:17:32:cb:
                    b7:d8:c5:d1:3d:3c:06:fd:7f:4a:32:66:53:f1:9c:
                    39:47:60:f3:9a:99:f2:b2:92:96:dd:b9:e6:11:b4:
                    e3:cd:13:fb:99:3d:75:28:40:0e:ba:28:a3:e4:ca:
                    d0:ef:6e:20:18:93:19:94:ae:99:ca:b3:b2:2c:48:
                    03:f3:8d:8d:33:f8:ec:f4:1b:a2:4c:87:11:d1:49:
                    ca:0a:d6:c3:e4:2e:ae:ff:ee:68:85:70:2f:bf:c9:
                    5f:19:03:08:cc:e8:d7:a8:c4:62:c8:ce:00:9f:6a:
                    61:70:ef:4b:03:40:63:74:6c:ce:8f:3e:da:09:f5:
                    30:24:94:d3:97:fc:db:9a:be:36:22:aa:22:2c:b2:
                    eb:2e:f0:c6:82:f1:83:4f:b4:3b:bb:6e:fb:d3:3f:
                    23:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:53:98:67:8F:23:BE:84:CC:4E:EC:AC:05:9A:6A:A4:AF:D2:AF:BF
            X509v3 Authority Key Identifier:
                keyid:EC:F7:CA:9F:FA:FE:72:A3:09:66:F7:E4:3D:92:B5:8E:77:4C:E7:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7PfKn_r-cqMJZvfkPZK1jndM50E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/_1OYZ48jvoTMTuysBZpqpK_Sr78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/7PfKn_r-cqMJZvfkPZK1jndM50E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:96:68:16:a5:37:95:90:75:5d:26:74:25:e1:cf:8d:94:83:
         c0:47:39:b2:bd:3b:e6:de:dc:e3:57:00:45:27:49:8c:ec:52:
         89:9b:a4:86:9e:73:f8:7a:48:e3:f5:d3:99:40:55:42:0a:f3:
         86:1c:c2:9b:cb:0c:8d:93:0d:51:97:59:8a:2a:cc:be:f8:52:
         c3:47:71:af:27:eb:86:cc:31:c8:4f:7f:18:77:b4:9e:83:03:
         50:f6:de:98:f5:ac:43:67:fe:d4:bf:cc:4f:aa:ae:34:93:6a:
         b0:b1:61:c9:ee:f3:c3:8e:f6:af:84:a5:01:1c:2f:78:15:a3:
         1b:4b:83:25:5e:2e:f0:ef:06:52:7c:9e:f6:a1:b0:39:88:49:
         b5:ae:f3:5e:8c:52:08:26:3b:1c:51:33:3b:4e:01:c6:51:17:
         9e:da:fe:1b:15:0e:5f:4f:5d:44:67:f2:76:09:5c:c7:98:3e:
         91:1d:14:c4:4d:40:bf:1c:26:9f:a0:19:18:7e:19:96:0d:4a:
         97:c2:51:73:c3:54:4a:79:04:74:ce:35:a7:58:6e:aa:a4:5b:
         7c:1c:7a:29:0d:ec:9d:05:2d:c6:01:95:1b:c2:f7:34:7f:a9:
         2f:d5:a0:7a:50:01:d5:84:d9:39:cb:71:4e:6d:a8:aa:d8:62:
         1b:73:d2:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQZxgUyDMAftG0ga3lUrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjZjdjYTlmZmFmZTcyYTMwOTY2ZjdlNDNkOTJiNThlNzc0
Y2U3NDEwHhcNMjQwMTAxMDAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjUzOTg2NzhmMjNiZTg0Y2M0ZWVjYWMwNTlhNmFhNGFmZDJhZmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCsUln4YJ/b1UX+nRQCWWVF6uKqw
oEXIX+5Kt15RVOwUl1D2wpCq0XHQpKoA2G3/eGl6s/F9P/xTACNbJf0W4eKHlyfL
ZH/+Pz2IQRoYkrbbkurpvxUX4qnllenkA7werpS8wcgXMsu32MXRPTwG/X9KMmZT
8Zw5R2DzmpnyspKW3bnmEbTjzRP7mT11KEAOuiij5MrQ724gGJMZlK6ZyrOyLEgD
842NM/js9BuiTIcR0UnKCtbD5C6u/+5ohXAvv8lfGQMIzOjXqMRiyM4An2phcO9L
A0BjdGzOjz7aCfUwJJTTl/zbmr42IqoiLLLrLvDGgvGDT7Q7u2770z8jHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP9TmGePI76EzE7srAWaaqSv0q+/MB8GA1UdIwQY
MBaAFOz3yp/6/nKjCWb35D2StY53TOdBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1BmS25fci1jcU1KWnZma1BaSzFqbmRNNTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8zMjc3OWQtMzY1Ni00NGMwLThhYjUt
OTgxZmJiMzQ0MmRkLzEvXzFPWVo0OGp2b1RNVHV5c0JacHFwS19Tcjc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8zMjc3OWQtMzY1Ni00NGMwLThhYjUtOTgxZmJiMzQ0MmRk
LzEvN1BmS25fci1jcU1KWnZma1BaSzFqbmRNNTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSCwMA0G
CSqGSIb3DQEBCwUAA4IBAQAolmgWpTeVkHVdJnQl4c+NlIPARzmyvTvm3tzjVwBF
J0mM7FKJm6SGnnP4ekjj9dOZQFVCCvOGHMKbywyNkw1Rl1mKKsy++FLDR3GvJ+uG
zDHIT38Yd7SegwNQ9t6Y9axDZ/7Uv8xPqq40k2qwsWHJ7vPDjvavhKUBHC94FaMb
S4MlXi7w7wZSfJ72obA5iEm1rvNejFIIJjscUTM7TgHGURee2v4bFQ5fT11EZ/J2
CVzHmD6RHRTETUC/HCafoBkYfhmWDUqXwlFzw1RKeQR0zjWnWG6qpFt8HHopDeyd
BS3GAZUbwvc0f6kv1aB6UAHVhNk5y3FObaiq2GIbc9JN
-----END CERTIFICATE-----