Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8XLFoSDrcsPTFpsjgSXq3nG8jbc.roa
File:                     8XLFoSDrcsPTFpsjgSXq3nG8jbc.roa (raw, json)
Hash identifier:          c53PYxH7lWa1U6u3KxxK138YSuZa6ehXoPzyHeylZvs=
Subject key identifier:   F1:72:C5:A1:20:EB:72:C3:D3:16:9B:23:81:25:EA:DE:71:BC:8D:B7
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCF9DA012DCA262425C2BBBE080BF9
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8XLFoSDrcsPTFpsjgSXq3nG8jbc.roa
Signing time:             Tue 02 Jan 2024 06:29:34 +0000
ROA not before:           Tue 02 Jan 2024 06:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198860
IP address blocks:        93.123.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:f9:da:01:2d:ca:26:24:25:c2:bb:be:08:0b:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f172c5a120eb72c3d3169b238125eade71bc8db7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:65:27:37:9b:20:54:95:95:1d:4d:07:c2:e8:
                    a9:cd:58:07:0e:ad:10:19:b1:05:18:50:6a:2c:eb:
                    88:a5:b9:3e:a8:f1:ce:45:77:bb:79:d3:c6:2e:93:
                    c6:22:62:10:60:44:13:d1:65:f3:0b:a8:fd:ce:fc:
                    2a:45:d0:e0:85:a8:fc:1a:19:6e:6f:f5:b1:ac:e2:
                    ab:51:e0:0c:6a:5e:3e:1a:27:31:f2:41:ea:4e:60:
                    c4:9b:b7:23:65:7c:ef:d5:96:dc:9e:a5:ed:4d:74:
                    91:67:99:af:fc:2c:4a:f6:b9:67:06:e0:ae:c5:c2:
                    3a:21:7a:89:9d:c1:d8:4b:af:e8:b1:58:d7:af:5d:
                    41:20:af:90:c9:58:4b:67:2b:ea:41:20:de:f0:64:
                    ac:aa:e3:4f:d2:57:46:f4:95:eb:59:77:dd:48:fb:
                    95:89:4f:70:27:c1:d4:14:77:a4:75:e5:ca:81:4d:
                    70:5f:6b:46:8f:81:c0:27:86:6f:df:7c:a0:7d:e7:
                    8e:d2:11:a2:cf:c7:8e:9e:04:30:36:10:27:63:00:
                    40:f9:54:50:0c:b9:23:e1:9b:02:ac:c1:f3:a0:e6:
                    96:a0:96:41:d4:7e:ae:b1:1a:08:f4:17:9c:92:7b:
                    b5:29:5a:df:33:08:68:0c:23:d6:fa:99:a4:3b:ef:
                    ac:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:72:C5:A1:20:EB:72:C3:D3:16:9B:23:81:25:EA:DE:71:BC:8D:B7
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8XLFoSDrcsPTFpsjgSXq3nG8jbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.123.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:5a:af:0d:33:40:29:fd:ec:1e:9f:01:a4:23:dd:40:08:97:
         80:d4:d5:9b:5c:ad:ac:7b:e4:0a:09:b1:04:26:ad:e4:e1:fe:
         a7:73:5f:7c:df:39:2d:62:bc:a9:56:d9:0c:8b:9a:69:68:39:
         94:a1:4a:99:03:85:56:c5:f6:59:98:c3:99:3c:78:92:15:1f:
         99:ea:da:76:92:e8:5f:06:f2:42:c7:55:d5:da:0b:fc:19:b0:
         b0:cd:75:f0:58:ef:fa:97:ca:03:2e:9d:1b:9d:64:fd:7e:fc:
         a5:be:29:10:0c:0a:41:be:96:5e:0a:3f:0e:da:83:b2:95:de:
         62:98:fd:33:f1:8b:41:84:21:6c:b1:ab:b9:7a:98:8e:b1:39:
         94:67:c6:19:6e:5b:06:ec:45:32:a2:76:03:96:91:46:2c:b5:
         00:d4:1f:07:86:70:3e:31:47:db:ce:e8:97:96:83:fa:90:63:
         d1:c8:58:65:e4:a5:81:48:87:69:f1:c6:43:24:e6:1d:37:8f:
         1b:69:26:9d:b8:a1:b6:59:52:3c:35:4a:40:89:94:bc:a3:6e:
         53:83:a7:ec:9b:49:f3:f9:03:2c:7e:72:5d:79:40:23:68:fb:
         63:a7:3c:5a:ea:eb:bb:f5:d1:3b:fd:0c:33:b3:ea:cc:f9:0c:
         59:92:fe:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3PnaAS3KJiQlwru+CAv5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTcyYzVhMTIwZWI3MmMzZDMxNjliMjM4MTI1ZWFkZTcxYmM4ZGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGUnN5sgVJWVHU0HwuipzVgHDq0Q
GbEFGFBqLOuIpbk+qPHORXe7edPGLpPGImIQYEQT0WXzC6j9zvwqRdDghaj8Ghlu
b/WxrOKrUeAMal4+Gicx8kHqTmDEm7cjZXzv1ZbcnqXtTXSRZ5mv/CxK9rlnBuCu
xcI6IXqJncHYS6/osVjXr11BIK+QyVhLZyvqQSDe8GSsquNP0ldG9JXrWXfdSPuV
iU9wJ8HUFHekdeXKgU1wX2tGj4HAJ4Zv33ygfeeO0hGiz8eOngQwNhAnYwBA+VRQ
DLkj4ZsCrMHzoOaWoJZB1H6usRoI9Becknu1KVrfMwhoDCPW+pmkO++s9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPFyxaEg63LD0xabI4El6t5xvI23MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvOFhMRm9TRHJjc1BURnBzamdTWHEzbkc4amJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXsNMA0G
CSqGSIb3DQEBCwUAA4IBAQAfWq8NM0Ap/ewenwGkI91ACJeA1NWbXK2se+QKCbEE
Jq3k4f6nc1983zktYrypVtkMi5ppaDmUoUqZA4VWxfZZmMOZPHiSFR+Z6tp2kuhf
BvJCx1XV2gv8GbCwzXXwWO/6l8oDLp0bnWT9fvylvikQDApBvpZeCj8O2oOyld5i
mP0z8YtBhCFssau5epiOsTmUZ8YZblsG7EUyonYDlpFGLLUA1B8HhnA+MUfbzuiX
loP6kGPRyFhl5KWBSIdp8cZDJOYdN48baSaduKG2WVI8NUpAiZS8o25Tg6fsm0nz
+QMsfnJdeUAjaPtjpzxa6uu79dE7/Qwzs+rM+QxZkv78
-----END CERTIFICATE-----