Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/4574bc-296d-4a58-aef7-d2bbd949c452/1/T4idG9-_7YLuaXKzuaB2vPyr5Bc.roa
File:                     T4idG9-_7YLuaXKzuaB2vPyr5Bc.roa (raw, json)
Hash identifier:          NI4DF7ISDWrn6AcEQuVnvd9QAiqeU4kBnnDCpQTX2qY=
Subject key identifier:   4F:88:9D:1B:DF:BF:ED:82:EE:69:72:B3:B9:A0:76:BC:FC:AB:E4:17
Certificate issuer:       /CN=6359a649b036103e80a3ce8f3d1b0138a60581d7
Certificate serial:       018CC80187DD3B812FDC2B07171325B024AA
Authority key identifier: 63:59:A6:49:B0:36:10:3E:80:A3:CE:8F:3D:1B:01:38:A6:05:81:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y1mmSbA2ED6Ao86PPRsBOKYFgdc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/4574bc-296d-4a58-aef7-d2bbd949c452/1/T4idG9-_7YLuaXKzuaB2vPyr5Bc.roa
Signing time:             Tue 02 Jan 2024 02:29:52 +0000
ROA not before:           Tue 02 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205359
IP address blocks:        194.31.99.0/24 maxlen: 24
                          85.193.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/4574bc-296d-4a58-aef7-d2bbd949c452/1/Y1mmSbA2ED6Ao86PPRsBOKYFgdc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/4574bc-296d-4a58-aef7-d2bbd949c452/1/Y1mmSbA2ED6Ao86PPRsBOKYFgdc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y1mmSbA2ED6Ao86PPRsBOKYFgdc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:87:dd:3b:81:2f:dc:2b:07:17:13:25:b0:24:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6359a649b036103e80a3ce8f3d1b0138a60581d7
        Validity
            Not Before: Jan  2 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f889d1bdfbfed82ee6972b3b9a076bcfcabe417
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d9:74:5b:c1:3d:97:f6:2b:67:15:c2:79:b8:
                    96:2e:20:4e:9c:e7:42:01:3c:af:70:1f:61:13:b2:
                    bd:04:dd:cf:6c:19:72:86:6d:93:b3:35:0c:db:4b:
                    83:b0:ad:38:68:fc:24:34:2a:96:f3:7c:f9:a9:1e:
                    a2:d3:ea:37:7f:c7:cc:e5:c2:2c:31:fe:7d:f4:8b:
                    a1:c8:27:94:ca:09:6a:a4:df:ba:a3:39:91:0e:8b:
                    1d:59:27:80:70:49:54:1c:e1:5d:3f:62:d9:51:b2:
                    22:35:dd:7d:83:a0:c3:c1:96:ed:e1:08:33:db:66:
                    ff:2a:a2:85:cf:ef:51:5b:56:9b:5b:d5:3d:45:10:
                    00:07:c0:39:37:21:2a:ef:08:5f:03:d1:71:af:b3:
                    b5:bf:e4:61:33:b2:fc:45:58:8b:5d:66:73:0a:9c:
                    55:4f:b5:c2:42:43:05:d5:4c:da:a6:34:04:04:1d:
                    25:4e:17:4e:27:23:5b:91:4f:fd:7a:d8:bb:61:70:
                    8d:23:b1:a9:bf:17:33:ae:59:b8:20:e5:bf:a0:06:
                    68:45:89:03:cc:f7:71:d2:d9:d1:de:5d:d8:fe:17:
                    37:3c:3a:e0:a9:5d:66:ce:ed:5e:76:ef:1f:a0:20:
                    51:c3:13:5a:ad:ce:10:fc:76:25:6a:83:88:16:99:
                    46:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:88:9D:1B:DF:BF:ED:82:EE:69:72:B3:B9:A0:76:BC:FC:AB:E4:17
            X509v3 Authority Key Identifier:
                keyid:63:59:A6:49:B0:36:10:3E:80:A3:CE:8F:3D:1B:01:38:A6:05:81:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y1mmSbA2ED6Ao86PPRsBOKYFgdc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/4574bc-296d-4a58-aef7-d2bbd949c452/1/T4idG9-_7YLuaXKzuaB2vPyr5Bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/4574bc-296d-4a58-aef7-d2bbd949c452/1/Y1mmSbA2ED6Ao86PPRsBOKYFgdc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.193.76.0/24
                  194.31.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:17:d5:4d:29:82:79:f9:e2:9e:20:b2:05:3c:ac:a9:fd:a4:
         9c:aa:94:fb:9e:8f:4c:cd:25:c1:eb:8e:01:df:5b:4b:2c:b8:
         3b:ef:70:0a:04:1b:57:6a:4a:36:53:6c:73:9b:f4:01:71:ad:
         df:ce:c6:cd:c6:0f:e1:2c:1a:f7:51:35:a5:36:94:60:69:b5:
         c0:19:bb:7a:76:af:95:3c:b0:80:d3:12:84:77:bd:e2:b2:00:
         7f:84:c6:de:d8:27:60:7b:60:86:8f:cd:1f:a5:67:2e:19:76:
         64:55:8e:f8:b9:9b:52:88:26:7d:4e:fa:98:2d:da:fd:7a:40:
         89:ef:4a:3f:b7:41:f6:e0:c3:6d:c9:75:5a:02:6c:b2:23:03:
         44:7c:cf:b8:73:be:28:e1:b9:c6:d4:eb:99:dc:39:bc:3c:4d:
         38:c2:50:9c:34:ba:59:c6:d2:15:8e:45:57:0f:d9:9b:8b:c1:
         36:97:4a:4b:23:63:68:44:28:67:15:0b:44:5d:45:4f:cf:ed:
         d4:6e:ae:cd:c5:71:d6:ff:ad:a2:48:61:a8:bc:0f:0a:8e:81:
         40:fb:a2:ce:01:f1:0e:01:e1:4c:3b:5e:6c:b7:28:75:15:26:
         e6:05:7f:b0:c4:89:74:52:0c:88:3b:88:f3:9a:e2:ee:a9:33:
         62:5d:e6:04
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAYfdO4Ev3CsHFxMlsCSqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNTlhNjQ5YjAzNjEwM2U4MGEzY2U4ZjNkMWIwMTM4YTYw
NTgxZDcwHhcNMjQwMTAyMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Zjg4OWQxYmRmYmZlZDgyZWU2OTcyYjNiOWEwNzZiY2ZjYWJlNDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtl0W8E9l/YrZxXCebiWLiBOnOdC
ATyvcB9hE7K9BN3PbBlyhm2TszUM20uDsK04aPwkNCqW83z5qR6i0+o3f8fM5cIs
Mf599IuhyCeUyglqpN+6ozmRDosdWSeAcElUHOFdP2LZUbIiNd19g6DDwZbt4Qgz
22b/KqKFz+9RW1abW9U9RRAAB8A5NyEq7whfA9Fxr7O1v+RhM7L8RViLXWZzCpxV
T7XCQkMF1UzapjQEBB0lThdOJyNbkU/9eti7YXCNI7Gpvxczrlm4IOW/oAZoRYkD
zPdx0tnR3l3Y/hc3PDrgqV1mzu1edu8foCBRwxNarc4Q/HYlaoOIFplGhQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE+InRvfv+2C7mlys7mgdrz8q+QXMB8GA1UdIwQY
MBaAFGNZpkmwNhA+gKPOjz0bATimBYHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTFtbVNiQTJFRDZBbzg2UFBSc0JPS1lGZ2RjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi80NTc0YmMtMjk2ZC00YTU4LWFlZjct
ZDJiYmQ5NDljNDUyLzEvVDRpZEc5LV83WUx1YVhLenVhQjJ2UHlyNUJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi80NTc0YmMtMjk2ZC00YTU4LWFlZjctZDJiYmQ5NDljNDUy
LzEvWTFtbVNiQTJFRDZBbzg2UFBSc0JPS1lGZ2RjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVcFMAwQA
wh9jMA0GCSqGSIb3DQEBCwUAA4IBAQAgF9VNKYJ5+eKeILIFPKyp/aScqpT7no9M
zSXB644B31tLLLg773AKBBtXako2U2xzm/QBca3fzsbNxg/hLBr3UTWlNpRgabXA
Gbt6dq+VPLCA0xKEd73isgB/hMbe2Cdge2CGj80fpWcuGXZkVY74uZtSiCZ9TvqY
Ldr9ekCJ70o/t0H24MNtyXVaAmyyIwNEfM+4c74o4bnG1OuZ3Dm8PE04wlCcNLpZ
xtIVjkVXD9mbi8E2l0pLI2NoRChnFQtEXUVPz+3Ubq7NxXHW/62iSGGovA8KjoFA
+6LOAfEOAeFMO15styh1FSbmBX+wxIl0UgyIO4jzmuLuqTNiXeYE
-----END CERTIFICATE-----