Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5d7b3-2305-4e2e-bead-24f287c9a5f4/1/pC6yRAfa60mlwMKETDehcpW2U9c.roa
File:                     pC6yRAfa60mlwMKETDehcpW2U9c.roa (raw, json)
Hash identifier:          QQqhJCza+iG1UZUu6HHUaNT/m/maihxDma99p4FSgO0=
Subject key identifier:   A4:2E:B2:44:07:DA:EB:49:A5:C0:C2:84:4C:37:A1:72:95:B6:53:D7
Certificate issuer:       /CN=023ad6c4458fe69f4591faccb56bdc331af6b4cd
Certificate serial:       018CC2DB1847582F8D1E7EFF27C1BD7B4DA3
Authority key identifier: 02:3A:D6:C4:45:8F:E6:9F:45:91:FA:CC:B5:6B:DC:33:1A:F6:B4:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AjrWxEWP5p9FkfrMtWvcMxr2tM0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5d7b3-2305-4e2e-bead-24f287c9a5f4/1/pC6yRAfa60mlwMKETDehcpW2U9c.roa
Signing time:             Mon 01 Jan 2024 02:29:47 +0000
ROA not before:           Mon 01 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50220
IP address blocks:        193.104.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5d7b3-2305-4e2e-bead-24f287c9a5f4/1/AjrWxEWP5p9FkfrMtWvcMxr2tM0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5d7b3-2305-4e2e-bead-24f287c9a5f4/1/AjrWxEWP5p9FkfrMtWvcMxr2tM0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AjrWxEWP5p9FkfrMtWvcMxr2tM0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:18:47:58:2f:8d:1e:7e:ff:27:c1:bd:7b:4d:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=023ad6c4458fe69f4591faccb56bdc331af6b4cd
        Validity
            Not Before: Jan  1 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a42eb24407daeb49a5c0c2844c37a17295b653d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:17:05:44:eb:ee:59:3d:be:f7:aa:70:cc:25:
                    cc:b3:51:af:69:49:be:e8:49:1b:85:a1:5e:a3:6a:
                    00:f8:7f:58:63:3b:b3:43:53:d9:15:8a:ad:ac:c3:
                    3c:c5:25:3f:93:cf:6d:01:86:50:59:bc:1a:80:11:
                    cc:66:f2:86:32:85:fd:11:0a:24:5e:2d:c2:c8:f0:
                    0f:0f:38:3f:17:07:35:33:c8:ab:8b:b4:ef:ee:eb:
                    27:cd:f0:00:96:33:1c:a8:fb:89:97:80:7b:23:93:
                    f4:ae:01:ea:18:20:06:a8:fa:07:b8:98:c3:76:e0:
                    7e:b0:b6:12:17:b3:8e:59:74:3d:4b:73:b9:b5:25:
                    e7:49:d3:a2:0a:ff:a7:0b:40:7b:76:87:12:8e:e8:
                    1a:fe:1b:65:b9:ab:97:17:bc:2a:24:a4:88:c9:0c:
                    a2:77:95:ef:97:cd:b4:61:11:32:dc:62:7b:12:75:
                    10:97:87:af:9f:1f:cf:36:93:7d:40:53:9b:c3:32:
                    8a:dd:99:26:ba:41:b4:c1:4f:06:28:7e:97:e1:3d:
                    11:05:16:94:9c:a1:3c:47:8d:ab:d1:b4:90:2b:11:
                    e3:77:c3:31:af:d0:ea:a4:09:ed:d4:d1:66:61:52:
                    2d:d3:48:9c:7a:79:2f:d8:69:ac:95:1f:4b:81:36:
                    d3:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:2E:B2:44:07:DA:EB:49:A5:C0:C2:84:4C:37:A1:72:95:B6:53:D7
            X509v3 Authority Key Identifier:
                keyid:02:3A:D6:C4:45:8F:E6:9F:45:91:FA:CC:B5:6B:DC:33:1A:F6:B4:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AjrWxEWP5p9FkfrMtWvcMxr2tM0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5d7b3-2305-4e2e-bead-24f287c9a5f4/1/pC6yRAfa60mlwMKETDehcpW2U9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5d7b3-2305-4e2e-bead-24f287c9a5f4/1/AjrWxEWP5p9FkfrMtWvcMxr2tM0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:b2:f0:10:a9:0e:f1:57:25:54:cd:82:13:a8:7a:42:b2:d1:
         2e:08:cf:21:14:f0:5f:9a:5d:0d:3c:e9:c1:84:aa:29:8e:36:
         32:0e:d7:99:90:00:da:e9:9a:c6:87:1e:f5:fc:66:58:de:ab:
         c4:c9:c0:90:44:f3:7b:93:bf:14:13:4e:35:0f:1a:af:2e:50:
         e8:8d:2a:24:ad:3c:34:99:3f:e1:aa:5a:5d:21:e7:e8:87:52:
         da:f1:45:14:58:0b:d7:92:12:b6:c2:e5:9b:07:ee:95:f7:c5:
         6b:00:80:ee:8a:1b:63:9e:8d:f3:8d:00:4e:32:17:27:6c:cd:
         a8:59:f8:e1:94:1c:28:59:ed:47:8e:a2:78:41:2e:bf:85:1f:
         df:2c:2c:bb:63:14:6e:07:6b:b9:e9:20:20:86:c5:f3:4b:64:
         d6:e8:78:01:75:c1:13:c4:f3:9a:c4:cb:f0:55:1e:9a:ea:b0:
         9f:79:fb:87:98:41:a6:4c:3e:e2:6e:a5:91:01:82:c6:6a:4d:
         1b:69:6e:c1:ca:fa:7b:69:13:4d:71:fa:dc:2e:da:b7:e0:69:
         45:80:c3:5e:77:a8:f2:11:30:19:fb:13:7a:b1:db:25:1c:79:
         df:f9:e2:12:9f:b5:d3:49:99:57:dd:2e:54:ae:4b:d0:f9:f2:
         f3:e5:8b:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xhHWC+NHn7/J8G9e02jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyM2FkNmM0NDU4ZmU2OWY0NTkxZmFjY2I1NmJkYzMzMWFm
NmI0Y2QwHhcNMjQwMTAxMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDJlYjI0NDA3ZGFlYjQ5YTVjMGMyODQ0YzM3YTE3Mjk1YjY1M2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxcFROvuWT2+96pwzCXMs1GvaUm+
6EkbhaFeo2oA+H9YYzuzQ1PZFYqtrMM8xSU/k89tAYZQWbwagBHMZvKGMoX9EQok
Xi3CyPAPDzg/Fwc1M8iri7Tv7usnzfAAljMcqPuJl4B7I5P0rgHqGCAGqPoHuJjD
duB+sLYSF7OOWXQ9S3O5tSXnSdOiCv+nC0B7docSjuga/htluauXF7wqJKSIyQyi
d5Xvl820YREy3GJ7EnUQl4evnx/PNpN9QFObwzKK3ZkmukG0wU8GKH6X4T0RBRaU
nKE8R42r0bSQKxHjd8Mxr9DqpAnt1NFmYVIt00icenkv2GmslR9LgTbTPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQuskQH2utJpcDChEw3oXKVtlPXMB8GA1UdIwQY
MBaAFAI61sRFj+afRZH6zLVr3DMa9rTNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWpyV3hFV1A1cDlGa2ZyTXRXdmNNeHIydE0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWQ3YjMtMjMwNS00ZTJlLWJlYWQt
MjRmMjg3YzlhNWY0LzEvcEM2eVJBZmE2MG1sd01LRVREZWhjcFcyVTljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWQ3YjMtMjMwNS00ZTJlLWJlYWQtMjRmMjg3YzlhNWY0
LzEvQWpyV3hFV1A1cDlGa2ZyTXRXdmNNeHIydE0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWi0MA0G
CSqGSIb3DQEBCwUAA4IBAQBZsvAQqQ7xVyVUzYITqHpCstEuCM8hFPBfml0NPOnB
hKopjjYyDteZkADa6ZrGhx71/GZY3qvEycCQRPN7k78UE041DxqvLlDojSokrTw0
mT/hqlpdIefoh1La8UUUWAvXkhK2wuWbB+6V98VrAIDuihtjno3zjQBOMhcnbM2o
WfjhlBwoWe1HjqJ4QS6/hR/fLCy7YxRuB2u56SAghsXzS2TW6HgBdcETxPOaxMvw
VR6a6rCfefuHmEGmTD7ibqWRAYLGak0baW7Byvp7aRNNcfrcLtq34GlFgMNed6jy
ETAZ+xN6sdslHHnf+eISn7XTSZlX3S5UrkvQ+fLz5Yvl
-----END CERTIFICATE-----