Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/4eO8DVBJj6AdMCWgFk6sM5369gk.roa
File:                     4eO8DVBJj6AdMCWgFk6sM5369gk.roa (raw, json)
Hash identifier:          V37ni0aeLIgZOjRuAnfSaynwQl9N0vz2H05fkVtrOdQ=
Subject key identifier:   E1:E3:BC:0D:50:49:8F:A0:1D:30:25:A0:16:4E:AC:33:9D:FA:F6:09
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC79539F3A3D15C7B79D9E1625FEB59CC
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/4eO8DVBJj6AdMCWgFk6sM5369gk.roa
Signing time:             Tue 02 Jan 2024 00:31:34 +0000
ROA not before:           Tue 02 Jan 2024 00:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212624
IP address blocks:        193.233.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:39:f3:a3:d1:5c:7b:79:d9:e1:62:5f:eb:59:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1e3bc0d50498fa01d3025a0164eac339dfaf609
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:d3:54:38:72:7f:01:58:5a:89:96:50:16:4f:
                    47:3b:1a:f7:45:87:c8:b8:c4:2f:78:e2:a2:55:fa:
                    69:6d:81:95:b4:2c:a9:9c:9f:c7:5d:e4:db:7d:c0:
                    ec:7b:f6:a3:7e:a2:99:da:2a:80:2d:7d:83:6a:bd:
                    bc:88:4b:e1:7f:c2:06:cb:11:0d:8e:f5:fe:05:8a:
                    5f:e5:03:d3:c0:e2:39:3f:f0:f8:c7:40:75:94:ff:
                    5f:89:d0:00:98:49:02:38:25:f7:3d:3b:c1:4d:34:
                    fe:c2:09:c6:0e:22:51:dd:70:3e:86:ae:4b:18:c1:
                    2b:e3:93:30:85:55:61:5c:75:c1:c7:18:cb:fb:81:
                    79:f5:54:ee:bc:77:59:c5:a7:0c:70:c9:5f:96:08:
                    c8:5b:fb:d6:ec:64:04:ea:a0:19:e5:0a:9c:64:96:
                    ca:fc:a5:c7:4d:60:07:45:47:44:7b:2e:f9:3b:fa:
                    7c:dd:aa:38:13:ba:9a:f8:28:a6:b1:f2:23:66:b9:
                    6e:de:de:a9:7b:1e:ee:51:ee:ed:3a:c6:00:db:30:
                    22:f6:43:6d:fb:99:cc:00:01:ba:3f:33:c4:eb:b7:
                    09:68:40:15:b5:67:9d:57:31:ef:46:b9:3d:6a:b5:
                    d5:ac:f9:e7:aa:9b:64:92:20:ff:02:84:27:bd:fc:
                    b4:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:E3:BC:0D:50:49:8F:A0:1D:30:25:A0:16:4E:AC:33:9D:FA:F6:09
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/4eO8DVBJj6AdMCWgFk6sM5369gk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:a9:45:b4:c6:62:4a:38:8f:42:e1:86:25:f2:7d:eb:b6:8f:
         d7:10:68:78:b1:f8:2f:e7:5f:2e:94:b9:29:b3:d7:fd:8b:e9:
         8b:8e:04:8a:87:39:bb:5f:a5:c5:a9:5b:2a:82:c5:e1:1f:c0:
         45:b6:97:aa:b7:10:a3:80:c8:ad:e1:97:12:6b:27:41:a8:9e:
         52:ab:32:8e:06:01:44:4f:c5:e3:20:c6:d8:fd:6b:e7:1b:50:
         64:fe:fd:5c:ac:1a:a2:a2:a6:fc:8d:92:58:02:3f:e9:ed:1f:
         87:ea:d6:ed:bd:f5:85:e7:af:a9:44:c3:2e:a3:b0:70:0d:c6:
         73:fa:20:cf:a8:b1:e1:a0:9a:f9:10:37:62:bb:23:b0:44:5f:
         45:54:f1:00:b0:06:24:45:b2:ef:14:f5:a5:6b:60:66:ba:2a:
         19:95:2f:b7:6a:18:53:b6:d5:0f:42:a9:66:77:0b:40:fc:f9:
         01:65:b0:95:02:57:44:60:1c:30:33:55:fe:d1:5e:6d:50:5e:
         ff:9a:19:dc:c6:04:88:ff:07:a5:26:fd:e6:6c:d8:64:cf:57:
         0f:de:2c:bd:71:b3:14:a3:bb:66:c6:36:c6:cb:d4:c5:59:ae:
         9c:0f:5b:d9:43:d3:78:2a:6e:da:6b:79:32:16:ca:87:ce:89:
         93:71:66:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlTnzo9Fce3nZ4WJf61nMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWUzYmMwZDUwNDk4ZmEwMWQzMDI1YTAxNjRlYWMzMzlkZmFmNjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9NUOHJ/AVhaiZZQFk9HOxr3RYfI
uMQveOKiVfppbYGVtCypnJ/HXeTbfcDse/ajfqKZ2iqALX2Dar28iEvhf8IGyxEN
jvX+BYpf5QPTwOI5P/D4x0B1lP9fidAAmEkCOCX3PTvBTTT+wgnGDiJR3XA+hq5L
GMEr45MwhVVhXHXBxxjL+4F59VTuvHdZxacMcMlflgjIW/vW7GQE6qAZ5QqcZJbK
/KXHTWAHRUdEey75O/p83ao4E7qa+CimsfIjZrlu3t6pex7uUe7tOsYA2zAi9kNt
+5nMAAG6PzPE67cJaEAVtWedVzHvRrk9arXVrPnnqptkkiD/AoQnvfy02wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOHjvA1QSY+gHTAloBZOrDOd+vYJMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvNGVPOERWQkpqNkFkTUNXZ0ZrNnNNNTM2OWdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwenIMA0G
CSqGSIb3DQEBCwUAA4IBAQCSqUW0xmJKOI9C4YYl8n3rto/XEGh4sfgv518ulLkp
s9f9i+mLjgSKhzm7X6XFqVsqgsXhH8BFtpeqtxCjgMit4ZcSaydBqJ5SqzKOBgFE
T8XjIMbY/WvnG1Bk/v1crBqioqb8jZJYAj/p7R+H6tbtvfWF56+pRMMuo7BwDcZz
+iDPqLHhoJr5EDdiuyOwRF9FVPEAsAYkRbLvFPWla2BmuioZlS+3ahhTttUPQqlm
dwtA/PkBZbCVAldEYBwwM1X+0V5tUF7/mhncxgSI/welJv3mbNhkz1cP3iy9cbMU
o7tmxjbGy9TFWa6cD1vZQ9N4Km7aa3kyFsqHzomTcWYK
-----END CERTIFICATE-----