Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/D1E7Pyp6a6CG39MhFVCFybJSC04.roa
File:                     D1E7Pyp6a6CG39MhFVCFybJSC04.roa (raw, json)
Hash identifier:          Knuqdi2hkiJFeIue3XY3xAQeL13wk10IvMcEnNG8QKI=
Subject key identifier:   0F:51:3B:3F:2A:7A:6B:A0:86:DF:D3:21:15:50:85:C9:B2:52:0B:4E
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC795393899086AD371FCA7C2E6FF5D67
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/D1E7Pyp6a6CG39MhFVCFybJSC04.roa
Signing time:             Tue 02 Jan 2024 00:31:34 +0000
ROA not before:           Tue 02 Jan 2024 00:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212165
IP address blocks:        193.233.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:39:38:99:08:6a:d3:71:fc:a7:c2:e6:ff:5d:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f513b3f2a7a6ba086dfd321155085c9b2520b4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e3:b0:ea:d2:c8:6c:9f:0b:0c:e6:d5:a5:66:
                    66:c7:e1:3d:a3:6b:c6:cf:28:f6:a5:f7:e8:dc:73:
                    ec:9d:6d:69:07:03:1f:d8:b0:9d:aa:35:56:c9:60:
                    a6:48:22:8c:cd:a2:de:d9:18:d2:3c:0b:1d:6d:66:
                    3b:cf:18:e3:72:fb:c5:48:3c:26:4c:e9:bc:25:16:
                    a0:99:a6:66:b8:96:5c:06:36:7d:51:94:ea:29:6c:
                    9b:61:87:17:c6:54:8b:4d:8d:55:50:52:7a:3d:c7:
                    36:f5:da:e7:f7:40:6e:91:33:f1:7c:c0:ec:1a:a0:
                    c7:dc:0f:84:a0:55:9c:2e:ee:f2:5e:83:6f:6c:d5:
                    40:ae:10:c8:b8:69:77:32:56:91:ad:01:b6:59:4b:
                    d6:69:6f:2d:e7:4f:1a:03:58:a1:4f:95:6a:08:ae:
                    62:c1:f2:77:1e:2f:70:50:27:f0:4b:dd:56:66:12:
                    76:63:eb:0a:c7:16:59:5c:4a:fc:aa:05:a3:03:8f:
                    14:46:ea:15:db:dd:07:ec:24:89:c7:29:2a:e0:65:
                    91:2f:9f:30:55:c5:32:0f:4c:13:cd:53:36:37:ba:
                    7d:a0:25:52:84:83:c5:07:6d:41:2f:49:1f:7b:7e:
                    e5:bd:8d:08:66:32:50:76:70:94:f5:da:7b:06:2b:
                    1a:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:51:3B:3F:2A:7A:6B:A0:86:DF:D3:21:15:50:85:C9:B2:52:0B:4E
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/D1E7Pyp6a6CG39MhFVCFybJSC04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:0f:b8:ca:7e:5e:6d:52:8e:cc:77:3c:a9:70:6a:85:9d:0e:
         57:df:6a:f1:c9:48:7c:72:2d:e7:d3:64:10:06:ee:ad:2d:e1:
         bd:65:1e:20:fa:1e:57:d8:a3:15:04:90:26:2c:48:5d:49:03:
         fd:19:fc:50:c1:20:74:f8:84:44:cf:d7:19:a2:3e:45:3f:76:
         48:65:5f:dc:a0:19:3d:ea:0b:6e:8e:37:f3:95:33:1e:37:17:
         ac:1b:92:b4:d9:c7:6f:49:cf:a4:41:43:22:ad:6a:dc:a9:47:
         b8:cb:38:7b:80:b2:ff:dd:5a:c0:f6:99:3e:c4:ca:c6:75:ce:
         6e:af:91:50:7f:2d:46:1c:30:8a:7d:2d:65:f7:d7:c2:66:4e:
         43:b0:03:1f:1f:20:7b:82:44:56:9f:ff:78:84:9e:26:e0:3f:
         c9:90:e9:fc:92:b3:e9:1d:fe:5d:39:32:d8:4e:86:3c:fd:4b:
         73:8e:7a:1d:a5:7e:16:59:81:bb:3d:a7:8b:f8:48:cb:14:5e:
         91:2f:24:15:54:6a:dd:c0:86:a1:73:0b:1a:ff:ba:bd:d6:3a:
         ec:3a:29:8d:15:27:26:3f:8b:63:cd:43:69:77:c3:a7:3d:1e:
         0e:24:bf:6b:bf:d2:7a:cb:3c:1c:43:68:93:3d:1a:b1:77:69:
         75:72:a7:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlTk4mQhq03H8p8Lm/11nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjUxM2IzZjJhN2E2YmEwODZkZmQzMjExNTUwODVjOWIyNTIwYjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnuOw6tLIbJ8LDObVpWZmx+E9o2vG
zyj2pffo3HPsnW1pBwMf2LCdqjVWyWCmSCKMzaLe2RjSPAsdbWY7zxjjcvvFSDwm
TOm8JRagmaZmuJZcBjZ9UZTqKWybYYcXxlSLTY1VUFJ6Pcc29drn90BukTPxfMDs
GqDH3A+EoFWcLu7yXoNvbNVArhDIuGl3MlaRrQG2WUvWaW8t508aA1ihT5VqCK5i
wfJ3Hi9wUCfwS91WZhJ2Y+sKxxZZXEr8qgWjA48URuoV290H7CSJxykq4GWRL58w
VcUyD0wTzVM2N7p9oCVShIPFB21BL0kfe37lvY0IZjJQdnCU9dp7Bisa+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9ROz8qemught/TIRVQhcmyUgtOMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvRDFFN1B5cDZhNkNHMzlNaEZWQ0Z5YkpTQzA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwekUMA0G
CSqGSIb3DQEBCwUAA4IBAQB+D7jKfl5tUo7MdzypcGqFnQ5X32rxyUh8ci3n02QQ
Bu6tLeG9ZR4g+h5X2KMVBJAmLEhdSQP9GfxQwSB0+IREz9cZoj5FP3ZIZV/coBk9
6gtujjfzlTMeNxesG5K02cdvSc+kQUMirWrcqUe4yzh7gLL/3VrA9pk+xMrGdc5u
r5FQfy1GHDCKfS1l99fCZk5DsAMfHyB7gkRWn/94hJ4m4D/JkOn8krPpHf5dOTLY
ToY8/UtzjnodpX4WWYG7PaeL+EjLFF6RLyQVVGrdwIahcwsa/7q91jrsOimNFScm
P4tjzUNpd8OnPR4OJL9rv9J6yzwcQ2iTPRqxd2l1cqd6
-----END CERTIFICATE-----