Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/P4MOWAZTKo2Se2tAPAjNR8Atnvw.roa
File:                     P4MOWAZTKo2Se2tAPAjNR8Atnvw.roa (raw, json)
Hash identifier:          58cB7++lkSCRwWm731HTJU/YAgHK0Wi5V+EMWipxQu4=
Subject key identifier:   3F:83:0E:58:06:53:2A:8D:92:7B:6B:40:3C:08:CD:47:C0:2D:9E:FC
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC795313E501479CF826BC25F7EC2781D
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/P4MOWAZTKo2Se2tAPAjNR8Atnvw.roa
Signing time:             Tue 02 Jan 2024 00:31:32 +0000
ROA not before:           Tue 02 Jan 2024 00:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203337
IP address blocks:        193.233.158.0/24 maxlen: 24
                          193.233.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:31:3e:50:14:79:cf:82:6b:c2:5f:7e:c2:78:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f830e5806532a8d927b6b403c08cd47c02d9efc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:2e:95:c0:29:c2:f1:f0:4c:fc:22:ab:fd:2e:
                    22:92:df:53:bf:ec:65:5a:25:7a:7d:9d:0b:4a:d8:
                    b0:5f:8d:34:c3:31:f4:e6:6b:27:01:c9:19:af:e8:
                    cf:be:20:cf:c9:61:d1:ff:92:5e:d6:ba:f7:ca:a6:
                    4c:2a:44:e2:65:17:97:80:7f:93:c9:32:50:88:45:
                    bc:35:e9:a2:d4:9b:ae:5b:9d:9f:6f:e7:db:ad:2d:
                    76:5d:fb:20:23:b3:e9:c7:bf:b8:2a:56:c4:0d:4c:
                    7c:f6:64:55:d6:4c:85:7c:8f:29:a2:81:c2:e6:60:
                    0b:81:a1:30:e1:80:f8:b3:c5:58:94:17:36:7c:e3:
                    98:56:88:4b:b7:91:ba:a1:69:9d:dc:98:88:a8:76:
                    b1:64:62:6f:c2:32:84:9c:b1:1e:5a:ae:71:53:86:
                    b6:e6:d5:37:35:b2:87:43:de:a4:74:90:27:f1:bf:
                    b7:5d:d2:b8:e8:5c:ee:e6:b1:98:93:95:00:b3:78:
                    09:b2:bf:44:27:cb:da:e3:99:49:95:21:07:b3:53:
                    08:84:37:01:1c:9d:8b:72:b2:25:b3:9f:30:be:ef:
                    aa:21:4e:45:74:3c:0d:76:cb:ca:2f:67:8c:73:ea:
                    0a:37:75:07:51:d4:7e:03:b2:b8:f6:a5:c6:64:4a:
                    69:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:83:0E:58:06:53:2A:8D:92:7B:6B:40:3C:08:CD:47:C0:2D:9E:FC
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/P4MOWAZTKo2Se2tAPAjNR8Atnvw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.157.0-193.233.158.255

    Signature Algorithm: sha256WithRSAEncryption
         6c:f4:ec:e4:a6:1b:d6:7f:bb:97:8e:d3:c0:d5:3a:38:ea:77:
         94:69:ff:4b:d1:17:fc:0d:5b:fe:68:bd:b4:fe:ba:c5:5c:2e:
         9a:5f:cc:08:1a:bf:92:e2:cd:a7:20:ae:5c:c4:99:78:63:85:
         2e:3d:45:7f:5e:d4:52:f4:ec:d7:08:00:06:78:7a:f2:00:d6:
         9d:e4:53:35:37:40:0d:72:32:64:24:50:d4:cc:7b:3c:1d:be:
         65:fc:ac:64:a2:8b:98:be:c3:3e:81:40:d9:4a:3e:20:9e:d1:
         1c:f9:5f:61:96:81:4e:98:7c:7f:18:e5:aa:86:f7:27:b8:90:
         9b:3d:be:8c:35:d8:99:31:5b:89:ea:a3:09:2f:b1:63:0c:a9:
         ab:dc:00:af:3e:d3:88:92:1a:fe:e9:4f:3f:d2:b3:dc:84:8c:
         14:45:b0:4a:8d:91:b4:6a:0e:e5:1f:6c:b0:ba:ad:3d:e7:01:
         78:6b:3e:76:57:8e:57:fe:a5:d8:dc:20:e5:64:d4:cd:a0:46:
         2d:91:f2:a1:b2:1c:14:b5:95:2f:fe:c2:81:b7:63:7e:11:0b:
         88:f6:e0:5d:85:57:e1:d3:e2:a2:1e:1b:f6:0b:e3:f3:02:55:
         79:b0:5d:f0:5b:2a:e2:b2:f5:0c:aa:a8:a8:74:e8:4d:14:f7:
         2f:8f:ca:d5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHlTE+UBR5z4Jrwl9+wngdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjgzMGU1ODA2NTMyYThkOTI3YjZiNDAzYzA4Y2Q0N2MwMmQ5ZWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAii6VwCnC8fBM/CKr/S4ikt9Tv+xl
WiV6fZ0LStiwX400wzH05msnAckZr+jPviDPyWHR/5Je1rr3yqZMKkTiZReXgH+T
yTJQiEW8Nemi1JuuW52fb+fbrS12XfsgI7Ppx7+4KlbEDUx89mRV1kyFfI8pooHC
5mALgaEw4YD4s8VYlBc2fOOYVohLt5G6oWmd3JiIqHaxZGJvwjKEnLEeWq5xU4a2
5tU3NbKHQ96kdJAn8b+3XdK46Fzu5rGYk5UAs3gJsr9EJ8va45lJlSEHs1MIhDcB
HJ2LcrIls58wvu+qIU5FdDwNdsvKL2eMc+oKN3UHUdR+A7K49qXGZEppEwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFD+DDlgGUyqNkntrQDwIzUfALZ78MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvUDRNT1dBWlRLbzJTZTJ0QVBBak5SOEF0bnZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADB6Z0D
BADB6Z4wDQYJKoZIhvcNAQELBQADggEBAGz07OSmG9Z/u5eO08DVOjjqd5Rp/0vR
F/wNW/5ovbT+usVcLppfzAgav5LizacgrlzEmXhjhS49RX9e1FL07NcIAAZ4evIA
1p3kUzU3QA1yMmQkUNTMezwdvmX8rGSii5i+wz6BQNlKPiCe0Rz5X2GWgU6YfH8Y
5aqG9ye4kJs9vow12JkxW4nqowkvsWMMqavcAK8+04iSGv7pTz/Ss9yEjBRFsEqN
kbRqDuUfbLC6rT3nAXhrPnZXjlf+pdjcIOVk1M2gRi2R8qGyHBS1lS/+woG3Y34R
C4j24F2FV+HT4qIeG/YL4/MCVXmwXfBbKuKy9QyqqKh06E0U9y+PytU=
-----END CERTIFICATE-----