Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/mkh1eAXkzHB6g0AiDG1Mtw_MZ9o.roa
File:                     mkh1eAXkzHB6g0AiDG1Mtw_MZ9o.roa (raw, json)
Hash identifier:          U/4IjLX3AyrxCzcncWwqsJUd0auvUT8WC0Pj9pbEqok=
Subject key identifier:   9A:48:75:78:05:E4:CC:70:7A:83:40:22:0C:6D:4C:B7:0F:CC:67:DA
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC795241C002B12753F1BE869F93AE035
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/mkh1eAXkzHB6g0AiDG1Mtw_MZ9o.roa
Signing time:             Tue 02 Jan 2024 00:31:29 +0000
ROA not before:           Tue 02 Jan 2024 00:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35783
IP address blocks:        193.233.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:24:1c:00:2b:12:75:3f:1b:e8:69:f9:3a:e0:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a48757805e4cc707a8340220c6d4cb70fcc67da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a1:ee:27:10:09:93:5c:c5:41:05:94:ef:1b:
                    8a:11:e4:3c:26:b5:a7:f2:c0:bd:21:13:78:42:c7:
                    36:b9:4f:a4:ba:59:1f:35:37:aa:46:9d:bc:a5:ee:
                    7e:02:f9:0b:0b:99:a5:64:40:52:12:9b:92:2d:86:
                    c8:9f:fc:03:46:24:2d:a1:f7:95:9c:de:5a:7b:77:
                    60:a5:55:d5:c6:e2:e3:d4:db:0f:19:6c:3a:67:aa:
                    65:b6:25:73:6d:0e:0a:76:79:c7:1b:fb:e9:6c:b3:
                    9c:e4:06:6e:35:88:3c:12:85:a1:ea:a3:54:7d:97:
                    3b:2b:2c:d0:16:b6:8d:c7:34:57:bb:c8:2f:8d:87:
                    96:f5:bf:84:a2:9b:29:27:9e:e6:87:a6:98:a9:52:
                    c9:fb:36:cd:cb:d3:44:1d:50:5a:b3:cd:56:20:39:
                    e8:75:5a:15:2f:25:04:ab:46:a6:b5:e0:e9:e5:07:
                    0e:38:60:36:4a:b8:ee:a6:ac:d9:22:54:df:c7:84:
                    73:48:65:5d:86:c6:41:f0:5e:47:bf:6f:b0:45:7b:
                    81:fc:e7:1d:6a:2a:0c:43:46:b6:f5:d6:a4:bc:f3:
                    54:b7:19:ee:c2:6c:37:93:d7:58:f7:c3:9b:df:f7:
                    20:82:12:5c:57:ce:e9:b5:6a:5d:26:0d:ae:bd:20:
                    9e:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:48:75:78:05:E4:CC:70:7A:83:40:22:0C:6D:4C:B7:0F:CC:67:DA
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/mkh1eAXkzHB6g0AiDG1Mtw_MZ9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:24:6d:ea:1a:8e:af:1e:d4:eb:0d:2f:3a:98:9e:6f:a4:4b:
         ce:63:6a:8c:fc:e4:2c:29:5e:be:07:ee:47:dd:5f:05:08:c2:
         aa:56:b3:a0:75:49:e3:61:a7:e9:2f:1a:8d:34:fb:9a:64:f1:
         e2:b6:e9:8e:bc:fd:ef:ee:fe:55:28:a5:c3:6a:0b:32:59:83:
         29:5f:a1:5e:d4:2b:5b:05:bf:0c:a4:a2:cc:62:f5:81:a0:91:
         3d:62:51:ac:82:22:3f:66:38:8d:e0:dd:e7:3f:66:77:7f:73:
         36:a4:5c:69:4a:7f:29:a5:10:fa:7c:ce:bd:c8:b3:cb:16:6c:
         e5:2e:cd:95:aa:29:29:a6:b1:82:e7:a2:55:cf:4a:48:e9:ee:
         ae:8f:ff:64:80:ba:61:3c:7c:f9:1a:05:ba:20:7e:a2:42:e7:
         93:97:66:42:03:29:fb:52:59:c9:3b:cd:d0:4c:19:67:21:cd:
         cc:a7:24:c3:ce:85:8f:4d:8c:5a:8c:68:c0:42:3a:5e:b1:dd:
         c8:57:f3:d0:cd:bb:22:47:12:ac:a5:ee:97:03:c9:43:0f:3d:
         da:e5:f4:e4:c0:12:1e:0c:2c:48:0e:e4:fa:b5:d6:53:28:af:
         5f:44:2f:53:59:df:66:41:de:ab:6c:04:4e:e6:fb:1d:64:b9:
         44:bf:d2:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSQcACsSdT8b6Gn5OuA1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTQ4NzU3ODA1ZTRjYzcwN2E4MzQwMjIwYzZkNGNiNzBmY2M2N2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqHuJxAJk1zFQQWU7xuKEeQ8JrWn
8sC9IRN4Qsc2uU+kulkfNTeqRp28pe5+AvkLC5mlZEBSEpuSLYbIn/wDRiQtofeV
nN5ae3dgpVXVxuLj1NsPGWw6Z6pltiVzbQ4KdnnHG/vpbLOc5AZuNYg8EoWh6qNU
fZc7KyzQFraNxzRXu8gvjYeW9b+EopspJ57mh6aYqVLJ+zbNy9NEHVBas81WIDno
dVoVLyUEq0amteDp5QcOOGA2SrjupqzZIlTfx4RzSGVdhsZB8F5Hv2+wRXuB/Ocd
aioMQ0a29dakvPNUtxnuwmw3k9dY98Ob3/cgghJcV87ptWpdJg2uvSCeQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJpIdXgF5MxweoNAIgxtTLcPzGfaMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvbWtoMWVBWGt6SEI2ZzBBaURHMU10d19NWjlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwemtMA0G
CSqGSIb3DQEBCwUAA4IBAQAWJG3qGo6vHtTrDS86mJ5vpEvOY2qM/OQsKV6+B+5H
3V8FCMKqVrOgdUnjYafpLxqNNPuaZPHitumOvP3v7v5VKKXDagsyWYMpX6Fe1Ctb
Bb8MpKLMYvWBoJE9YlGsgiI/ZjiN4N3nP2Z3f3M2pFxpSn8ppRD6fM69yLPLFmzl
Ls2VqikpprGC56JVz0pI6e6uj/9kgLphPHz5GgW6IH6iQueTl2ZCAyn7UlnJO83Q
TBlnIc3MpyTDzoWPTYxajGjAQjpesd3IV/PQzbsiRxKspe6XA8lDDz3a5fTkwBIe
DCxIDuT6tdZTKK9fRC9TWd9mQd6rbARO5vsdZLlEv9JQ
-----END CERTIFICATE-----