Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/urd2_8G9hhzGg9EYclv-kFxWCl0.roa
File:                     urd2_8G9hhzGg9EYclv-kFxWCl0.roa (raw, json)
Hash identifier:          j/2yb5Y/cxpgDqyKvvMCzYVQZPOMuIhbMhHPLBkbyvk=
Subject key identifier:   BA:B7:76:FF:C1:BD:86:1C:C6:83:D1:18:72:5B:FE:90:5C:56:0A:5D
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019122B52DC23617EDA0CAA4E34CFC19D2A1
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/urd2_8G9hhzGg9EYclv-kFxWCl0.roa
Signing time:             Mon 05 Aug 2024 13:23:04 +0000
ROA not before:           Mon 05 Aug 2024 13:23:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210352
IP address blocks:        193.233.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:22:b5:2d:c2:36:17:ed:a0:ca:a4:e3:4c:fc:19:d2:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Aug  5 13:23:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bab776ffc1bd861cc683d118725bfe905c560a5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:97:30:d2:1d:18:ac:e1:ba:cd:e4:5c:9d:7f:
                    29:19:ff:d2:28:7c:e5:26:01:df:fb:12:18:36:93:
                    eb:94:4e:e8:72:9b:92:09:97:a6:54:d9:a4:14:e8:
                    a3:f5:ae:68:d7:a3:06:56:70:92:48:c4:88:a4:ab:
                    41:b6:c9:e1:41:5a:fb:c3:dc:1e:a1:5e:27:0e:16:
                    09:79:77:f5:06:c9:a3:e6:a8:67:4f:d0:68:cf:4a:
                    36:2e:7d:f8:f1:bc:ad:f7:0f:90:4b:b6:0e:6f:c7:
                    83:6d:e1:dc:35:9a:c6:3f:e8:9f:5f:35:3c:f3:ca:
                    f9:14:e6:aa:0c:c1:9b:e7:7f:2c:37:d2:0c:53:24:
                    46:9b:0b:57:5f:f5:cb:ca:1e:82:51:70:17:66:fc:
                    60:6c:6e:ff:1e:c8:5e:d7:2c:25:90:55:ce:a9:5e:
                    69:ef:77:51:2c:0b:f3:44:1d:27:52:b9:91:3e:89:
                    bb:7e:15:03:17:7b:f9:96:f2:2f:b8:e8:71:85:41:
                    a1:87:d9:61:a6:7c:a5:f6:ef:fc:06:db:eb:72:89:
                    80:d2:83:bf:7a:ee:6a:24:48:d0:c1:a1:8b:72:93:
                    37:bb:0f:02:db:2a:56:96:0b:00:d3:19:9c:43:e7:
                    88:b3:24:14:c1:8f:1b:a6:49:d7:cd:cf:84:c1:ef:
                    5f:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:B7:76:FF:C1:BD:86:1C:C6:83:D1:18:72:5B:FE:90:5C:56:0A:5D
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/urd2_8G9hhzGg9EYclv-kFxWCl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:19:8a:8d:20:5e:fd:5d:02:a5:44:e6:d8:2e:99:75:f8:b5:
         45:23:a5:01:67:74:5e:db:c4:4e:55:a9:a8:6b:6a:20:4e:69:
         dd:3d:b3:ab:a9:61:56:4d:ca:1a:0a:76:b9:e4:6f:59:3d:e8:
         00:17:fe:eb:74:c9:6c:cb:94:ff:2f:9c:8f:20:d7:10:3c:b8:
         44:45:fa:fc:46:2a:d2:80:c0:0f:c6:2b:78:20:63:e0:60:65:
         13:64:45:38:b0:20:16:f3:93:18:36:bf:66:95:ad:b8:45:d0:
         a3:dd:07:c7:4b:d2:93:fb:00:a4:95:1e:1c:9b:c2:db:73:be:
         c6:ee:48:1b:3c:8f:01:91:0b:3f:4c:f4:11:53:f5:ae:0d:38:
         b8:f2:ba:22:c1:3d:67:53:a5:ae:1e:4f:88:54:9f:ed:53:c8:
         cb:11:2b:22:f0:12:60:f9:b4:8a:08:dd:18:40:e9:07:da:46:
         f0:b2:72:25:a5:94:68:f9:40:0a:ba:7c:1d:61:e4:82:de:5d:
         29:44:6d:e4:a8:a5:18:cf:8f:1c:85:69:62:19:84:d9:be:c3:
         50:67:85:24:03:d1:f9:48:92:e8:01:26:c6:6f:c5:97:ce:fa:
         40:ce:74:a0:d6:02:5f:a6:ed:e4:d2:e0:dd:27:c6:6e:8e:8b:
         f9:9b:c2:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEitS3CNhftoMqk40z8GdKhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwODA1MTMyMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWI3NzZmZmMxYmQ4NjFjYzY4M2QxMTg3MjViZmU5MDVjNTYwYTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpcw0h0YrOG6zeRcnX8pGf/SKHzl
JgHf+xIYNpPrlE7ocpuSCZemVNmkFOij9a5o16MGVnCSSMSIpKtBtsnhQVr7w9we
oV4nDhYJeXf1Bsmj5qhnT9Boz0o2Ln348byt9w+QS7YOb8eDbeHcNZrGP+ifXzU8
88r5FOaqDMGb538sN9IMUyRGmwtXX/XLyh6CUXAXZvxgbG7/Hshe1ywlkFXOqV5p
73dRLAvzRB0nUrmRPom7fhUDF3v5lvIvuOhxhUGhh9lhpnyl9u/8BtvrcomA0oO/
eu5qJEjQwaGLcpM3uw8C2ypWlgsA0xmcQ+eIsyQUwY8bpknXzc+Ewe9flQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLq3dv/BvYYcxoPRGHJb/pBcVgpdMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvdXJkMl84RzloaHpHZzlFWWNsdi1rRnhXQ2wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwekxMA0G
CSqGSIb3DQEBCwUAA4IBAQBXGYqNIF79XQKlRObYLpl1+LVFI6UBZ3Re28ROVamo
a2ogTmndPbOrqWFWTcoaCna55G9ZPegAF/7rdMlsy5T/L5yPINcQPLhERfr8RirS
gMAPxit4IGPgYGUTZEU4sCAW85MYNr9mla24RdCj3QfHS9KT+wCklR4cm8Lbc77G
7kgbPI8BkQs/TPQRU/WuDTi48roiwT1nU6WuHk+IVJ/tU8jLESsi8BJg+bSKCN0Y
QOkH2kbwsnIlpZRo+UAKunwdYeSC3l0pRG3kqKUYz48chWliGYTZvsNQZ4UkA9H5
SJLoASbGb8WXzvpAznSg1gJfpu3k0uDdJ8Zujov5m8Io
-----END CERTIFICATE-----