Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/bJSCFqTukybTMGHt2jOsj1RN1Jw.roa
File:                     bJSCFqTukybTMGHt2jOsj1RN1Jw.roa (raw, json)
Hash identifier:          F9VGPFtGfYW8PORc+zIuKedCDRVZ07YSKvNhB3wFeps=
Subject key identifier:   6C:94:82:16:A4:EE:93:26:D3:30:61:ED:DA:33:AC:8F:54:4D:D4:9C
Certificate issuer:       /CN=70b190d6f89a434cce5cb8c0d4b38a1669defb59
Certificate serial:       018CCA29FCEB21670DD70F2FE1F43D75D87D
Authority key identifier: 70:B1:90:D6:F8:9A:43:4C:CE:5C:B8:C0:D4:B3:8A:16:69:DE:FB:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cLGQ1viaQ0zOXLjA1LOKFmne-1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/bJSCFqTukybTMGHt2jOsj1RN1Jw.roa
Signing time:             Tue 02 Jan 2024 12:33:18 +0000
ROA not before:           Tue 02 Jan 2024 12:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32181
IP address blocks:        193.203.28.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/cLGQ1viaQ0zOXLjA1LOKFmne-1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/cLGQ1viaQ0zOXLjA1LOKFmne-1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cLGQ1viaQ0zOXLjA1LOKFmne-1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:fc:eb:21:67:0d:d7:0f:2f:e1:f4:3d:75:d8:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70b190d6f89a434cce5cb8c0d4b38a1669defb59
        Validity
            Not Before: Jan  2 12:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c948216a4ee9326d33061edda33ac8f544dd49c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b7:e5:8f:70:d3:cd:24:d6:44:e4:0e:f8:a8:
                    e2:6d:36:40:0a:06:b1:ec:e8:04:14:12:bf:3f:27:
                    08:6c:b8:53:59:8e:83:4e:6f:a0:45:51:d2:09:d2:
                    cc:ac:ab:25:45:cf:7c:b0:32:ea:79:86:6e:af:0e:
                    f9:81:21:48:5b:62:2e:c4:1a:b8:dd:e1:f6:64:a9:
                    8b:65:7e:bb:be:f6:b0:29:0f:9a:64:2f:8f:ca:1e:
                    59:d5:5e:07:fd:d6:d9:91:cd:1c:50:f8:4f:63:d3:
                    f9:af:12:f7:9e:30:fb:d9:23:ea:cc:ac:b0:23:97:
                    af:fe:6b:62:1c:21:5e:22:5b:63:f3:91:83:af:4a:
                    40:42:2c:d0:d4:e3:0f:cd:9b:67:93:54:d9:da:96:
                    80:ff:7d:93:81:21:0d:46:e5:60:42:c6:8f:c7:f6:
                    24:9f:8e:19:f9:ce:d5:2a:6c:73:24:1e:80:f3:d6:
                    db:cd:84:c6:bc:9b:71:26:4e:1c:2f:23:d4:5c:5b:
                    39:3f:a1:25:aa:65:b1:3d:c4:4f:0a:5b:41:17:8a:
                    35:c5:df:7d:8b:f7:24:d2:bc:c6:8e:3c:d5:a3:9a:
                    13:85:3d:0b:4d:b0:e2:54:41:b0:8c:58:1b:ca:5b:
                    9e:8a:8c:59:0e:42:55:fb:6c:c9:1f:88:b6:11:c6:
                    26:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:94:82:16:A4:EE:93:26:D3:30:61:ED:DA:33:AC:8F:54:4D:D4:9C
            X509v3 Authority Key Identifier:
                keyid:70:B1:90:D6:F8:9A:43:4C:CE:5C:B8:C0:D4:B3:8A:16:69:DE:FB:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cLGQ1viaQ0zOXLjA1LOKFmne-1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/bJSCFqTukybTMGHt2jOsj1RN1Jw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/cLGQ1viaQ0zOXLjA1LOKFmne-1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.203.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:26:67:a5:ba:e2:c9:d1:91:d7:94:46:b9:a5:2e:f1:40:8e:
         2d:3f:c5:ef:32:27:85:c9:ba:e7:dc:bb:37:bc:7d:6c:47:31:
         1a:4a:30:f3:69:a3:70:53:96:3b:9b:18:5b:65:8c:cc:76:9d:
         87:67:4c:63:ef:03:7c:8c:86:be:b5:ce:c6:c2:a5:1c:c8:0f:
         b5:f7:a5:67:8c:78:44:a2:63:9c:44:32:2f:d4:94:63:38:60:
         a8:23:a5:38:69:c0:4e:25:0f:88:81:8c:81:35:00:6d:f4:7f:
         02:8e:dd:be:07:96:14:57:b8:53:78:02:e0:95:c8:70:da:38:
         7c:d5:68:17:80:20:ae:8a:c7:7f:dd:4a:7f:c0:b0:9e:a8:b0:
         fc:b8:bc:e2:83:45:a9:98:b6:5b:3e:ac:be:01:c5:d0:ee:a7:
         97:c7:8b:a0:67:9a:ac:f5:30:70:4c:f7:d0:8c:02:5e:f1:6d:
         c4:ed:7e:f9:50:04:36:3c:d3:49:c7:c8:56:ed:36:d7:f3:09:
         ef:cc:e6:73:b5:f2:71:7e:b1:bd:db:41:34:e6:5d:df:ca:a7:
         14:e8:da:e9:e4:e7:55:f3:28:11:cf:9c:34:20:73:30:fa:d5:
         2f:3b:1a:ce:45:aa:a9:cd:a3:72:65:b4:4f:30:60:f0:d4:9b:
         2f:34:93:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKfzrIWcN1w8v4fQ9ddh9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYjE5MGQ2Zjg5YTQzNGNjZTVjYjhjMGQ0YjM4YTE2Njlk
ZWZiNTkwHhcNMjQwMTAyMTIzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yzk0ODIxNmE0ZWU5MzI2ZDMzMDYxZWRkYTMzYWM4ZjU0NGRkNDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLflj3DTzSTWROQO+KjibTZACgax
7OgEFBK/PycIbLhTWY6DTm+gRVHSCdLMrKslRc98sDLqeYZurw75gSFIW2IuxBq4
3eH2ZKmLZX67vvawKQ+aZC+Pyh5Z1V4H/dbZkc0cUPhPY9P5rxL3njD72SPqzKyw
I5ev/mtiHCFeIltj85GDr0pAQizQ1OMPzZtnk1TZ2paA/32TgSENRuVgQsaPx/Yk
n44Z+c7VKmxzJB6A89bbzYTGvJtxJk4cLyPUXFs5P6ElqmWxPcRPCltBF4o1xd99
i/ck0rzGjjzVo5oThT0LTbDiVEGwjFgbylueioxZDkJV+2zJH4i2EcYmKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGyUghak7pMm0zBh7dozrI9UTdScMB8GA1UdIwQY
MBaAFHCxkNb4mkNMzly4wNSzihZp3vtZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0xHUTF2aWFRMHpPWExqQTFMT0tGbW5lLTFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8yM2RjNjEtN2U5ZC00MGIzLTkxYjYt
NDZiZDdkNzk0ZmI2LzEvYkpTQ0ZxVHVreWJUTUdIdDJqT3NqMVJOMUp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8yM2RjNjEtN2U5ZC00MGIzLTkxYjYtNDZiZDdkNzk0ZmI2
LzEvY0xHUTF2aWFRMHpPWExqQTFMT0tGbW5lLTFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwcscMA0G
CSqGSIb3DQEBCwUAA4IBAQAIJmeluuLJ0ZHXlEa5pS7xQI4tP8XvMieFybrn3Ls3
vH1sRzEaSjDzaaNwU5Y7mxhbZYzMdp2HZ0xj7wN8jIa+tc7GwqUcyA+196VnjHhE
omOcRDIv1JRjOGCoI6U4acBOJQ+IgYyBNQBt9H8Cjt2+B5YUV7hTeALglchw2jh8
1WgXgCCuisd/3Up/wLCeqLD8uLzig0WpmLZbPqy+AcXQ7qeXx4ugZ5qs9TBwTPfQ
jAJe8W3E7X75UAQ2PNNJx8hW7TbX8wnvzOZztfJxfrG920E05l3fyqcU6Nrp5OdV
8ygRz5w0IHMw+tUvOxrORaqpzaNyZbRPMGDw1JsvNJPy
-----END CERTIFICATE-----