Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/IatOJxBR4BqLsCYGXgV7Wp3U3Eo.roa
File:                     IatOJxBR4BqLsCYGXgV7Wp3U3Eo.roa (raw, json)
Hash identifier:          ELFAGqgrLggXf/fXPVJT+5NgAV8VqcfigsF5axIP6IA=
Subject key identifier:   21:AB:4E:27:10:51:E0:1A:8B:B0:26:06:5E:05:7B:5A:9D:D4:DC:4A
Certificate issuer:       /CN=6764b9eeca258ae78c4d51321a8bdfef9a2b6a3c
Certificate serial:       018CC5014F1A4421A3A5A1A4E03E69C3B743
Authority key identifier: 67:64:B9:EE:CA:25:8A:E7:8C:4D:51:32:1A:8B:DF:EF:9A:2B:6A:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z2S57soliueMTVEyGovf75orajw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/IatOJxBR4BqLsCYGXgV7Wp3U3Eo.roa
Signing time:             Mon 01 Jan 2024 12:30:46 +0000
ROA not before:           Mon 01 Jan 2024 12:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39719
IP address blocks:        193.36.110.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/Z2S57soliueMTVEyGovf75orajw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/Z2S57soliueMTVEyGovf75orajw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z2S57soliueMTVEyGovf75orajw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4f:1a:44:21:a3:a5:a1:a4:e0:3e:69:c3:b7:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6764b9eeca258ae78c4d51321a8bdfef9a2b6a3c
        Validity
            Not Before: Jan  1 12:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21ab4e271051e01a8bb026065e057b5a9dd4dc4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:a1:58:9f:7b:ed:c0:73:3f:36:d5:6b:47:6d:
                    06:79:b3:f9:e5:3c:f9:2d:cb:ba:93:20:76:61:17:
                    fc:e0:f5:38:09:69:4c:33:f5:ef:10:c9:e5:e5:ef:
                    c8:b6:d7:fa:f6:aa:a0:70:71:c3:a4:85:58:e5:13:
                    8e:1c:cd:1a:d4:28:8b:0f:ab:be:b7:f9:0b:9f:06:
                    51:db:d2:bf:f3:46:b8:6d:b8:79:f4:03:1f:c3:72:
                    bb:07:7b:ba:31:ef:f3:d2:21:15:50:fa:1d:e9:b3:
                    d5:b8:01:f0:1d:aa:d9:09:45:4e:e2:0e:51:db:4f:
                    57:d2:0d:cb:d4:42:41:52:58:11:32:28:0b:6c:b6:
                    3c:94:7f:62:fd:f3:92:f1:00:98:26:08:b3:11:15:
                    1e:4b:b5:44:3d:b8:ed:01:53:95:d8:f0:6e:05:a5:
                    0b:66:73:cd:db:4d:87:92:10:0c:09:d5:81:08:88:
                    d0:0f:14:ef:94:6d:15:18:c4:20:8b:93:6e:74:0f:
                    2d:71:0f:90:74:59:b8:46:3c:fe:08:0e:2f:51:18:
                    cb:92:2d:3b:67:d7:f0:6e:b3:73:43:7b:cd:a8:9a:
                    34:75:b1:c2:4e:60:88:01:fa:06:4c:bf:89:35:9b:
                    8c:9d:71:93:f7:4a:60:2d:7f:88:0c:c8:cf:e0:43:
                    0a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:AB:4E:27:10:51:E0:1A:8B:B0:26:06:5E:05:7B:5A:9D:D4:DC:4A
            X509v3 Authority Key Identifier:
                keyid:67:64:B9:EE:CA:25:8A:E7:8C:4D:51:32:1A:8B:DF:EF:9A:2B:6A:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z2S57soliueMTVEyGovf75orajw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/IatOJxBR4BqLsCYGXgV7Wp3U3Eo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/Z2S57soliueMTVEyGovf75orajw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:49:5b:e9:bf:26:dd:a7:49:b6:d3:60:55:da:15:83:db:23:
         1a:fb:47:7b:54:74:a1:8b:95:97:1b:52:c4:b8:5a:2a:79:71:
         58:ca:82:fe:11:4e:38:58:8d:28:91:fa:5d:db:fe:1b:d4:11:
         90:59:a7:4e:be:c2:71:69:a5:0f:82:4d:1a:80:72:00:75:27:
         61:2c:de:a3:1e:48:b6:98:04:f4:d2:67:7a:da:76:56:76:96:
         0c:54:a4:55:94:ce:b1:ad:d9:72:a5:f0:94:9d:1a:de:6e:03:
         d2:d6:74:eb:9e:f8:a0:9f:55:5d:fd:0e:6a:1a:24:46:97:bb:
         d0:32:2d:f7:c5:79:8b:b8:d5:64:b5:56:75:ba:c2:17:d0:d9:
         32:72:b5:cb:44:1b:04:f6:e3:d8:9c:41:86:f8:31:c2:d3:ac:
         f8:e9:8b:e6:62:04:39:c9:cc:96:eb:7b:b5:c0:c1:4d:d3:3b:
         87:c0:fb:81:85:b7:06:b2:d3:d6:25:66:4f:20:76:54:d6:d4:
         7a:cd:7e:74:d0:ed:3a:26:5d:0d:ef:79:60:de:ef:d2:90:81:
         da:3b:fc:0b:ea:95:8d:70:87:3e:85:0e:72:29:c2:53:f5:0a:
         3f:ef:1b:a7:86:4c:45:cf:5e:89:21:9c:8e:84:f9:7e:2b:2f:
         00:b3:bd:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAU8aRCGjpaGk4D5pw7dDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NjRiOWVlY2EyNThhZTc4YzRkNTEzMjFhOGJkZmVmOWEy
YjZhM2MwHhcNMjQwMTAxMTIzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWFiNGUyNzEwNTFlMDFhOGJiMDI2MDY1ZTA1N2I1YTlkZDRkYzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqFYn3vtwHM/NtVrR20GebP55Tz5
Lcu6kyB2YRf84PU4CWlMM/XvEMnl5e/Ittf69qqgcHHDpIVY5ROOHM0a1CiLD6u+
t/kLnwZR29K/80a4bbh59AMfw3K7B3u6Me/z0iEVUPod6bPVuAHwHarZCUVO4g5R
209X0g3L1EJBUlgRMigLbLY8lH9i/fOS8QCYJgizERUeS7VEPbjtAVOV2PBuBaUL
ZnPN202HkhAMCdWBCIjQDxTvlG0VGMQgi5NudA8tcQ+QdFm4Rjz+CA4vURjLki07
Z9fwbrNzQ3vNqJo0dbHCTmCIAfoGTL+JNZuMnXGT90pgLX+IDMjP4EMKzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCGrTicQUeAai7AmBl4Fe1qd1NxKMB8GA1UdIwQY
MBaAFGdkue7KJYrnjE1RMhqL3++aK2o8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjJTNTdzb2xpdWVNVFZFeUdvdmY3NW9yYWp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9lMzMzNWYtNDExNC00NDgyLThlMTIt
NDI1NmE0NmFmZWVjLzEvSWF0T0p4QlI0QnFMc0NZR1hnVjdXcDNVM0VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9lMzMzNWYtNDExNC00NDgyLThlMTItNDI1NmE0NmFmZWVj
LzEvWjJTNTdzb2xpdWVNVFZFeUdvdmY3NW9yYWp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSRuMA0G
CSqGSIb3DQEBCwUAA4IBAQBUSVvpvybdp0m202BV2hWD2yMa+0d7VHShi5WXG1LE
uFoqeXFYyoL+EU44WI0okfpd2/4b1BGQWadOvsJxaaUPgk0agHIAdSdhLN6jHki2
mAT00md62nZWdpYMVKRVlM6xrdlypfCUnRrebgPS1nTrnvign1Vd/Q5qGiRGl7vQ
Mi33xXmLuNVktVZ1usIX0NkycrXLRBsE9uPYnEGG+DHC06z46YvmYgQ5ycyW63u1
wMFN0zuHwPuBhbcGstPWJWZPIHZU1tR6zX500O06Jl0N73lg3u/SkIHaO/wL6pWN
cIc+hQ5yKcJT9Qo/7xunhkxFz16JIZyOhPl+Ky8As71N
-----END CERTIFICATE-----