Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/6R_RRxsxiQsvDxqL9oibXIHhyWQ.roa
File:                     6R_RRxsxiQsvDxqL9oibXIHhyWQ.roa (raw, json)
Hash identifier:          L2JVMCui1eP6aTE9qQ9GsfVKmjGvbLdgdaGmNYAYbtk=
Subject key identifier:   E9:1F:D1:47:1B:31:89:0B:2F:0F:1A:8B:F6:88:9B:5C:81:E1:C9:64
Certificate issuer:       /CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
Certificate serial:       018CC6B9363A0BC10BB4BD5B99EF975B5227
Authority key identifier: 82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/6R_RRxsxiQsvDxqL9oibXIHhyWQ.roa
Signing time:             Mon 01 Jan 2024 20:31:15 +0000
ROA not before:           Mon 01 Jan 2024 20:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     11426
IP address blocks:        193.31.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 02:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:36:3a:0b:c1:0b:b4:bd:5b:99:ef:97:5b:52:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
        Validity
            Not Before: Jan  1 20:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e91fd1471b31890b2f0f1a8bf6889b5c81e1c964
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:21:45:07:28:7e:bd:ad:fd:26:01:e4:9d:9c:
                    3b:b2:08:82:1e:95:60:b8:c3:6d:ab:c9:8f:a1:39:
                    d1:aa:67:b3:58:0e:84:31:d5:7b:87:c1:ad:72:ea:
                    a6:6e:dc:2c:e3:99:08:ad:ff:20:e0:84:b8:60:80:
                    b1:e1:41:21:c9:86:f4:8c:b6:df:6e:a3:26:c6:61:
                    98:4d:20:8c:6a:b3:a4:07:4a:f5:65:44:34:ec:13:
                    04:8e:b8:6b:3b:46:d9:e8:ef:c5:32:4a:a8:7c:73:
                    b8:7f:a8:37:81:e7:cc:fb:38:7d:e6:07:c1:54:92:
                    48:f5:02:cf:0a:b4:ba:a4:46:1e:55:ff:a9:30:62:
                    ce:fe:55:43:b2:a9:09:46:01:c2:6c:c3:a7:a6:c2:
                    55:f2:fd:55:8a:7c:32:b7:09:0f:5c:a4:01:61:a3:
                    73:07:6d:fa:e7:4d:24:d1:3c:69:b4:1b:a6:36:ee:
                    02:b1:93:3f:33:88:f6:3d:b4:9f:e9:5e:f0:e0:47:
                    91:7f:81:31:be:54:17:bc:8d:3d:48:08:4e:fa:ae:
                    3c:65:98:04:63:de:c7:c9:7e:a4:e0:92:66:4f:d9:
                    7e:27:ce:5c:e8:4a:8c:7e:10:22:0a:9d:ba:57:d4:
                    10:bd:3d:6f:b6:38:ab:7f:48:74:d9:5f:05:b7:71:
                    ef:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:1F:D1:47:1B:31:89:0B:2F:0F:1A:8B:F6:88:9B:5C:81:E1:C9:64
            X509v3 Authority Key Identifier:
                keyid:82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/6R_RRxsxiQsvDxqL9oibXIHhyWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:d4:ff:81:b6:f4:c5:d5:a5:43:dc:23:3d:71:b5:63:44:39:
         16:15:12:7a:70:0b:b9:3b:d7:af:de:32:3d:95:32:e1:66:32:
         d6:dc:f8:9d:c0:dd:ae:e1:e0:5e:0e:20:09:16:25:9d:5d:92:
         13:32:83:cd:58:28:8a:ea:78:1f:c7:c2:94:6e:33:41:7d:66:
         c8:22:f0:c0:d3:75:33:83:6c:ba:df:c2:75:19:4e:d4:e4:94:
         d8:2c:1d:88:f1:1b:f1:08:be:4d:3c:9d:1e:2e:1b:ab:75:fe:
         36:ac:e1:9f:f0:61:c7:59:b7:8b:d9:f7:48:0b:0b:06:c4:44:
         45:3d:99:5b:95:b5:dd:10:1f:11:37:ba:ff:38:b2:68:34:2e:
         51:91:33:08:c0:63:fe:a4:ec:5b:be:72:b2:d0:35:d6:03:71:
         e5:2e:64:51:cc:bc:5d:f3:fc:5d:e9:4a:e3:33:69:da:6d:67:
         c6:55:2d:f5:cd:ed:e3:b7:56:04:cc:60:b4:75:ca:2a:51:ef:
         c5:72:ab:c6:d5:52:f1:af:9a:54:1b:44:72:be:3f:6d:ba:b5:
         71:44:8b:b1:d5:9d:95:07:c9:18:a7:11:2d:43:88:13:d3:0e:
         56:c7:c6:9d:ce:6c:7c:51:33:8d:83:65:60:37:be:70:b3:0a:
         33:79:4d:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuTY6C8ELtL1bme+XW1InMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMWEzZjIxZmIwYzI5NGQ2ZDRhNTI5YjJmMWRiZDRiZDEx
MTliZDcwHhcNMjQwMTAxMjAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTFmZDE0NzFiMzE4OTBiMmYwZjFhOGJmNjg4OWI1YzgxZTFjOTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhyFFByh+va39JgHknZw7sgiCHpVg
uMNtq8mPoTnRqmezWA6EMdV7h8Gtcuqmbtws45kIrf8g4IS4YICx4UEhyYb0jLbf
bqMmxmGYTSCMarOkB0r1ZUQ07BMEjrhrO0bZ6O/FMkqofHO4f6g3gefM+zh95gfB
VJJI9QLPCrS6pEYeVf+pMGLO/lVDsqkJRgHCbMOnpsJV8v1VinwytwkPXKQBYaNz
B236500k0TxptBumNu4CsZM/M4j2PbSf6V7w4EeRf4ExvlQXvI09SAhO+q48ZZgE
Y97HyX6k4JJmT9l+J85c6EqMfhAiCp26V9QQvT1vtjirf0h02V8Ft3Hv4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOkf0UcbMYkLLw8ai/aIm1yB4clkMB8GA1UdIwQY
MBaAFIIaPyH7DClNbUpSmy8dvUvREZvXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMt
YjZmMmFjODZlZjI3LzEvNlJfUlJ4c3hpUXN2RHhxTDlvaWJYSUhoeVdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMtYjZmMmFjODZlZjI3
LzEvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR9KMA0G
CSqGSIb3DQEBCwUAA4IBAQAz1P+BtvTF1aVD3CM9cbVjRDkWFRJ6cAu5O9ev3jI9
lTLhZjLW3PidwN2u4eBeDiAJFiWdXZITMoPNWCiK6ngfx8KUbjNBfWbIIvDA03Uz
g2y638J1GU7U5JTYLB2I8RvxCL5NPJ0eLhurdf42rOGf8GHHWbeL2fdICwsGxERF
PZlblbXdEB8RN7r/OLJoNC5RkTMIwGP+pOxbvnKy0DXWA3HlLmRRzLxd8/xd6Urj
M2nabWfGVS31ze3jt1YEzGC0dcoqUe/FcqvG1VLxr5pUG0Ryvj9turVxRIux1Z2V
B8kYpxEtQ4gT0w5Wx8adzmx8UTONg2VgN75wswozeU32
-----END CERTIFICATE-----