Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/393911-49a2-4a76-be14-f46d6ab3d326/1/Da5X95W7pkQcTBIOacD9YeenVO8.roa
File:                     Da5X95W7pkQcTBIOacD9YeenVO8.roa (raw, json)
Hash identifier:          eB29wDhKAM03UphqqDxmE/9pR7YtUET0iInvSbPvlZU=
Subject key identifier:   0D:AE:57:F7:95:BB:A6:44:1C:4C:12:0E:69:C0:FD:61:E7:A7:54:EF
Certificate issuer:       /CN=03c6cea2a80220361231b6afbbc8c8cdaa4fd517
Certificate serial:       018CC726E952F80746392D7B25F2B8401FDC
Authority key identifier: 03:C6:CE:A2:A8:02:20:36:12:31:B6:AF:BB:C8:C8:CD:AA:4F:D5:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A8bOoqgCIDYSMbavu8jIzapP1Rc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/393911-49a2-4a76-be14-f46d6ab3d326/1/Da5X95W7pkQcTBIOacD9YeenVO8.roa
Signing time:             Mon 01 Jan 2024 22:31:05 +0000
ROA not before:           Mon 01 Jan 2024 22:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.107.65.0/24 maxlen: 24
                          89.37.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/393911-49a2-4a76-be14-f46d6ab3d326/1/A8bOoqgCIDYSMbavu8jIzapP1Rc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/393911-49a2-4a76-be14-f46d6ab3d326/1/A8bOoqgCIDYSMbavu8jIzapP1Rc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A8bOoqgCIDYSMbavu8jIzapP1Rc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:e9:52:f8:07:46:39:2d:7b:25:f2:b8:40:1f:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03c6cea2a80220361231b6afbbc8c8cdaa4fd517
        Validity
            Not Before: Jan  1 22:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dae57f795bba6441c4c120e69c0fd61e7a754ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:71:68:02:ff:ee:47:17:4b:0e:00:5a:d5:7f:
                    0e:34:5e:53:dd:90:ef:28:da:86:48:10:a5:7f:5b:
                    74:95:cc:ae:00:dd:86:4d:7e:11:c3:84:e8:01:31:
                    db:4a:19:bb:c8:f7:07:a2:6f:50:f9:1c:50:67:b6:
                    a6:14:8d:13:e8:23:8d:ed:45:ca:3a:30:72:51:a2:
                    98:cb:a9:01:e9:4e:d7:1f:46:46:8c:3a:99:dd:a1:
                    0b:51:79:cc:67:63:f3:e9:7b:39:e1:83:cc:67:a8:
                    22:f9:6d:66:da:bf:59:92:9c:16:79:83:d8:da:8b:
                    aa:39:8b:83:98:be:29:cb:8c:f2:df:41:ab:3e:20:
                    16:40:c0:99:e1:ec:dc:49:9b:c1:c4:ea:c4:6b:44:
                    df:43:3e:c7:45:a7:16:96:2b:4a:69:77:af:bf:c7:
                    bc:65:8b:98:81:45:46:41:a0:fb:ae:c7:f0:9b:06:
                    e0:5a:41:be:75:4c:fe:08:3c:b1:b4:51:1c:07:6e:
                    83:c9:59:75:17:6a:d9:f5:2c:75:1b:11:e7:1f:f4:
                    b8:85:29:64:8e:97:09:12:29:f7:d4:0d:2f:0c:28:
                    bf:db:91:de:09:cc:53:d1:3d:ef:c5:09:ab:05:8d:
                    79:1c:7d:34:40:89:80:7e:0c:b6:09:8e:59:7a:95:
                    c4:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:AE:57:F7:95:BB:A6:44:1C:4C:12:0E:69:C0:FD:61:E7:A7:54:EF
            X509v3 Authority Key Identifier:
                keyid:03:C6:CE:A2:A8:02:20:36:12:31:B6:AF:BB:C8:C8:CD:AA:4F:D5:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A8bOoqgCIDYSMbavu8jIzapP1Rc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/393911-49a2-4a76-be14-f46d6ab3d326/1/Da5X95W7pkQcTBIOacD9YeenVO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/393911-49a2-4a76-be14-f46d6ab3d326/1/A8bOoqgCIDYSMbavu8jIzapP1Rc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.37.140.0/24
                  193.107.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:2a:ed:0b:27:40:4c:6d:be:9f:ee:09:38:6b:dc:e8:02:f3:
         7e:60:59:77:b7:d9:15:8c:5c:62:8c:31:7f:c5:cf:5a:72:f2:
         65:1c:b5:a5:42:94:aa:0e:f3:c4:bb:66:d1:29:5f:de:7e:1b:
         3b:d4:2e:af:86:f5:bf:56:56:4a:ac:1b:a5:72:5b:ce:e3:ad:
         94:ed:34:36:81:4c:90:83:bb:99:b9:41:b8:bb:70:86:20:74:
         b3:41:49:dd:0d:06:d3:40:3f:0a:a4:c7:1d:b4:4c:5a:5e:22:
         c9:a2:ad:97:48:f4:1b:b9:4d:93:ca:d8:b1:45:5f:e7:06:2f:
         e8:bc:04:bb:87:37:14:fa:04:1b:5d:c2:9a:e0:e7:b1:fe:b0:
         1f:49:b8:4f:00:87:a2:28:db:7f:4d:54:72:61:12:2d:04:99:
         02:07:66:e1:ee:a8:93:27:58:a7:4f:f3:2b:24:48:c9:6c:7d:
         58:e8:01:b8:66:a0:b4:88:6e:cc:88:b1:68:41:2b:6b:31:f0:
         3e:75:2b:71:93:a7:f1:e8:69:39:77:1c:3b:f0:51:2a:10:5d:
         f4:c0:d9:a5:b0:06:08:5d:fe:6c:d3:a5:f5:03:69:64:08:a3:
         13:d0:53:7c:97:54:29:13:5f:f8:dc:72:78:d1:69:ee:14:b3:
         23:33:62:ce
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJulS+AdGOS17JfK4QB/cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzYzZjZWEyYTgwMjIwMzYxMjMxYjZhZmJiYzhjOGNkYWE0
ZmQ1MTcwHhcNMjQwMTAxMjIzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGFlNTdmNzk1YmJhNjQ0MWM0YzEyMGU2OWMwZmQ2MWU3YTc1NGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXFoAv/uRxdLDgBa1X8ONF5T3ZDv
KNqGSBClf1t0lcyuAN2GTX4Rw4ToATHbShm7yPcHom9Q+RxQZ7amFI0T6CON7UXK
OjByUaKYy6kB6U7XH0ZGjDqZ3aELUXnMZ2Pz6Xs54YPMZ6gi+W1m2r9ZkpwWeYPY
2ouqOYuDmL4py4zy30GrPiAWQMCZ4ezcSZvBxOrEa0TfQz7HRacWlitKaXevv8e8
ZYuYgUVGQaD7rsfwmwbgWkG+dUz+CDyxtFEcB26DyVl1F2rZ9Sx1GxHnH/S4hSlk
jpcJEin31A0vDCi/25HeCcxT0T3vxQmrBY15HH00QImAfgy2CY5ZepXEvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA2uV/eVu6ZEHEwSDmnA/WHnp1TvMB8GA1UdIwQY
MBaAFAPGzqKoAiA2EjG2r7vIyM2qT9UXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQThiT29xZ0NJRFlTTWJhdnU4akl6YXBQMVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8zOTM5MTEtNDlhMi00YTc2LWJlMTQt
ZjQ2ZDZhYjNkMzI2LzEvRGE1WDk1Vzdwa1FjVEJJT2FjRDlZZWVuVk84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8zOTM5MTEtNDlhMi00YTc2LWJlMTQtZjQ2ZDZhYjNkMzI2
LzEvQThiT29xZ0NJRFlTTWJhdnU4akl6YXBQMVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSWMAwQA
wWtBMA0GCSqGSIb3DQEBCwUAA4IBAQA5Ku0LJ0BMbb6f7gk4a9zoAvN+YFl3t9kV
jFxijDF/xc9acvJlHLWlQpSqDvPEu2bRKV/efhs71C6vhvW/VlZKrBulclvO462U
7TQ2gUyQg7uZuUG4u3CGIHSzQUndDQbTQD8KpMcdtExaXiLJoq2XSPQbuU2Tytix
RV/nBi/ovAS7hzcU+gQbXcKa4Oex/rAfSbhPAIeiKNt/TVRyYRItBJkCB2bh7qiT
J1inT/MrJEjJbH1Y6AG4ZqC0iG7MiLFoQStrMfA+dStxk6fx6Gk5dxw78FEqEF30
wNmlsAYIXf5s06X1A2lkCKMT0FN8l1QpE1/43HJ40WnuFLMjM2LO
-----END CERTIFICATE-----