Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/0136Ktx7ao0ZPmH4PZCYfqHhXJQ.roa
File:                     0136Ktx7ao0ZPmH4PZCYfqHhXJQ.roa (raw, json)
Hash identifier:          XsISwtz1SXk6k88U3U84e8uiMcoslTVXQb6jxPgBLGw=
Subject key identifier:   D3:5D:FA:2A:DC:7B:6A:8D:19:3E:61:F8:3D:90:98:7E:A1:E1:5C:94
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64AECA0C2077804ED57E93D3B035D7D
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/0136Ktx7ao0ZPmH4PZCYfqHhXJQ.roa
Signing time:             Mon 01 Jan 2024 18:30:48 +0000
ROA not before:           Mon 01 Jan 2024 18:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50252
IP address blocks:        193.226.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:ec:a0:c2:07:78:04:ed:57:e9:3d:3b:03:5d:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d35dfa2adc7b6a8d193e61f83d90987ea1e15c94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:11:bd:b8:7b:c9:d6:2b:6b:bf:8a:2e:f8:e6:
                    71:c2:b5:52:89:45:31:c3:31:65:5f:d1:fd:1f:db:
                    47:68:b1:6b:32:2f:f0:7b:cc:ca:45:d1:ed:11:68:
                    da:f4:f1:80:ee:9a:c0:79:1c:9f:75:40:e6:0e:25:
                    57:5c:8c:cc:97:bb:f5:2b:e2:ef:94:91:92:0a:a9:
                    66:18:4b:45:b4:0f:00:79:4f:58:01:5d:03:c7:d7:
                    36:64:f4:a1:c2:92:e8:27:38:87:2b:78:b6:93:ae:
                    81:52:a7:46:09:fb:5a:af:a3:15:48:2d:5e:a1:ce:
                    27:17:21:00:e9:b6:98:19:24:34:4b:69:67:91:39:
                    ad:e3:de:08:50:f1:5b:bb:52:ec:90:cd:43:3e:64:
                    1e:b0:fb:04:3d:6c:78:99:15:67:9e:fc:fb:b5:ea:
                    b4:cf:29:5e:36:b1:7c:b9:78:9d:51:ec:8f:04:f0:
                    70:42:2e:ae:0b:7c:4c:13:25:08:03:b6:5b:56:d4:
                    03:4f:7b:a9:5d:81:c9:32:92:56:9c:05:9a:c5:73:
                    8e:8a:75:5e:42:ac:dd:42:18:45:23:89:a1:0d:e1:
                    f9:73:50:31:fe:21:3b:44:31:af:fc:a5:82:99:b6:
                    9f:6b:8c:06:5b:6d:87:40:15:43:5c:55:b2:f6:01:
                    c2:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:5D:FA:2A:DC:7B:6A:8D:19:3E:61:F8:3D:90:98:7E:A1:E1:5C:94
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/0136Ktx7ao0ZPmH4PZCYfqHhXJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.226.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:c1:91:f4:3b:f6:e4:0e:d9:e8:10:d2:76:02:76:3c:d2:83:
         bd:aa:79:f7:98:31:16:aa:0b:c9:f1:f6:02:c0:dd:4d:d1:e3:
         f6:0f:f5:c0:c9:44:31:01:a8:fc:cb:68:4c:ef:d8:fc:91:78:
         d1:1a:da:5b:ba:01:1d:69:a8:cf:51:7a:3b:fb:1a:4b:15:f5:
         cb:b2:20:e2:cd:44:5b:b6:6d:e7:29:6f:e2:33:b5:c4:e9:15:
         4d:0b:36:b0:5f:62:31:5a:70:06:1b:b2:7b:05:0e:f7:cf:e1:
         fe:fa:85:29:75:df:62:12:8b:4b:8d:08:9c:2c:1a:d9:23:68:
         b7:fc:a1:0e:5c:f5:39:37:63:5c:03:64:2d:33:36:65:76:6f:
         76:16:6c:34:ff:8b:7c:f1:7e:82:8b:1d:dd:56:86:71:5b:07:
         c8:0a:9f:af:80:4a:e5:b6:c5:fd:e6:d8:82:be:90:d1:85:eb:
         34:f6:7c:f2:05:3a:e4:39:b0:b2:1d:df:ce:ca:1e:d7:ce:45:
         ee:e4:8c:2e:9b:0a:ec:fe:86:66:a4:bb:61:12:8f:54:c8:5e:
         36:a7:31:f8:6f:5f:91:db:43:d8:9d:8a:53:c4:e4:6c:7f:5f:
         1a:6a:e3:10:2e:e1:bb:57:97:74:16:c7:f8:f9:2d:88:24:5d:
         cc:cf:1d:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSuygwgd4BO1X6T07A119MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzVkZmEyYWRjN2I2YThkMTkzZTYxZjgzZDkwOTg3ZWExZTE1Yzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkBG9uHvJ1itrv4ou+OZxwrVSiUUx
wzFlX9H9H9tHaLFrMi/we8zKRdHtEWja9PGA7prAeRyfdUDmDiVXXIzMl7v1K+Lv
lJGSCqlmGEtFtA8AeU9YAV0Dx9c2ZPShwpLoJziHK3i2k66BUqdGCftar6MVSC1e
oc4nFyEA6baYGSQ0S2lnkTmt494IUPFbu1LskM1DPmQesPsEPWx4mRVnnvz7teq0
zyleNrF8uXidUeyPBPBwQi6uC3xMEyUIA7ZbVtQDT3upXYHJMpJWnAWaxXOOinVe
QqzdQhhFI4mhDeH5c1Ax/iE7RDGv/KWCmbafa4wGW22HQBVDXFWy9gHCYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNd+irce2qNGT5h+D2QmH6h4VyUMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvMDEzNkt0eDdhbzBaUG1INFBaQ1lmcUhoWEpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweJ5MA0G
CSqGSIb3DQEBCwUAA4IBAQCmwZH0O/bkDtnoENJ2AnY80oO9qnn3mDEWqgvJ8fYC
wN1N0eP2D/XAyUQxAaj8y2hM79j8kXjRGtpbugEdaajPUXo7+xpLFfXLsiDizURb
tm3nKW/iM7XE6RVNCzawX2IxWnAGG7J7BQ73z+H++oUpdd9iEotLjQicLBrZI2i3
/KEOXPU5N2NcA2QtMzZldm92Fmw0/4t88X6Cix3dVoZxWwfICp+vgErltsX95tiC
vpDRhes09nzyBTrkObCyHd/Oyh7XzkXu5Iwumwrs/oZmpLthEo9UyF42pzH4b1+R
20PYnYpTxORsf18aauMQLuG7V5d0Fsf4+S2IJF3Mzx0m
-----END CERTIFICATE-----