Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/1-0B6G1gloVUzJq6J9JV7WeYNf6U.roa
File:                     1-0B6G1gloVUzJq6J9JV7WeYNf6U.roa (raw, json)
Hash identifier:          WN7ERB+Onh+aNP0h29uYCxwdyV8QR943VB7F//iD8DQ=
Subject key identifier:   FB:40:7A:1B:58:25:A1:55:33:26:AE:89:F4:95:7B:59:E6:0D:7F:A5
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       01927CB950F298060CE11724E77A43CFFEA9
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/1-0B6G1gloVUzJq6J9JV7WeYNf6U.roa
Signing time:             Fri 11 Oct 2024 17:56:12 +0000
ROA not before:           Fri 11 Oct 2024 17:56:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47388
IP address blocks:        80.96.217.0/24 maxlen: 24
                          80.97.16.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7c:b9:50:f2:98:06:0c:e1:17:24:e7:7a:43:cf:fe:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Oct 11 17:56:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb407a1b5825a1553326ae89f4957b59e60d7fa5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:fa:64:1d:3d:ce:42:4f:7a:cc:6a:6f:59:d4:
                    b6:42:e7:98:3f:ba:b5:cc:4d:fb:37:54:f8:71:10:
                    4d:8e:06:4e:f7:a0:e1:2c:42:05:75:b4:6d:62:07:
                    87:3e:14:61:47:9b:63:a7:a6:3c:35:80:e9:8d:03:
                    b1:1c:1e:87:41:f6:25:99:68:74:27:f7:1c:58:81:
                    57:03:95:ca:74:d7:05:b6:49:9b:eb:a8:39:6a:2d:
                    d3:3b:83:f9:7c:07:45:a7:43:82:47:af:8b:f9:a3:
                    a3:d3:d5:0a:89:13:6d:f3:c3:a1:6c:e0:12:ba:8d:
                    c7:0f:39:a8:4d:d1:02:bf:f4:41:1e:ce:8f:08:af:
                    1a:4c:f8:52:40:5e:6f:4c:59:7c:64:7c:5e:9d:d3:
                    9d:96:8a:7a:bf:36:91:61:34:85:f1:a2:98:2c:fe:
                    01:1c:3e:de:fd:55:93:e4:34:e9:b7:06:51:14:23:
                    80:14:5e:1d:ac:24:56:6d:66:e4:66:e0:95:ae:20:
                    aa:ce:ee:f8:40:e0:2f:85:cd:95:0d:98:75:6b:8b:
                    34:07:2c:79:d5:f4:42:0e:db:84:85:d3:14:8d:15:
                    1e:81:0b:57:7c:82:16:b4:bd:54:a1:64:2a:81:c0:
                    7d:ff:89:e3:0e:90:5d:06:f5:dd:7a:2b:5f:61:89:
                    d6:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:40:7A:1B:58:25:A1:55:33:26:AE:89:F4:95:7B:59:E6:0D:7F:A5
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/1-0B6G1gloVUzJq6J9JV7WeYNf6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.96.217.0/24
                  80.97.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4a:ea:8b:83:23:fe:7b:31:f3:d1:4d:a3:e1:e1:e5:05:b9:eb:
         74:0f:13:17:6d:b3:7b:33:bb:09:56:79:fc:d1:43:c4:01:9d:
         26:94:b5:e8:2f:29:ce:e9:8b:c7:3f:84:ea:56:30:a2:a8:e7:
         91:da:bf:89:5b:cd:22:7d:3d:67:e7:37:de:d8:90:4b:f6:25:
         af:eb:6c:f1:e1:12:49:12:53:b2:2e:80:14:3a:65:50:e5:b4:
         0a:5a:da:26:43:fe:8d:08:c3:7c:2f:a1:51:ef:d0:08:6a:60:
         42:17:98:22:ce:aa:8e:a8:9a:b8:ac:5c:f7:91:2f:e9:e5:82:
         e9:bc:a1:12:1b:b2:f7:47:78:a4:91:bb:41:67:70:43:48:0a:
         92:eb:20:dd:86:2f:08:32:0a:d6:47:ef:f8:dc:8f:91:24:8d:
         97:11:ae:d2:88:27:17:60:11:11:8b:d4:38:d2:44:ec:5f:01:
         26:ae:8e:f2:97:16:a6:f4:d7:f8:a9:08:97:85:6f:2b:e9:57:
         1b:38:13:ae:3d:26:47:d6:55:50:9a:c5:d0:dd:f8:b0:c3:df:
         d4:b8:fe:64:af:71:59:d9:8a:79:cb:87:1b:8c:ac:ce:56:da:
         a9:e6:18:73:f2:30:96:b1:cd:91:c4:68:eb:53:e2:7e:8e:d1:
         59:0f:d2:6d
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZJ8uVDymAYM4Rck53pDz/6pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQxMDExMTc1NjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjQwN2ExYjU4MjVhMTU1MzMyNmFlODlmNDk1N2I1OWU2MGQ3ZmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvpkHT3OQk96zGpvWdS2QueYP7q1
zE37N1T4cRBNjgZO96DhLEIFdbRtYgeHPhRhR5tjp6Y8NYDpjQOxHB6HQfYlmWh0
J/ccWIFXA5XKdNcFtkmb66g5ai3TO4P5fAdFp0OCR6+L+aOj09UKiRNt88OhbOAS
uo3HDzmoTdECv/RBHs6PCK8aTPhSQF5vTFl8ZHxendOdlop6vzaRYTSF8aKYLP4B
HD7e/VWT5DTptwZRFCOAFF4drCRWbWbkZuCVriCqzu74QOAvhc2VDZh1a4s0Byx5
1fRCDtuEhdMUjRUegQtXfIIWtL1UoWQqgcB9/4njDpBdBvXdeitfYYnWhQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPtAehtYJaFVMyauifSVe1nmDX+lMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvMS0wQjZHMWdsb1ZVekpxNko5SlY3V2VZTmY2VS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTUvNzE5M2RiLTdmODUtNDJiYi1iMDlhLWY1MmM0N2MyMjVk
Yi8xL01ZTjRXUmJObU5mSGNOYUZGRlNacUtDaFZ5SS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAFBg2QME
AlBhEDANBgkqhkiG9w0BAQsFAAOCAQEASuqLgyP+ezHz0U2j4eHlBbnrdA8TF22z
ezO7CVZ5/NFDxAGdJpS16C8pzumLxz+E6lYwoqjnkdq/iVvNIn09Z+c33tiQS/Yl
r+ts8eESSRJTsi6AFDplUOW0ClraJkP+jQjDfC+hUe/QCGpgQheYIs6qjqiauKxc
95Ev6eWC6byhEhuy90d4pJG7QWdwQ0gKkusg3YYvCDIK1kfv+NyPkSSNlxGu0ogn
F2AREYvUONJE7F8BJq6O8pcWpvTX+KkIl4VvK+lXGzgTrj0mR9ZVUJrF0N34sMPf
1Lj+ZK9xWdmKecuHG4yszlbaqeYYc/IwlrHNkcRo61Pifo7RWQ/SbQ==
-----END CERTIFICATE-----