Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/3WhVsfaNVIVBj8CdrjfVEcJDD4s.roa
File:                     3WhVsfaNVIVBj8CdrjfVEcJDD4s.roa (raw, json)
Hash identifier:          cIKmgHWgEvrrogHf4ghsyRcylp7pMz89ILZa84yFUv0=
Subject key identifier:   DD:68:55:B1:F6:8D:54:85:41:8F:C0:9D:AE:37:D5:11:C2:43:0F:8B
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64AF5EF6841973DBEC29C12FD8CD7B2
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/3WhVsfaNVIVBj8CdrjfVEcJDD4s.roa
Signing time:             Mon 01 Jan 2024 18:30:50 +0000
ROA not before:           Mon 01 Jan 2024 18:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205859
IP address blocks:        193.231.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f5:ef:68:41:97:3d:be:c2:9c:12:fd:8c:d7:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd6855b1f68d5485418fc09dae37d511c2430f8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:24:eb:4e:b9:71:60:86:31:7d:70:06:1a:10:
                    84:5d:f5:01:7d:a5:2a:69:b1:1e:1f:db:22:eb:3d:
                    9e:da:e8:f5:8d:41:93:ab:18:5c:d9:d5:f8:9a:dc:
                    0e:7e:b5:d6:40:94:5d:3b:4c:5b:9b:7d:24:9c:8b:
                    e6:9a:2f:2a:89:25:63:ba:81:1e:ed:78:c3:1a:85:
                    dc:40:7d:82:bd:fc:62:40:3c:46:ac:54:ea:4a:e0:
                    03:5b:a7:4f:1d:46:af:2d:ef:08:70:74:23:b0:b9:
                    d3:37:e1:6c:07:67:04:50:45:d5:13:4f:d2:d6:6d:
                    b2:75:1f:44:47:65:63:66:94:81:06:33:a2:0c:ae:
                    8a:d9:b0:a0:37:b8:f0:b4:5b:06:d7:a9:3a:e9:5b:
                    76:f6:17:02:a9:42:9f:4e:d4:4e:c1:44:4b:23:d2:
                    91:e9:21:6e:0b:d2:5b:01:18:35:6b:db:be:50:64:
                    e7:70:cb:40:f8:23:4d:8d:c5:8e:43:65:0a:ee:71:
                    df:ef:a3:f0:12:9f:56:79:6d:46:ff:6d:94:32:3e:
                    db:08:55:ab:13:f1:3f:49:ea:43:2e:ac:fc:0b:76:
                    e8:7e:8f:d8:9f:77:c2:a7:e5:2b:6f:a9:58:f3:92:
                    99:34:a8:4f:47:94:8c:d1:04:73:64:d7:63:e8:c1:
                    36:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:68:55:B1:F6:8D:54:85:41:8F:C0:9D:AE:37:D5:11:C2:43:0F:8B
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/3WhVsfaNVIVBj8CdrjfVEcJDD4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.231.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:ae:63:b1:59:3d:da:2b:db:d3:97:ef:70:03:59:d0:e5:3c:
         b2:9c:0d:7c:8b:04:3d:3b:83:69:83:17:1f:b6:af:a0:1a:0c:
         8e:8b:7e:c9:47:41:1d:ad:2e:1e:e2:e2:fe:1b:51:03:d5:93:
         de:db:de:0e:c2:55:37:cd:27:58:34:b8:d7:7c:06:51:58:e0:
         75:8b:95:c1:6a:1d:d9:b7:5f:92:7e:ec:b1:71:35:02:50:48:
         7b:86:69:19:a3:c7:b6:12:c7:de:f1:4f:29:0b:1b:41:b9:76:
         87:99:81:bb:86:8b:7a:d7:ae:0f:38:bc:b1:28:24:8c:10:9f:
         63:96:4a:08:c8:e5:7c:e8:ce:64:b3:49:40:5d:12:59:16:9c:
         8d:d7:50:a7:69:f2:37:e0:fa:f7:59:3f:ef:87:ae:e6:94:37:
         d3:bd:0c:dc:0a:61:98:b2:dd:33:81:6e:ac:88:7a:b9:44:35:
         57:d8:97:1c:44:71:f8:ec:e5:75:f7:f4:75:d2:c1:e2:e1:61:
         2f:ee:6d:be:00:31:e3:cf:f8:25:41:f2:11:a4:46:2e:9b:0d:
         c0:c6:e7:11:97:af:db:b2:92:6c:40:2c:8c:e0:b1:b6:7f:66:
         dd:44:2e:bf:6c:d2:8e:e6:2c:35:77:a1:96:d2:61:41:4f:bf:
         7a:5e:62:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSvXvaEGXPb7CnBL9jNeyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDY4NTViMWY2OGQ1NDg1NDE4ZmMwOWRhZTM3ZDUxMWMyNDMwZjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCTrTrlxYIYxfXAGGhCEXfUBfaUq
abEeH9si6z2e2uj1jUGTqxhc2dX4mtwOfrXWQJRdO0xbm30knIvmmi8qiSVjuoEe
7XjDGoXcQH2CvfxiQDxGrFTqSuADW6dPHUavLe8IcHQjsLnTN+FsB2cEUEXVE0/S
1m2ydR9ER2VjZpSBBjOiDK6K2bCgN7jwtFsG16k66Vt29hcCqUKfTtROwURLI9KR
6SFuC9JbARg1a9u+UGTncMtA+CNNjcWOQ2UK7nHf76PwEp9WeW1G/22UMj7bCFWr
E/E/SepDLqz8C3bofo/Yn3fCp+Urb6lY85KZNKhPR5SM0QRzZNdj6ME2uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1oVbH2jVSFQY/Ana431RHCQw+LMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvM1doVnNmYU5WSVZCajhDZHJqZlZFY0pERDRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweehMA0G
CSqGSIb3DQEBCwUAA4IBAQC6rmOxWT3aK9vTl+9wA1nQ5TyynA18iwQ9O4Npgxcf
tq+gGgyOi37JR0EdrS4e4uL+G1ED1ZPe294OwlU3zSdYNLjXfAZRWOB1i5XBah3Z
t1+SfuyxcTUCUEh7hmkZo8e2Esfe8U8pCxtBuXaHmYG7hot6164POLyxKCSMEJ9j
lkoIyOV86M5ks0lAXRJZFpyN11CnafI34Pr3WT/vh67mlDfTvQzcCmGYst0zgW6s
iHq5RDVX2JccRHH47OV19/R10sHi4WEv7m2+ADHjz/glQfIRpEYumw3AxucRl6/b
spJsQCyM4LG2f2bdRC6/bNKO5iw1d6GW0mFBT796XmJz
-----END CERTIFICATE-----