Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/CJhw2uQ6kIh-hQkWS_LqEwWMvvI.roa
File:                     CJhw2uQ6kIh-hQkWS_LqEwWMvvI.roa (raw, json)
Hash identifier:          eOIQ1U/F1ixm1NPSIhDFO51kDZW+pRCPCeft+RsFPm8=
Subject key identifier:   08:98:70:DA:E4:3A:90:88:7E:85:09:16:4B:F2:EA:13:05:8C:BE:F2
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64ADC5766A71FA1745711B4D393D15C
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/CJhw2uQ6kIh-hQkWS_LqEwWMvvI.roa
Signing time:             Mon 01 Jan 2024 18:30:43 +0000
ROA not before:           Mon 01 Jan 2024 18:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13181
IP address blocks:        193.230.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:dc:57:66:a7:1f:a1:74:57:11:b4:d3:93:d1:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=089870dae43a90887e8509164bf2ea13058cbef2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:4a:23:38:6a:e3:b6:60:23:82:3d:1f:a1:8a:
                    07:6c:81:90:2b:68:d5:ec:67:46:c5:3a:09:9f:97:
                    9c:1c:05:4b:bc:76:6c:79:a3:1f:10:77:61:74:e8:
                    97:60:cb:1a:df:b6:e6:24:13:0f:eb:72:1c:d2:12:
                    9c:0a:07:88:bf:d3:fa:26:79:e7:fb:61:c7:1e:fa:
                    33:5e:29:ef:a6:48:6a:28:cc:da:d6:a7:de:a5:2f:
                    54:55:11:69:01:6d:09:88:64:ac:bd:65:b5:1e:d7:
                    d5:a8:88:1b:6b:ad:b8:df:4e:ce:9f:99:79:39:b2:
                    14:bd:76:42:9c:0e:a2:d0:de:6e:e6:a9:17:46:27:
                    93:70:fc:7b:b7:fb:cd:6e:42:4e:00:d7:38:e4:2d:
                    23:04:75:65:86:7a:f8:3f:07:64:93:eb:69:1b:c2:
                    52:d1:61:67:2c:e0:1b:0d:af:5f:8a:bb:98:b6:22:
                    24:8b:44:e5:7c:f4:22:af:d5:f8:f9:3d:5e:91:93:
                    ce:d7:13:35:f9:6f:db:d6:6d:82:e8:7b:ac:46:0d:
                    78:b1:ed:1b:ee:25:ba:4a:79:e9:b5:30:b1:2e:f3:
                    4e:f5:e5:32:ea:32:4d:34:a3:0e:b7:95:58:ba:aa:
                    67:a4:f7:62:c5:ca:59:c7:4c:7c:bd:cb:ba:af:f4:
                    49:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:98:70:DA:E4:3A:90:88:7E:85:09:16:4B:F2:EA:13:05:8C:BE:F2
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/CJhw2uQ6kIh-hQkWS_LqEwWMvvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.230.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:75:92:eb:1e:10:b7:b6:24:6b:e9:7e:e1:c7:79:3e:55:6a:
         e2:c5:7c:f6:e5:07:ef:86:75:0e:c9:04:f6:cb:87:0b:94:7b:
         6f:82:03:ed:e5:18:95:01:54:eb:2c:98:64:d4:aa:4c:bb:25:
         79:31:33:86:aa:f4:17:63:cf:bd:04:ae:64:95:40:5b:b2:2c:
         0e:45:28:e2:40:1c:58:d9:64:3e:87:da:4d:4e:b7:53:b1:6c:
         2a:a3:0e:30:c5:58:e3:70:6a:10:ce:6b:e3:5f:fa:a4:8a:32:
         93:9f:76:98:58:83:d9:59:b2:39:30:c0:3e:ab:22:ec:94:af:
         67:34:05:67:e2:54:82:27:d0:66:53:bc:9b:c5:14:c6:7a:45:
         a3:a3:ca:a9:55:ce:c0:38:89:85:f5:c4:c8:95:ed:a2:d7:40:
         59:6d:ee:57:1f:51:e8:d6:ec:c8:e9:7b:9b:c8:a7:7f:b8:d9:
         5a:6b:ef:93:aa:b7:cc:f0:8a:16:a6:d6:83:52:e6:b3:5c:02:
         91:6c:56:74:d5:9c:50:d1:d6:1d:4b:3f:a2:ec:b3:b7:96:68:
         9f:46:43:f6:12:08:92:8b:84:47:98:76:40:2d:a9:81:8f:80:
         13:86:12:0b:e5:da:ee:f2:09:c4:7f:d6:36:24:74:56:d9:c3:
         9b:80:10:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGStxXZqcfoXRXEbTTk9FcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODk4NzBkYWU0M2E5MDg4N2U4NTA5MTY0YmYyZWExMzA1OGNiZWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUojOGrjtmAjgj0foYoHbIGQK2jV
7GdGxToJn5ecHAVLvHZseaMfEHdhdOiXYMsa37bmJBMP63Ic0hKcCgeIv9P6Jnnn
+2HHHvozXinvpkhqKMza1qfepS9UVRFpAW0JiGSsvWW1HtfVqIgba624307On5l5
ObIUvXZCnA6i0N5u5qkXRieTcPx7t/vNbkJOANc45C0jBHVlhnr4Pwdkk+tpG8JS
0WFnLOAbDa9firuYtiIki0TlfPQir9X4+T1ekZPO1xM1+W/b1m2C6HusRg14se0b
7iW6SnnptTCxLvNO9eUy6jJNNKMOt5VYuqpnpPdixcpZx0x8vcu6r/RJrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAiYcNrkOpCIfoUJFkvy6hMFjL7yMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvQ0podzJ1UTZrSWgtaFFrV1NfTHFFd1dNdnZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwea/MA0G
CSqGSIb3DQEBCwUAA4IBAQBzdZLrHhC3tiRr6X7hx3k+VWrixXz25QfvhnUOyQT2
y4cLlHtvggPt5RiVAVTrLJhk1KpMuyV5MTOGqvQXY8+9BK5klUBbsiwORSjiQBxY
2WQ+h9pNTrdTsWwqow4wxVjjcGoQzmvjX/qkijKTn3aYWIPZWbI5MMA+qyLslK9n
NAVn4lSCJ9BmU7ybxRTGekWjo8qpVc7AOImF9cTIle2i10BZbe5XH1Ho1uzI6Xub
yKd/uNlaa++TqrfM8IoWptaDUuazXAKRbFZ01ZxQ0dYdSz+i7LO3lmifRkP2EgiS
i4RHmHZALamBj4AThhIL5dru8gnEf9Y2JHRW2cObgBCQ
-----END CERTIFICATE-----