Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/074853-21ee-42d9-b3b5-d2ecb6473b23/1/N5G9BmN7ZOewET3Lxo3Z2xln48s.roa
File:                     N5G9BmN7ZOewET3Lxo3Z2xln48s.roa (raw, json)
Hash identifier:          t/wioB6dyp/21IOD8JSxrTW1VZFFRj0EGs1R5hj+OTo=
Subject key identifier:   37:91:BD:06:63:7B:64:E7:B0:11:3D:CB:C6:8D:D9:DB:19:67:E3:CB
Certificate issuer:       /CN=9126b19f0e954dcf5816fdf371694b784dd7f366
Certificate serial:       018CC94E32E14B9CD2F06BE4A2E35C9061E3
Authority key identifier: 91:26:B1:9F:0E:95:4D:CF:58:16:FD:F3:71:69:4B:78:4D:D7:F3:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kSaxnw6VTc9YFv3zcWlLeE3X82Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/074853-21ee-42d9-b3b5-d2ecb6473b23/1/N5G9BmN7ZOewET3Lxo3Z2xln48s.roa
Signing time:             Tue 02 Jan 2024 08:33:14 +0000
ROA not before:           Tue 02 Jan 2024 08:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15879
IP address blocks:        193.105.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/074853-21ee-42d9-b3b5-d2ecb6473b23/1/kSaxnw6VTc9YFv3zcWlLeE3X82Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/074853-21ee-42d9-b3b5-d2ecb6473b23/1/kSaxnw6VTc9YFv3zcWlLeE3X82Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kSaxnw6VTc9YFv3zcWlLeE3X82Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:32:e1:4b:9c:d2:f0:6b:e4:a2:e3:5c:90:61:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9126b19f0e954dcf5816fdf371694b784dd7f366
        Validity
            Not Before: Jan  2 08:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3791bd06637b64e7b0113dcbc68dd9db1967e3cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:31:9e:be:79:3b:da:e5:e0:cf:73:40:7c:6f:
                    51:6d:60:ca:e1:68:e5:f6:6b:88:61:07:d0:8d:b7:
                    09:7a:7a:d2:37:95:b7:a5:ca:b5:fb:3a:57:cf:4f:
                    8b:99:a7:23:da:74:fb:4c:fe:2f:d7:6b:93:8a:f0:
                    e1:47:1b:51:c8:8f:7c:b9:af:d7:d6:7e:e9:a4:12:
                    6e:87:70:83:05:ae:6b:ae:9b:7f:ea:90:fd:f7:9c:
                    b3:5c:a4:2e:8e:4c:ee:76:71:ba:70:f9:b0:64:45:
                    07:44:86:b8:f5:1e:51:66:25:72:1d:49:11:fa:35:
                    3f:8e:0f:2c:84:9c:1d:13:5f:f8:f2:2a:2d:00:e5:
                    e7:b5:d3:8d:50:e7:27:76:19:0c:18:e2:96:bc:db:
                    51:ed:61:1e:2c:ae:c0:13:3e:98:9a:1e:fe:c6:91:
                    c7:c3:9b:3f:64:af:af:ad:d0:49:1e:82:51:18:08:
                    e3:ac:d9:a3:17:df:af:63:4f:0f:78:26:df:03:dc:
                    d1:96:10:92:41:c1:2e:67:38:21:d4:e7:be:ec:5f:
                    0b:e4:63:e1:c0:00:75:35:59:f5:a2:7c:ef:b4:be:
                    cd:20:fa:88:8c:e4:1b:62:46:e8:18:ce:1c:17:46:
                    2b:1a:d6:d8:7f:9a:8a:36:ac:24:6c:b2:82:49:08:
                    3e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:91:BD:06:63:7B:64:E7:B0:11:3D:CB:C6:8D:D9:DB:19:67:E3:CB
            X509v3 Authority Key Identifier:
                keyid:91:26:B1:9F:0E:95:4D:CF:58:16:FD:F3:71:69:4B:78:4D:D7:F3:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kSaxnw6VTc9YFv3zcWlLeE3X82Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/074853-21ee-42d9-b3b5-d2ecb6473b23/1/N5G9BmN7ZOewET3Lxo3Z2xln48s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/074853-21ee-42d9-b3b5-d2ecb6473b23/1/kSaxnw6VTc9YFv3zcWlLeE3X82Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:bb:cc:c6:ce:1f:1f:b5:66:5e:82:c5:2a:66:b2:af:8e:eb:
         86:cc:51:7b:f6:e1:30:62:e0:71:b8:47:c1:f4:d4:e6:cf:5a:
         5e:26:63:99:73:a7:31:f6:61:4c:ff:a9:22:78:38:43:95:25:
         ff:5f:f1:72:2a:11:f7:33:03:cc:df:1f:38:10:73:61:bd:7c:
         b1:f6:9a:0d:bf:ca:b2:ff:3c:46:87:4c:4b:d8:b8:b3:6d:dd:
         c4:5d:5e:90:a5:11:aa:ef:8e:64:32:85:77:4c:28:72:52:0d:
         78:9c:af:d0:9f:27:10:b6:c2:44:40:49:70:20:39:4b:eb:28:
         a8:df:a2:89:ad:76:0f:cb:e8:b2:4c:47:40:8a:cb:3a:a5:8e:
         ad:91:9c:2a:ab:2d:09:e0:4e:f0:01:0c:b9:fa:01:49:1e:6c:
         6b:df:40:04:44:c3:8c:84:09:84:5d:9e:76:1e:2e:3a:06:c0:
         30:9e:0d:b8:1c:a4:28:de:b4:cc:a5:a8:ca:71:20:a5:40:69:
         29:0f:05:a1:48:c8:b8:c4:24:e0:15:21:98:04:7d:61:96:dd:
         7e:4f:48:26:ab:94:fd:14:cc:e5:5b:4f:e2:2f:ff:6e:c7:7f:
         c1:00:95:50:e1:aa:1b:fb:4d:b9:58:ee:de:6b:55:cf:2b:25:
         25:b5:4d:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTjLhS5zS8GvkouNckGHjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxMjZiMTlmMGU5NTRkY2Y1ODE2ZmRmMzcxNjk0Yjc4NGRk
N2YzNjYwHhcNMjQwMTAyMDgzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzkxYmQwNjYzN2I2NGU3YjAxMTNkY2JjNjhkZDlkYjE5NjdlM2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwzGevnk72uXgz3NAfG9RbWDK4Wjl
9muIYQfQjbcJenrSN5W3pcq1+zpXz0+Lmacj2nT7TP4v12uTivDhRxtRyI98ua/X
1n7ppBJuh3CDBa5rrpt/6pD995yzXKQujkzudnG6cPmwZEUHRIa49R5RZiVyHUkR
+jU/jg8shJwdE1/48iotAOXntdONUOcndhkMGOKWvNtR7WEeLK7AEz6Ymh7+xpHH
w5s/ZK+vrdBJHoJRGAjjrNmjF9+vY08PeCbfA9zRlhCSQcEuZzgh1Oe+7F8L5GPh
wAB1NVn1onzvtL7NIPqIjOQbYkboGM4cF0YrGtbYf5qKNqwkbLKCSQg+AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDeRvQZje2TnsBE9y8aN2dsZZ+PLMB8GA1UdIwQY
MBaAFJEmsZ8OlU3PWBb983FpS3hN1/NmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1NheG53NlZUYzlZRnYzemNXbExlRTNYODJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8wNzQ4NTMtMjFlZS00MmQ5LWIzYjUt
ZDJlY2I2NDczYjIzLzEvTjVHOUJtTjdaT2V3RVQzTHhvM1oyeGxuNDhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8wNzQ4NTMtMjFlZS00MmQ5LWIzYjUtZDJlY2I2NDczYjIz
LzEva1NheG53NlZUYzlZRnYzemNXbExlRTNYODJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWkDMA0G
CSqGSIb3DQEBCwUAA4IBAQAtu8zGzh8ftWZegsUqZrKvjuuGzFF79uEwYuBxuEfB
9NTmz1peJmOZc6cx9mFM/6kieDhDlSX/X/FyKhH3MwPM3x84EHNhvXyx9poNv8qy
/zxGh0xL2Lizbd3EXV6QpRGq745kMoV3TChyUg14nK/QnycQtsJEQElwIDlL6yio
36KJrXYPy+iyTEdAiss6pY6tkZwqqy0J4E7wAQy5+gFJHmxr30AERMOMhAmEXZ52
Hi46BsAwng24HKQo3rTMpajKcSClQGkpDwWhSMi4xCTgFSGYBH1hlt1+T0gmq5T9
FMzlW0/iL/9ux3/BAJVQ4aob+025WO7ea1XPKyUltU2u
-----END CERTIFICATE-----