Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/PYps8EWN6DHAzkAVYuFo_Fu_bbI.roa
File:                     PYps8EWN6DHAzkAVYuFo_Fu_bbI.roa (raw, json)
Hash identifier:          IsYZ9tuBd/k19ark4YdUgGdaWXWjkHa/8BNIACvOZg0=
Subject key identifier:   3D:8A:6C:F0:45:8D:E8:31:C0:CE:40:15:62:E1:68:FC:5B:BF:6D:B2
Certificate issuer:       /CN=9ba94bc14937bb0b3632374355a446724104a981
Certificate serial:       0192FCB6F50EA798968C1EAE2C0B6CCFCA8E
Authority key identifier: 9B:A9:4B:C1:49:37:BB:0B:36:32:37:43:55:A4:46:72:41:04:A9:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m6lLwUk3uws2MjdDVaRGckEEqYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/PYps8EWN6DHAzkAVYuFo_Fu_bbI.roa
Signing time:             Tue 05 Nov 2024 14:25:01 +0000
ROA not before:           Tue 05 Nov 2024 14:25:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208949
IP address blocks:        193.151.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/m6lLwUk3uws2MjdDVaRGckEEqYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/m6lLwUk3uws2MjdDVaRGckEEqYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m6lLwUk3uws2MjdDVaRGckEEqYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:fc:b6:f5:0e:a7:98:96:8c:1e:ae:2c:0b:6c:cf:ca:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ba94bc14937bb0b3632374355a446724104a981
        Validity
            Not Before: Nov  5 14:25:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d8a6cf0458de831c0ce401562e168fc5bbf6db2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:73:d6:2b:eb:df:8d:f5:a1:b7:f7:9c:42:31:
                    92:d0:0f:19:73:65:e8:b1:ac:02:57:86:26:43:a8:
                    18:26:df:54:bf:91:52:07:fb:15:27:ea:78:6e:cd:
                    8e:b8:c0:01:ed:5d:9c:b6:45:53:fb:11:07:44:40:
                    ca:53:9d:1e:9d:93:d7:e3:fe:51:de:a0:88:17:80:
                    50:05:47:d2:aa:f8:b3:eb:12:84:11:2b:d3:ba:34:
                    27:74:08:81:7d:f1:53:a1:5e:8f:07:22:4f:b2:14:
                    45:6f:8c:53:44:04:60:ea:97:9b:9e:3d:b3:25:16:
                    97:68:93:7f:dc:a6:09:ad:64:9d:c5:e9:b9:d1:f9:
                    16:18:67:ce:d6:3f:64:dd:0d:04:d9:01:58:54:09:
                    5f:01:5f:8d:50:4f:f3:8f:a6:80:01:f3:ee:98:8a:
                    15:cd:15:d0:90:29:9d:30:14:12:18:78:bf:3b:23:
                    77:08:6e:d5:8c:e4:f3:b5:4a:23:4d:3b:12:0b:fd:
                    d0:b0:4b:71:cf:f2:47:82:9c:69:fa:ce:09:7b:5c:
                    8a:c7:95:68:f3:f2:b5:9c:00:a2:bb:d2:ab:64:cb:
                    a4:a6:7d:22:b9:29:e7:7f:96:d5:0b:54:75:e9:3d:
                    9f:a1:2a:0c:d0:0f:52:b9:af:77:f4:2d:19:e8:e1:
                    3c:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:8A:6C:F0:45:8D:E8:31:C0:CE:40:15:62:E1:68:FC:5B:BF:6D:B2
            X509v3 Authority Key Identifier:
                keyid:9B:A9:4B:C1:49:37:BB:0B:36:32:37:43:55:A4:46:72:41:04:A9:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m6lLwUk3uws2MjdDVaRGckEEqYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/PYps8EWN6DHAzkAVYuFo_Fu_bbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/m6lLwUk3uws2MjdDVaRGckEEqYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:0b:20:90:84:2a:f6:4b:63:4c:71:63:f3:c9:ab:de:79:c1:
         0e:c9:f2:41:f5:fd:25:fa:2a:20:df:bb:1a:42:e0:76:13:fa:
         20:c6:b8:21:5c:25:1d:96:67:d6:8a:48:bb:01:c6:47:7d:58:
         da:76:75:f9:c3:c5:b7:b3:d3:00:b0:2e:aa:79:69:9a:08:f9:
         00:6e:83:ff:01:27:54:3e:6e:c9:5b:dd:bc:ea:49:22:91:7f:
         e2:32:fd:3b:60:65:47:64:b3:d3:d0:65:2c:29:54:61:93:13:
         e3:d4:98:90:56:ed:24:78:c8:0f:0c:33:b0:dd:e0:49:76:ad:
         61:cf:34:f0:97:0b:bc:21:d6:f6:90:f4:d9:8e:16:87:00:9a:
         64:15:84:63:e4:37:3d:df:d2:5d:11:b5:0b:8c:54:43:9b:b4:
         9f:c7:34:35:cc:24:b5:26:b7:86:02:b7:43:9b:9c:75:11:dc:
         e3:c5:e6:42:85:97:e9:ae:d3:c4:e8:3f:57:a2:c3:b4:06:4e:
         00:7d:2d:f3:2b:4b:c4:64:55:24:60:63:64:84:37:a8:54:a9:
         08:7a:39:9f:fa:7e:f5:a6:3f:ca:4f:40:a7:9e:ac:aa:d5:94:
         cf:e2:b9:dd:bf:c1:f0:32:4f:70:f4:f3:da:ec:ad:2c:a2:6b:
         c8:87:01:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZL8tvUOp5iWjB6uLAtsz8qOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliYTk0YmMxNDkzN2JiMGIzNjMyMzc0MzU1YTQ0NjcyNDEw
NGE5ODEwHhcNMjQxMTA1MTQyNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDhhNmNmMDQ1OGRlODMxYzBjZTQwMTU2MmUxNjhmYzViYmY2ZGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+3PWK+vfjfWht/ecQjGS0A8Zc2Xo
sawCV4YmQ6gYJt9Uv5FSB/sVJ+p4bs2OuMAB7V2ctkVT+xEHREDKU50enZPX4/5R
3qCIF4BQBUfSqviz6xKEESvTujQndAiBffFToV6PByJPshRFb4xTRARg6pebnj2z
JRaXaJN/3KYJrWSdxem50fkWGGfO1j9k3Q0E2QFYVAlfAV+NUE/zj6aAAfPumIoV
zRXQkCmdMBQSGHi/OyN3CG7VjOTztUojTTsSC/3QsEtxz/JHgpxp+s4Je1yKx5Vo
8/K1nACiu9KrZMukpn0iuSnnf5bVC1R16T2foSoM0A9Sua939C0Z6OE8gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD2KbPBFjegxwM5AFWLhaPxbv22yMB8GA1UdIwQY
MBaAFJupS8FJN7sLNjI3Q1WkRnJBBKmBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTZsTHdVazN1d3MyTWpkRFZhUkdja0VFcVlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9jYzc4NDMtZDEzNi00ZmZiLThiOTkt
ODM2YzMxMmFjOGMyLzEvUFlwczhFV042REhBemtBVll1Rm9fRnVfYmJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9jYzc4NDMtZDEzNi00ZmZiLThiOTktODM2YzMxMmFjOGMy
LzEvbTZsTHdVazN1d3MyTWpkRFZhUkdja0VFcVlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZdtMA0G
CSqGSIb3DQEBCwUAA4IBAQCSCyCQhCr2S2NMcWPzyaveecEOyfJB9f0l+iog37sa
QuB2E/ogxrghXCUdlmfWiki7AcZHfVjadnX5w8W3s9MAsC6qeWmaCPkAboP/ASdU
Pm7JW9286kkikX/iMv07YGVHZLPT0GUsKVRhkxPj1JiQVu0keMgPDDOw3eBJdq1h
zzTwlwu8Idb2kPTZjhaHAJpkFYRj5Dc939JdEbULjFRDm7SfxzQ1zCS1JreGArdD
m5x1EdzjxeZChZfprtPE6D9XosO0Bk4AfS3zK0vEZFUkYGNkhDeoVKkIejmf+n71
pj/KT0Cnnqyq1ZTP4rndv8HwMk9w9PPa7K0somvIhwEp
-----END CERTIFICATE-----