Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/fe05b4-0873-4f1f-ba1f-7e9c0b02248e/1/k4fQy9IsgHMunqqVBDSqF0T9BVE.roa
File:                     k4fQy9IsgHMunqqVBDSqF0T9BVE.roa (raw, json)
Hash identifier:          fBsqQsswe/rbRmgb0JQQfIVlMJc5bruC1QhuWNh5mfo=
Subject key identifier:   93:87:D0:CB:D2:2C:80:73:2E:9E:AA:95:04:34:AA:17:44:FD:05:51
Certificate issuer:       /CN=011bf02928cccb516b719fe558884842f19c0877
Certificate serial:       018CC6B7DC1ABF80E1D41ED5CC7622940FA2
Authority key identifier: 01:1B:F0:29:28:CC:CB:51:6B:71:9F:E5:58:88:48:42:F1:9C:08:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ARvwKSjMy1FrcZ_lWIhIQvGcCHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/fe05b4-0873-4f1f-ba1f-7e9c0b02248e/1/k4fQy9IsgHMunqqVBDSqF0T9BVE.roa
Signing time:             Mon 01 Jan 2024 20:29:47 +0000
ROA not before:           Mon 01 Jan 2024 20:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2830
IP address blocks:        194.33.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/fe05b4-0873-4f1f-ba1f-7e9c0b02248e/1/ARvwKSjMy1FrcZ_lWIhIQvGcCHc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/fe05b4-0873-4f1f-ba1f-7e9c0b02248e/1/ARvwKSjMy1FrcZ_lWIhIQvGcCHc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ARvwKSjMy1FrcZ_lWIhIQvGcCHc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 01:02:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:dc:1a:bf:80:e1:d4:1e:d5:cc:76:22:94:0f:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=011bf02928cccb516b719fe558884842f19c0877
        Validity
            Not Before: Jan  1 20:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9387d0cbd22c80732e9eaa950434aa1744fd0551
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:dd:da:a7:66:e0:85:41:04:32:d4:70:77:c7:
                    56:ca:5d:d3:4b:73:a8:6b:e2:a8:4d:6d:0e:1e:37:
                    e4:ab:77:48:69:64:2a:2a:66:46:eb:fe:85:e5:ed:
                    c5:3e:37:11:23:7b:cd:75:18:5d:d1:4d:60:d3:de:
                    88:5f:36:f9:01:55:ee:49:16:65:53:63:34:35:e9:
                    4b:ca:92:de:ca:b4:0f:63:ac:6d:cf:dc:6b:ba:9f:
                    7b:ee:5a:b7:f3:68:5a:47:d3:48:53:ee:ea:df:25:
                    c1:61:b1:66:7f:df:12:34:73:0e:40:24:99:32:05:
                    3c:54:e8:3a:1d:8b:60:b5:33:ca:34:cb:32:4d:00:
                    ff:68:a7:7e:78:65:7c:45:e0:01:c6:ae:96:02:35:
                    7a:b5:bc:e0:12:a5:8c:f1:f2:84:b5:00:d1:c7:f7:
                    29:03:80:85:68:dc:4e:61:48:d0:3d:27:68:f0:26:
                    e9:06:94:b7:d8:87:38:6e:f4:f5:40:44:15:ee:ea:
                    da:e6:bc:a4:79:8e:55:21:fb:6b:95:2f:cf:6a:04:
                    d1:6f:69:cd:47:05:15:b9:28:f8:9f:17:ad:a6:93:
                    61:4a:58:8d:6b:98:95:29:5b:ab:5a:35:d2:04:89:
                    d2:43:30:a7:e1:e9:c0:99:23:df:bf:86:ab:4e:65:
                    86:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:87:D0:CB:D2:2C:80:73:2E:9E:AA:95:04:34:AA:17:44:FD:05:51
            X509v3 Authority Key Identifier:
                keyid:01:1B:F0:29:28:CC:CB:51:6B:71:9F:E5:58:88:48:42:F1:9C:08:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ARvwKSjMy1FrcZ_lWIhIQvGcCHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/fe05b4-0873-4f1f-ba1f-7e9c0b02248e/1/k4fQy9IsgHMunqqVBDSqF0T9BVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/fe05b4-0873-4f1f-ba1f-7e9c0b02248e/1/ARvwKSjMy1FrcZ_lWIhIQvGcCHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:87:36:a0:72:0e:7f:c7:6b:26:d2:78:22:47:72:b4:70:da:
         ca:f7:3c:ff:0a:86:03:8d:d5:39:be:df:d5:53:e4:f7:5c:d2:
         53:3b:4a:07:23:03:b4:7f:94:67:85:62:07:99:2a:38:31:2f:
         74:f1:5f:14:dd:9d:13:9b:79:dc:27:d0:38:de:f7:d8:4d:09:
         d5:d0:c8:9d:76:48:d7:84:a0:de:d0:39:20:7c:62:ce:03:c2:
         3c:9b:17:45:69:ca:54:06:bc:db:40:36:16:88:04:bd:ab:e7:
         a0:cc:0a:41:7b:79:1a:e2:8c:0d:eb:04:ca:d4:99:d2:b4:5d:
         f6:ca:55:50:0f:e3:65:10:e4:d6:b6:36:b2:bd:8f:40:7b:19:
         ef:28:aa:7f:39:78:7f:b9:98:79:82:9e:60:5e:14:b3:6c:5b:
         c5:c1:16:99:66:fa:53:26:02:1f:19:e6:5e:bc:65:61:66:b2:
         33:7e:2d:70:a1:22:06:88:ae:04:4f:03:45:2e:4b:37:56:b7:
         b1:c7:e9:93:86:ae:49:9a:c9:66:48:5d:58:5c:ee:1d:90:a3:
         1a:f7:e3:be:97:ea:41:0d:96:13:d7:b7:97:aa:9d:d3:77:32:
         2a:22:6d:2c:8a:50:b3:f9:df:67:ff:62:83:b9:20:4b:86:d6:
         91:19:6f:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt9wav4Dh1B7VzHYilA+iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxMWJmMDI5MjhjY2NiNTE2YjcxOWZlNTU4ODg0ODQyZjE5
YzA4NzcwHhcNMjQwMTAxMjAyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mzg3ZDBjYmQyMmM4MDczMmU5ZWFhOTUwNDM0YWExNzQ0ZmQwNTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmd3ap2bghUEEMtRwd8dWyl3TS3Oo
a+KoTW0OHjfkq3dIaWQqKmZG6/6F5e3FPjcRI3vNdRhd0U1g096IXzb5AVXuSRZl
U2M0NelLypLeyrQPY6xtz9xrup977lq382haR9NIU+7q3yXBYbFmf98SNHMOQCSZ
MgU8VOg6HYtgtTPKNMsyTQD/aKd+eGV8ReABxq6WAjV6tbzgEqWM8fKEtQDRx/cp
A4CFaNxOYUjQPSdo8CbpBpS32Ic4bvT1QEQV7ura5rykeY5VIftrlS/PagTRb2nN
RwUVuSj4nxetppNhSliNa5iVKVurWjXSBInSQzCn4enAmSPfv4arTmWGUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJOH0MvSLIBzLp6qlQQ0qhdE/QVRMB8GA1UdIwQY
MBaAFAEb8CkozMtRa3Gf5ViISELxnAh3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVJ2d0tTak15MUZyY1pfbFdJaElRdkdjQ0hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9mZTA1YjQtMDg3My00ZjFmLWJhMWYt
N2U5YzBiMDIyNDhlLzEvazRmUXk5SXNnSE11bnFxVkJEU3FGMFQ5QlZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9mZTA1YjQtMDg3My00ZjFmLWJhMWYtN2U5YzBiMDIyNDhl
LzEvQVJ2d0tTak15MUZyY1pfbFdJaElRdkdjQ0hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiG3MA0G
CSqGSIb3DQEBCwUAA4IBAQCxhzagcg5/x2sm0ngiR3K0cNrK9zz/CoYDjdU5vt/V
U+T3XNJTO0oHIwO0f5RnhWIHmSo4MS908V8U3Z0Tm3ncJ9A43vfYTQnV0MiddkjX
hKDe0DkgfGLOA8I8mxdFacpUBrzbQDYWiAS9q+egzApBe3ka4owN6wTK1JnStF32
ylVQD+NlEOTWtjayvY9AexnvKKp/OXh/uZh5gp5gXhSzbFvFwRaZZvpTJgIfGeZe
vGVhZrIzfi1woSIGiK4ETwNFLks3Vrexx+mThq5JmslmSF1YXO4dkKMa9+O+l+pB
DZYT17eXqp3TdzIqIm0silCz+d9n/2KDuSBLhtaRGW89
-----END CERTIFICATE-----