Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/9d1a4b-509a-4913-b937-d0adb11ded34/1/q0JD4AgY0pYgCLJpejJKd3LwMfI.roa
File:                     q0JD4AgY0pYgCLJpejJKd3LwMfI.roa (raw, json)
Hash identifier:          fXlO84H24+0Y2yVDrGeTmakBYz6/hsj1+kWFe5GlK6w=
Subject key identifier:   AB:42:43:E0:08:18:D2:96:20:08:B2:69:7A:32:4A:77:72:F0:31:F2
Certificate issuer:       /CN=8e303cc2af838789652771c345e07df3e80d544f
Certificate serial:       018CC6B8062F8C61ACA824149C737134DAF6
Authority key identifier: 8E:30:3C:C2:AF:83:87:89:65:27:71:C3:45:E0:7D:F3:E8:0D:54:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jjA8wq-Dh4llJ3HDReB98-gNVE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/9d1a4b-509a-4913-b937-d0adb11ded34/1/q0JD4AgY0pYgCLJpejJKd3LwMfI.roa
Signing time:             Mon 01 Jan 2024 20:29:58 +0000
ROA not before:           Mon 01 Jan 2024 20:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21155
IP address blocks:        193.186.36.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/9d1a4b-509a-4913-b937-d0adb11ded34/1/jjA8wq-Dh4llJ3HDReB98-gNVE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/9d1a4b-509a-4913-b937-d0adb11ded34/1/jjA8wq-Dh4llJ3HDReB98-gNVE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jjA8wq-Dh4llJ3HDReB98-gNVE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:06:2f:8c:61:ac:a8:24:14:9c:73:71:34:da:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e303cc2af838789652771c345e07df3e80d544f
        Validity
            Not Before: Jan  1 20:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab4243e00818d2962008b2697a324a7772f031f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:47:31:36:7e:15:c0:11:de:e6:50:5e:51:1d:
                    cc:6b:0a:cb:d7:ea:d3:24:0e:db:14:23:ae:f9:16:
                    9d:09:02:65:77:a6:ba:20:83:00:ad:ac:16:d1:5e:
                    96:d5:52:0e:b0:fe:25:dc:76:5c:ce:6f:42:32:c6:
                    55:fe:f3:f6:19:3d:22:1c:0c:fa:07:8b:0e:ce:ca:
                    e3:34:4b:6f:63:8a:85:4e:f1:c6:66:14:ba:d8:c9:
                    82:b7:e6:46:ba:ab:8e:40:87:3e:77:2a:9b:ce:94:
                    66:d0:7a:8f:80:c4:75:cf:05:07:a1:8c:10:57:c8:
                    e9:c7:8b:55:05:78:11:f9:9f:df:38:49:1e:ac:09:
                    34:82:18:4d:88:ec:b4:6b:a2:61:ea:2d:73:64:bf:
                    32:a1:b6:15:29:1e:99:6f:c8:c3:2c:69:3f:a5:19:
                    31:62:d0:96:bf:e4:eb:9a:12:27:79:b8:04:5b:e1:
                    e9:2d:8e:7e:28:24:2a:ec:90:e9:a5:de:d8:4a:0b:
                    d1:be:b1:f6:ed:2d:83:99:ec:9e:97:04:f6:05:6b:
                    af:ce:32:4f:45:d2:8d:39:13:fc:eb:ce:aa:be:19:
                    5c:c9:23:7d:cf:7f:70:52:0a:52:19:fb:e7:7f:eb:
                    51:29:0b:13:c2:cc:9e:c2:df:30:67:40:97:87:09:
                    e5:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:42:43:E0:08:18:D2:96:20:08:B2:69:7A:32:4A:77:72:F0:31:F2
            X509v3 Authority Key Identifier:
                keyid:8E:30:3C:C2:AF:83:87:89:65:27:71:C3:45:E0:7D:F3:E8:0D:54:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jjA8wq-Dh4llJ3HDReB98-gNVE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/9d1a4b-509a-4913-b937-d0adb11ded34/1/q0JD4AgY0pYgCLJpejJKd3LwMfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/9d1a4b-509a-4913-b937-d0adb11ded34/1/jjA8wq-Dh4llJ3HDReB98-gNVE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.186.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:86:cb:bf:c7:4a:c7:7a:83:37:ee:1d:09:60:b0:4b:ee:a9:
         df:17:e1:26:88:21:b3:3c:84:cd:6f:c3:c0:16:41:b9:53:c5:
         e7:e9:84:b7:ee:97:ed:e3:32:25:36:04:f2:fa:b7:75:77:6a:
         b7:d8:0d:9d:50:ed:13:71:a9:44:6e:dd:28:81:87:6e:e2:5f:
         3c:2a:84:0d:89:71:fa:13:cc:f7:1e:20:1b:4b:95:5c:0b:8c:
         62:a3:97:e3:67:7e:b4:8b:d3:1f:cb:50:48:40:01:55:04:76:
         a0:1e:57:6f:f3:7a:4f:56:3e:76:94:76:05:5b:5a:22:5c:8d:
         7b:79:de:96:a1:e4:58:15:d4:f1:ec:31:68:6e:bb:4f:ad:ee:
         34:ae:01:dd:42:2a:36:b4:cb:9d:de:02:44:d6:a1:09:27:7f:
         9f:c4:4b:7f:7b:83:3b:57:3b:a6:b4:e8:96:7d:f2:ad:cb:28:
         c3:12:39:6d:52:ac:fa:86:ef:36:16:df:35:e3:59:d0:92:a4:
         1e:b8:30:67:34:0f:18:39:cc:35:38:0c:b3:b1:51:7f:ec:5f:
         b0:b7:07:17:5a:5f:11:59:83:34:af:29:c7:98:d6:57:e7:fc:
         e6:0e:74:9d:58:11:20:08:32:2d:d9:df:31:95:59:e7:d0:06:
         23:e9:22:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuAYvjGGsqCQUnHNxNNr2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMzAzY2MyYWY4Mzg3ODk2NTI3NzFjMzQ1ZTA3ZGYzZTgw
ZDU0NGYwHhcNMjQwMTAxMjAyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjQyNDNlMDA4MThkMjk2MjAwOGIyNjk3YTMyNGE3NzcyZjAzMWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEcxNn4VwBHe5lBeUR3MawrL1+rT
JA7bFCOu+RadCQJld6a6IIMArawW0V6W1VIOsP4l3HZczm9CMsZV/vP2GT0iHAz6
B4sOzsrjNEtvY4qFTvHGZhS62MmCt+ZGuquOQIc+dyqbzpRm0HqPgMR1zwUHoYwQ
V8jpx4tVBXgR+Z/fOEkerAk0ghhNiOy0a6Jh6i1zZL8yobYVKR6Zb8jDLGk/pRkx
YtCWv+TrmhInebgEW+HpLY5+KCQq7JDppd7YSgvRvrH27S2DmeyelwT2BWuvzjJP
RdKNORP8686qvhlcySN9z39wUgpSGfvnf+tRKQsTwsyewt8wZ0CXhwnl4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKtCQ+AIGNKWIAiyaXoySndy8DHyMB8GA1UdIwQY
MBaAFI4wPMKvg4eJZSdxw0XgffPoDVRPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvampBOHdxLURoNGxsSjNIRFJlQjk4LWdOVkU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy85ZDFhNGItNTA5YS00OTEzLWI5Mzct
ZDBhZGIxMWRlZDM0LzEvcTBKRDRBZ1kwcFlnQ0xKcGVqSktkM0x3TWZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy85ZDFhNGItNTA5YS00OTEzLWI5MzctZDBhZGIxMWRlZDM0
LzEvampBOHdxLURoNGxsSjNIRFJlQjk4LWdOVkU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwbokMA0G
CSqGSIb3DQEBCwUAA4IBAQBOhsu/x0rHeoM37h0JYLBL7qnfF+EmiCGzPITNb8PA
FkG5U8Xn6YS37pft4zIlNgTy+rd1d2q32A2dUO0TcalEbt0ogYdu4l88KoQNiXH6
E8z3HiAbS5VcC4xio5fjZ360i9Mfy1BIQAFVBHagHldv83pPVj52lHYFW1oiXI17
ed6WoeRYFdTx7DFobrtPre40rgHdQio2tMud3gJE1qEJJ3+fxEt/e4M7VzumtOiW
ffKtyyjDEjltUqz6hu82Ft8141nQkqQeuDBnNA8YOcw1OAyzsVF/7F+wtwcXWl8R
WYM0rynHmNZX5/zmDnSdWBEgCDIt2d8xlVnn0AYj6SIu
-----END CERTIFICATE-----