Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/2sa0ZlBDr3BtQhP0WSyoBGQKP4o.roa
File:                     2sa0ZlBDr3BtQhP0WSyoBGQKP4o.roa (raw, json)
Hash identifier:          FcseioOXcWsBVr7ctAJzy1lgTPpNsacTWzpTKISEqsY=
Subject key identifier:   DA:C6:B4:66:50:43:AF:70:6D:42:13:F4:59:2C:A8:04:64:0A:3F:8A
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018CC794D69F12C572E0DAB09B008019B3FD
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/2sa0ZlBDr3BtQhP0WSyoBGQKP4o.roa
Signing time:             Tue 02 Jan 2024 00:31:09 +0000
ROA not before:           Tue 02 Jan 2024 00:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60781
IP address blocks:        193.93.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:d6:9f:12:c5:72:e0:da:b0:9b:00:80:19:b3:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan  2 00:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dac6b4665043af706d4213f4592ca804640a3f8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:59:fb:2d:e3:b7:13:6e:54:c8:b8:9b:e1:9a:
                    03:c7:c1:99:d6:4d:71:96:8d:32:32:dd:cc:9b:50:
                    04:13:f9:c7:cf:db:57:ab:b9:4f:99:7a:79:32:87:
                    4f:6d:64:ca:d4:b3:31:3a:af:6b:58:dc:3b:3b:8c:
                    79:d4:45:0f:10:a6:7d:3a:48:62:2a:b3:04:44:5e:
                    f0:7d:0a:7d:b6:37:f0:76:7e:9f:3c:1b:aa:69:d2:
                    35:53:07:f1:af:91:cb:26:d7:40:fc:22:92:e8:d2:
                    d7:fe:3a:0e:62:9a:30:e2:2b:2c:50:56:54:3e:97:
                    a7:00:e6:65:56:b8:60:ba:9f:be:00:2f:17:31:3c:
                    de:a6:63:c6:1a:35:09:99:1e:9d:92:0b:83:48:45:
                    d2:45:c4:8e:d8:4a:08:78:cc:79:1f:ca:57:f2:99:
                    86:fc:d9:d3:23:e0:16:e5:b7:25:6f:d3:43:37:4b:
                    e2:fb:9a:f8:8e:eb:0f:42:43:ed:8a:3c:9a:15:3c:
                    8c:3f:e7:e6:6b:d1:64:c7:db:20:1f:9b:93:a3:bb:
                    76:fe:1a:df:30:49:ba:b3:0d:a7:1c:1c:e7:80:01:
                    72:8b:d2:46:9a:90:9b:38:f7:ea:3d:aa:a6:37:cb:
                    1e:71:ff:7e:5d:80:39:66:0e:ea:5e:8a:2d:10:db:
                    eb:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:C6:B4:66:50:43:AF:70:6D:42:13:F4:59:2C:A8:04:64:0A:3F:8A
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/2sa0ZlBDr3BtQhP0WSyoBGQKP4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.93.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:41:38:65:ef:e1:75:0d:ee:27:d1:21:41:1a:9e:17:97:b6:
         0a:0b:73:a9:f7:f7:3a:f1:76:51:2d:70:a5:48:84:29:0e:7b:
         c1:18:3b:d8:52:d5:43:37:a5:5c:1a:af:10:b6:b2:db:ba:c3:
         93:27:60:39:bc:bb:e1:7b:25:ef:bb:f9:3b:bd:b1:7e:ff:4f:
         bb:90:93:62:75:6a:a9:4e:6f:31:4c:d9:7f:ba:08:e5:45:d1:
         6f:e4:a9:04:99:38:71:a2:b9:f2:64:15:c4:94:e0:6e:68:8a:
         ee:42:66:ef:91:d6:f8:a2:1d:2c:44:33:9d:2c:83:fb:94:fb:
         68:c2:d2:c3:0a:3d:a7:45:b5:bd:30:6a:ab:4f:ca:1a:c2:44:
         8c:0d:5b:5d:b0:ee:70:a0:93:0b:f3:c3:47:db:b5:9a:77:aa:
         c1:af:8c:6f:02:e7:35:6b:22:2f:a0:16:d6:0d:a0:78:f6:40:
         f9:18:07:2f:61:01:85:61:50:d5:30:07:a1:f3:63:d0:26:3e:
         a5:c7:dd:44:4d:e1:7f:53:01:16:de:71:f8:39:a7:61:d6:68:
         88:cc:b1:b0:f5:7c:e6:7c:69:95:34:75:a3:0d:49:43:b6:00:
         89:10:18:4e:ba:54:d8:3e:0c:72:f9:99:66:90:f9:8c:fa:8d:
         26:d9:92:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlNafEsVy4NqwmwCAGbP9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwMTAyMDAzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWM2YjQ2NjUwNDNhZjcwNmQ0MjEzZjQ1OTJjYTgwNDY0MGEzZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVn7LeO3E25UyLib4ZoDx8GZ1k1x
lo0yMt3Mm1AEE/nHz9tXq7lPmXp5ModPbWTK1LMxOq9rWNw7O4x51EUPEKZ9Okhi
KrMERF7wfQp9tjfwdn6fPBuqadI1Uwfxr5HLJtdA/CKS6NLX/joOYpow4issUFZU
PpenAOZlVrhgup++AC8XMTzepmPGGjUJmR6dkguDSEXSRcSO2EoIeMx5H8pX8pmG
/NnTI+AW5bclb9NDN0vi+5r4jusPQkPtijyaFTyMP+fma9Fkx9sgH5uTo7t2/hrf
MEm6sw2nHBzngAFyi9JGmpCbOPfqPaqmN8secf9+XYA5Zg7qXootENvrSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrGtGZQQ69wbUIT9FksqARkCj+KMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvMnNhMFpsQkRyM0J0UWhQMFdTeW9CR1FLUDRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwV02MA0G
CSqGSIb3DQEBCwUAA4IBAQBbQThl7+F1De4n0SFBGp4Xl7YKC3Op9/c68XZRLXCl
SIQpDnvBGDvYUtVDN6VcGq8QtrLbusOTJ2A5vLvheyXvu/k7vbF+/0+7kJNidWqp
Tm8xTNl/ugjlRdFv5KkEmThxornyZBXElOBuaIruQmbvkdb4oh0sRDOdLIP7lPto
wtLDCj2nRbW9MGqrT8oawkSMDVtdsO5woJML88NH27Wad6rBr4xvAuc1ayIvoBbW
DaB49kD5GAcvYQGFYVDVMAeh82PQJj6lx91ETeF/UwEW3nH4Oadh1miIzLGw9Xzm
fGmVNHWjDUlDtgCJEBhOulTYPgxy+ZlmkPmM+o0m2ZLt
-----END CERTIFICATE-----