Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/2ed10c-04b0-4866-9b82-c522b74ddcfd/1/p0GYzovoibRpIcNL4x5zm5sbcEM.roa
File:                     p0GYzovoibRpIcNL4x5zm5sbcEM.roa (raw, json)
Hash identifier:          La9kggZVzZnTCmHjgvtIBc9XIxyweBnCuqu6zwbucBc=
Subject key identifier:   A7:41:98:CE:8B:E8:89:B4:69:21:C3:4B:E3:1E:73:9B:9B:1B:70:43
Certificate issuer:       /CN=9854bd8a863a31895cc6cb922f3008b3f08aadae
Certificate serial:       018CC7257F066A2EFB53AD6BE4E6B8459F86
Authority key identifier: 98:54:BD:8A:86:3A:31:89:5C:C6:CB:92:2F:30:08:B3:F0:8A:AD:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mFS9ioY6MYlcxsuSLzAIs_CKra4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/2ed10c-04b0-4866-9b82-c522b74ddcfd/1/p0GYzovoibRpIcNL4x5zm5sbcEM.roa
Signing time:             Mon 01 Jan 2024 22:29:32 +0000
ROA not before:           Mon 01 Jan 2024 22:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31662
IP address blocks:        193.186.252.0/24 maxlen: 24
                          2001:67c:934::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/2ed10c-04b0-4866-9b82-c522b74ddcfd/1/mFS9ioY6MYlcxsuSLzAIs_CKra4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/2ed10c-04b0-4866-9b82-c522b74ddcfd/1/mFS9ioY6MYlcxsuSLzAIs_CKra4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mFS9ioY6MYlcxsuSLzAIs_CKra4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:7f:06:6a:2e:fb:53:ad:6b:e4:e6:b8:45:9f:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9854bd8a863a31895cc6cb922f3008b3f08aadae
        Validity
            Not Before: Jan  1 22:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a74198ce8be889b46921c34be31e739b9b1b7043
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:2e:01:18:c5:f3:55:1b:8d:19:91:2b:11:09:
                    4a:0e:0a:8b:67:3d:fa:0a:22:b9:5f:77:33:e7:29:
                    f8:d8:c4:fb:8f:d2:6f:2c:92:09:f1:3e:ba:3a:df:
                    a8:0d:45:0f:7a:5c:63:4d:89:45:35:99:f2:cb:07:
                    2b:2a:d2:fc:93:8e:15:8f:6e:51:0b:2b:fb:04:0a:
                    99:20:c4:9d:2e:7e:13:84:73:34:29:a2:6f:56:f4:
                    1f:88:42:1a:8d:f5:1a:17:45:67:3d:ef:b7:88:de:
                    3f:bc:bb:27:1e:f3:70:b0:3d:65:50:fd:52:54:c5:
                    31:cb:71:6a:4a:e1:2d:db:03:eb:fb:0e:44:a3:5c:
                    83:cb:96:04:68:18:11:48:5c:dc:ac:c6:fa:6a:5e:
                    66:ac:2f:ed:5b:f0:8f:62:b3:44:0a:9f:9c:28:67:
                    67:58:23:89:b5:b3:af:68:3f:fc:62:e4:fc:4b:43:
                    e7:f4:2a:6b:98:5e:6f:18:77:8d:b4:09:d2:17:69:
                    4e:ad:cb:20:52:cb:c0:5c:ae:44:84:e6:7c:26:5a:
                    87:ad:bb:f9:bb:a0:03:5b:57:db:bf:8a:6b:62:ad:
                    69:9c:f2:15:e5:00:e3:dd:42:bc:9f:c8:50:ab:f5:
                    59:ef:b2:5b:67:a6:2c:72:31:c3:f7:57:67:e1:68:
                    d5:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:41:98:CE:8B:E8:89:B4:69:21:C3:4B:E3:1E:73:9B:9B:1B:70:43
            X509v3 Authority Key Identifier:
                keyid:98:54:BD:8A:86:3A:31:89:5C:C6:CB:92:2F:30:08:B3:F0:8A:AD:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mFS9ioY6MYlcxsuSLzAIs_CKra4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/2ed10c-04b0-4866-9b82-c522b74ddcfd/1/p0GYzovoibRpIcNL4x5zm5sbcEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/2ed10c-04b0-4866-9b82-c522b74ddcfd/1/mFS9ioY6MYlcxsuSLzAIs_CKra4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.186.252.0/24
                IPv6:
                  2001:67c:934::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:8c:bd:8f:2f:37:30:ba:2b:4d:12:5e:37:79:e6:67:ae:bf:
         6b:21:94:fb:1b:47:86:0a:5d:15:a2:b7:ca:2a:85:dc:4c:ad:
         4d:77:00:a6:9d:23:06:59:50:3e:02:c5:2b:87:94:59:52:be:
         da:ac:a2:a1:ef:df:e7:f5:2a:7d:4e:bd:4c:cb:b2:e0:23:2d:
         d7:a8:0e:22:3b:a6:be:e4:6b:74:2a:8a:a6:b7:76:f3:ba:e9:
         99:0d:e0:f8:c2:6a:53:7c:92:62:c9:06:7a:b3:de:1d:5f:88:
         f8:b5:b5:d8:81:e0:46:19:7e:63:3b:92:e6:a1:15:18:89:14:
         58:38:2f:d1:a1:37:70:e3:88:2e:70:0e:10:54:49:3b:f6:94:
         86:6a:8d:5d:1c:66:d8:40:be:0c:79:9c:b4:10:93:2e:0e:15:
         fc:cd:9d:a3:6a:15:68:e9:63:0b:57:f8:70:1e:5e:aa:8b:1f:
         51:dc:dc:19:dd:94:b7:14:2a:df:06:96:c6:68:b6:db:fa:b1:
         30:c3:23:40:4a:00:e0:c8:7e:48:4d:82:aa:9d:5a:89:31:42:
         17:47:5d:f4:73:5b:65:4b:48:d9:66:5c:57:9c:f8:16:34:7a:
         cc:9b:29:78:51:07:bf:6a:54:bb:61:64:c1:85:ff:a9:4a:e5:
         9a:cf:af:5d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHJX8Gai77U61r5Oa4RZ+GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NTRiZDhhODYzYTMxODk1Y2M2Y2I5MjJmMzAwOGIzZjA4
YWFkYWUwHhcNMjQwMTAxMjIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzQxOThjZThiZTg4OWI0NjkyMWMzNGJlMzFlNzM5YjliMWI3MDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhC4BGMXzVRuNGZErEQlKDgqLZz36
CiK5X3cz5yn42MT7j9JvLJIJ8T66Ot+oDUUPelxjTYlFNZnyywcrKtL8k44Vj25R
Cyv7BAqZIMSdLn4ThHM0KaJvVvQfiEIajfUaF0VnPe+3iN4/vLsnHvNwsD1lUP1S
VMUxy3FqSuEt2wPr+w5Eo1yDy5YEaBgRSFzcrMb6al5mrC/tW/CPYrNECp+cKGdn
WCOJtbOvaD/8YuT8S0Pn9CprmF5vGHeNtAnSF2lOrcsgUsvAXK5EhOZ8JlqHrbv5
u6ADW1fbv4prYq1pnPIV5QDj3UK8n8hQq/VZ77JbZ6YscjHD91dn4WjV0wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKdBmM6L6Im0aSHDS+Mec5ubG3BDMB8GA1UdIwQY
MBaAFJhUvYqGOjGJXMbLki8wCLPwiq2uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUZTOWlvWTZNWWxjeHN1U0x6QUlzX0NLcmE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8yZWQxMGMtMDRiMC00ODY2LTliODIt
YzUyMmI3NGRkY2ZkLzEvcDBHWXpvdm9pYlJwSWNOTDR4NXptNXNiY0VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8yZWQxMGMtMDRiMC00ODY2LTliODItYzUyMmI3NGRkY2Zk
LzEvbUZTOWlvWTZNWWxjeHN1U0x6QUlzX0NLcmE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwbr8MA8E
AgACMAkDBwAgAQZ8CTQwDQYJKoZIhvcNAQELBQADggEBAG+MvY8vNzC6K00SXjd5
5meuv2shlPsbR4YKXRWit8oqhdxMrU13AKadIwZZUD4CxSuHlFlSvtqsoqHv3+f1
Kn1OvUzLsuAjLdeoDiI7pr7ka3Qqiqa3dvO66ZkN4PjCalN8kmLJBnqz3h1fiPi1
tdiB4EYZfmM7kuahFRiJFFg4L9GhN3DjiC5wDhBUSTv2lIZqjV0cZthAvgx5nLQQ
ky4OFfzNnaNqFWjpYwtX+HAeXqqLH1Hc3BndlLcUKt8GlsZottv6sTDDI0BKAODI
fkhNgqqdWokxQhdHXfRzW2VLSNlmXFec+BY0esybKXhRB79qVLthZMGF/6lK5ZrP
r10=
-----END CERTIFICATE-----