Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/6HJrB7Y0SkZfX623WS-7YabsKZk.roa
File:                     6HJrB7Y0SkZfX623WS-7YabsKZk.roa (raw, json)
Hash identifier:          VPStwrVDj/kFOECMivR/2K5xJRvViLnvgsJXPF9mchs=
Subject key identifier:   E8:72:6B:07:B6:34:4A:46:5F:5F:AD:B7:59:2F:BB:61:A6:EC:29:99
Certificate issuer:       /CN=687726d38fcf2a7fbbb7bfc28d63fe3579ed211d
Certificate serial:       018CC348A3F3F1E4EE75D5E4F2737868A9A4
Authority key identifier: 68:77:26:D3:8F:CF:2A:7F:BB:B7:BF:C2:8D:63:FE:35:79:ED:21:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aHcm04_PKn-7t7_CjWP-NXntIR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/6HJrB7Y0SkZfX623WS-7YabsKZk.roa
Signing time:             Mon 01 Jan 2024 04:29:26 +0000
ROA not before:           Mon 01 Jan 2024 04:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        193.73.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/aHcm04_PKn-7t7_CjWP-NXntIR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/aHcm04_PKn-7t7_CjWP-NXntIR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aHcm04_PKn-7t7_CjWP-NXntIR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 16:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a3:f3:f1:e4:ee:75:d5:e4:f2:73:78:68:a9:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=687726d38fcf2a7fbbb7bfc28d63fe3579ed211d
        Validity
            Not Before: Jan  1 04:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8726b07b6344a465f5fadb7592fbb61a6ec2999
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:85:6a:41:17:4a:92:67:5f:47:be:b4:64:5b:
                    f6:4f:49:22:60:c9:65:91:ce:aa:06:72:dd:d7:3c:
                    75:14:d5:0f:d2:8a:9a:e6:f6:d0:cf:8c:c7:53:38:
                    e2:03:ea:ea:cf:1c:04:da:8f:13:0e:cc:da:db:2b:
                    86:22:ea:cd:f7:92:25:f6:d4:82:b3:0a:b6:3d:74:
                    97:4b:14:04:f3:66:7e:d3:9c:15:8b:a9:3c:aa:c6:
                    f7:6a:3c:ca:0b:fd:8e:d3:66:f4:fc:40:65:5f:38:
                    c1:38:22:72:f9:83:b7:c5:3b:43:fe:d2:0e:c3:12:
                    51:40:b7:a6:65:92:4e:a7:60:fa:ad:b1:7e:12:61:
                    a3:85:7f:11:b7:42:04:d8:5b:15:ec:a3:26:3d:34:
                    86:fa:28:ca:f8:d7:18:be:31:64:d8:25:24:73:be:
                    8e:9f:30:db:5c:f2:d7:fb:22:ba:3c:17:31:38:2d:
                    c5:71:ce:c0:b7:4b:7b:75:b1:01:eb:44:e4:a8:2f:
                    65:4c:41:d2:46:97:b2:44:dc:5d:69:f3:8b:ce:fc:
                    63:12:ef:ce:41:15:d4:e0:1b:da:96:67:b8:20:9c:
                    22:32:7c:21:12:7b:af:e0:38:ad:e3:f5:37:26:da:
                    dd:2f:8f:2d:48:ee:aa:e5:af:51:bf:3a:13:a9:be:
                    6c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:72:6B:07:B6:34:4A:46:5F:5F:AD:B7:59:2F:BB:61:A6:EC:29:99
            X509v3 Authority Key Identifier:
                keyid:68:77:26:D3:8F:CF:2A:7F:BB:B7:BF:C2:8D:63:FE:35:79:ED:21:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aHcm04_PKn-7t7_CjWP-NXntIR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/6HJrB7Y0SkZfX623WS-7YabsKZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/aHcm04_PKn-7t7_CjWP-NXntIR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.73.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:57:53:43:3d:25:24:c1:9c:18:ff:8a:ed:bb:eb:5e:79:53:
         19:86:70:3a:d6:c8:91:60:63:0e:28:64:30:61:a3:98:98:e1:
         bf:7c:c6:f8:52:9c:c1:62:a7:be:c3:95:71:09:cc:e5:98:b3:
         c4:89:77:73:09:90:fb:05:41:7d:ad:dd:5a:65:54:54:a6:47:
         78:60:ce:fe:cd:a1:28:4c:27:7d:d6:7d:8b:35:f7:73:a0:1a:
         a6:12:fd:b9:ea:9f:15:ed:60:a4:e9:a0:d7:4e:d4:16:2a:7f:
         f6:ca:67:61:56:de:7c:2a:aa:6f:38:42:2e:bb:9f:ec:71:46:
         b3:ab:57:e3:a9:7a:09:94:e5:08:37:d0:ca:c1:4a:b0:0a:79:
         ea:84:37:d5:92:99:1c:07:c5:ca:da:8e:69:d4:1f:13:fb:45:
         26:5c:f8:d3:2f:ef:4f:e4:a2:a6:23:01:7b:03:a0:c1:5e:73:
         f9:58:15:33:d8:df:a1:de:92:9f:01:6d:7b:48:c9:85:b4:3e:
         a5:ac:8a:b5:b9:1a:72:9b:cf:bc:4d:48:b0:18:d2:18:24:96:
         d0:5b:d1:02:b9:61:64:1b:40:42:08:42:cf:84:53:b6:e3:1b:
         25:8e:db:89:23:24:cc:da:c8:5a:dd:de:56:f7:fa:48:a9:3b:
         0c:fa:c4:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKPz8eTuddXk8nN4aKmkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4NzcyNmQzOGZjZjJhN2ZiYmI3YmZjMjhkNjNmZTM1Nzll
ZDIxMWQwHhcNMjQwMTAxMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODcyNmIwN2I2MzQ0YTQ2NWY1ZmFkYjc1OTJmYmI2MWE2ZWMyOTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg4VqQRdKkmdfR760ZFv2T0kiYMll
kc6qBnLd1zx1FNUP0oqa5vbQz4zHUzjiA+rqzxwE2o8TDsza2yuGIurN95Il9tSC
swq2PXSXSxQE82Z+05wVi6k8qsb3ajzKC/2O02b0/EBlXzjBOCJy+YO3xTtD/tIO
wxJRQLemZZJOp2D6rbF+EmGjhX8Rt0IE2FsV7KMmPTSG+ijK+NcYvjFk2CUkc76O
nzDbXPLX+yK6PBcxOC3Fcc7At0t7dbEB60TkqC9lTEHSRpeyRNxdafOLzvxjEu/O
QRXU4Bvalme4IJwiMnwhEnuv4Dit4/U3JtrdL48tSO6q5a9RvzoTqb5sGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOhyawe2NEpGX1+tt1kvu2Gm7CmZMB8GA1UdIwQY
MBaAFGh3JtOPzyp/u7e/wo1j/jV57SEdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUhjbTA0X1BLbi03dDdfQ2pXUC1OWG50SVIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9lNzFlMjctYzY4Ny00ZmQ3LTgxODAt
NGIyZGExOTdhN2U2LzEvNkhKckI3WTBTa1pmWDYyM1dTLTdZYWJzS1prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9lNzFlMjctYzY4Ny00ZmQ3LTgxODAtNGIyZGExOTdhN2U2
LzEvYUhjbTA0X1BLbi03dDdfQ2pXUC1OWG50SVIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwUnQMA0G
CSqGSIb3DQEBCwUAA4IBAQCHV1NDPSUkwZwY/4rtu+teeVMZhnA61siRYGMOKGQw
YaOYmOG/fMb4UpzBYqe+w5VxCczlmLPEiXdzCZD7BUF9rd1aZVRUpkd4YM7+zaEo
TCd91n2LNfdzoBqmEv256p8V7WCk6aDXTtQWKn/2ymdhVt58KqpvOEIuu5/scUaz
q1fjqXoJlOUIN9DKwUqwCnnqhDfVkpkcB8XK2o5p1B8T+0UmXPjTL+9P5KKmIwF7
A6DBXnP5WBUz2N+h3pKfAW17SMmFtD6lrIq1uRpym8+8TUiwGNIYJJbQW9ECuWFk
G0BCCELPhFO24xsljtuJIyTM2sha3d5W9/pIqTsM+sSk
-----END CERTIFICATE-----