Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/1cd76c-0201-4703-8ed6-beb6da03755e/1/p6glqkB7xf74sxe4rgLULOxqu-0.roa
File:                     p6glqkB7xf74sxe4rgLULOxqu-0.roa (raw, json)
Hash identifier:          987mXOyMOxWFy2w0IgXEA7vhZD/TBYF33SMf+Xjudk4=
Subject key identifier:   A7:A8:25:AA:40:7B:C5:FE:F8:B3:17:B8:AE:02:D4:2C:EC:6A:BB:ED
Certificate issuer:       /CN=ba0d738dd28ff2549456ce66e744898372fc503d
Certificate serial:       018CC5DBEAF660339976589BEB968852E0D4
Authority key identifier: BA:0D:73:8D:D2:8F:F2:54:94:56:CE:66:E7:44:89:83:72:FC:50:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ug1zjdKP8lSUVs5m50SJg3L8UD0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/1cd76c-0201-4703-8ed6-beb6da03755e/1/p6glqkB7xf74sxe4rgLULOxqu-0.roa
Signing time:             Mon 01 Jan 2024 16:29:33 +0000
ROA not before:           Mon 01 Jan 2024 16:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60217
IP address blocks:        193.187.71.0/24 maxlen: 24
                          193.187.70.0/24 maxlen: 24
                          2a02:957::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/1cd76c-0201-4703-8ed6-beb6da03755e/1/ug1zjdKP8lSUVs5m50SJg3L8UD0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/1cd76c-0201-4703-8ed6-beb6da03755e/1/ug1zjdKP8lSUVs5m50SJg3L8UD0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ug1zjdKP8lSUVs5m50SJg3L8UD0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:ea:f6:60:33:99:76:58:9b:eb:96:88:52:e0:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba0d738dd28ff2549456ce66e744898372fc503d
        Validity
            Not Before: Jan  1 16:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7a825aa407bc5fef8b317b8ae02d42cec6abbed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:fe:68:63:b5:b2:8d:78:3e:9b:18:a7:0c:dd:
                    fa:f4:d6:18:e5:b5:12:b3:ba:3f:45:2f:a4:9d:1a:
                    44:8a:77:7b:ea:c4:a3:d4:e6:ec:ee:0d:ee:01:da:
                    ea:45:0b:1f:cf:60:82:c2:eb:37:98:ea:8a:86:42:
                    30:0f:1d:95:99:db:d5:b2:50:9d:a2:d0:17:ec:f9:
                    05:95:6d:b7:ca:0e:cf:5b:e5:97:3e:cb:2b:b2:90:
                    76:2d:04:e7:02:fe:d6:e1:87:1f:08:12:5c:97:14:
                    08:ec:d2:f8:69:a4:30:b1:0e:b2:0f:af:a2:54:aa:
                    02:2d:b7:d4:88:13:ab:e1:e3:0f:44:9c:75:98:db:
                    f7:bd:2a:25:7e:72:de:13:56:3f:b7:36:15:a8:57:
                    a9:55:3f:3a:cf:f0:6f:a1:a5:df:41:f8:db:f6:d5:
                    32:43:bd:bc:94:02:b5:5b:0d:c9:75:2a:1f:4a:bf:
                    08:08:63:d3:c7:a0:77:95:97:90:63:40:ba:61:8f:
                    e0:e2:0a:73:b5:b6:8e:15:f8:2c:be:2d:47:f1:bd:
                    e4:f0:4e:b2:33:92:39:a3:46:6c:88:ec:92:5a:80:
                    a6:f9:75:3c:61:a7:f3:c2:ab:f6:aa:30:f9:ba:dc:
                    e0:c3:89:83:73:37:2c:60:f4:37:fd:84:49:b1:89:
                    ac:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:A8:25:AA:40:7B:C5:FE:F8:B3:17:B8:AE:02:D4:2C:EC:6A:BB:ED
            X509v3 Authority Key Identifier:
                keyid:BA:0D:73:8D:D2:8F:F2:54:94:56:CE:66:E7:44:89:83:72:FC:50:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ug1zjdKP8lSUVs5m50SJg3L8UD0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/1cd76c-0201-4703-8ed6-beb6da03755e/1/p6glqkB7xf74sxe4rgLULOxqu-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/1cd76c-0201-4703-8ed6-beb6da03755e/1/ug1zjdKP8lSUVs5m50SJg3L8UD0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.187.70.0/23
                IPv6:
                  2a02:957::/48

    Signature Algorithm: sha256WithRSAEncryption
         dd:d2:e1:4e:a4:83:20:9b:ca:48:97:22:ef:87:90:46:8f:10:
         0f:9f:7a:e4:a9:44:79:9b:fd:78:6d:6d:73:d1:30:02:45:27:
         e8:fc:b5:bd:ba:55:fd:f3:6f:26:dd:4b:cd:45:b9:02:a4:66:
         56:e4:88:c3:e1:93:56:ea:f2:6e:8d:6d:14:91:98:a0:aa:1d:
         14:07:b0:26:f7:07:60:ef:47:1b:4c:0f:ae:2f:ef:1e:ef:8d:
         5e:fc:ed:90:28:b7:84:d6:bd:3c:6e:68:3b:0c:50:8d:bc:12:
         f1:7e:7f:7f:6d:95:d5:57:ac:ca:84:f0:fc:59:fd:82:dd:63:
         8d:4e:9d:da:7e:fc:e9:ce:74:43:df:49:67:a4:87:26:e7:94:
         aa:12:b9:c3:26:9d:99:ec:e1:5e:52:0f:a4:97:df:c9:4d:f4:
         9a:61:97:0d:45:8c:21:ba:1b:c1:38:dc:95:9f:f8:26:ea:80:
         f8:e6:22:80:e8:ef:8a:d0:d1:40:c7:4a:33:bf:68:6a:5a:6f:
         ff:78:48:17:b1:6c:cc:66:09:7a:b0:46:1f:39:28:8a:36:bc:
         1f:8d:5e:1f:ca:f4:47:4f:35:99:12:28:02:57:7e:4d:ed:f3:
         34:de:74:31:97:6b:15:0d:2c:3b:0b:cf:8f:0f:da:16:eb:2d:
         b5:f9:13:87
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF2+r2YDOZdlib65aIUuDUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMGQ3MzhkZDI4ZmYyNTQ5NDU2Y2U2NmU3NDQ4OTgzNzJm
YzUwM2QwHhcNMjQwMTAxMTYyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2E4MjVhYTQwN2JjNWZlZjhiMzE3YjhhZTAyZDQyY2VjNmFiYmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgv5oY7WyjXg+mxinDN369NYY5bUS
s7o/RS+knRpEind76sSj1Obs7g3uAdrqRQsfz2CCwus3mOqKhkIwDx2VmdvVslCd
otAX7PkFlW23yg7PW+WXPssrspB2LQTnAv7W4YcfCBJclxQI7NL4aaQwsQ6yD6+i
VKoCLbfUiBOr4eMPRJx1mNv3vSolfnLeE1Y/tzYVqFepVT86z/BvoaXfQfjb9tUy
Q728lAK1Ww3JdSofSr8ICGPTx6B3lZeQY0C6YY/g4gpztbaOFfgsvi1H8b3k8E6y
M5I5o0ZsiOySWoCm+XU8Yafzwqv2qjD5utzgw4mDczcsYPQ3/YRJsYmsXQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKeoJapAe8X++LMXuK4C1CzsarvtMB8GA1UdIwQY
MBaAFLoNc43Sj/JUlFbOZudEiYNy/FA9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWcxempkS1A4bFNVVnM1bTUwU0pnM0w4VUQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC8xY2Q3NmMtMDIwMS00NzAzLThlZDYt
YmViNmRhMDM3NTVlLzEvcDZnbHFrQjd4Zjc0c3hlNHJnTFVMT3hxdS0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC8xY2Q3NmMtMDIwMS00NzAzLThlZDYtYmViNmRhMDM3NTVl
LzEvdWcxempkS1A4bFNVVnM1bTUwU0pnM0w4VUQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBwbtGMA8E
AgACMAkDBwAqAglXAAAwDQYJKoZIhvcNAQELBQADggEBAN3S4U6kgyCbykiXIu+H
kEaPEA+feuSpRHmb/XhtbXPRMAJFJ+j8tb26Vf3zbybdS81FuQKkZlbkiMPhk1bq
8m6NbRSRmKCqHRQHsCb3B2DvRxtMD64v7x7vjV787ZAot4TWvTxuaDsMUI28EvF+
f39tldVXrMqE8PxZ/YLdY41Ondp+/OnOdEPfSWekhybnlKoSucMmnZns4V5SD6SX
38lN9Jphlw1FjCG6G8E43JWf+CbqgPjmIoDo74rQ0UDHSjO/aGpab/94SBexbMxm
CXqwRh85KIo2vB+NXh/K9EdPNZkSKAJXfk3t8zTedDGXaxUNLDsLz48P2hbrLbX5
E4c=
-----END CERTIFICATE-----