Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/a5baa2-2a35-4c76-a940-5990cd4de88b/1/v7pJ3KFMCt_D0rmruuFkRBDw4bc.roa
File:                     v7pJ3KFMCt_D0rmruuFkRBDw4bc.roa (raw, json)
Hash identifier:          YkO/fceJnXfMT9WjDwRcVYVuq9Iu7bLHSYtr27YhJjQ=
Subject key identifier:   BF:BA:49:DC:A1:4C:0A:DF:C3:D2:B9:AB:BA:E1:64:44:10:F0:E1:B7
Certificate issuer:       /CN=d79d856aaa9ead12f75cb68cdae96a0d2c8dde1e
Certificate serial:       018CC5010827DD75370DD51A75A46BC9BCE4
Authority key identifier: D7:9D:85:6A:AA:9E:AD:12:F7:5C:B6:8C:DA:E9:6A:0D:2C:8D:DE:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/152FaqqerRL3XLaM2ulqDSyN3h4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/a5baa2-2a35-4c76-a940-5990cd4de88b/1/v7pJ3KFMCt_D0rmruuFkRBDw4bc.roa
Signing time:             Mon 01 Jan 2024 12:30:28 +0000
ROA not before:           Mon 01 Jan 2024 12:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5416
IP address blocks:        193.188.13.0/24 maxlen: 24
                          193.188.12.0/23 maxlen: 23
                          193.188.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/a5baa2-2a35-4c76-a940-5990cd4de88b/1/152FaqqerRL3XLaM2ulqDSyN3h4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/a5baa2-2a35-4c76-a940-5990cd4de88b/1/152FaqqerRL3XLaM2ulqDSyN3h4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/152FaqqerRL3XLaM2ulqDSyN3h4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:08:27:dd:75:37:0d:d5:1a:75:a4:6b:c9:bc:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d79d856aaa9ead12f75cb68cdae96a0d2c8dde1e
        Validity
            Not Before: Jan  1 12:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfba49dca14c0adfc3d2b9abbae1644410f0e1b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b1:c9:6d:05:c3:c4:e3:25:0a:21:84:34:d2:
                    b0:e2:91:d2:16:b7:11:4d:18:09:66:c0:83:a9:30:
                    37:03:13:b8:e1:28:c3:c8:2f:25:21:19:e3:45:b0:
                    b2:81:d2:13:5c:ec:d0:09:7f:a4:07:f0:04:ee:03:
                    21:2a:e0:aa:81:c0:88:59:04:76:94:74:82:56:e1:
                    44:f3:9a:dc:43:8f:5a:dd:38:65:74:a5:71:2d:34:
                    6d:c3:2f:5e:0b:da:b0:f2:7d:a5:cd:fa:a4:d1:32:
                    85:f3:62:1c:7a:0a:ee:03:e4:ed:8e:59:38:ac:d5:
                    3c:3d:de:89:4f:bf:2b:0a:dd:f3:31:2e:2a:1e:62:
                    91:f2:24:ee:fc:9c:f3:59:68:10:be:2a:d8:90:92:
                    1b:62:9f:6c:6d:29:01:33:3b:6a:0b:02:40:eb:f9:
                    5d:b0:16:b1:d3:f6:74:3b:3f:b8:e0:b1:a0:8f:cd:
                    26:a3:c6:e6:91:b0:fc:08:37:39:f5:f6:40:a0:40:
                    00:c7:38:12:b5:84:4b:11:85:c6:48:fd:a6:4a:eb:
                    92:b0:41:1b:9a:88:6f:e0:94:ba:70:55:4f:36:f8:
                    8e:c5:ea:22:85:9d:9a:e6:44:3c:74:e7:a0:98:52:
                    7b:c5:05:5b:5f:90:63:77:0f:dd:ac:21:51:4f:69:
                    e1:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:BA:49:DC:A1:4C:0A:DF:C3:D2:B9:AB:BA:E1:64:44:10:F0:E1:B7
            X509v3 Authority Key Identifier:
                keyid:D7:9D:85:6A:AA:9E:AD:12:F7:5C:B6:8C:DA:E9:6A:0D:2C:8D:DE:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/152FaqqerRL3XLaM2ulqDSyN3h4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/a5baa2-2a35-4c76-a940-5990cd4de88b/1/v7pJ3KFMCt_D0rmruuFkRBDw4bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/a5baa2-2a35-4c76-a940-5990cd4de88b/1/152FaqqerRL3XLaM2ulqDSyN3h4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.188.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:04:cb:cd:f7:16:aa:ee:3c:b2:88:24:a4:38:60:1f:a6:5f:
         7f:2f:18:1d:86:7d:d4:e2:4c:88:91:91:69:f3:63:f7:15:89:
         e3:19:19:ae:01:52:1d:3f:24:47:66:9a:c9:0d:94:ba:e5:bb:
         ee:5d:30:86:d1:48:0c:a4:fc:e4:b3:56:d1:82:b5:57:4e:d5:
         21:fc:a3:77:b7:56:3b:9c:fd:b8:bd:d3:3e:70:98:60:7e:7d:
         80:4d:bf:75:2f:d5:36:1b:c2:00:98:49:db:7d:c0:4c:47:ff:
         2d:94:01:27:96:0c:7f:e8:82:ed:ce:9f:0e:90:60:ab:11:4a:
         6d:86:d8:34:9f:95:ed:2b:17:f1:67:0a:23:ac:48:28:2d:83:
         77:58:55:93:cf:45:b9:aa:a0:45:4b:54:00:10:74:ba:f9:44:
         39:69:07:32:2f:55:9c:ae:fe:8c:60:eb:86:d0:c5:df:0f:64:
         e3:04:42:5a:b4:0a:ce:a2:ef:fa:80:bf:6c:4e:1a:a6:9e:07:
         37:1f:dd:18:59:da:07:3a:4e:29:6f:40:c6:8a:62:95:cc:24:
         ac:49:24:2b:d8:da:4b:81:92:ac:46:8e:7e:b9:28:df:01:3a:
         41:6a:a3:a0:67:d4:c2:59:f2:8d:a3:ff:78:39:6d:5c:56:e5:
         e9:f0:eb:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAQgn3XU3DdUadaRrybzkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3OWQ4NTZhYWE5ZWFkMTJmNzVjYjY4Y2RhZTk2YTBkMmM4
ZGRlMWUwHhcNMjQwMTAxMTIzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmJhNDlkY2ExNGMwYWRmYzNkMmI5YWJiYWUxNjQ0NDEwZjBlMWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7HJbQXDxOMlCiGENNKw4pHSFrcR
TRgJZsCDqTA3AxO44SjDyC8lIRnjRbCygdITXOzQCX+kB/AE7gMhKuCqgcCIWQR2
lHSCVuFE85rcQ49a3ThldKVxLTRtwy9eC9qw8n2lzfqk0TKF82IcegruA+Ttjlk4
rNU8Pd6JT78rCt3zMS4qHmKR8iTu/JzzWWgQvirYkJIbYp9sbSkBMztqCwJA6/ld
sBax0/Z0Oz+44LGgj80mo8bmkbD8CDc59fZAoEAAxzgStYRLEYXGSP2mSuuSsEEb
mohv4JS6cFVPNviOxeoihZ2a5kQ8dOegmFJ7xQVbX5Bjdw/drCFRT2nhAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL+6SdyhTArfw9K5q7rhZEQQ8OG3MB8GA1UdIwQY
MBaAFNedhWqqnq0S91y2jNrpag0sjd4eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTUyRmFxcWVyUkwzWExhTTJ1bHFEU3lOM2g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9hNWJhYTItMmEzNS00Yzc2LWE5NDAt
NTk5MGNkNGRlODhiLzEvdjdwSjNLRk1DdF9EMHJtcnV1RmtSQkR3NGJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9hNWJhYTItMmEzNS00Yzc2LWE5NDAtNTk5MGNkNGRlODhi
LzEvMTUyRmFxcWVyUkwzWExhTTJ1bHFEU3lOM2g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwbwMMA0G
CSqGSIb3DQEBCwUAA4IBAQCSBMvN9xaq7jyyiCSkOGAfpl9/Lxgdhn3U4kyIkZFp
82P3FYnjGRmuAVIdPyRHZprJDZS65bvuXTCG0UgMpPzks1bRgrVXTtUh/KN3t1Y7
nP24vdM+cJhgfn2ATb91L9U2G8IAmEnbfcBMR/8tlAEnlgx/6ILtzp8OkGCrEUpt
htg0n5XtKxfxZwojrEgoLYN3WFWTz0W5qqBFS1QAEHS6+UQ5aQcyL1Wcrv6MYOuG
0MXfD2TjBEJatArOou/6gL9sThqmngc3H90YWdoHOk4pb0DGimKVzCSsSSQr2NpL
gZKsRo5+uSjfATpBaqOgZ9TCWfKNo/94OW1cVuXp8Ou7
-----END CERTIFICATE-----