Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/65690a-0acf-4f36-a89c-2b4a2714214a/1/yR2bgmkY4iY4hpD270iUn9DRuTc.roa
File:                     yR2bgmkY4iY4hpD270iUn9DRuTc.roa (raw, json)
Hash identifier:          OsarNx4T+0YovBM7+LZP63Gph6BdSilTKxh9WY7aNuU=
Subject key identifier:   C9:1D:9B:82:69:18:E2:26:38:86:90:F6:EF:48:94:9F:D0:D1:B9:37
Certificate issuer:       /CN=13b43dace8663447ee4725520d78c54ab7b99ad4
Certificate serial:       018CC870F743D19E2988769551AB59F293A4
Authority key identifier: 13:B4:3D:AC:E8:66:34:47:EE:47:25:52:0D:78:C5:4A:B7:B9:9A:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E7Q9rOhmNEfuRyVSDXjFSre5mtQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/65690a-0acf-4f36-a89c-2b4a2714214a/1/yR2bgmkY4iY4hpD270iUn9DRuTc.roa
Signing time:             Tue 02 Jan 2024 04:31:35 +0000
ROA not before:           Tue 02 Jan 2024 04:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207603
IP address blocks:        193.41.58.0/24 maxlen: 24
                          185.101.140.0/22 maxlen: 22
                          2a10:5940::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/65690a-0acf-4f36-a89c-2b4a2714214a/1/E7Q9rOhmNEfuRyVSDXjFSre5mtQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/65690a-0acf-4f36-a89c-2b4a2714214a/1/E7Q9rOhmNEfuRyVSDXjFSre5mtQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E7Q9rOhmNEfuRyVSDXjFSre5mtQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 18:17:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:f7:43:d1:9e:29:88:76:95:51:ab:59:f2:93:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13b43dace8663447ee4725520d78c54ab7b99ad4
        Validity
            Not Before: Jan  2 04:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c91d9b826918e226388690f6ef48949fd0d1b937
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:3a:7d:eb:e6:92:3a:a3:12:40:d7:b2:ec:e4:
                    8d:d7:a1:e9:47:b4:6d:de:87:1a:29:5e:e3:1d:1e:
                    26:be:0c:f7:80:38:2f:6c:e2:ed:31:b9:ea:cd:3c:
                    55:c8:d9:4f:4b:b2:cd:b4:f5:75:05:7f:0a:66:19:
                    46:70:f7:b6:1a:0e:d2:bc:5d:a6:73:76:79:87:db:
                    ea:30:5e:c7:b9:86:0c:33:8f:cf:9e:5e:19:3e:d9:
                    97:de:7e:28:0e:bd:8a:2e:2e:8d:c1:3d:0f:fe:e4:
                    f2:7e:1c:af:18:da:6c:37:a5:bf:f3:58:11:a7:f6:
                    5c:5d:2d:fe:dc:b4:2a:97:2a:74:2d:d8:ea:7b:48:
                    b3:7f:a5:f4:e3:71:38:9f:11:3f:b7:07:dd:92:af:
                    62:ab:4c:48:88:74:c6:8f:b6:cf:c3:bf:60:87:dc:
                    82:88:6c:c5:71:6b:cd:2f:6d:c9:e6:e5:fe:c4:03:
                    53:47:95:92:26:58:a4:b3:e3:ba:1c:91:f9:20:a7:
                    6f:57:56:9c:c8:25:2b:bc:fd:d0:62:08:8f:a3:ef:
                    75:d7:02:f1:ba:5a:85:cd:0d:d8:48:d1:08:ed:a7:
                    3b:dd:69:54:ff:80:6b:7e:df:cd:35:a6:0b:ce:37:
                    eb:3c:b1:62:9e:e7:76:c6:75:af:8d:0d:f9:22:97:
                    2b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:1D:9B:82:69:18:E2:26:38:86:90:F6:EF:48:94:9F:D0:D1:B9:37
            X509v3 Authority Key Identifier:
                keyid:13:B4:3D:AC:E8:66:34:47:EE:47:25:52:0D:78:C5:4A:B7:B9:9A:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E7Q9rOhmNEfuRyVSDXjFSre5mtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/65690a-0acf-4f36-a89c-2b4a2714214a/1/yR2bgmkY4iY4hpD270iUn9DRuTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/65690a-0acf-4f36-a89c-2b4a2714214a/1/E7Q9rOhmNEfuRyVSDXjFSre5mtQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.140.0/22
                  193.41.58.0/24
                IPv6:
                  2a10:5940::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:f4:04:b8:be:4e:df:09:0c:89:88:ac:68:bb:1d:2c:12:f6:
         a3:3a:32:3f:83:aa:77:9b:2a:43:65:28:9f:e4:bf:d8:20:84:
         0a:d8:92:3f:c3:4c:0b:72:71:1f:f9:cc:3f:8a:48:42:41:fb:
         b5:2c:8f:5a:9a:1a:a4:0e:45:74:81:b9:bf:c7:39:47:60:67:
         67:b7:91:87:e3:43:4c:02:8c:3c:f9:2a:ca:08:90:40:85:d7:
         e5:1a:31:ce:44:7b:24:80:1c:ae:6d:c2:43:84:76:9a:92:3c:
         71:04:44:a8:7c:fd:e8:b3:1b:01:9f:ff:a0:a1:50:e0:e2:0f:
         64:57:0e:18:ad:8d:bf:2a:e9:7c:76:ad:60:6b:19:40:bd:22:
         2e:cf:d0:8c:7a:74:e2:23:19:0d:cd:c9:8a:f6:ac:ce:56:73:
         93:e8:68:17:82:df:37:1d:bf:ba:59:38:86:2b:a5:b5:3e:36:
         2b:c6:6f:24:63:de:27:c0:d8:2a:c9:f2:e3:9b:be:62:07:12:
         34:88:b9:d9:cf:f7:38:f4:94:f5:1a:c5:c6:a2:0d:d0:b2:74:
         d6:1a:e4:21:fb:c4:1f:8f:93:27:05:23:7a:65:91:12:70:4c:
         8d:7e:07:05:29:58:e9:09:ca:8c:d3:25:62:84:93:d9:96:9c:
         e6:53:0b:1e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIcPdD0Z4piHaVUatZ8pOkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzYjQzZGFjZTg2NjM0NDdlZTQ3MjU1MjBkNzhjNTRhYjdi
OTlhZDQwHhcNMjQwMTAyMDQzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTFkOWI4MjY5MThlMjI2Mzg4NjkwZjZlZjQ4OTQ5ZmQwZDFiOTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzp96+aSOqMSQNey7OSN16HpR7Rt
3ocaKV7jHR4mvgz3gDgvbOLtMbnqzTxVyNlPS7LNtPV1BX8KZhlGcPe2Gg7SvF2m
c3Z5h9vqMF7HuYYMM4/Pnl4ZPtmX3n4oDr2KLi6NwT0P/uTyfhyvGNpsN6W/81gR
p/ZcXS3+3LQqlyp0Ldjqe0izf6X043E4nxE/twfdkq9iq0xIiHTGj7bPw79gh9yC
iGzFcWvNL23J5uX+xANTR5WSJliks+O6HJH5IKdvV1acyCUrvP3QYgiPo+911wLx
ulqFzQ3YSNEI7ac73WlU/4Brft/NNaYLzjfrPLFinud2xnWvjQ35Ipcr2wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMkdm4JpGOImOIaQ9u9IlJ/Q0bk3MB8GA1UdIwQY
MBaAFBO0PazoZjRH7kclUg14xUq3uZrUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTdROXJPaG1ORWZ1UnlWU0RYakZTcmU1bXRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82NTY5MGEtMGFjZi00ZjM2LWE4OWMt
MmI0YTI3MTQyMTRhLzEveVIyYmdta1k0aVk0aHBEMjcwaVVuOURSdVRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82NTY5MGEtMGFjZi00ZjM2LWE4OWMtMmI0YTI3MTQyMTRh
LzEvRTdROXJPaG1ORWZ1UnlWU0RYakZTcmU1bXRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuWWMAwQA
wSk6MA0EAgACMAcDBQMqEFlAMA0GCSqGSIb3DQEBCwUAA4IBAQCG9AS4vk7fCQyJ
iKxoux0sEvajOjI/g6p3mypDZSif5L/YIIQK2JI/w0wLcnEf+cw/ikhCQfu1LI9a
mhqkDkV0gbm/xzlHYGdnt5GH40NMAow8+SrKCJBAhdflGjHORHskgByubcJDhHaa
kjxxBESofP3osxsBn/+goVDg4g9kVw4YrY2/Kul8dq1gaxlAvSIuz9CMenTiIxkN
zcmK9qzOVnOT6GgXgt83Hb+6WTiGK6W1PjYrxm8kY94nwNgqyfLjm75iBxI0iLnZ
z/c49JT1GsXGog3QsnTWGuQh+8Qfj5MnBSN6ZZEScEyNfgcFKVjpCcqM0yVihJPZ
lpzmUwse
-----END CERTIFICATE-----