Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/c330l5lpzb6UmqDwhQnQ2hj9lgQ.roa
File:                     c330l5lpzb6UmqDwhQnQ2hj9lgQ.roa (raw, json)
Hash identifier:          yALrgX/STXEGPonPq0sH/OBXgIb2CbDaR14UTrlr3As=
Subject key identifier:   73:7D:F4:97:99:69:CD:BE:94:9A:A0:F0:85:09:D0:DA:18:FD:96:04
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       018CC6B8CB08A97B95BDCAE248C227B80831
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/c330l5lpzb6UmqDwhQnQ2hj9lgQ.roa
Signing time:             Mon 01 Jan 2024 20:30:48 +0000
ROA not before:           Mon 01 Jan 2024 20:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212598
IP address blocks:        193.111.78.0/24 maxlen: 24
                          193.17.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:cb:08:a9:7b:95:bd:ca:e2:48:c2:27:b8:08:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Jan  1 20:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=737df4979969cdbe949aa0f08509d0da18fd9604
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:0e:fb:80:be:e6:c8:dc:81:1e:bd:86:e6:81:
                    d5:d9:6b:96:b2:45:c2:f3:b8:93:e0:3d:bc:21:62:
                    68:7b:2d:21:63:b6:67:11:08:4e:ba:7d:ba:ad:87:
                    e0:b5:5b:e5:75:3a:74:59:2c:50:de:db:3a:4e:65:
                    1e:c2:c4:c5:49:ea:b8:2d:ef:17:dc:75:f6:ee:21:
                    3a:32:a4:0d:85:e0:51:12:05:d5:3b:41:c9:4c:c5:
                    d9:40:08:e4:ad:83:50:58:cc:c0:22:f1:06:8f:14:
                    5e:ad:58:e1:ac:f8:f5:2c:12:45:de:f6:fa:31:10:
                    c1:af:0c:ea:f9:19:c9:d7:73:b3:61:ed:86:67:02:
                    53:e8:d7:5f:c0:4f:97:88:26:11:c6:95:fb:b8:2d:
                    d7:b0:6a:65:4f:44:42:7a:00:65:7a:ca:61:5b:53:
                    16:f2:6d:28:d4:5c:62:c2:b6:f6:c0:4d:82:86:a9:
                    24:d6:15:f7:d9:50:81:85:a1:20:48:1f:81:78:d8:
                    f9:75:73:35:32:83:58:58:76:75:67:dc:3e:77:eb:
                    64:d2:ec:2e:04:ea:1b:49:f5:e5:46:75:60:7c:52:
                    2b:48:7c:20:fb:0d:27:cc:a6:3a:e2:48:d7:71:c7:
                    c5:57:1e:00:69:4b:17:2c:4f:07:d9:ff:ea:68:c5:
                    e0:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:7D:F4:97:99:69:CD:BE:94:9A:A0:F0:85:09:D0:DA:18:FD:96:04
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/c330l5lpzb6UmqDwhQnQ2hj9lgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.6.0/24
                  193.111.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:98:15:31:ec:0f:f2:ec:ff:ce:ad:3a:6c:43:df:d5:32:8d:
         2e:8d:73:c1:c4:d1:bc:ce:11:16:87:65:c4:09:c7:99:65:0e:
         bd:10:f8:f5:ad:fc:5b:cc:9e:48:3c:9e:a5:c0:6e:df:9f:94:
         47:31:af:81:68:55:8b:65:60:f7:9e:07:0c:3e:c5:21:aa:53:
         a1:0c:cf:9b:15:6f:c7:f3:de:2d:18:0e:df:24:b1:a1:d5:56:
         b2:cc:35:d9:33:df:df:64:3b:70:e2:20:b6:07:3a:4a:2d:d1:
         11:08:47:cb:dc:e0:e9:41:4e:1c:e1:da:5f:46:6b:69:44:b5:
         10:a3:c0:b5:8d:96:ed:07:57:62:99:47:cb:75:80:5a:19:f0:
         a5:55:39:e8:4b:fc:ce:5a:d7:ce:6f:0c:1e:93:27:ae:32:1d:
         1f:7d:84:ad:3d:ab:42:2d:6b:ac:4f:83:9d:0c:05:80:c7:9d:
         fd:f8:ef:1e:ce:a7:5e:fc:1f:6e:39:55:16:d1:55:ed:84:80:
         12:ef:cd:89:10:43:16:fe:85:42:0a:cd:fa:58:1f:da:48:40:
         51:7a:70:47:59:d6:9b:d6:54:6f:52:4d:9a:db:7f:98:d3:91:
         e1:2e:d4:03:83:fe:84:fe:0f:96:5e:89:2b:5f:db:9a:e0:35:
         3b:2d:1f:4a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuMsIqXuVvcriSMInuAgxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjQwMTAxMjAzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzdkZjQ5Nzk5NjljZGJlOTQ5YWEwZjA4NTA5ZDBkYTE4ZmQ5NjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkw77gL7myNyBHr2G5oHV2WuWskXC
87iT4D28IWJoey0hY7ZnEQhOun26rYfgtVvldTp0WSxQ3ts6TmUewsTFSeq4Le8X
3HX27iE6MqQNheBREgXVO0HJTMXZQAjkrYNQWMzAIvEGjxRerVjhrPj1LBJF3vb6
MRDBrwzq+RnJ13OzYe2GZwJT6NdfwE+XiCYRxpX7uC3XsGplT0RCegBlesphW1MW
8m0o1Fxiwrb2wE2Chqkk1hX32VCBhaEgSB+BeNj5dXM1MoNYWHZ1Z9w+d+tk0uwu
BOobSfXlRnVgfFIrSHwg+w0nzKY64kjXccfFVx4AaUsXLE8H2f/qaMXglQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHN99JeZac2+lJqg8IUJ0NoY/ZYEMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvYzMzMGw1bHB6YjZVbXFEd2hRblEyaGo5bGdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwREGAwQA
wW9OMA0GCSqGSIb3DQEBCwUAA4IBAQABmBUx7A/y7P/OrTpsQ9/VMo0ujXPBxNG8
zhEWh2XECceZZQ69EPj1rfxbzJ5IPJ6lwG7fn5RHMa+BaFWLZWD3ngcMPsUhqlOh
DM+bFW/H894tGA7fJLGh1VayzDXZM9/fZDtw4iC2BzpKLdERCEfL3ODpQU4c4dpf
RmtpRLUQo8C1jZbtB1dimUfLdYBaGfClVTnoS/zOWtfObwwekyeuMh0ffYStPatC
LWusT4OdDAWAx539+O8ezqde/B9uOVUW0VXthIAS782JEEMW/oVCCs36WB/aSEBR
enBHWdab1lRvUk2a23+Y05HhLtQDg/6E/g+WXokrX9ua4DU7LR9K
-----END CERTIFICATE-----