Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/0c1ce0-4533-4e43-be9c-53cf26b0a724/1/8dvjc1GD5UexScXj9MISlSPdCeg.roa
File:                     8dvjc1GD5UexScXj9MISlSPdCeg.roa (raw, json)
Hash identifier:          z3aYDUtRgxZsVk+oUibdwQb6O5jmgTOkxJfBIRzviaA=
Subject key identifier:   F1:DB:E3:73:51:83:E5:47:B1:49:C5:E3:F4:C2:12:95:23:DD:09:E8
Certificate issuer:       /CN=ec738a381e60f5a8fe0587fc6b1a3c813c8e3ca8
Certificate serial:       018CC86F406ED1BA23253F4FE676E74F4ABF
Authority key identifier: EC:73:8A:38:1E:60:F5:A8:FE:05:87:FC:6B:1A:3C:81:3C:8E:3C:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7HOKOB5g9aj-BYf8axo8gTyOPKg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/0c1ce0-4533-4e43-be9c-53cf26b0a724/1/8dvjc1GD5UexScXj9MISlSPdCeg.roa
Signing time:             Tue 02 Jan 2024 04:29:43 +0000
ROA not before:           Tue 02 Jan 2024 04:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207400
IP address blocks:        193.29.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/0c1ce0-4533-4e43-be9c-53cf26b0a724/1/7HOKOB5g9aj-BYf8axo8gTyOPKg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/0c1ce0-4533-4e43-be9c-53cf26b0a724/1/7HOKOB5g9aj-BYf8axo8gTyOPKg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7HOKOB5g9aj-BYf8axo8gTyOPKg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 13:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:40:6e:d1:ba:23:25:3f:4f:e6:76:e7:4f:4a:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec738a381e60f5a8fe0587fc6b1a3c813c8e3ca8
        Validity
            Not Before: Jan  2 04:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1dbe3735183e547b149c5e3f4c2129523dd09e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:e5:0e:81:a8:b5:74:cb:33:35:3d:60:a9:79:
                    6c:29:42:8d:cc:ab:8a:63:73:d8:59:d2:41:18:9c:
                    38:cc:5c:ab:00:30:b1:27:31:16:d5:0e:1a:69:ab:
                    bd:c4:e4:6f:c2:99:f5:8d:dd:e0:d4:aa:bb:b0:a4:
                    29:1d:80:a1:1d:a3:07:db:78:21:c1:dc:fc:d5:4a:
                    55:42:79:d6:f0:89:92:5f:c4:4f:94:b9:79:61:e5:
                    fb:53:5b:82:97:ad:e4:6d:aa:d6:97:c0:eb:c5:45:
                    66:5f:c6:1c:8d:78:42:00:af:6e:49:00:5c:89:76:
                    bb:73:90:85:b0:1a:82:57:02:6a:11:c3:b2:4a:28:
                    9f:93:2b:6c:3b:47:6c:8d:24:4d:68:54:65:f9:79:
                    18:b0:f8:62:87:17:97:be:df:86:f0:8a:a7:02:d0:
                    b2:97:b6:20:47:9d:96:6a:d8:2f:04:32:55:4f:fc:
                    45:43:d2:84:73:a3:57:df:6f:8b:63:e4:f6:cd:de:
                    32:74:d3:5a:8c:67:37:94:21:99:82:e0:ef:68:21:
                    0c:4c:3f:9a:78:35:39:84:a8:99:d8:71:c0:0f:1a:
                    32:1c:06:f0:2b:ff:db:52:22:c3:e8:76:0b:96:86:
                    e4:d7:91:ef:cf:37:63:08:a9:f0:b3:17:e0:ae:b8:
                    4d:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:DB:E3:73:51:83:E5:47:B1:49:C5:E3:F4:C2:12:95:23:DD:09:E8
            X509v3 Authority Key Identifier:
                keyid:EC:73:8A:38:1E:60:F5:A8:FE:05:87:FC:6B:1A:3C:81:3C:8E:3C:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7HOKOB5g9aj-BYf8axo8gTyOPKg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/0c1ce0-4533-4e43-be9c-53cf26b0a724/1/8dvjc1GD5UexScXj9MISlSPdCeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/0c1ce0-4533-4e43-be9c-53cf26b0a724/1/7HOKOB5g9aj-BYf8axo8gTyOPKg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.29.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:2a:14:39:3d:da:2f:25:08:fd:3b:b2:fe:fd:1a:49:7e:f1:
         c7:cf:98:13:70:4a:21:5e:8c:f5:8d:c2:b3:2c:93:6e:9d:57:
         13:ef:f2:6c:27:48:c3:d6:78:0b:52:d7:36:11:05:16:5b:df:
         9d:ca:f7:bf:81:96:52:b8:98:bc:d1:5f:ce:6e:8e:d7:a0:ba:
         f6:7e:60:2b:4c:50:d9:cc:a0:60:aa:bb:d4:ff:eb:13:e8:51:
         5e:4b:17:b0:62:1a:14:ae:18:3f:b0:f6:0a:d1:df:da:eb:da:
         ee:a4:40:d9:7c:8a:92:01:32:08:29:f6:c7:bd:20:83:0a:ac:
         fd:25:fb:f8:ab:d7:9b:fd:4f:d7:67:f1:6d:3a:ef:04:c4:b7:
         28:3a:d6:63:9f:98:78:83:4f:a5:e0:61:94:2c:ce:6b:98:7f:
         3f:4d:78:f7:0d:2f:63:47:04:31:b6:c0:60:16:84:d4:f6:d8:
         6e:af:8e:b0:09:b1:1b:a7:e6:bb:92:5b:4b:a3:9a:45:d1:72:
         19:7f:a9:d7:b9:26:60:85:e9:b1:96:bc:7f:91:d7:1d:b2:ee:
         be:f4:75:76:f1:d2:85:32:d3:cc:0f:7a:5a:af:3b:22:63:18:
         e5:87:d8:bf:1e:9c:26:90:28:37:3a:45:f1:38:93:ab:f8:06:
         60:77:80:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb0Bu0bojJT9P5nbnT0q/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNzM4YTM4MWU2MGY1YThmZTA1ODdmYzZiMWEzYzgxM2M4
ZTNjYTgwHhcNMjQwMTAyMDQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWRiZTM3MzUxODNlNTQ3YjE0OWM1ZTNmNGMyMTI5NTIzZGQwOWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eUOgai1dMszNT1gqXlsKUKNzKuK
Y3PYWdJBGJw4zFyrADCxJzEW1Q4aaau9xORvwpn1jd3g1Kq7sKQpHYChHaMH23gh
wdz81UpVQnnW8ImSX8RPlLl5YeX7U1uCl63kbarWl8DrxUVmX8YcjXhCAK9uSQBc
iXa7c5CFsBqCVwJqEcOySiifkytsO0dsjSRNaFRl+XkYsPhihxeXvt+G8IqnAtCy
l7YgR52WatgvBDJVT/xFQ9KEc6NX32+LY+T2zd4ydNNajGc3lCGZguDvaCEMTD+a
eDU5hKiZ2HHADxoyHAbwK//bUiLD6HYLlobk15HvzzdjCKnwsxfgrrhNAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPHb43NRg+VHsUnF4/TCEpUj3QnoMB8GA1UdIwQY
MBaAFOxzijgeYPWo/gWH/GsaPIE8jjyoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0hPS09CNWc5YWotQllmOGF4bzhnVHlPUEtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi8wYzFjZTAtNDUzMy00ZTQzLWJlOWMt
NTNjZjI2YjBhNzI0LzEvOGR2amMxR0Q1VWV4U2NYajlNSVNsU1BkQ2VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi8wYzFjZTAtNDUzMy00ZTQzLWJlOWMtNTNjZjI2YjBhNzI0
LzEvN0hPS09CNWc5YWotQllmOGF4bzhnVHlPUEtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR3iMA0G
CSqGSIb3DQEBCwUAA4IBAQAhKhQ5PdovJQj9O7L+/RpJfvHHz5gTcEohXoz1jcKz
LJNunVcT7/JsJ0jD1ngLUtc2EQUWW9+dyve/gZZSuJi80V/Obo7XoLr2fmArTFDZ
zKBgqrvU/+sT6FFeSxewYhoUrhg/sPYK0d/a69rupEDZfIqSATIIKfbHvSCDCqz9
Jfv4q9eb/U/XZ/FtOu8ExLcoOtZjn5h4g0+l4GGULM5rmH8/TXj3DS9jRwQxtsBg
FoTU9thur46wCbEbp+a7kltLo5pF0XIZf6nXuSZghemxlrx/kdcdsu6+9HV28dKF
MtPMD3parzsiYxjlh9i/HpwmkCg3OkXxOJOr+AZgd4AF
-----END CERTIFICATE-----