Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/see9jpCYRY3hNwg5910U04FssVI.roa
File:                     see9jpCYRY3hNwg5910U04FssVI.roa (raw, json)
Hash identifier:          J4Xd5TX6FTTcN2Y1Hctd0OofEkYl2tZ39aUUk4Q1d0Y=
Subject key identifier:   B1:E7:BD:8E:90:98:45:8D:E1:37:08:39:F7:5D:14:D3:81:6C:B1:52
Certificate issuer:       /CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
Certificate serial:       018CC8DEDBBB39B7B9ACBCB180543B90EEEF
Authority key identifier: 8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/see9jpCYRY3hNwg5910U04FssVI.roa
Signing time:             Tue 02 Jan 2024 06:31:37 +0000
ROA not before:           Tue 02 Jan 2024 06:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60648
IP address blocks:        193.27.212.0/23 maxlen: 23
                          77.93.128.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 12:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:db:bb:39:b7:b9:ac:bc:b1:80:54:3b:90:ee:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
        Validity
            Not Before: Jan  2 06:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1e7bd8e9098458de1370839f75d14d3816cb152
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:76:41:3e:cc:d2:fd:03:ee:f1:67:e9:d8:95:
                    79:f6:2c:99:39:1a:2f:73:ce:d8:90:93:4a:eb:c0:
                    1f:81:26:87:fb:4a:a6:b7:ef:d5:d0:09:60:ad:e3:
                    99:b1:67:d1:bf:d4:86:d9:0f:60:25:3b:eb:e1:52:
                    37:d7:d6:70:f8:a8:e5:5e:b1:66:81:a2:78:a4:0a:
                    bb:cf:cf:5a:b9:9a:cb:6b:4a:ac:1a:8c:a0:fc:fb:
                    0e:b3:8e:e2:3c:24:43:b7:b7:76:9f:39:b9:a6:97:
                    71:4e:93:be:c3:0c:93:25:c4:96:29:77:45:5d:d0:
                    af:e2:1c:e1:41:2d:bf:9b:63:e5:b5:19:fa:39:4e:
                    7f:09:89:ce:6c:11:c5:0f:47:84:f7:6d:c2:82:00:
                    7c:a7:64:89:8a:6e:ac:e4:9f:83:3a:8e:f7:f6:9d:
                    a0:91:49:71:d8:5a:1f:55:bf:d3:21:f6:0d:69:cd:
                    90:74:ca:21:46:46:68:6b:70:ea:de:40:3e:d0:e0:
                    c9:ed:ec:41:00:8c:8e:ab:58:a7:cc:2b:e4:1d:76:
                    b1:45:87:6c:d8:db:59:c9:b9:79:cb:f0:cf:26:80:
                    5c:ae:77:f8:39:f5:74:d8:d0:f0:e0:1c:86:5d:6b:
                    cb:89:21:c0:69:33:0f:75:29:ca:21:3e:b2:3f:b1:
                    2b:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:E7:BD:8E:90:98:45:8D:E1:37:08:39:F7:5D:14:D3:81:6C:B1:52
            X509v3 Authority Key Identifier:
                keyid:8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/see9jpCYRY3hNwg5910U04FssVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.128.0/19
                  193.27.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         08:23:83:e8:8d:8c:05:9b:6a:24:7c:27:22:3e:11:b9:f8:8d:
         2a:44:e8:03:70:6a:89:e1:49:20:85:40:67:8e:f6:6c:00:cd:
         e3:73:99:2e:fb:b2:84:b0:35:51:63:dd:62:2e:cb:b0:07:ed:
         bd:55:24:3c:59:76:1b:5d:57:50:75:81:33:23:ce:65:7a:0e:
         30:5d:c3:be:f1:21:71:a9:7b:7c:d6:1f:49:25:b7:51:e2:8a:
         ce:77:e9:55:82:bb:68:d3:74:94:5c:19:4f:09:3f:e8:24:22:
         e0:ca:3a:aa:de:14:22:c0:26:26:2a:d6:0d:c6:cc:1a:71:e3:
         cb:4c:e6:cc:5a:d8:29:8b:67:b1:80:04:77:94:28:07:6f:18:
         42:65:61:75:ac:03:e5:23:4d:cb:43:82:a9:48:58:79:fd:65:
         f1:48:a0:56:0d:c6:94:6a:35:cc:4c:f0:ee:b6:9b:17:51:14:
         7e:41:c1:cf:29:75:d0:57:2b:c8:52:4f:2b:56:0b:da:13:bf:
         e7:31:25:54:eb:0f:94:db:3b:0d:24:0c:8a:34:77:65:02:5b:
         05:a8:23:2e:4b:9f:7b:1f:73:f3:c5:97:dd:ea:38:89:f4:3a:
         81:bd:9b:dd:23:3e:55:89:02:33:2e:fe:c7:dc:f6:89:9d:ea:
         a5:d1:ab:83
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3tu7Obe5rLyxgFQ7kO7vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNWEzNDE3ZmJlMjVjMmU0NjdjMTg0ODVjMTgxYTc3NzZm
OTZmZjQwHhcNMjQwMTAyMDYzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWU3YmQ4ZTkwOTg0NThkZTEzNzA4MzlmNzVkMTRkMzgxNmNiMTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3ZBPszS/QPu8Wfp2JV59iyZORov
c87YkJNK68AfgSaH+0qmt+/V0AlgreOZsWfRv9SG2Q9gJTvr4VI319Zw+KjlXrFm
gaJ4pAq7z89auZrLa0qsGoyg/PsOs47iPCRDt7d2nzm5ppdxTpO+wwyTJcSWKXdF
XdCv4hzhQS2/m2PltRn6OU5/CYnObBHFD0eE923CggB8p2SJim6s5J+DOo739p2g
kUlx2FofVb/TIfYNac2QdMohRkZoa3Dq3kA+0ODJ7exBAIyOq1inzCvkHXaxRYds
2NtZybl5y/DPJoBcrnf4OfV02NDw4ByGXWvLiSHAaTMPdSnKIT6yP7ErBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLHnvY6QmEWN4TcIOfddFNOBbLFSMB8GA1UdIwQY
MBaAFIpaNBf74lwuRnwYSFwYGnd2+W/0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYt
ZDdhYmNkMGVmNjRhLzEvc2VlOWpwQ1lSWTNoTndnNTkxMFUwNEZzc1ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYtZDdhYmNkMGVmNjRh
LzEvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFTV2AAwQB
wRvUMA0GCSqGSIb3DQEBCwUAA4IBAQAII4PojYwFm2okfCciPhG5+I0qROgDcGqJ
4UkghUBnjvZsAM3jc5ku+7KEsDVRY91iLsuwB+29VSQ8WXYbXVdQdYEzI85leg4w
XcO+8SFxqXt81h9JJbdR4orOd+lVgrto03SUXBlPCT/oJCLgyjqq3hQiwCYmKtYN
xswacePLTObMWtgpi2exgAR3lCgHbxhCZWF1rAPlI03LQ4KpSFh5/WXxSKBWDcaU
ajXMTPDutpsXURR+QcHPKXXQVyvIUk8rVgvaE7/nMSVU6w+U2zsNJAyKNHdlAlsF
qCMuS597H3PzxZfd6jiJ9DqBvZvdIz5ViQIzLv7H3PaJneql0auD
-----END CERTIFICATE-----