Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/ToXeB3N0sZ2KMbOmaAVHBiip2DE.roa
File:                     ToXeB3N0sZ2KMbOmaAVHBiip2DE.roa (raw, json)
Hash identifier:          +XFZe3v94eKHbwGTxRVxddpMMxlU4NoPVmFEhjqJtdI=
Subject key identifier:   4E:85:DE:07:73:74:B1:9D:8A:31:B3:A6:68:05:47:06:28:A9:D8:31
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       019271BA0F023A9B95DF47B07A40A95389C8
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/ToXeB3N0sZ2KMbOmaAVHBiip2DE.roa
Signing time:             Wed 09 Oct 2024 14:41:11 +0000
ROA not before:           Wed 09 Oct 2024 14:41:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39531
IP address blocks:        93.115.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Nov 2024 20:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:71:ba:0f:02:3a:9b:95:df:47:b0:7a:40:a9:53:89:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Oct  9 14:41:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e85de077374b19d8a31b3a66805470628a9d831
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:97:64:f9:b6:0c:06:54:8f:54:89:3e:ce:97:
                    60:0d:6e:de:81:a5:e3:f7:44:45:5c:1e:9b:cd:49:
                    e1:01:b9:98:dc:4f:f8:6f:e2:20:5b:a2:41:40:38:
                    5d:a6:f4:8a:fd:4b:7b:a0:1c:0c:0d:e5:6b:21:1a:
                    b6:8d:26:5a:17:26:dd:a0:db:f3:00:b0:18:a3:49:
                    61:d8:4f:ca:ac:59:e3:a6:56:98:7b:f8:4c:42:d4:
                    2d:f8:75:dc:43:c9:71:63:0a:d3:88:b0:6c:89:f1:
                    e6:0d:4e:b9:03:8c:25:b2:46:d7:6a:6e:a1:9d:b6:
                    87:6a:8c:34:66:3e:b8:43:5e:6d:5c:4a:49:7b:2e:
                    a7:54:57:78:ae:46:be:3c:8f:6a:47:ca:2a:46:40:
                    4d:b5:cb:ce:cb:77:e6:4b:18:9f:55:06:41:20:63:
                    5f:32:3d:fc:b9:2e:17:40:6d:77:f2:91:de:30:ea:
                    d7:ea:f5:17:05:e8:82:49:40:05:6e:82:d1:3d:ff:
                    6c:b0:5a:ae:e5:4b:2f:10:90:fd:c1:d3:1c:a9:46:
                    83:e1:36:90:9f:20:a7:36:0a:e4:84:37:ba:9a:a2:
                    65:71:49:3a:b8:46:41:ba:ec:91:61:3a:58:c7:7a:
                    25:5b:a2:dc:c8:93:99:4d:dc:f1:ed:cd:ee:b4:6a:
                    5d:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:85:DE:07:73:74:B1:9D:8A:31:B3:A6:68:05:47:06:28:A9:D8:31
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/ToXeB3N0sZ2KMbOmaAVHBiip2DE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.115.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:cf:ef:f3:c7:75:fa:a7:32:3a:83:4a:cc:89:c1:06:6a:cf:
         53:f8:4b:78:8c:95:bd:7b:ca:56:5f:03:cb:c9:16:77:8e:96:
         cb:b7:2b:7d:2a:17:58:0f:f3:5f:72:5e:ee:7b:64:4f:a8:ac:
         c5:19:14:67:21:0a:45:96:95:0e:81:5e:11:2f:4a:9f:22:47:
         ba:3a:3a:0c:01:65:6c:58:ab:2f:77:47:06:2c:e4:b8:30:83:
         98:06:ff:16:1f:11:b5:79:1b:4f:87:db:c1:f3:ea:22:6e:60:
         0d:ae:ea:84:23:4f:51:9a:17:a7:0b:4c:86:a8:1e:71:14:93:
         6e:6c:9f:95:2f:51:69:19:b7:54:6e:ee:66:3d:2f:9b:af:62:
         1d:a0:81:11:4a:bd:3d:c9:02:e4:32:f6:e0:6e:24:6e:05:88:
         2f:2a:6a:40:61:77:3c:67:ec:81:82:b5:8c:7f:34:25:db:19:
         d6:1c:f9:9e:1f:e5:f4:de:df:01:47:87:8d:cf:64:f9:3d:5b:
         c2:f2:87:9b:5c:d9:58:ed:41:f7:8d:4b:d1:8b:21:6e:c5:b1:
         a2:4c:ba:8c:20:0d:81:a9:74:b6:ed:12:e4:cb:22:97:26:4f:
         7c:fe:32:16:02:29:78:32:51:81:03:64:60:04:2d:2e:ec:83:
         2a:ba:29:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJxug8COpuV30ewekCpU4nIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjQxMDA5MTQ0MTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTg1ZGUwNzczNzRiMTlkOGEzMWIzYTY2ODA1NDcwNjI4YTlkODMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupdk+bYMBlSPVIk+zpdgDW7egaXj
90RFXB6bzUnhAbmY3E/4b+IgW6JBQDhdpvSK/Ut7oBwMDeVrIRq2jSZaFybdoNvz
ALAYo0lh2E/KrFnjplaYe/hMQtQt+HXcQ8lxYwrTiLBsifHmDU65A4wlskbXam6h
nbaHaow0Zj64Q15tXEpJey6nVFd4rka+PI9qR8oqRkBNtcvOy3fmSxifVQZBIGNf
Mj38uS4XQG138pHeMOrX6vUXBeiCSUAFboLRPf9ssFqu5UsvEJD9wdMcqUaD4TaQ
nyCnNgrkhDe6mqJlcUk6uEZBuuyRYTpYx3olW6LcyJOZTdzx7c3utGpdEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE6F3gdzdLGdijGzpmgFRwYoqdgxMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvVG9YZUIzTjBzWjJLTWJPbWFBVkhCaWlwMkRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXOuMA0G
CSqGSIb3DQEBCwUAA4IBAQBRz+/zx3X6pzI6g0rMicEGas9T+Et4jJW9e8pWXwPL
yRZ3jpbLtyt9KhdYD/Nfcl7ue2RPqKzFGRRnIQpFlpUOgV4RL0qfIke6OjoMAWVs
WKsvd0cGLOS4MIOYBv8WHxG1eRtPh9vB8+oibmANruqEI09RmhenC0yGqB5xFJNu
bJ+VL1FpGbdUbu5mPS+br2IdoIERSr09yQLkMvbgbiRuBYgvKmpAYXc8Z+yBgrWM
fzQl2xnWHPmeH+X03t8BR4eNz2T5PVvC8oebXNlY7UH3jUvRiyFuxbGiTLqMIA2B
qXS27RLkyyKXJk98/jIWAil4MlGBA2RgBC0u7IMquilm
-----END CERTIFICATE-----