Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1f57d5-99c2-4ca9-9350-17735e2c255f/1/uM91c93dKNSf2cuNw15WXyS-gJw.roa
File:                     uM91c93dKNSf2cuNw15WXyS-gJw.roa (raw, json)
Hash identifier:          L7UiUXu1F7+Lr+H8tMoia0YejnqF8DW47PZRHn3Ob8I=
Subject key identifier:   B8:CF:75:73:DD:DD:28:D4:9F:D9:CB:8D:C3:5E:56:5F:24:BE:80:9C
Certificate issuer:       /CN=b77813f6c5670a58686adc3d4955744295dd1419
Certificate serial:       018CCA995D3D4A6489FA1F7CA074C8843DAA
Authority key identifier: B7:78:13:F6:C5:67:0A:58:68:6A:DC:3D:49:55:74:42:95:DD:14:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t3gT9sVnClhoatw9SVV0QpXdFBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1f57d5-99c2-4ca9-9350-17735e2c255f/1/uM91c93dKNSf2cuNw15WXyS-gJw.roa
Signing time:             Tue 02 Jan 2024 14:34:57 +0000
ROA not before:           Tue 02 Jan 2024 14:34:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199806
IP address blocks:        193.84.252.0/24 maxlen: 24
                          2001:67c:1828::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1f57d5-99c2-4ca9-9350-17735e2c255f/1/t3gT9sVnClhoatw9SVV0QpXdFBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1f57d5-99c2-4ca9-9350-17735e2c255f/1/t3gT9sVnClhoatw9SVV0QpXdFBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t3gT9sVnClhoatw9SVV0QpXdFBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:5d:3d:4a:64:89:fa:1f:7c:a0:74:c8:84:3d:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b77813f6c5670a58686adc3d4955744295dd1419
        Validity
            Not Before: Jan  2 14:34:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8cf7573dddd28d49fd9cb8dc35e565f24be809c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:90:29:8a:18:35:3f:fa:5c:3e:72:34:be:72:
                    b3:65:d1:6a:e9:5b:37:10:52:bf:0f:54:66:de:b7:
                    72:5c:26:51:85:f9:1f:af:ed:9c:04:b1:37:a2:c2:
                    06:62:10:de:7e:b6:d1:a5:8f:07:95:be:21:01:7d:
                    2e:c0:31:7f:c3:b6:b5:cd:42:de:28:48:e3:29:36:
                    f4:5d:92:9e:52:b0:f9:cf:3a:bf:02:cf:12:a4:61:
                    c5:1c:6e:6d:48:ed:28:0d:e8:d5:2a:38:d8:ee:2c:
                    80:a6:1d:3b:5d:d9:52:74:a6:ea:c0:38:ea:8c:2e:
                    4d:9a:af:97:e5:04:1d:a6:b1:cc:a1:74:42:ab:0f:
                    f1:a1:62:68:bf:f5:15:50:ae:d7:3f:8f:ab:8c:f1:
                    58:65:ac:52:8d:84:be:35:cb:9a:da:1d:1c:42:2b:
                    6d:41:27:e2:5b:14:89:c7:d0:60:b1:c6:90:42:1d:
                    42:dd:d9:29:82:a9:c5:45:dc:be:10:cd:b3:69:2e:
                    f5:9a:7e:0f:3f:73:f0:fd:09:8c:c4:24:93:57:5c:
                    30:d6:60:ba:4f:98:54:83:b7:d4:eb:44:f8:cd:6f:
                    c1:86:08:c1:85:5a:ca:c1:57:83:e6:af:d2:45:59:
                    62:4d:45:2f:0e:ae:fb:b4:a4:22:6b:a6:aa:d2:df:
                    d4:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:CF:75:73:DD:DD:28:D4:9F:D9:CB:8D:C3:5E:56:5F:24:BE:80:9C
            X509v3 Authority Key Identifier:
                keyid:B7:78:13:F6:C5:67:0A:58:68:6A:DC:3D:49:55:74:42:95:DD:14:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t3gT9sVnClhoatw9SVV0QpXdFBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1f57d5-99c2-4ca9-9350-17735e2c255f/1/uM91c93dKNSf2cuNw15WXyS-gJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1f57d5-99c2-4ca9-9350-17735e2c255f/1/t3gT9sVnClhoatw9SVV0QpXdFBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.252.0/24
                IPv6:
                  2001:67c:1828::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:03:6d:63:dd:57:c6:b0:6e:ae:9c:e6:da:59:19:1e:69:dd:
         ff:18:29:8b:65:61:15:4b:00:25:83:4d:59:e3:86:db:fb:80:
         95:4b:4b:5b:75:09:4d:f6:6d:e8:72:6a:60:39:39:df:47:ac:
         46:d7:38:67:83:25:9a:0f:d8:7c:13:9c:ef:84:6c:7c:d8:23:
         2b:73:b8:4d:c8:16:17:6f:b3:68:a4:2d:50:3f:50:3c:69:5c:
         42:d8:31:f8:5f:df:cc:35:b9:71:a7:0c:fd:a8:17:2a:98:a0:
         24:25:b3:88:80:d2:2e:05:43:b8:05:9e:ab:f6:1d:84:5a:8c:
         41:ec:18:cf:ef:35:0c:94:d2:ff:19:d1:55:6a:3b:ba:da:08:
         58:84:ff:a1:50:3a:38:f5:94:13:41:79:de:cc:57:ad:d9:03:
         c6:b1:f1:21:b2:48:a7:1c:1b:08:f9:9d:8b:b5:99:39:0d:c1:
         2f:44:a2:97:8b:36:20:8c:20:20:cb:19:64:9b:58:e8:71:1f:
         94:ee:be:b3:de:d2:8d:82:b7:70:d9:90:dc:6b:0b:b8:7f:39:
         8f:ac:41:da:d0:d1:a3:d3:70:53:b2:48:c0:54:e4:12:e7:3e:
         fb:bc:1c:bf:ee:58:f1:79:17:72:28:2f:82:78:ba:81:90:7a:
         03:3d:47:35
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKmV09SmSJ+h98oHTIhD2qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NzgxM2Y2YzU2NzBhNTg2ODZhZGMzZDQ5NTU3NDQyOTVk
ZDE0MTkwHhcNMjQwMTAyMTQzNDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGNmNzU3M2RkZGQyOGQ0OWZkOWNiOGRjMzVlNTY1ZjI0YmU4MDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJApihg1P/pcPnI0vnKzZdFq6Vs3
EFK/D1Rm3rdyXCZRhfkfr+2cBLE3osIGYhDefrbRpY8Hlb4hAX0uwDF/w7a1zULe
KEjjKTb0XZKeUrD5zzq/As8SpGHFHG5tSO0oDejVKjjY7iyAph07XdlSdKbqwDjq
jC5Nmq+X5QQdprHMoXRCqw/xoWJov/UVUK7XP4+rjPFYZaxSjYS+Ncua2h0cQitt
QSfiWxSJx9BgscaQQh1C3dkpgqnFRdy+EM2zaS71mn4PP3Pw/QmMxCSTV1ww1mC6
T5hUg7fU60T4zW/BhgjBhVrKwVeD5q/SRVliTUUvDq77tKQia6aq0t/UcwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLjPdXPd3SjUn9nLjcNeVl8kvoCcMB8GA1UdIwQY
MBaAFLd4E/bFZwpYaGrcPUlVdEKV3RQZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDNnVDlzVm5DbGhvYXR3OVNWVjBRcFhkRkJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xZjU3ZDUtOTljMi00Y2E5LTkzNTAt
MTc3MzVlMmMyNTVmLzEvdU05MWM5M2RLTlNmMmN1TncxNVdYeVMtZ0p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xZjU3ZDUtOTljMi00Y2E5LTkzNTAtMTc3MzVlMmMyNTVm
LzEvdDNnVDlzVm5DbGhvYXR3OVNWVjBRcFhkRkJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwVT8MA8E
AgACMAkDBwAgAQZ8GCgwDQYJKoZIhvcNAQELBQADggEBAEcDbWPdV8awbq6c5tpZ
GR5p3f8YKYtlYRVLACWDTVnjhtv7gJVLS1t1CU32behyamA5Od9HrEbXOGeDJZoP
2HwTnO+EbHzYIytzuE3IFhdvs2ikLVA/UDxpXELYMfhf38w1uXGnDP2oFyqYoCQl
s4iA0i4FQ7gFnqv2HYRajEHsGM/vNQyU0v8Z0VVqO7raCFiE/6FQOjj1lBNBed7M
V63ZA8ax8SGySKccGwj5nYu1mTkNwS9EopeLNiCMICDLGWSbWOhxH5TuvrPe0o2C
t3DZkNxrC7h/OY+sQdrQ0aPTcFOySMBU5BLnPvu8HL/uWPF5F3IoL4J4uoGQegM9
RzU=
-----END CERTIFICATE-----