Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/U9rOrRENHNKNli0gU8n7Q-AU1A4.roa
File:                     U9rOrRENHNKNli0gU8n7Q-AU1A4.roa (raw, json)
Hash identifier:          E2SkkJ7sTexf4PiqTR6G67JvHUi8Gew48WL+IVk1Eec=
Subject key identifier:   53:DA:CE:AD:11:0D:1C:D2:8D:96:2D:20:53:C9:FB:43:E0:14:D4:0E
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       01926B2D607818B928CD536F8E3C44ECD362
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/U9rOrRENHNKNli0gU8n7Q-AU1A4.roa
Signing time:             Tue 08 Oct 2024 08:09:48 +0000
ROA not before:           Tue 08 Oct 2024 08:09:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213035
IP address blocks:        93.93.100.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:6b:2d:60:78:18:b9:28:cd:53:6f:8e:3c:44:ec:d3:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: Oct  8 08:09:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53dacead110d1cd28d962d2053c9fb43e014d40e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:b5:94:8e:5c:f5:be:ec:c2:b1:1a:0c:f2:b3:
                    b2:55:c0:bd:5e:f4:66:c5:b5:b2:03:9f:28:65:1d:
                    89:25:3e:cf:8e:84:e2:07:b4:7f:4a:54:42:9f:61:
                    99:b5:e2:cd:38:97:89:44:08:a5:1e:64:49:5f:5f:
                    a0:35:08:98:7d:62:86:1a:07:d1:3b:69:74:c8:ae:
                    75:d0:40:61:bc:31:2c:84:23:89:9a:9e:36:b2:eb:
                    a0:c1:bb:0c:ed:38:5b:40:3e:19:b7:fe:9d:d5:0f:
                    19:90:d8:76:7a:a2:39:93:0a:db:51:57:75:93:1b:
                    ed:f4:40:ad:a3:d7:57:33:6f:28:82:5f:b6:88:23:
                    f3:fa:10:d1:c3:52:43:96:b4:d6:bd:13:1b:69:fc:
                    6b:3d:34:07:11:42:e3:f0:a7:ef:a1:3a:9f:a1:6b:
                    1c:24:f4:e0:cc:db:69:3b:e8:58:32:7a:c9:67:4f:
                    99:4b:2b:0a:14:a8:db:3b:8e:b1:a6:0e:0d:65:75:
                    a0:b4:35:05:9f:e1:47:53:12:02:39:e4:19:52:11:
                    38:50:0d:5a:2e:94:22:ef:13:9b:2c:1c:3c:28:1d:
                    77:5c:90:38:e6:27:bc:27:1a:cb:6a:de:1e:8b:de:
                    1f:0b:ef:4a:43:17:95:8d:3d:50:f5:85:77:c4:aa:
                    fc:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:DA:CE:AD:11:0D:1C:D2:8D:96:2D:20:53:C9:FB:43:E0:14:D4:0E
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/U9rOrRENHNKNli0gU8n7Q-AU1A4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.93.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:9d:20:f2:94:ff:37:d3:ac:52:60:2f:ac:5d:54:a3:e8:43:
         89:ce:f1:09:47:c8:f1:bb:99:a4:9d:33:a6:76:95:7f:3a:4c:
         fe:8d:cb:e3:a6:d7:4d:b8:15:54:ac:5f:73:89:7d:c0:2a:9b:
         e8:ec:71:5d:b6:80:2d:ba:d8:90:ab:d0:ee:55:28:97:e2:e6:
         52:3e:c6:dc:8f:0f:b4:42:04:a3:b7:1d:1c:55:13:13:82:a5:
         3b:7f:da:24:5d:db:66:09:b9:53:ad:af:bc:51:c3:7d:9d:42:
         f1:f7:e7:f7:6d:6e:ba:c2:b1:4a:b4:6e:84:d2:4c:6a:35:72:
         8f:30:92:c5:76:20:75:e7:e6:c0:c3:47:2d:1a:17:9b:de:9c:
         fb:3b:66:19:06:f9:44:3a:08:b8:c0:7a:34:9b:f1:43:75:0b:
         63:37:77:d5:4d:02:2a:d8:0f:37:85:e4:5b:51:50:29:a6:a6:
         b5:dd:cb:a6:c2:e4:c5:78:91:be:f1:30:5e:c5:c5:ba:5d:14:
         56:46:40:bb:97:d6:f3:ec:62:f3:b5:6d:34:b5:88:4d:cf:35:
         a0:63:d0:fe:25:1c:68:3a:5f:71:14:0f:28:34:9b:b2:98:47:
         2c:65:94:06:fe:bc:56:36:11:0a:46:24:57:d2:0c:08:e9:c7:
         0c:c1:8c:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJrLWB4GLkozVNvjjxE7NNiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjQxMDA4MDgwOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2RhY2VhZDExMGQxY2QyOGQ5NjJkMjA1M2M5ZmI0M2UwMTRkNDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhbWUjlz1vuzCsRoM8rOyVcC9XvRm
xbWyA58oZR2JJT7PjoTiB7R/SlRCn2GZteLNOJeJRAilHmRJX1+gNQiYfWKGGgfR
O2l0yK510EBhvDEshCOJmp42suugwbsM7ThbQD4Zt/6d1Q8ZkNh2eqI5kwrbUVd1
kxvt9ECto9dXM28ogl+2iCPz+hDRw1JDlrTWvRMbafxrPTQHEULj8KfvoTqfoWsc
JPTgzNtpO+hYMnrJZ0+ZSysKFKjbO46xpg4NZXWgtDUFn+FHUxICOeQZUhE4UA1a
LpQi7xObLBw8KB13XJA45ie8JxrLat4ei94fC+9KQxeVjT1Q9YV3xKr8WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPazq0RDRzSjZYtIFPJ+0PgFNQOMB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvVTlyT3JSRU5ITktObGkwZ1U4bjdRLUFVMUE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXV1kMA0G
CSqGSIb3DQEBCwUAA4IBAQAFnSDylP8306xSYC+sXVSj6EOJzvEJR8jxu5mknTOm
dpV/Okz+jcvjptdNuBVUrF9ziX3AKpvo7HFdtoAtutiQq9DuVSiX4uZSPsbcjw+0
QgSjtx0cVRMTgqU7f9okXdtmCblTra+8UcN9nULx9+f3bW66wrFKtG6E0kxqNXKP
MJLFdiB15+bAw0ctGheb3pz7O2YZBvlEOgi4wHo0m/FDdQtjN3fVTQIq2A83heRb
UVAppqa13cumwuTFeJG+8TBexcW6XRRWRkC7l9bz7GLztW00tYhNzzWgY9D+JRxo
Ol9xFA8oNJuymEcsZZQG/rxWNhEKRiRX0gwI6ccMwYx/
-----END CERTIFICATE-----