Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/SNy8mal_EdYxgQRh7zSpYkjEO0U.roa
File:                     SNy8mal_EdYxgQRh7zSpYkjEO0U.roa (raw, json)
Hash identifier:          wfEVuRqtSxZp4b40l8CGnIyXpN4inFvoCqp0nAvTxFk=
Subject key identifier:   48:DC:BC:99:A9:7F:11:D6:31:81:04:61:EF:34:A9:62:48:C4:3B:45
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018F86A70859018686BBCA1DA97CCB94E702
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/SNy8mal_EdYxgQRh7zSpYkjEO0U.roa
Signing time:             Fri 17 May 2024 13:04:04 +0000
ROA not before:           Fri 17 May 2024 13:04:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50430
IP address blocks:        93.157.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:86:a7:08:59:01:86:86:bb:ca:1d:a9:7c:cb:94:e7:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: May 17 13:04:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48dcbc99a97f11d631810461ef34a96248c43b45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d8:15:c0:a8:22:ef:70:78:7e:cf:3c:30:09:
                    bb:5f:29:10:25:df:24:d3:38:cd:0a:04:b8:88:fc:
                    5b:b9:09:b7:11:18:9c:7f:a5:51:94:fe:9b:d4:e8:
                    07:27:34:a0:13:ef:30:8c:21:99:11:44:f7:54:ab:
                    63:19:ba:f5:19:06:1e:ff:c3:fd:4a:3d:24:e4:d7:
                    43:29:bd:62:a8:78:18:a5:6e:f7:d9:b8:65:de:7b:
                    2b:4b:68:0a:0a:ac:e8:69:9e:fc:3f:97:16:76:ee:
                    b7:77:3b:7b:4c:5c:5d:3f:14:9f:60:16:7e:ae:90:
                    8f:61:c2:3a:9f:42:c6:82:85:84:9b:0b:8f:ab:27:
                    65:3e:6b:e4:ab:6f:22:04:e7:50:68:22:5d:84:e5:
                    f1:02:2b:03:b7:91:57:df:bb:2e:f6:a5:de:d8:25:
                    ed:d4:a1:e2:b3:1b:d4:52:7e:37:ac:b2:42:48:de:
                    c3:72:eb:0e:19:93:97:65:65:f4:00:79:b7:81:5c:
                    40:a5:55:23:bc:0a:15:c0:e6:a3:0e:6f:5a:24:71:
                    b4:16:2e:24:41:05:95:15:60:e6:45:00:19:40:36:
                    95:08:ef:a2:69:f1:3a:2c:19:92:d7:31:52:b5:84:
                    02:9c:f5:c4:37:82:a9:0b:85:4e:92:6d:a8:d9:34:
                    12:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:DC:BC:99:A9:7F:11:D6:31:81:04:61:EF:34:A9:62:48:C4:3B:45
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/SNy8mal_EdYxgQRh7zSpYkjEO0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.157.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:9b:f3:73:c2:8b:7a:63:06:de:99:a8:96:9c:c2:ec:a4:ea:
         eb:20:29:4f:a3:85:2a:6d:f1:e9:ef:29:a4:36:f8:cb:e4:85:
         a4:35:eb:bc:2f:a0:37:90:13:e5:d0:8e:08:42:1e:4b:ef:79:
         bd:aa:55:84:ee:9c:66:46:30:5c:fb:4b:13:65:ff:e0:ea:4c:
         29:54:aa:68:e2:8a:d4:43:41:3c:bf:fc:e4:e3:2c:50:c8:e4:
         68:dd:8b:48:61:b1:b8:57:fd:b0:c3:57:71:b7:21:69:54:12:
         ac:05:44:dc:a3:d7:8a:45:9c:46:2e:b2:c0:7d:2b:fa:08:b3:
         b4:d7:97:0d:c5:ac:b7:77:8a:cf:18:3f:a7:bc:76:24:a0:e6:
         78:45:f3:24:5c:0b:22:9f:6f:4f:a7:b8:d1:5e:9b:21:43:ea:
         c6:44:ce:f9:41:39:cc:49:89:35:35:78:1f:23:8a:56:7b:ad:
         ee:6e:d3:e3:97:f7:a4:da:42:6c:0c:93:64:0b:5f:94:81:e0:
         da:2d:b8:62:e4:37:62:f5:d6:74:60:17:1e:d6:2e:0a:94:1a:
         99:5c:dc:ef:bb:ae:23:84:f2:52:62:06:e2:80:fa:7b:cd:35:
         97:31:25:6e:f4:e0:c0:fb:0e:05:24:00:cc:a7:53:20:37:ec:
         60:f0:fd:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+GpwhZAYaGu8odqXzLlOcCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwNTE3MTMwNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGRjYmM5OWE5N2YxMWQ2MzE4MTA0NjFlZjM0YTk2MjQ4YzQzYjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNgVwKgi73B4fs88MAm7XykQJd8k
0zjNCgS4iPxbuQm3ERicf6VRlP6b1OgHJzSgE+8wjCGZEUT3VKtjGbr1GQYe/8P9
Sj0k5NdDKb1iqHgYpW732bhl3nsrS2gKCqzoaZ78P5cWdu63dzt7TFxdPxSfYBZ+
rpCPYcI6n0LGgoWEmwuPqydlPmvkq28iBOdQaCJdhOXxAisDt5FX37su9qXe2CXt
1KHisxvUUn43rLJCSN7DcusOGZOXZWX0AHm3gVxApVUjvAoVwOajDm9aJHG0Fi4k
QQWVFWDmRQAZQDaVCO+iafE6LBmS1zFStYQCnPXEN4KpC4VOkm2o2TQSJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEjcvJmpfxHWMYEEYe80qWJIxDtFMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvU055OG1hbF9FZFl4Z1FSaDd6U3BZa2pFTzBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXZ1uMA0G
CSqGSIb3DQEBCwUAA4IBAQCUm/Nzwot6YwbemaiWnMLspOrrIClPo4UqbfHp7ymk
NvjL5IWkNeu8L6A3kBPl0I4IQh5L73m9qlWE7pxmRjBc+0sTZf/g6kwpVKpo4orU
Q0E8v/zk4yxQyORo3YtIYbG4V/2ww1dxtyFpVBKsBUTco9eKRZxGLrLAfSv6CLO0
15cNxay3d4rPGD+nvHYkoOZ4RfMkXAsin29Pp7jRXpshQ+rGRM75QTnMSYk1NXgf
I4pWe63ubtPjl/ek2kJsDJNkC1+UgeDaLbhi5Ddi9dZ0YBce1i4KlBqZXNzvu64j
hPJSYgbigPp7zTWXMSVu9ODA+w4FJADMp1MgN+xg8P1u
-----END CERTIFICATE-----