Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/bOd6jIv3pQaRzswOULF8DEoOKmQ.roa
File:                     bOd6jIv3pQaRzswOULF8DEoOKmQ.roa (raw, json)
Hash identifier:          8iBzvFMK8zdvrC9EnsIkZrTNr4hi75NTnbMFujSEQr8=
Subject key identifier:   6C:E7:7A:8C:8B:F7:A5:06:91:CE:CC:0E:50:B1:7C:0C:4A:0E:2A:64
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018D692B0841DD190ABAE51C949936A32060
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/bOd6jIv3pQaRzswOULF8DEoOKmQ.roa
Signing time:             Fri 02 Feb 2024 09:34:04 +0000
ROA not before:           Fri 02 Feb 2024 09:34:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49943
IP address blocks:        194.32.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:22:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:69:2b:08:41:dd:19:0a:ba:e5:1c:94:99:36:a3:20:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Feb  2 09:34:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ce77a8c8bf7a50691cecc0e50b17c0c4a0e2a64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:5d:6b:04:e2:53:96:e6:3c:3d:1d:0c:cb:db:
                    18:1a:81:ad:20:da:22:6b:65:6b:99:19:38:38:72:
                    ff:f4:d8:88:41:f8:00:e4:4c:d3:28:1d:73:5a:c0:
                    3f:e6:6f:54:eb:13:d2:52:91:1e:60:d8:d2:70:0d:
                    fb:cb:04:a2:e3:3c:b8:4e:11:48:f3:b0:22:5e:5d:
                    e8:7e:a2:b9:64:4f:15:91:d8:31:bb:f5:4e:46:9e:
                    06:6f:10:2d:3c:cc:bc:3e:5e:ea:12:a4:6a:58:bb:
                    2b:9a:0b:4e:58:51:7b:f8:3e:66:56:d8:bf:94:14:
                    09:1b:97:a0:93:29:12:07:5c:10:70:05:c4:42:87:
                    75:39:2b:70:a4:f1:f8:1d:81:e8:fe:38:a4:86:c4:
                    ec:19:bc:49:0e:5b:82:b8:76:ef:00:e5:d7:d3:b6:
                    1e:c2:96:4c:15:06:e4:de:bd:39:b6:29:3b:0b:14:
                    98:01:25:2d:b6:67:b7:23:e4:ad:26:6f:3b:53:7f:
                    df:62:42:e0:a7:6d:94:af:07:77:ad:b2:99:9d:84:
                    47:1a:de:c9:af:df:f1:8d:8e:b4:02:ee:91:ec:a4:
                    35:df:7b:69:38:47:1a:5c:3b:20:e9:fe:67:27:14:
                    6f:00:de:83:50:0b:a1:2d:42:c5:5c:1b:5c:f0:d2:
                    04:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:E7:7A:8C:8B:F7:A5:06:91:CE:CC:0E:50:B1:7C:0C:4A:0E:2A:64
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/bOd6jIv3pQaRzswOULF8DEoOKmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:cf:de:ed:bb:92:70:81:3f:83:ee:e6:0a:f6:df:52:28:28:
         09:29:74:59:a5:b6:fe:24:06:c2:d7:0c:9b:79:b5:15:60:47:
         e8:dc:53:26:92:2a:0b:f0:8d:9f:ad:73:61:c3:ec:76:de:9b:
         15:bc:63:63:0d:b9:80:16:e4:2a:e2:6f:c5:5e:a2:c3:e6:96:
         94:97:f7:e0:bf:a1:71:ab:ab:4d:3c:5b:ca:8a:67:79:2d:e4:
         83:12:39:e1:7a:08:ab:7c:5f:fa:a2:a8:f0:2a:13:0a:a8:ad:
         06:e5:12:af:42:97:cc:3f:e3:a0:e7:ae:2f:41:95:7b:ae:a7:
         c0:e4:e1:50:a8:cc:e0:8b:1a:f2:6a:41:72:eb:1f:e0:6b:8e:
         b3:d1:fb:be:7d:aa:ec:a5:80:3b:b4:0f:a0:35:22:d3:6b:3d:
         12:36:80:d7:e0:3b:09:20:a7:fe:84:25:f0:31:39:59:76:ca:
         62:52:17:af:29:d1:44:c7:f1:c6:31:9f:da:2a:a2:ce:e4:1a:
         16:bb:de:d0:76:95:05:0f:68:23:ef:21:4c:3e:12:7d:5f:13:
         51:94:3c:4c:95:70:fa:15:19:71:8d:e1:23:ef:08:35:da:02:
         13:bd:ec:80:89:72:50:31:b9:a4:d7:27:54:33:7d:2e:46:aa:
         84:cf:2b:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1pKwhB3RkKuuUclJk2oyBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMjAyMDkzNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2U3N2E4YzhiZjdhNTA2OTFjZWNjMGU1MGIxN2MwYzRhMGUyYTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh11rBOJTluY8PR0My9sYGoGtINoi
a2VrmRk4OHL/9NiIQfgA5EzTKB1zWsA/5m9U6xPSUpEeYNjScA37ywSi4zy4ThFI
87AiXl3ofqK5ZE8Vkdgxu/VORp4GbxAtPMy8Pl7qEqRqWLsrmgtOWFF7+D5mVti/
lBQJG5egkykSB1wQcAXEQod1OStwpPH4HYHo/jikhsTsGbxJDluCuHbvAOXX07Ye
wpZMFQbk3r05tik7CxSYASUttme3I+StJm87U3/fYkLgp22Urwd3rbKZnYRHGt7J
r9/xjY60Au6R7KQ133tpOEcaXDsg6f5nJxRvAN6DUAuhLULFXBtc8NIEIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGzneoyL96UGkc7MDlCxfAxKDipkMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvYk9kNmpJdjNwUWFSenN3T1VMRjhERW9PS21RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiDsMA0G
CSqGSIb3DQEBCwUAA4IBAQA/z97tu5JwgT+D7uYK9t9SKCgJKXRZpbb+JAbC1wyb
ebUVYEfo3FMmkioL8I2frXNhw+x23psVvGNjDbmAFuQq4m/FXqLD5paUl/fgv6Fx
q6tNPFvKimd5LeSDEjnhegirfF/6oqjwKhMKqK0G5RKvQpfMP+Og564vQZV7rqfA
5OFQqMzgixryakFy6x/ga46z0fu+farspYA7tA+gNSLTaz0SNoDX4DsJIKf+hCXw
MTlZdspiUhevKdFEx/HGMZ/aKqLO5BoWu97QdpUFD2gj7yFMPhJ9XxNRlDxMlXD6
FRlxjeEj7wg12gITveyAiXJQMbmk1ydUM30uRqqEzytA
-----END CERTIFICATE-----