Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/fX1oe6Tzm5z54Ega74CR54zhMiA.roa
File:                     fX1oe6Tzm5z54Ega74CR54zhMiA.roa (raw, json)
Hash identifier:          g6EEz73TQoFIlwt1TtphZKg4Z4Eb8hZRM2yQcu8WLs0=
Subject key identifier:   7D:7D:68:7B:A4:F3:9B:9C:F9:E0:48:1A:EF:80:91:E7:8C:E1:32:20
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018F7CD29361E8B4F9B957BF005B17EB8272
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/fX1oe6Tzm5z54Ega74CR54zhMiA.roa
Signing time:             Wed 15 May 2024 15:15:26 +0000
ROA not before:           Wed 15 May 2024 15:15:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51192
IP address blocks:        193.163.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:22:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7c:d2:93:61:e8:b4:f9:b9:57:bf:00:5b:17:eb:82:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: May 15 15:15:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d7d687ba4f39b9cf9e0481aef8091e78ce13220
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:96:ca:26:5c:0d:10:fa:dd:e6:d7:52:90:8c:
                    63:5c:7a:6a:b2:8f:df:b1:0c:c0:37:48:ee:dc:f0:
                    a8:e7:7f:fc:16:92:fd:f6:8a:43:c8:7e:66:65:0e:
                    7e:95:c6:42:39:e3:2b:69:db:c1:5c:4e:2c:73:b7:
                    6d:28:af:96:fc:5a:6b:58:a6:54:ea:cd:32:ae:16:
                    82:0c:23:34:04:4f:4f:73:75:39:05:bb:09:55:94:
                    aa:2b:c0:3e:4f:2d:57:b1:8c:31:a2:4a:9d:57:76:
                    30:5c:0d:5c:c7:7d:28:43:ae:f5:a6:17:e6:bf:36:
                    43:fc:6a:d2:e1:ff:52:b0:1a:d5:b7:e5:28:bd:08:
                    ae:a5:63:48:c5:41:50:3b:42:1d:73:dc:f7:84:76:
                    9f:66:26:f0:26:d8:2f:9c:da:26:4a:76:5d:1a:49:
                    3e:83:4d:11:21:2d:9d:3c:aa:65:93:f0:1b:b6:2f:
                    7f:ac:56:78:37:22:4e:95:41:3c:0d:f6:da:f4:89:
                    e7:f5:9a:7e:1f:6a:4d:04:3c:d1:31:a8:13:1a:79:
                    1a:c0:6b:68:5f:b1:d1:ef:50:bd:68:48:a3:ce:70:
                    a8:f2:68:a7:2a:55:d9:af:2b:04:97:f2:98:ba:15:
                    d0:6f:7d:64:a1:50:7c:61:7b:72:1b:9e:b5:b0:bc:
                    88:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:7D:68:7B:A4:F3:9B:9C:F9:E0:48:1A:EF:80:91:E7:8C:E1:32:20
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/fX1oe6Tzm5z54Ega74CR54zhMiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:a7:44:ff:d0:13:3f:2a:13:65:c9:99:11:58:f7:43:3d:53:
         8a:f8:9d:da:09:f2:a0:26:43:85:d7:98:08:e5:f1:ec:1d:a9:
         55:24:fd:e2:9f:a4:1b:f6:df:d4:82:c2:dd:1e:b4:9e:71:e0:
         0f:d5:2b:c2:47:26:52:88:e0:d7:6f:31:6a:e6:a2:5d:6e:a9:
         d4:0b:56:45:e3:d8:b9:65:48:3f:18:3c:c4:fe:34:5e:46:03:
         3f:26:70:59:da:fd:32:13:28:7e:80:ef:bf:d6:16:6a:d3:73:
         18:0c:0e:a2:ae:37:29:b3:9b:3b:ba:16:a0:e7:28:5d:f6:9d:
         a3:66:dd:e7:82:93:e0:ac:61:ba:ed:01:80:14:c6:9c:c2:b0:
         87:d5:ba:3c:e4:44:e9:14:75:ab:07:f8:8c:24:9f:be:77:11:
         7e:89:56:a9:79:ab:3c:e5:eb:4e:21:49:44:1c:c8:2f:56:c5:
         8d:8a:99:09:79:23:84:01:1b:9b:5d:a1:0e:fe:cc:89:46:62:
         cb:1d:e3:ff:9b:e2:4c:89:48:99:6a:95:70:ac:3a:41:86:7c:
         7a:f3:44:d2:b0:45:78:78:c6:00:c7:ff:84:d3:da:68:fe:d5:
         64:b2:56:b7:a9:04:f4:b5:a0:be:fc:d9:ea:29:8d:ff:05:c6:
         0a:26:01:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY980pNh6LT5uVe/AFsX64JyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwNTE1MTUxNTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDdkNjg3YmE0ZjM5YjljZjllMDQ4MWFlZjgwOTFlNzhjZTEzMjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJbKJlwNEPrd5tdSkIxjXHpqso/f
sQzAN0ju3PCo53/8FpL99opDyH5mZQ5+lcZCOeMradvBXE4sc7dtKK+W/FprWKZU
6s0yrhaCDCM0BE9Pc3U5BbsJVZSqK8A+Ty1XsYwxokqdV3YwXA1cx30oQ671phfm
vzZD/GrS4f9SsBrVt+UovQiupWNIxUFQO0Idc9z3hHafZibwJtgvnNomSnZdGkk+
g00RIS2dPKplk/Abti9/rFZ4NyJOlUE8Dfba9Inn9Zp+H2pNBDzRMagTGnkawGto
X7HR71C9aEijznCo8minKlXZrysEl/KYuhXQb31koVB8YXtyG561sLyIHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH19aHuk85uc+eBIGu+AkeeM4TIgMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvZlgxb2U2VHptNXo1NEVnYTc0Q1I1NHpoTWlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaMVMA0G
CSqGSIb3DQEBCwUAA4IBAQCUp0T/0BM/KhNlyZkRWPdDPVOK+J3aCfKgJkOF15gI
5fHsHalVJP3in6Qb9t/UgsLdHrSeceAP1SvCRyZSiODXbzFq5qJdbqnUC1ZF49i5
ZUg/GDzE/jReRgM/JnBZ2v0yEyh+gO+/1hZq03MYDA6irjcps5s7uhag5yhd9p2j
Zt3ngpPgrGG67QGAFMacwrCH1bo85ETpFHWrB/iMJJ++dxF+iVapeas85etOIUlE
HMgvVsWNipkJeSOEARubXaEO/syJRmLLHeP/m+JMiUiZapVwrDpBhnx680TSsEV4
eMYAx/+E09po/tVksla3qQT0taC+/NnqKY3/BcYKJgEJ
-----END CERTIFICATE-----