Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/f2033a-20e7-461e-a56b-489ee0f1ee63/1/OBU4wFgpqKHiL9B0w3x1UIHbhIc.roa
File:                     OBU4wFgpqKHiL9B0w3x1UIHbhIc.roa (raw, json)
Hash identifier:          9ffhnC4MlcVqJK4c5mW1l2ILG5qSxwiYDm0D1Lt6GcI=
Subject key identifier:   38:15:38:C0:58:29:A8:A1:E2:2F:D0:74:C3:7C:75:50:81:DB:84:87
Certificate issuer:       /CN=54e610c2abd3664c11204580f748996555c22225
Certificate serial:       01900668DEB1C6F0A47D9FCBA7C025F1E413
Authority key identifier: 54:E6:10:C2:AB:D3:66:4C:11:20:45:80:F7:48:99:65:55:C2:22:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VOYQwqvTZkwRIEWA90iZZVXCIiU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/f2033a-20e7-461e-a56b-489ee0f1ee63/1/OBU4wFgpqKHiL9B0w3x1UIHbhIc.roa
Signing time:             Tue 11 Jun 2024 08:27:34 +0000
ROA not before:           Tue 11 Jun 2024 08:27:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60893
IP address blocks:        193.0.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/f2033a-20e7-461e-a56b-489ee0f1ee63/1/VOYQwqvTZkwRIEWA90iZZVXCIiU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/f2033a-20e7-461e-a56b-489ee0f1ee63/1/VOYQwqvTZkwRIEWA90iZZVXCIiU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VOYQwqvTZkwRIEWA90iZZVXCIiU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:06:68:de:b1:c6:f0:a4:7d:9f:cb:a7:c0:25:f1:e4:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54e610c2abd3664c11204580f748996555c22225
        Validity
            Not Before: Jun 11 08:27:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=381538c05829a8a1e22fd074c37c755081db8487
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:c3:9b:88:5d:9c:4d:f4:86:2b:a0:7c:a8:1f:
                    fe:b9:34:a2:d0:c2:97:81:c5:e6:dc:1b:46:8d:7d:
                    a4:b5:6d:ed:32:20:4e:5f:cc:ed:3f:cf:3e:07:d9:
                    fb:3c:0e:85:fc:30:10:3e:d8:ed:3c:e8:2b:f7:b1:
                    48:64:ed:91:84:41:d2:a6:3b:b7:ee:da:2d:8b:18:
                    91:dd:d9:4b:6b:41:5c:8f:3c:4b:99:80:a7:44:dc:
                    65:9b:ae:80:8c:1f:eb:42:df:08:e9:ce:fa:53:4c:
                    30:bb:a1:8a:51:3c:9d:ce:09:68:8c:5a:96:e2:a2:
                    eb:ba:34:dd:69:2a:75:2f:f9:8d:de:03:92:f9:d1:
                    85:67:a2:51:7e:9a:16:64:9f:e1:b7:01:cc:68:c2:
                    6c:2b:fe:7b:b9:53:03:cc:4c:59:f4:8c:ee:df:5a:
                    92:a9:69:04:b1:33:fb:31:a4:bd:83:30:d7:00:d3:
                    fa:fe:17:1b:89:6f:8d:c1:ea:ad:ba:29:66:e0:97:
                    5c:37:db:8c:28:35:df:24:3e:1c:ab:db:e6:47:75:
                    bb:f5:7e:58:ca:1c:81:ba:5b:3e:9c:e8:da:9d:2e:
                    c2:54:41:f6:89:0d:c1:08:7c:56:a8:e2:c7:20:ee:
                    9c:df:61:4e:ad:04:ac:1a:e3:0e:af:bd:f0:92:8a:
                    68:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:15:38:C0:58:29:A8:A1:E2:2F:D0:74:C3:7C:75:50:81:DB:84:87
            X509v3 Authority Key Identifier:
                keyid:54:E6:10:C2:AB:D3:66:4C:11:20:45:80:F7:48:99:65:55:C2:22:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VOYQwqvTZkwRIEWA90iZZVXCIiU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/f2033a-20e7-461e-a56b-489ee0f1ee63/1/OBU4wFgpqKHiL9B0w3x1UIHbhIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/f2033a-20e7-461e-a56b-489ee0f1ee63/1/VOYQwqvTZkwRIEWA90iZZVXCIiU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:5e:74:71:c5:67:47:71:be:ba:ec:18:30:e6:b6:75:79:47:
         a9:97:30:94:a8:ea:16:b0:e1:96:d1:57:04:4f:e7:38:87:ba:
         4a:a6:ae:3e:22:3c:79:3f:1b:67:f9:9d:e8:28:a1:5f:77:79:
         f6:1d:90:6a:af:3b:68:63:93:35:2f:e5:f7:fc:cf:41:e4:17:
         23:98:94:7c:9a:aa:b9:d4:68:d2:fc:e5:ff:f1:17:63:31:4c:
         04:f0:f4:fc:bb:ae:8e:cd:f2:70:ac:ea:e4:ea:c3:6c:7b:a8:
         20:15:86:37:eb:52:e0:fc:53:4c:8c:0c:fd:17:9a:a0:81:d5:
         77:a1:a8:74:45:6e:ca:26:fb:7c:f8:0e:6c:f2:3f:f2:ba:4f:
         da:e2:42:56:33:d0:22:a0:29:7a:bf:22:0f:5f:38:9b:9e:19:
         74:4c:86:c7:75:27:bc:4d:15:62:81:bc:39:7d:73:ff:df:b4:
         14:c4:75:95:50:73:da:e6:f1:96:1a:43:93:6f:64:10:51:71:
         99:73:b3:41:fc:16:6c:40:11:b2:3c:2f:47:c2:e0:7f:e3:73:
         17:7a:d3:2a:c5:3f:87:06:3e:f0:61:c6:8b:09:a5:f0:9c:d2:
         37:29:24:b9:27:67:1e:e4:2e:19:26:c0:fc:59:96:b9:7e:0e:
         81:b1:dc:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAGaN6xxvCkfZ/Lp8Al8eQTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0ZTYxMGMyYWJkMzY2NGMxMTIwNDU4MGY3NDg5OTY1NTVj
MjIyMjUwHhcNMjQwNjExMDgyNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODE1MzhjMDU4MjlhOGExZTIyZmQwNzRjMzdjNzU1MDgxZGI4NDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA68ObiF2cTfSGK6B8qB/+uTSi0MKX
gcXm3BtGjX2ktW3tMiBOX8ztP88+B9n7PA6F/DAQPtjtPOgr97FIZO2RhEHSpju3
7totixiR3dlLa0FcjzxLmYCnRNxlm66AjB/rQt8I6c76U0wwu6GKUTydzglojFqW
4qLrujTdaSp1L/mN3gOS+dGFZ6JRfpoWZJ/htwHMaMJsK/57uVMDzExZ9Izu31qS
qWkEsTP7MaS9gzDXANP6/hcbiW+Nweqtuilm4JdcN9uMKDXfJD4cq9vmR3W79X5Y
yhyBuls+nOjanS7CVEH2iQ3BCHxWqOLHIO6c32FOrQSsGuMOr73wkoporQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDgVOMBYKaih4i/QdMN8dVCB24SHMB8GA1UdIwQY
MBaAFFTmEMKr02ZMESBFgPdImWVVwiIlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk9ZUXdxdlRaa3dSSUVXQTkwaVpaVlhDSWlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9mMjAzM2EtMjBlNy00NjFlLWE1NmIt
NDg5ZWUwZjFlZTYzLzEvT0JVNHdGZ3BxS0hpTDlCMHczeDFVSUhiaEljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9mMjAzM2EtMjBlNy00NjFlLWE1NmItNDg5ZWUwZjFlZTYz
LzEvVk9ZUXdxdlRaa3dSSUVXQTkwaVpaVlhDSWlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQDpMA0G
CSqGSIb3DQEBCwUAA4IBAQAbXnRxxWdHcb667Bgw5rZ1eUeplzCUqOoWsOGW0VcE
T+c4h7pKpq4+Ijx5Pxtn+Z3oKKFfd3n2HZBqrztoY5M1L+X3/M9B5BcjmJR8mqq5
1GjS/OX/8RdjMUwE8PT8u66OzfJwrOrk6sNse6ggFYY361Lg/FNMjAz9F5qggdV3
oah0RW7KJvt8+A5s8j/yuk/a4kJWM9AioCl6vyIPXzibnhl0TIbHdSe8TRVigbw5
fXP/37QUxHWVUHPa5vGWGkOTb2QQUXGZc7NB/BZsQBGyPC9HwuB/43MXetMqxT+H
Bj7wYcaLCaXwnNI3KSS5J2ce5C4ZJsD8WZa5fg6Bsdyh
-----END CERTIFICATE-----