Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/8d0b05-263f-403a-abf4-238bde0e1ef7/1/oR7yCYxfsnJPS9sgiksnu946-yg.roa
File:                     oR7yCYxfsnJPS9sgiksnu946-yg.roa (raw, json)
Hash identifier:          deS7g0GTgeawzn7QOz17bm+UO+6B6dP/XN+aoSgDsOs=
Subject key identifier:   A1:1E:F2:09:8C:5F:B2:72:4F:4B:DB:20:8A:4B:27:BB:DE:3A:FB:28
Certificate issuer:       /CN=94447eb3197aa31e7e6849f16af55ab25301fa82
Certificate serial:       0192627292F3CFD39553491AAAED87B36828
Authority key identifier: 94:44:7E:B3:19:7A:A3:1E:7E:68:49:F1:6A:F5:5A:B2:53:01:FA:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lER-sxl6ox5-aEnxavVaslMB-oI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/8d0b05-263f-403a-abf4-238bde0e1ef7/1/oR7yCYxfsnJPS9sgiksnu946-yg.roa
Signing time:             Sun 06 Oct 2024 15:28:48 +0000
ROA not before:           Sun 06 Oct 2024 15:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215311
IP address blocks:        193.56.135.0/24 maxlen: 24
                          2a14:4200::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/8d0b05-263f-403a-abf4-238bde0e1ef7/1/lER-sxl6ox5-aEnxavVaslMB-oI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/8d0b05-263f-403a-abf4-238bde0e1ef7/1/lER-sxl6ox5-aEnxavVaslMB-oI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lER-sxl6ox5-aEnxavVaslMB-oI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:62:72:92:f3:cf:d3:95:53:49:1a:aa:ed:87:b3:68:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94447eb3197aa31e7e6849f16af55ab25301fa82
        Validity
            Not Before: Oct  6 15:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a11ef2098c5fb2724f4bdb208a4b27bbde3afb28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7e:08:3c:e0:3f:f6:53:71:3b:f9:52:cd:dd:
                    c3:bc:b5:22:a9:6a:6f:31:b5:b8:1c:f5:61:19:9f:
                    f1:6c:d1:0f:c6:5b:f9:1e:97:1d:10:67:da:e7:34:
                    9b:49:64:f0:1f:91:4a:06:ac:7b:7c:f7:e5:bb:87:
                    16:5e:ab:77:bd:a4:a9:45:be:c3:5f:b0:ca:2a:b1:
                    0c:4c:49:51:92:a8:d9:44:21:fd:d0:30:ac:13:28:
                    74:0d:fe:cb:95:9a:ea:0c:28:0e:c0:c4:03:fa:97:
                    81:4d:7b:95:bd:f4:81:6d:80:58:ea:ef:46:25:ca:
                    5f:3c:0d:9b:7c:fb:b0:15:cd:dd:29:a6:f9:d4:65:
                    4a:05:2c:40:b6:15:8f:72:a4:dd:c2:fe:54:42:c3:
                    e8:a0:6a:3b:d3:d0:bf:27:84:f8:cf:c7:76:aa:f6:
                    83:af:f6:7c:bc:a3:f5:b3:38:e8:21:88:e1:dd:ce:
                    99:ab:16:0f:02:14:ce:fb:ae:c6:dd:4b:a0:ea:92:
                    2e:a6:2b:b1:9a:75:2d:62:31:b1:63:05:45:89:7e:
                    f8:cc:20:cb:3f:6b:cd:34:04:02:65:74:5c:fe:f4:
                    82:7a:fa:73:f3:d3:d3:53:f4:fc:f4:86:11:f6:f8:
                    9b:6f:de:bb:53:3f:54:2c:32:41:9c:bb:1d:3a:f3:
                    4b:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:1E:F2:09:8C:5F:B2:72:4F:4B:DB:20:8A:4B:27:BB:DE:3A:FB:28
            X509v3 Authority Key Identifier:
                keyid:94:44:7E:B3:19:7A:A3:1E:7E:68:49:F1:6A:F5:5A:B2:53:01:FA:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lER-sxl6ox5-aEnxavVaslMB-oI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/8d0b05-263f-403a-abf4-238bde0e1ef7/1/oR7yCYxfsnJPS9sgiksnu946-yg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/8d0b05-263f-403a-abf4-238bde0e1ef7/1/lER-sxl6ox5-aEnxavVaslMB-oI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.135.0/24
                IPv6:
                  2a14:4200::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:55:5d:68:c7:77:b2:76:86:2f:60:e4:22:be:bf:7b:f7:69:
         3f:9f:b9:b8:56:72:92:80:42:06:50:bf:a1:7d:4e:56:ef:e3:
         94:63:82:7a:36:3a:4d:77:9f:f0:a9:15:a5:ee:d9:5e:17:9a:
         e5:41:3e:97:2c:f1:e3:23:2f:76:a2:eb:b4:fc:7c:86:de:ee:
         d3:55:56:5c:12:f4:19:03:32:7e:4a:d8:42:64:6a:10:25:3d:
         35:f5:4e:80:2f:3d:14:dc:6a:f8:7d:bb:e1:34:1d:15:2c:95:
         16:a7:57:31:b0:6e:6e:2b:b4:8f:ff:6b:7d:52:d3:db:12:b8:
         c9:23:78:a2:b5:a1:64:ba:5f:c9:b9:2c:36:6b:b7:57:f1:b8:
         f6:cd:1d:6e:4c:0c:38:8a:18:12:cc:d2:3d:b3:83:66:fb:7b:
         d0:86:ab:ed:73:f5:7d:5e:40:e9:54:4e:78:35:0e:67:dc:15:
         67:a0:90:54:4d:7d:4c:8f:92:d0:8f:d2:a9:b1:a8:62:ac:c7:
         c1:fc:51:de:30:d3:40:df:5f:e3:89:85:8f:49:bd:d7:3a:65:
         cf:36:87:69:54:58:d1:01:50:a4:07:9f:ce:aa:3f:80:44:3f:
         28:d2:91:bf:9c:97:7e:6d:76:b3:be:b1:6b:a0:56:97:78:34:
         aa:39:8c:24
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZJicpLzz9OVU0kaqu2Hs2goMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0NDQ3ZWIzMTk3YWEzMWU3ZTY4NDlmMTZhZjU1YWIyNTMw
MWZhODIwHhcNMjQxMDA2MTUyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTFlZjIwOThjNWZiMjcyNGY0YmRiMjA4YTRiMjdiYmRlM2FmYjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwH4IPOA/9lNxO/lSzd3DvLUiqWpv
MbW4HPVhGZ/xbNEPxlv5HpcdEGfa5zSbSWTwH5FKBqx7fPflu4cWXqt3vaSpRb7D
X7DKKrEMTElRkqjZRCH90DCsEyh0Df7LlZrqDCgOwMQD+peBTXuVvfSBbYBY6u9G
JcpfPA2bfPuwFc3dKab51GVKBSxAthWPcqTdwv5UQsPooGo709C/J4T4z8d2qvaD
r/Z8vKP1szjoIYjh3c6ZqxYPAhTO+67G3Uug6pIupiuxmnUtYjGxYwVFiX74zCDL
P2vNNAQCZXRc/vSCevpz89PTU/T89IYR9vibb967Uz9ULDJBnLsdOvNLDwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKEe8gmMX7JyT0vbIIpLJ7veOvsoMB8GA1UdIwQY
MBaAFJREfrMZeqMefmhJ8Wr1WrJTAfqCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEVSLXN4bDZveDUtYUVueGF2VmFzbE1CLW9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84ZDBiMDUtMjYzZi00MDNhLWFiZjQt
MjM4YmRlMGUxZWY3LzEvb1I3eUNZeGZzbkpQUzlzZ2lrc251OTQ2LXlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84ZDBiMDUtMjYzZi00MDNhLWFiZjQtMjM4YmRlMGUxZWY3
LzEvbEVSLXN4bDZveDUtYUVueGF2VmFzbE1CLW9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwTiHMA0E
AgACMAcDBQMqFEIAMA0GCSqGSIb3DQEBCwUAA4IBAQCMVV1ox3eydoYvYOQivr97
92k/n7m4VnKSgEIGUL+hfU5W7+OUY4J6NjpNd5/wqRWl7tleF5rlQT6XLPHjIy92
ouu0/HyG3u7TVVZcEvQZAzJ+SthCZGoQJT019U6ALz0U3Gr4fbvhNB0VLJUWp1cx
sG5uK7SP/2t9UtPbErjJI3iitaFkul/JuSw2a7dX8bj2zR1uTAw4ihgSzNI9s4Nm
+3vQhqvtc/V9XkDpVE54NQ5n3BVnoJBUTX1Mj5LQj9KpsahirMfB/FHeMNNA31/j
iYWPSb3XOmXPNodpVFjRAVCkB5/Oqj+ARD8o0pG/nJd+bXazvrFroFaXeDSqOYwk
-----END CERTIFICATE-----