Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/443c4f-6406-4041-ac13-393ad25eb340/1/c9gsj_28cg189-ePS9_cGD964yk.roa
File:                     c9gsj_28cg189-ePS9_cGD964yk.roa (raw, json)
Hash identifier:          TPitvFzbSrgA39tKxZOqV7vPFnUEz6lHBME+3NhcK0k=
Subject key identifier:   73:D8:2C:8F:FD:BC:72:0D:7C:F7:E7:8F:4B:DF:DC:18:3F:7A:E3:29
Certificate issuer:       /CN=94a9eaa9d71b7c51c9b4bbea6819b37ff5291d59
Certificate serial:       01927C374CFFDF375AAD2EFD76A7D051100C
Authority key identifier: 94:A9:EA:A9:D7:1B:7C:51:C9:B4:BB:EA:68:19:B3:7F:F5:29:1D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lKnqqdcbfFHJtLvqaBmzf_UpHVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/443c4f-6406-4041-ac13-393ad25eb340/1/c9gsj_28cg189-ePS9_cGD964yk.roa
Signing time:             Fri 11 Oct 2024 15:34:11 +0000
ROA not before:           Fri 11 Oct 2024 15:34:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214072
IP address blocks:        193.93.75.0/24 maxlen: 24
                          2a14:2cc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/443c4f-6406-4041-ac13-393ad25eb340/1/lKnqqdcbfFHJtLvqaBmzf_UpHVk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/443c4f-6406-4041-ac13-393ad25eb340/1/lKnqqdcbfFHJtLvqaBmzf_UpHVk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lKnqqdcbfFHJtLvqaBmzf_UpHVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7c:37:4c:ff:df:37:5a:ad:2e:fd:76:a7:d0:51:10:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94a9eaa9d71b7c51c9b4bbea6819b37ff5291d59
        Validity
            Not Before: Oct 11 15:34:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73d82c8ffdbc720d7cf7e78f4bdfdc183f7ae329
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:50:2d:cc:78:55:3e:09:df:8a:e6:88:15:2d:
                    94:13:05:4f:06:62:34:8e:6b:09:6e:11:39:f5:5a:
                    73:9c:1a:70:0d:ee:ec:16:ae:fe:a6:ab:8a:47:a0:
                    da:84:bd:33:88:cf:4d:0e:3d:90:df:74:44:55:23:
                    ab:b1:98:65:c8:4e:ee:e9:67:61:20:4e:83:25:09:
                    10:2d:c9:a8:57:ad:53:bf:b7:77:73:96:dd:8b:1a:
                    1a:ec:ae:8e:46:3e:3a:45:c2:8c:f5:1d:2b:41:4a:
                    e2:85:7b:36:43:db:7b:b5:88:45:f4:b0:3a:89:0e:
                    ab:2d:39:69:35:3a:81:89:80:28:4a:64:36:1d:ff:
                    02:02:4a:1c:d2:8c:b9:23:1f:06:06:23:4a:ac:d8:
                    86:02:f6:17:76:ae:7c:d0:b2:79:0a:84:ad:ab:4d:
                    ff:ca:18:1d:0d:4a:5f:fa:13:4d:8f:be:02:bf:14:
                    f4:4d:96:d2:97:f7:61:8b:18:c8:9c:bc:7c:06:fb:
                    56:d3:25:38:ee:14:db:44:cf:32:0d:73:cb:d1:6d:
                    26:c6:f5:53:8a:32:09:88:c1:a3:0a:1d:fa:48:70:
                    b7:38:d0:28:cb:b3:60:06:02:87:33:57:6a:d7:c5:
                    08:e8:d1:83:46:d5:5e:d4:4d:70:a0:47:29:d6:21:
                    8c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:D8:2C:8F:FD:BC:72:0D:7C:F7:E7:8F:4B:DF:DC:18:3F:7A:E3:29
            X509v3 Authority Key Identifier:
                keyid:94:A9:EA:A9:D7:1B:7C:51:C9:B4:BB:EA:68:19:B3:7F:F5:29:1D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lKnqqdcbfFHJtLvqaBmzf_UpHVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/443c4f-6406-4041-ac13-393ad25eb340/1/c9gsj_28cg189-ePS9_cGD964yk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/443c4f-6406-4041-ac13-393ad25eb340/1/lKnqqdcbfFHJtLvqaBmzf_UpHVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.93.75.0/24
                IPv6:
                  2a14:2cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:7b:01:5e:4b:eb:17:4b:9a:51:fc:8a:78:4b:32:1f:7e:30:
         27:cb:fe:85:08:d2:ba:4d:c0:b5:d2:59:4f:20:21:50:aa:ec:
         00:5c:4a:c1:8a:e5:61:8d:d3:ca:20:99:0d:84:14:6c:83:16:
         e0:7c:ce:6d:5d:0b:cf:01:1b:89:7f:06:e5:fd:00:df:73:22:
         38:b3:ec:56:e5:1c:80:f2:ce:ee:cd:a6:69:b9:ff:a6:f5:38:
         66:3b:f1:3b:32:c0:a9:a2:aa:f6:72:a9:8a:2f:2a:1f:f6:1d:
         f9:ec:64:e2:d3:e7:22:aa:86:8f:04:cb:0c:a9:c5:c2:90:0b:
         2b:aa:3d:9b:c4:2b:0c:e4:b4:1e:cf:d2:73:2e:d6:2b:6a:f6:
         0a:12:36:24:36:55:f4:3b:54:e9:ff:97:25:c3:dc:aa:54:fa:
         fd:55:e4:b8:7f:c4:7a:c6:11:6e:83:c7:b6:cb:6a:62:7f:f8:
         66:95:96:05:9f:f6:24:ab:8f:d2:98:ce:bb:91:28:4f:1c:b3:
         6d:04:a1:2d:f5:ef:ab:da:98:0c:75:c9:93:87:3c:c0:c1:94:
         6c:31:5b:e8:b0:17:de:20:74:30:62:ad:21:58:a5:22:b3:65:
         9a:72:e8:d1:b1:3b:92:a9:41:21:37:4b:45:db:ef:96:fc:04:
         66:43:2d:af
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZJ8N0z/3zdarS79dqfQURAMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0YTllYWE5ZDcxYjdjNTFjOWI0YmJlYTY4MTliMzdmZjUy
OTFkNTkwHhcNMjQxMDExMTUzNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2Q4MmM4ZmZkYmM3MjBkN2NmN2U3OGY0YmRmZGMxODNmN2FlMzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlVAtzHhVPgnfiuaIFS2UEwVPBmI0
jmsJbhE59VpznBpwDe7sFq7+pquKR6DahL0ziM9NDj2Q33REVSOrsZhlyE7u6Wdh
IE6DJQkQLcmoV61Tv7d3c5bdixoa7K6ORj46RcKM9R0rQUrihXs2Q9t7tYhF9LA6
iQ6rLTlpNTqBiYAoSmQ2Hf8CAkoc0oy5Ix8GBiNKrNiGAvYXdq580LJ5CoStq03/
yhgdDUpf+hNNj74CvxT0TZbSl/dhixjInLx8BvtW0yU47hTbRM8yDXPL0W0mxvVT
ijIJiMGjCh36SHC3ONAoy7NgBgKHM1dq18UI6NGDRtVe1E1woEcp1iGMywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHPYLI/9vHINfPfnj0vf3Bg/euMpMB8GA1UdIwQY
MBaAFJSp6qnXG3xRybS76mgZs3/1KR1ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEtucXFkY2JmRkhKdEx2cWFCbXpmX1VwSFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi80NDNjNGYtNjQwNi00MDQxLWFjMTMt
MzkzYWQyNWViMzQwLzEvYzlnc2pfMjhjZzE4OS1lUFM5X2NHRDk2NHlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi80NDNjNGYtNjQwNi00MDQxLWFjMTMtMzkzYWQyNWViMzQw
LzEvbEtucXFkY2JmRkhKdEx2cWFCbXpmX1VwSFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwV1LMA0E
AgACMAcDBQMqFCzAMA0GCSqGSIb3DQEBCwUAA4IBAQBaewFeS+sXS5pR/Ip4SzIf
fjAny/6FCNK6TcC10llPICFQquwAXErBiuVhjdPKIJkNhBRsgxbgfM5tXQvPARuJ
fwbl/QDfcyI4s+xW5RyA8s7uzaZpuf+m9ThmO/E7MsCpoqr2cqmKLyof9h357GTi
0+ciqoaPBMsMqcXCkAsrqj2bxCsM5LQez9JzLtYravYKEjYkNlX0O1Tp/5clw9yq
VPr9VeS4f8R6xhFug8e2y2pif/hmlZYFn/Ykq4/SmM67kShPHLNtBKEt9e+r2pgM
dcmThzzAwZRsMVvosBfeIHQwYq0hWKUis2WacujRsTuSqUEhN0tF2++W/ARmQy2v
-----END CERTIFICATE-----