Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/ppTzXgX7sBlrJOA3FggfAH3Sma0.roa
File:                     ppTzXgX7sBlrJOA3FggfAH3Sma0.roa (raw, json)
Hash identifier:          87EFxnWUgFy/SpFTSQFuS8SFMqH/vi0zmWPTJkH9cVY=
Subject key identifier:   A6:94:F3:5E:05:FB:B0:19:6B:24:E0:37:16:08:1F:00:7D:D2:99:AD
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018CC8DFA98CCD695A9A9D8306EC38BE32BC
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/ppTzXgX7sBlrJOA3FggfAH3Sma0.roa
Signing time:             Tue 02 Jan 2024 06:32:30 +0000
ROA not before:           Tue 02 Jan 2024 06:32:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198584
IP address blocks:        194.120.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a9:8c:cd:69:5a:9a:9d:83:06:ec:38:be:32:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  2 06:32:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a694f35e05fbb0196b24e03716081f007dd299ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:6e:1d:1f:17:4b:95:46:fe:1a:01:88:ec:15:
                    9a:30:f4:6c:4b:06:39:6a:0d:0b:49:98:24:80:27:
                    91:4e:43:54:07:e8:1d:5e:4d:cc:97:72:5b:a8:f0:
                    07:0d:73:30:9b:03:4d:2b:18:20:40:c8:50:36:4d:
                    22:9e:4d:4f:30:71:82:30:1f:fd:de:0f:84:ea:3a:
                    f5:40:fb:de:36:0a:9a:be:0d:66:6f:b1:cb:63:ff:
                    e8:b0:0f:97:7c:9c:93:a5:46:7b:a4:44:44:3c:bf:
                    b3:61:b9:0a:dc:3c:c1:ba:7f:26:c4:55:63:d9:9e:
                    70:2d:98:45:5f:f6:66:5e:55:08:9d:5b:60:37:a6:
                    0a:4a:ba:83:b2:16:b5:1d:41:c1:a6:9c:80:17:c1:
                    a1:49:63:d6:e7:6f:6d:d8:bf:d5:62:f3:e4:6b:7a:
                    f3:af:6d:57:74:13:1e:23:54:af:1f:75:a8:60:40:
                    83:fd:b9:0c:40:7d:3f:78:aa:8e:03:f0:c4:01:11:
                    79:40:3f:08:d6:65:4c:45:76:e4:f5:c2:c1:dc:a1:
                    69:a1:81:c3:1d:31:f7:d4:d6:73:db:9e:7e:35:93:
                    2a:0f:b8:71:c9:81:be:48:3d:77:8f:94:1d:0a:d5:
                    e7:90:3f:dd:45:54:9c:39:ba:4b:bf:6b:18:a5:c5:
                    ff:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:94:F3:5E:05:FB:B0:19:6B:24:E0:37:16:08:1F:00:7D:D2:99:AD
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/ppTzXgX7sBlrJOA3FggfAH3Sma0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.120.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:2a:7e:dd:ff:db:43:30:91:c2:31:9d:33:55:d5:37:8b:bb:
         47:c6:18:9c:29:6c:21:24:ba:c5:70:61:46:61:03:87:b1:ac:
         7e:7f:0c:67:a2:d5:b7:16:7c:34:6a:b8:2b:a1:a8:3c:d0:3b:
         80:b8:25:ba:4e:2a:c5:e3:80:9a:f8:3a:a8:b3:57:da:e5:c5:
         99:e0:ce:7d:86:71:15:e8:d7:81:61:66:69:04:1a:5c:07:a0:
         8f:79:36:88:63:38:86:39:a8:1f:86:97:ef:0b:35:93:b5:da:
         4a:e1:9b:15:35:16:2a:33:a5:75:4c:fb:f5:d6:c7:9f:23:44:
         34:09:23:68:3b:c4:da:15:80:bf:d7:9c:c3:d9:80:7a:46:db:
         2c:ec:2a:2a:5b:04:e1:b6:7b:5e:14:cf:38:1e:c7:ac:39:7e:
         c7:13:81:19:c2:32:97:84:a0:51:65:23:18:23:d6:0f:d6:32:
         8f:82:6a:c5:a9:9b:9b:3c:ed:7f:c1:20:c9:2b:a9:ed:d2:8a:
         33:a0:2c:1d:06:f8:72:7c:8f:67:e3:5e:14:b4:4e:a0:f7:e6:
         1c:53:bb:aa:a3:d5:be:15:b5:81:d6:68:18:29:ff:9f:b8:ad:
         d5:6c:2a:9f:e0:0d:8c:7e:a1:e2:f4:56:16:92:71:0c:e8:13:
         10:7f:35:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36mMzWlamp2DBuw4vjK8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwMTAyMDYzMjMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjk0ZjM1ZTA1ZmJiMDE5NmIyNGUwMzcxNjA4MWYwMDdkZDI5OWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiW4dHxdLlUb+GgGI7BWaMPRsSwY5
ag0LSZgkgCeRTkNUB+gdXk3Ml3JbqPAHDXMwmwNNKxggQMhQNk0ink1PMHGCMB/9
3g+E6jr1QPveNgqavg1mb7HLY//osA+XfJyTpUZ7pEREPL+zYbkK3DzBun8mxFVj
2Z5wLZhFX/ZmXlUInVtgN6YKSrqDsha1HUHBppyAF8GhSWPW529t2L/VYvPka3rz
r21XdBMeI1SvH3WoYECD/bkMQH0/eKqOA/DEARF5QD8I1mVMRXbk9cLB3KFpoYHD
HTH31NZz255+NZMqD7hxyYG+SD13j5QdCtXnkD/dRVScObpLv2sYpcX/HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKaU814F+7AZayTgNxYIHwB90pmtMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvcHBUelhnWDdzQmxySk9BM0ZnZ2ZBSDNTbWEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnjmMA0G
CSqGSIb3DQEBCwUAA4IBAQCcKn7d/9tDMJHCMZ0zVdU3i7tHxhicKWwhJLrFcGFG
YQOHsax+fwxnotW3Fnw0argroag80DuAuCW6TirF44Ca+Dqos1fa5cWZ4M59hnEV
6NeBYWZpBBpcB6CPeTaIYziGOagfhpfvCzWTtdpK4ZsVNRYqM6V1TPv11sefI0Q0
CSNoO8TaFYC/15zD2YB6Rtss7CoqWwThtnteFM84HsesOX7HE4EZwjKXhKBRZSMY
I9YP1jKPgmrFqZubPO1/wSDJK6nt0oozoCwdBvhyfI9n414UtE6g9+YcU7uqo9W+
FbWB1mgYKf+fuK3VbCqf4A2MfqHi9FYWknEM6BMQfzWM
-----END CERTIFICATE-----