Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/9e9122-bbff-48d9-98c6-0a4286f3cfbe/1/h9mNh0ayohXXaKFElslF55jhWow.roa
File:                     h9mNh0ayohXXaKFElslF55jhWow.roa (raw, json)
Hash identifier:          mBLznXFIdwBi4PKliinAQGoeuUSx7H0SUI7Ibv5jeLs=
Subject key identifier:   87:D9:8D:87:46:B2:A2:15:D7:68:A1:44:96:C9:45:E7:98:E1:5A:8C
Certificate issuer:       /CN=b5f57e49ebf098bc53e8db388881c92369d9bf8c
Certificate serial:       018CC727742A1D6478955E1A90FF349E9D3D
Authority key identifier: B5:F5:7E:49:EB:F0:98:BC:53:E8:DB:38:88:81:C9:23:69:D9:BF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tfV-SevwmLxT6Ns4iIHJI2nZv4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/9e9122-bbff-48d9-98c6-0a4286f3cfbe/1/h9mNh0ayohXXaKFElslF55jhWow.roa
Signing time:             Mon 01 Jan 2024 22:31:40 +0000
ROA not before:           Mon 01 Jan 2024 22:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3342
IP address blocks:        193.163.36.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/9e9122-bbff-48d9-98c6-0a4286f3cfbe/1/tfV-SevwmLxT6Ns4iIHJI2nZv4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/9e9122-bbff-48d9-98c6-0a4286f3cfbe/1/tfV-SevwmLxT6Ns4iIHJI2nZv4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tfV-SevwmLxT6Ns4iIHJI2nZv4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:74:2a:1d:64:78:95:5e:1a:90:ff:34:9e:9d:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5f57e49ebf098bc53e8db388881c92369d9bf8c
        Validity
            Not Before: Jan  1 22:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87d98d8746b2a215d768a14496c945e798e15a8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:e0:03:89:07:e8:95:0f:a8:46:03:57:0a:58:
                    c0:fb:17:8b:ef:cb:94:cd:eb:a9:25:cb:47:f4:bb:
                    9a:09:03:b6:2f:28:00:82:c9:94:79:15:40:d2:bc:
                    72:d5:23:32:a4:2b:97:d2:0e:76:be:7b:b3:dc:42:
                    ca:4d:01:e9:6c:1a:28:d4:f4:e1:5b:b5:72:13:97:
                    4a:b5:04:38:06:aa:3f:1d:44:d4:c2:13:da:b2:0a:
                    56:16:84:76:05:7c:1c:d2:87:fa:bd:48:02:7d:c3:
                    25:ba:af:82:28:c0:51:61:f9:cc:f0:57:84:e5:a6:
                    4e:a8:d1:68:c6:e5:f7:d2:49:17:81:45:19:fc:d1:
                    7e:45:27:47:ce:89:f2:3e:2b:49:f8:b1:27:90:59:
                    db:b5:41:64:45:90:aa:69:36:b5:88:7f:ad:8a:b0:
                    45:ad:61:44:c0:20:55:16:f9:ab:27:98:1c:fc:c5:
                    70:bf:c2:64:4f:14:54:2e:ab:c9:b8:3c:5b:62:db:
                    db:9e:71:c3:5e:9a:67:9e:e0:4c:69:ce:47:87:45:
                    97:ba:66:a2:e9:58:54:f9:b4:7f:f3:b7:b0:84:d9:
                    d2:77:0f:15:d8:07:80:41:cd:e2:6a:21:54:b4:5d:
                    f0:28:e3:78:7c:c0:11:64:af:56:8e:07:f4:b2:2e:
                    ee:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:D9:8D:87:46:B2:A2:15:D7:68:A1:44:96:C9:45:E7:98:E1:5A:8C
            X509v3 Authority Key Identifier:
                keyid:B5:F5:7E:49:EB:F0:98:BC:53:E8:DB:38:88:81:C9:23:69:D9:BF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tfV-SevwmLxT6Ns4iIHJI2nZv4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/9e9122-bbff-48d9-98c6-0a4286f3cfbe/1/h9mNh0ayohXXaKFElslF55jhWow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/9e9122-bbff-48d9-98c6-0a4286f3cfbe/1/tfV-SevwmLxT6Ns4iIHJI2nZv4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:45:f9:cc:03:ec:1d:79:83:de:79:76:46:8a:8e:24:e2:ec:
         53:11:db:00:fd:43:8d:24:d4:6c:8f:96:e7:ce:0a:50:63:5d:
         30:47:25:34:86:f5:9d:9f:ef:4a:0d:8c:a2:ea:9e:71:21:4f:
         e0:56:5f:61:aa:65:78:5f:03:17:7e:e6:37:08:27:57:3d:2b:
         4a:f9:40:37:0c:c2:37:63:40:c2:f0:a2:5a:ef:ef:a6:ee:ab:
         67:4a:8f:08:cd:d3:d4:f2:24:19:ea:0c:2e:ee:c5:a0:88:3d:
         0c:9d:01:c4:85:a6:e6:5b:33:12:91:50:c6:e6:19:51:16:7a:
         00:1b:82:fe:9f:95:30:97:b3:bb:f7:b8:f3:f8:47:15:ba:64:
         c8:a9:34:1a:4f:ae:34:37:1e:5a:9a:f6:74:3c:6a:aa:69:e5:
         cc:0c:11:be:f2:ca:89:68:94:b4:86:f5:bc:42:1f:ba:c5:4b:
         18:57:f5:26:c3:12:1a:a2:fd:28:76:80:f3:b5:4d:14:f1:08:
         45:63:1a:1d:43:7d:8b:b5:6b:fc:f8:18:88:0e:1d:4a:71:e9:
         60:c5:ad:2b:0a:b1:3e:6c:22:44:39:12:52:fe:66:b6:36:3b:
         f9:6c:20:54:f1:fe:a6:fa:41:e3:e9:71:0e:08:6b:d0:ac:24:
         c1:0a:72:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ3QqHWR4lV4akP80np09MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1ZjU3ZTQ5ZWJmMDk4YmM1M2U4ZGIzODg4ODFjOTIzNjlk
OWJmOGMwHhcNMjQwMTAxMjIzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2Q5OGQ4NzQ2YjJhMjE1ZDc2OGExNDQ5NmM5NDVlNzk4ZTE1YThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeADiQfolQ+oRgNXCljA+xeL78uU
zeupJctH9LuaCQO2LygAgsmUeRVA0rxy1SMypCuX0g52vnuz3ELKTQHpbBoo1PTh
W7VyE5dKtQQ4Bqo/HUTUwhPasgpWFoR2BXwc0of6vUgCfcMluq+CKMBRYfnM8FeE
5aZOqNFoxuX30kkXgUUZ/NF+RSdHzonyPitJ+LEnkFnbtUFkRZCqaTa1iH+tirBF
rWFEwCBVFvmrJ5gc/MVwv8JkTxRULqvJuDxbYtvbnnHDXppnnuBMac5Hh0WXumai
6VhU+bR/87ewhNnSdw8V2AeAQc3iaiFUtF3wKON4fMARZK9Wjgf0si7u6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIfZjYdGsqIV12ihRJbJReeY4VqMMB8GA1UdIwQY
MBaAFLX1fknr8Ji8U+jbOIiBySNp2b+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGZWLVNldndtTHhUNk5zNGlJSEpJMm5adjR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS85ZTkxMjItYmJmZi00OGQ5LTk4YzYt
MGE0Mjg2ZjNjZmJlLzEvaDltTmgwYXlvaFhYYUtGRWxzbEY1NWpoV293LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS85ZTkxMjItYmJmZi00OGQ5LTk4YzYtMGE0Mjg2ZjNjZmJl
LzEvdGZWLVNldndtTHhUNk5zNGlJSEpJMm5adjR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwaMkMA0G
CSqGSIb3DQEBCwUAA4IBAQBmRfnMA+wdeYPeeXZGio4k4uxTEdsA/UONJNRsj5bn
zgpQY10wRyU0hvWdn+9KDYyi6p5xIU/gVl9hqmV4XwMXfuY3CCdXPStK+UA3DMI3
Y0DC8KJa7++m7qtnSo8IzdPU8iQZ6gwu7sWgiD0MnQHEhabmWzMSkVDG5hlRFnoA
G4L+n5Uwl7O797jz+EcVumTIqTQaT640Nx5amvZ0PGqqaeXMDBG+8sqJaJS0hvW8
Qh+6xUsYV/UmwxIaov0odoDztU0U8QhFYxodQ32LtWv8+BiIDh1Kcelgxa0rCrE+
bCJEORJS/ma2Njv5bCBU8f6m+kHj6XEOCGvQrCTBCnKl
-----END CERTIFICATE-----