Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/ca68e8-5157-46b6-b584-ea92d80ab188/1/wH9jzcOpQiolXL5SlnX7kZf7hfA.roa
File:                     wH9jzcOpQiolXL5SlnX7kZf7hfA.roa (raw, json)
Hash identifier:          X/gwHX5+4DtD7hWJWaJgWlt0VnLzoQZmG+G0uDaRpOg=
Subject key identifier:   C0:7F:63:CD:C3:A9:42:2A:25:5C:BE:52:96:75:FB:91:97:FB:85:F0
Certificate issuer:       /CN=230e9ac64510fa391846bb139ab52b8001d58038
Certificate serial:       018CC86EF52340CA6B64937F65CDB5A5A5CF
Authority key identifier: 23:0E:9A:C6:45:10:FA:39:18:46:BB:13:9A:B5:2B:80:01:D5:80:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iw6axkUQ-jkYRrsTmrUrgAHVgDg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/ca68e8-5157-46b6-b584-ea92d80ab188/1/wH9jzcOpQiolXL5SlnX7kZf7hfA.roa
Signing time:             Tue 02 Jan 2024 04:29:24 +0000
ROA not before:           Tue 02 Jan 2024 04:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21458
IP address blocks:        193.30.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/ca68e8-5157-46b6-b584-ea92d80ab188/1/Iw6axkUQ-jkYRrsTmrUrgAHVgDg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/ca68e8-5157-46b6-b584-ea92d80ab188/1/Iw6axkUQ-jkYRrsTmrUrgAHVgDg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iw6axkUQ-jkYRrsTmrUrgAHVgDg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 01:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:f5:23:40:ca:6b:64:93:7f:65:cd:b5:a5:a5:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=230e9ac64510fa391846bb139ab52b8001d58038
        Validity
            Not Before: Jan  2 04:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c07f63cdc3a9422a255cbe529675fb9197fb85f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:b7:05:27:26:72:8c:01:c8:2f:ed:b2:7c:00:
                    5f:ca:20:6c:e8:43:b3:a9:c2:23:bf:dd:2a:9f:b2:
                    42:3a:d2:27:61:89:cc:b7:71:ee:e9:82:79:5b:cd:
                    6d:0b:3b:bc:df:6b:03:d0:c7:11:47:e8:dc:96:c6:
                    fb:27:a0:25:e1:3e:7d:37:c8:2e:73:c2:31:be:6b:
                    f4:05:67:0f:87:6a:ff:c8:67:b4:e5:65:9c:67:f0:
                    00:cc:0f:fa:08:41:b6:6e:d0:61:40:5a:76:41:3b:
                    8e:f7:0d:a2:cf:60:c3:1d:79:d6:00:db:93:15:ba:
                    65:79:05:64:83:c4:a0:0a:4d:1b:ab:bd:95:22:00:
                    6b:a9:1a:b8:91:02:92:b5:d6:3a:63:5f:f0:63:b4:
                    97:50:08:b9:75:de:41:44:71:63:d0:28:ac:48:a0:
                    a3:70:25:47:19:ba:9f:d3:06:f2:c4:0e:d9:14:40:
                    30:a8:d2:79:51:f7:a0:0f:c5:5b:bd:46:cf:d0:6e:
                    f5:a5:77:70:0e:a1:8b:b8:c7:59:d7:cd:bf:ec:13:
                    53:a7:37:41:73:11:0d:69:e4:c2:95:4f:d9:02:30:
                    6b:98:ba:96:a4:9a:96:25:6a:f3:1b:a1:16:f4:82:
                    97:83:a7:2b:23:50:4e:66:de:1e:f1:aa:7b:6d:2a:
                    fe:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:7F:63:CD:C3:A9:42:2A:25:5C:BE:52:96:75:FB:91:97:FB:85:F0
            X509v3 Authority Key Identifier:
                keyid:23:0E:9A:C6:45:10:FA:39:18:46:BB:13:9A:B5:2B:80:01:D5:80:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iw6axkUQ-jkYRrsTmrUrgAHVgDg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/ca68e8-5157-46b6-b584-ea92d80ab188/1/wH9jzcOpQiolXL5SlnX7kZf7hfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/ca68e8-5157-46b6-b584-ea92d80ab188/1/Iw6axkUQ-jkYRrsTmrUrgAHVgDg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:ca:c7:05:11:cc:64:8e:35:99:e9:12:33:4f:d3:05:54:89:
         38:53:d2:2f:e5:69:3b:38:b3:6a:4d:95:bf:63:9c:16:38:cc:
         66:42:c6:53:59:99:4e:2e:c2:42:0c:dc:39:62:1d:77:bf:64:
         80:29:9d:20:02:00:e0:20:56:55:76:94:1e:b6:2e:fc:33:df:
         22:e0:e2:84:0e:d6:31:16:bb:47:39:a8:f7:a7:d2:55:94:f1:
         6d:7d:55:ce:ad:db:24:d9:cc:e0:8e:da:cb:24:f6:95:9d:b9:
         4d:67:97:d1:00:86:89:23:6e:1a:53:b9:89:3b:52:8f:d2:4d:
         93:8b:d4:b2:e2:cc:4e:65:6e:2a:8c:88:05:00:83:52:9a:ad:
         2e:f5:63:ca:c2:75:cf:1e:e3:c4:42:55:89:54:a7:63:1a:8b:
         99:20:98:1d:82:10:67:1f:65:d7:61:49:a8:39:f4:cc:fc:db:
         ef:d9:6c:b7:ee:80:54:26:cd:de:b4:37:57:8a:88:e1:13:1e:
         4b:a8:3f:cd:54:ee:c9:14:4b:5f:6a:8c:e3:41:68:18:54:14:
         0a:81:ca:aa:98:01:67:59:0b:28:6b:4f:21:c2:b3:51:49:89:
         09:3e:43:11:98:2b:e3:9d:ce:f5:c4:38:77:6c:ee:5c:6a:9d:
         41:bd:76:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbvUjQMprZJN/Zc21paXPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMGU5YWM2NDUxMGZhMzkxODQ2YmIxMzlhYjUyYjgwMDFk
NTgwMzgwHhcNMjQwMTAyMDQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDdmNjNjZGMzYTk0MjJhMjU1Y2JlNTI5Njc1ZmI5MTk3ZmI4NWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLcFJyZyjAHIL+2yfABfyiBs6EOz
qcIjv90qn7JCOtInYYnMt3Hu6YJ5W81tCzu832sD0McRR+jclsb7J6Al4T59N8gu
c8Ixvmv0BWcPh2r/yGe05WWcZ/AAzA/6CEG2btBhQFp2QTuO9w2iz2DDHXnWANuT
FbpleQVkg8SgCk0bq72VIgBrqRq4kQKStdY6Y1/wY7SXUAi5dd5BRHFj0CisSKCj
cCVHGbqf0wbyxA7ZFEAwqNJ5UfegD8VbvUbP0G71pXdwDqGLuMdZ182/7BNTpzdB
cxENaeTClU/ZAjBrmLqWpJqWJWrzG6EW9IKXg6crI1BOZt4e8ap7bSr+DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMB/Y83DqUIqJVy+UpZ1+5GX+4XwMB8GA1UdIwQY
MBaAFCMOmsZFEPo5GEa7E5q1K4AB1YA4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXc2YXhrVVEtamtZUnJzVG1yVXJnQUhWZ0RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9jYTY4ZTgtNTE1Ny00NmI2LWI1ODQt
ZWE5MmQ4MGFiMTg4LzEvd0g5anpjT3BRaW9sWEw1U2xuWDdrWmY3aGZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9jYTY4ZTgtNTE1Ny00NmI2LWI1ODQtZWE5MmQ4MGFiMTg4
LzEvSXc2YXhrVVEtamtZUnJzVG1yVXJnQUhWZ0RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR6MMA0G
CSqGSIb3DQEBCwUAA4IBAQAHyscFEcxkjjWZ6RIzT9MFVIk4U9Iv5Wk7OLNqTZW/
Y5wWOMxmQsZTWZlOLsJCDNw5Yh13v2SAKZ0gAgDgIFZVdpQeti78M98i4OKEDtYx
FrtHOaj3p9JVlPFtfVXOrdsk2czgjtrLJPaVnblNZ5fRAIaJI24aU7mJO1KP0k2T
i9Sy4sxOZW4qjIgFAINSmq0u9WPKwnXPHuPEQlWJVKdjGouZIJgdghBnH2XXYUmo
OfTM/Nvv2Wy37oBUJs3etDdXiojhEx5LqD/NVO7JFEtfaozjQWgYVBQKgcqqmAFn
WQsoa08hwrNRSYkJPkMRmCvjnc71xDh3bO5cap1BvXbL
-----END CERTIFICATE-----