Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/94fdd8-04dd-4a22-8410-7d79c07173f4/1/nRICT2KRUllWyNkbOUIkDt31yHo.roa
File:                     nRICT2KRUllWyNkbOUIkDt31yHo.roa (raw, json)
Hash identifier:          sTfiQARYgoxhKf5z6tE+9bQAiC6/VLzFynOdy1GyifI=
Subject key identifier:   9D:12:02:4F:62:91:52:59:56:C8:D9:1B:39:42:24:0E:DD:F5:C8:7A
Certificate issuer:       /CN=41600300eeed5af5d7fc09d8fc158b65935ed057
Certificate serial:       018DF3C0638218E1CC69D97F70DD28E05D8E
Authority key identifier: 41:60:03:00:EE:ED:5A:F5:D7:FC:09:D8:FC:15:8B:65:93:5E:D0:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QWADAO7tWvXX_AnY_BWLZZNe0Fc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/94fdd8-04dd-4a22-8410-7d79c07173f4/1/nRICT2KRUllWyNkbOUIkDt31yHo.roa
Signing time:             Thu 29 Feb 2024 07:24:48 +0000
ROA not before:           Thu 29 Feb 2024 07:24:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8976
IP address blocks:        193.105.64.0/24 maxlen: 24
                          2001:67c:e14::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/94fdd8-04dd-4a22-8410-7d79c07173f4/1/QWADAO7tWvXX_AnY_BWLZZNe0Fc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/94fdd8-04dd-4a22-8410-7d79c07173f4/1/QWADAO7tWvXX_AnY_BWLZZNe0Fc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QWADAO7tWvXX_AnY_BWLZZNe0Fc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f3:c0:63:82:18:e1:cc:69:d9:7f:70:dd:28:e0:5d:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41600300eeed5af5d7fc09d8fc158b65935ed057
        Validity
            Not Before: Feb 29 07:24:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d12024f6291525956c8d91b3942240eddf5c87a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3c:dd:e4:78:ea:a8:1c:55:92:a0:5e:74:dd:
                    6f:4f:d5:11:44:1d:55:63:dc:bf:16:30:72:42:18:
                    6e:b3:cc:84:71:5b:6d:16:1c:36:04:56:81:bb:9e:
                    3a:51:10:4d:d6:21:1a:fd:3d:ad:cf:ff:ba:ba:68:
                    4f:93:81:cc:9a:c1:e7:84:a5:81:68:f2:9f:7c:b0:
                    dc:25:22:21:a0:0b:e3:1b:ed:50:24:63:4f:6f:ec:
                    87:c7:79:3d:72:24:f8:11:47:bc:4d:8f:f5:8d:61:
                    47:9a:ed:94:ed:8b:c3:76:83:b3:76:b7:09:21:8b:
                    ef:f7:60:08:37:64:bb:ee:d9:e3:73:3c:cc:f3:b4:
                    3c:c1:34:a4:35:d3:95:89:0a:2e:98:eb:b4:a6:9f:
                    a4:5a:7a:7c:69:31:89:fd:96:fd:cc:4f:20:f8:d8:
                    4f:77:3c:0a:b4:8d:85:dd:7e:13:b6:88:a1:3f:31:
                    bc:a6:fd:bf:08:44:f2:d8:e6:53:d5:8b:bf:93:31:
                    01:73:6e:ef:46:9b:dd:67:7a:79:e1:62:a7:48:9c:
                    e8:87:03:c8:0d:3c:92:5b:1a:9e:43:90:d5:9c:65:
                    aa:74:72:bb:be:ef:cc:62:45:17:ae:c3:f7:cb:16:
                    a6:68:ff:f6:be:61:6c:f3:da:62:89:5d:2e:07:8c:
                    67:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:12:02:4F:62:91:52:59:56:C8:D9:1B:39:42:24:0E:DD:F5:C8:7A
            X509v3 Authority Key Identifier:
                keyid:41:60:03:00:EE:ED:5A:F5:D7:FC:09:D8:FC:15:8B:65:93:5E:D0:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QWADAO7tWvXX_AnY_BWLZZNe0Fc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/94fdd8-04dd-4a22-8410-7d79c07173f4/1/nRICT2KRUllWyNkbOUIkDt31yHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/94fdd8-04dd-4a22-8410-7d79c07173f4/1/QWADAO7tWvXX_AnY_BWLZZNe0Fc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.64.0/24
                IPv6:
                  2001:67c:e14::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:43:b3:f0:d2:ff:b7:01:ed:ce:0e:ec:f8:f8:f9:de:60:f9:
         85:a3:d6:58:6e:a4:19:78:66:d4:c1:ad:29:5a:03:aa:2e:cd:
         11:a5:cc:d8:36:d8:37:27:fe:f4:79:9e:c0:da:b3:62:97:5c:
         95:0d:3a:1d:f5:61:7e:ba:5e:db:7a:3b:9d:f5:73:2b:fe:a2:
         eb:f2:bf:cf:1d:2f:0c:67:51:1a:66:2f:67:59:49:76:12:69:
         4e:87:05:96:69:e6:f3:92:8a:9e:c1:19:f4:21:d6:c5:31:4f:
         86:8b:1d:9f:8e:55:ad:a7:35:c1:2b:e5:71:a0:f1:42:21:2f:
         85:45:60:5c:b6:cf:b3:ab:27:b5:30:89:74:99:a3:bb:e9:f5:
         aa:c4:d1:c6:0d:0b:56:6e:87:29:09:86:54:24:6a:be:9d:2a:
         05:90:1d:b3:cb:b1:56:c5:b8:c1:6f:77:3b:f4:d8:ed:64:ad:
         61:e7:e4:aa:50:a0:ac:c7:bb:f9:40:90:3f:de:d7:8a:74:8b:
         60:ed:ee:7e:dd:6c:e7:bc:be:da:54:93:d5:db:c7:d0:85:12:
         e7:71:a6:2e:0c:01:cc:30:7d:b1:7a:e1:02:21:af:5c:a0:dc:
         87:18:df:84:af:17:32:80:18:36:4b:e5:5a:33:c8:fa:6e:77:
         e5:c6:cb:0e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY3zwGOCGOHMadl/cN0o4F2OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNjAwMzAwZWVlZDVhZjVkN2ZjMDlkOGZjMTU4YjY1OTM1
ZWQwNTcwHhcNMjQwMjI5MDcyNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDEyMDI0ZjYyOTE1MjU5NTZjOGQ5MWIzOTQyMjQwZWRkZjVjODdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjzd5HjqqBxVkqBedN1vT9URRB1V
Y9y/FjByQhhus8yEcVttFhw2BFaBu546URBN1iEa/T2tz/+6umhPk4HMmsHnhKWB
aPKffLDcJSIhoAvjG+1QJGNPb+yHx3k9ciT4EUe8TY/1jWFHmu2U7YvDdoOzdrcJ
IYvv92AIN2S77tnjczzM87Q8wTSkNdOViQoumOu0pp+kWnp8aTGJ/Zb9zE8g+NhP
dzwKtI2F3X4TtoihPzG8pv2/CETy2OZT1Yu/kzEBc27vRpvdZ3p54WKnSJzohwPI
DTySWxqeQ5DVnGWqdHK7vu/MYkUXrsP3yxamaP/2vmFs89piiV0uB4xnxQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJ0SAk9ikVJZVsjZGzlCJA7d9ch6MB8GA1UdIwQY
MBaAFEFgAwDu7Vr11/wJ2PwVi2WTXtBXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVdBREFPN3RXdlhYX0FuWV9CV0xaWk5lMEZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny85NGZkZDgtMDRkZC00YTIyLTg0MTAt
N2Q3OWMwNzE3M2Y0LzEvblJJQ1QyS1JVbGxXeU5rYk9VSWtEdDMxeUhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny85NGZkZDgtMDRkZC00YTIyLTg0MTAtN2Q3OWMwNzE3M2Y0
LzEvUVdBREFPN3RXdlhYX0FuWV9CV0xaWk5lMEZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwWlAMA8E
AgACMAkDBwAgAQZ8DhQwDQYJKoZIhvcNAQELBQADggEBADFDs/DS/7cB7c4O7Pj4
+d5g+YWj1lhupBl4ZtTBrSlaA6ouzRGlzNg22Dcn/vR5nsDas2KXXJUNOh31YX66
Xtt6O531cyv+ouvyv88dLwxnURpmL2dZSXYSaU6HBZZp5vOSip7BGfQh1sUxT4aL
HZ+OVa2nNcEr5XGg8UIhL4VFYFy2z7OrJ7UwiXSZo7vp9arE0cYNC1ZuhykJhlQk
ar6dKgWQHbPLsVbFuMFvdzv02O1krWHn5KpQoKzHu/lAkD/e14p0i2Dt7n7dbOe8
vtpUk9Xbx9CFEudxpi4MAcwwfbF64QIhr1yg3IcY34SvFzKAGDZL5VozyPpud+XG
yw4=
-----END CERTIFICATE-----