Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/oe8DXh2xMJDTp0p3gStt3ARlSRU.roa
File:                     oe8DXh2xMJDTp0p3gStt3ARlSRU.roa (raw, json)
Hash identifier:          m1oafxisPZwzwXCinJc/xTvDObGqc9BiyOYuLx3/+xA=
Subject key identifier:   A1:EF:03:5E:1D:B1:30:90:D3:A7:4A:77:81:2B:6D:DC:04:65:49:15
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       01925E194EC562ACBECF8BA174FB712CF3AC
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/oe8DXh2xMJDTp0p3gStt3ARlSRU.roa
Signing time:             Sat 05 Oct 2024 19:12:49 +0000
ROA not before:           Sat 05 Oct 2024 19:12:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212369
IP address blocks:        193.223.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:5e:19:4e:c5:62:ac:be:cf:8b:a1:74:fb:71:2c:f3:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Oct  5 19:12:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1ef035e1db13090d3a74a77812b6ddc04654915
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:36:34:7e:51:29:c4:f5:dd:7e:79:26:03:f9:
                    39:f0:12:25:be:de:fe:19:1d:d6:ef:9b:9e:92:f9:
                    b6:4f:86:22:45:33:4e:87:d6:14:f3:e8:d8:0f:cf:
                    9a:15:e9:7e:cc:e8:d3:b5:b2:be:f8:a4:2a:5f:42:
                    9b:45:93:96:fe:13:f3:3d:6f:e9:65:4e:06:95:93:
                    00:49:85:30:5c:7e:d1:25:a6:7d:87:8e:d8:70:57:
                    7f:04:8d:38:5a:eb:10:07:3c:40:89:4a:56:9c:5b:
                    89:6b:56:95:3d:fe:02:85:a6:7d:e2:9d:37:9d:1f:
                    11:3d:b0:b6:d4:60:3d:7e:87:87:16:8a:f8:dc:ef:
                    c8:fd:b7:34:04:e1:20:34:81:ed:c9:a2:d5:8c:12:
                    b3:0f:28:1e:03:4d:88:24:c7:83:73:7d:0a:65:48:
                    9d:60:ed:b4:71:0e:b7:a2:31:04:35:53:cd:a4:6c:
                    33:94:68:44:e6:8d:f3:36:71:56:8c:27:63:25:57:
                    31:23:f0:d7:da:ba:3d:34:de:d1:ef:fb:3a:39:e0:
                    f2:f4:a5:06:1c:1e:ed:c6:ce:d3:d0:f3:1a:73:22:
                    57:b9:8b:bb:b7:04:fe:72:7f:c3:b7:a2:ef:f7:24:
                    fa:41:63:9d:03:ac:39:47:37:86:0d:34:6d:13:2d:
                    bd:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:EF:03:5E:1D:B1:30:90:D3:A7:4A:77:81:2B:6D:DC:04:65:49:15
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/oe8DXh2xMJDTp0p3gStt3ARlSRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.223.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:1e:02:da:4b:8f:35:e3:ed:70:44:fa:cc:f3:50:76:62:cf:
         8f:44:b8:19:f9:be:0d:d2:30:67:5f:69:a0:19:13:4e:1b:7b:
         2e:69:25:bd:77:79:27:f0:ff:fe:82:7f:58:68:9e:44:a8:88:
         6f:80:12:88:b6:4c:9b:15:1e:c2:59:76:62:12:fe:00:0f:48:
         83:ce:26:9d:24:fe:51:44:85:12:29:c6:77:03:8d:b4:d2:13:
         17:b2:37:6d:db:b2:97:16:20:7e:3e:ed:a2:db:21:19:eb:e4:
         5b:70:39:c9:77:d6:1d:9e:dc:aa:fc:c3:06:79:d7:2e:39:84:
         6f:59:b8:57:d2:cd:c0:b2:da:18:2f:97:b7:54:43:db:12:47:
         80:e5:45:24:b8:3a:22:15:50:c0:d5:95:3a:42:80:43:3a:38:
         46:2b:0f:00:1c:ba:83:51:32:f9:18:b4:ee:2f:96:b2:32:46:
         0d:73:89:e7:1c:b1:19:25:53:ef:25:a0:0d:22:5d:5f:ea:47:
         b5:75:d3:e4:46:ea:95:b7:a6:6a:a4:54:98:38:5b:07:3f:81:
         80:a8:0f:86:18:e7:a8:33:7c:ff:54:80:7d:c6:5f:70:d4:6a:
         1a:32:a8:22:67:90:dc:e4:60:29:01:6a:8d:8c:44:72:7d:b6:
         f7:a5:6c:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJeGU7FYqy+z4uhdPtxLPOsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQxMDA1MTkxMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWVmMDM1ZTFkYjEzMDkwZDNhNzRhNzc4MTJiNmRkYzA0NjU0OTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDY0flEpxPXdfnkmA/k58BIlvt7+
GR3W75uekvm2T4YiRTNOh9YU8+jYD8+aFel+zOjTtbK++KQqX0KbRZOW/hPzPW/p
ZU4GlZMASYUwXH7RJaZ9h47YcFd/BI04WusQBzxAiUpWnFuJa1aVPf4ChaZ94p03
nR8RPbC21GA9foeHFor43O/I/bc0BOEgNIHtyaLVjBKzDygeA02IJMeDc30KZUid
YO20cQ63ojEENVPNpGwzlGhE5o3zNnFWjCdjJVcxI/DX2ro9NN7R7/s6OeDy9KUG
HB7txs7T0PMacyJXuYu7twT+cn/Dt6Lv9yT6QWOdA6w5RzeGDTRtEy29SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKHvA14dsTCQ06dKd4ErbdwEZUkVMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvb2U4RFhoMnhNSkRUcDBwM2dTdHQzQVJsU1JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd9rMA0G
CSqGSIb3DQEBCwUAA4IBAQBKHgLaS4814+1wRPrM81B2Ys+PRLgZ+b4N0jBnX2mg
GRNOG3suaSW9d3kn8P/+gn9YaJ5EqIhvgBKItkybFR7CWXZiEv4AD0iDziadJP5R
RIUSKcZ3A4200hMXsjdt27KXFiB+Pu2i2yEZ6+RbcDnJd9Ydntyq/MMGedcuOYRv
WbhX0s3AstoYL5e3VEPbEkeA5UUkuDoiFVDA1ZU6QoBDOjhGKw8AHLqDUTL5GLTu
L5ayMkYNc4nnHLEZJVPvJaANIl1f6ke1ddPkRuqVt6ZqpFSYOFsHP4GAqA+GGOeo
M3z/VIB9xl9w1GoaMqgiZ5Dc5GApAWqNjERyfbb3pWzk
-----END CERTIFICATE-----