Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/289b8d-78de-4160-90d3-61d26603c37c/1/PyS2punroYtDWn87G8UNDPrfqj8.roa
File:                     PyS2punroYtDWn87G8UNDPrfqj8.roa (raw, json)
Hash identifier:          LjsqiN5/e11uS5hG5Fw5fspm/Ice/O6b9SeC97ivr5s=
Subject key identifier:   3F:24:B6:A6:E9:EB:A1:8B:43:5A:7F:3B:1B:C5:0D:0C:FA:DF:AA:3F
Certificate issuer:       /CN=f638947ddb892f5f3a48a69af97a8fb52103a0d6
Certificate serial:       018D4590949BF349A5E554CA5F6EF91C93FC
Authority key identifier: F6:38:94:7D:DB:89:2F:5F:3A:48:A6:9A:F9:7A:8F:B5:21:03:A0:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9jiUfduJL186SKaa-XqPtSEDoNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/289b8d-78de-4160-90d3-61d26603c37c/1/PyS2punroYtDWn87G8UNDPrfqj8.roa
Signing time:             Fri 26 Jan 2024 11:38:39 +0000
ROA not before:           Fri 26 Jan 2024 11:38:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.35.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/289b8d-78de-4160-90d3-61d26603c37c/1/9jiUfduJL186SKaa-XqPtSEDoNY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/289b8d-78de-4160-90d3-61d26603c37c/1/9jiUfduJL186SKaa-XqPtSEDoNY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9jiUfduJL186SKaa-XqPtSEDoNY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:45:90:94:9b:f3:49:a5:e5:54:ca:5f:6e:f9:1c:93:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f638947ddb892f5f3a48a69af97a8fb52103a0d6
        Validity
            Not Before: Jan 26 11:38:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f24b6a6e9eba18b435a7f3b1bc50d0cfadfaa3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ff:6e:50:bf:47:9b:77:26:b6:37:e3:27:4b:
                    f9:ba:26:4b:db:1b:5b:6f:df:3a:fb:4e:d5:8f:89:
                    ca:23:05:d3:45:5e:66:04:2f:92:e8:10:60:ad:e3:
                    35:95:c2:ef:13:aa:a3:8a:ed:59:3c:4a:c6:61:f5:
                    5e:f4:67:c4:cd:77:f1:b8:db:7a:06:68:55:db:b6:
                    b9:4a:ea:3f:a7:87:ba:8d:3f:1b:dd:79:ce:a4:5b:
                    12:96:b9:38:f7:d0:a1:ef:14:a2:b9:44:03:76:9f:
                    1a:57:c6:23:4e:b5:21:17:ed:05:53:86:4c:21:89:
                    f6:8b:56:7a:73:c3:7f:8e:1f:51:71:c0:1e:8a:39:
                    46:e0:39:95:d9:2b:05:9f:79:cd:6d:a6:00:fc:2a:
                    31:96:6c:88:31:46:c7:9f:ff:c4:88:ab:f8:e4:70:
                    d2:16:cb:8b:ec:28:82:6c:00:2b:0a:f5:86:8f:d2:
                    46:35:99:bf:94:10:fc:11:11:f0:c5:3c:2d:7d:f8:
                    e6:f8:39:47:3c:dc:7a:1a:2f:29:35:5e:53:5d:fa:
                    0c:84:a9:c2:bc:75:da:54:69:11:d7:2c:32:9f:69:
                    18:01:80:b2:90:64:99:75:c9:e2:8b:64:3e:28:21:
                    7b:45:f3:d1:7d:c1:d0:00:e4:c3:a6:c2:a4:8b:b1:
                    3f:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:24:B6:A6:E9:EB:A1:8B:43:5A:7F:3B:1B:C5:0D:0C:FA:DF:AA:3F
            X509v3 Authority Key Identifier:
                keyid:F6:38:94:7D:DB:89:2F:5F:3A:48:A6:9A:F9:7A:8F:B5:21:03:A0:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9jiUfduJL186SKaa-XqPtSEDoNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/289b8d-78de-4160-90d3-61d26603c37c/1/PyS2punroYtDWn87G8UNDPrfqj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/289b8d-78de-4160-90d3-61d26603c37c/1/9jiUfduJL186SKaa-XqPtSEDoNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:95:d1:33:3a:92:ee:d8:ef:d1:bd:f7:b7:36:85:90:a3:61:
         6d:1c:49:8b:ce:f4:55:c4:a5:1d:2a:40:14:51:38:7a:9d:02:
         72:15:9a:af:62:15:ca:63:c1:b4:b1:c0:f8:d1:5c:a4:2c:fd:
         a3:af:ad:fc:8f:de:15:2b:6f:d9:ae:9f:4c:08:b7:67:bd:1e:
         eb:87:f4:5e:7e:b3:b9:fd:7b:ee:9e:3d:7c:09:70:e6:1d:1a:
         8b:72:b2:23:cb:75:48:2c:3b:72:08:cf:b7:c5:d9:ed:fe:1d:
         64:e4:0a:7c:3f:cc:dd:79:d6:51:5b:07:11:47:c1:a1:28:f1:
         24:3b:ab:f1:cd:29:69:07:c7:0a:e4:d6:53:84:da:da:19:68:
         2e:46:7d:08:5d:ac:83:d1:52:7e:21:da:41:3f:63:7b:8a:4f:
         74:3e:9a:82:53:89:41:2a:59:1a:35:d5:00:a2:f0:cc:f3:f4:
         6c:75:57:3a:61:ee:3e:89:c6:8c:5c:fc:d5:f9:79:15:98:1a:
         d8:b5:f1:e9:66:28:70:ea:30:05:8f:97:d3:0f:cb:73:6f:9a:
         e6:4a:48:19:de:f6:6c:be:72:5f:97:c1:5e:e8:7c:9b:c3:b1:
         a0:6d:24:d6:ca:44:d0:74:a2:69:0d:c8:46:c1:f5:eb:76:37:
         e7:e5:e3:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1FkJSb80ml5VTKX275HJP8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2Mzg5NDdkZGI4OTJmNWYzYTQ4YTY5YWY5N2E4ZmI1MjEw
M2EwZDYwHhcNMjQwMTI2MTEzODM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjI0YjZhNmU5ZWJhMThiNDM1YTdmM2IxYmM1MGQwY2ZhZGZhYTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApP9uUL9Hm3cmtjfjJ0v5uiZL2xtb
b986+07Vj4nKIwXTRV5mBC+S6BBgreM1lcLvE6qjiu1ZPErGYfVe9GfEzXfxuNt6
BmhV27a5Suo/p4e6jT8b3XnOpFsSlrk499Ch7xSiuUQDdp8aV8YjTrUhF+0FU4ZM
IYn2i1Z6c8N/jh9RccAeijlG4DmV2SsFn3nNbaYA/CoxlmyIMUbHn//EiKv45HDS
FsuL7CiCbAArCvWGj9JGNZm/lBD8ERHwxTwtffjm+DlHPNx6Gi8pNV5TXfoMhKnC
vHXaVGkR1ywyn2kYAYCykGSZdcnii2Q+KCF7RfPRfcHQAOTDpsKki7E/SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD8ktqbp66GLQ1p/OxvFDQz636o/MB8GA1UdIwQY
MBaAFPY4lH3biS9fOkimmvl6j7UhA6DWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWppVWZkdUpMMTg2U0thYS1YcVB0U0VEb05ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8yODliOGQtNzhkZS00MTYwLTkwZDMt
NjFkMjY2MDNjMzdjLzEvUHlTMnB1bnJvWXREV244N0c4VU5EUHJmcWo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8yODliOGQtNzhkZS00MTYwLTkwZDMtNjFkMjY2MDNjMzdj
LzEvOWppVWZkdUpMMTg2U0thYS1YcVB0U0VEb05ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSOdMA0G
CSqGSIb3DQEBCwUAA4IBAQB4ldEzOpLu2O/Rvfe3NoWQo2FtHEmLzvRVxKUdKkAU
UTh6nQJyFZqvYhXKY8G0scD40VykLP2jr638j94VK2/Zrp9MCLdnvR7rh/RefrO5
/Xvunj18CXDmHRqLcrIjy3VILDtyCM+3xdnt/h1k5Ap8P8zdedZRWwcRR8GhKPEk
O6vxzSlpB8cK5NZThNraGWguRn0IXayD0VJ+IdpBP2N7ik90PpqCU4lBKlkaNdUA
ovDM8/RsdVc6Ye4+icaMXPzV+XkVmBrYtfHpZihw6jAFj5fTD8tzb5rmSkgZ3vZs
vnJfl8Fe6Hybw7GgbSTWykTQdKJpDchGwfXrdjfn5eMN
-----END CERTIFICATE-----