Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/50a239-d5bc-42fe-95a5-1ac08e8a8cb4/1/4Dgcvn6roMt6byDwaZKC4R5LMug.roa
File:                     4Dgcvn6roMt6byDwaZKC4R5LMug.roa (raw, json)
Hash identifier:          GAshqXvxw4icXp3h2ULIY3BBMiWLOoHqr5Z1CAeRFss=
Subject key identifier:   E0:38:1C:BE:7E:AB:A0:CB:7A:6F:20:F0:69:92:82:E1:1E:4B:32:E8
Certificate issuer:       /CN=9a6c0b9fb13f4316ed6ca3f86ffc7185c09db3d7
Certificate serial:       01912C36A616BCA9228003BF2EA88E9ED0CC
Authority key identifier: 9A:6C:0B:9F:B1:3F:43:16:ED:6C:A3:F8:6F:FC:71:85:C0:9D:B3:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mmwLn7E_QxbtbKP4b_xxhcCds9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/50a239-d5bc-42fe-95a5-1ac08e8a8cb4/1/4Dgcvn6roMt6byDwaZKC4R5LMug.roa
Signing time:             Wed 07 Aug 2024 09:41:04 +0000
ROA not before:           Wed 07 Aug 2024 09:41:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198134
IP address blocks:        193.161.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/50a239-d5bc-42fe-95a5-1ac08e8a8cb4/1/mmwLn7E_QxbtbKP4b_xxhcCds9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/50a239-d5bc-42fe-95a5-1ac08e8a8cb4/1/mmwLn7E_QxbtbKP4b_xxhcCds9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mmwLn7E_QxbtbKP4b_xxhcCds9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:2c:36:a6:16:bc:a9:22:80:03:bf:2e:a8:8e:9e:d0:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a6c0b9fb13f4316ed6ca3f86ffc7185c09db3d7
        Validity
            Not Before: Aug  7 09:41:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0381cbe7eaba0cb7a6f20f0699282e11e4b32e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:71:da:60:cb:13:97:af:d8:1e:8a:e4:ba:0f:
                    19:c1:3f:e5:21:12:e3:56:2b:36:ef:18:96:f9:56:
                    77:18:ad:d4:31:10:e7:5b:09:ee:1d:2a:9f:c0:1a:
                    22:55:05:d1:15:9c:af:0e:2e:f1:e8:b3:90:c9:83:
                    57:3e:fb:67:d0:ab:b1:f8:2a:b5:44:08:26:80:df:
                    0e:37:65:bc:e3:76:46:20:a5:24:e6:e5:9e:17:9e:
                    2a:33:61:96:c0:bd:15:a1:03:d1:37:84:11:7c:a5:
                    4d:be:46:ef:ac:21:3b:0c:08:40:f5:57:a3:8f:f2:
                    e5:e0:14:6b:8b:c2:25:02:1b:f3:f3:ac:b5:11:8e:
                    15:0f:81:d4:44:ad:a6:ef:c8:60:cc:a5:ff:bd:b2:
                    e6:85:2b:f0:b9:2a:0b:9a:05:8b:77:40:1b:b3:49:
                    5d:63:9d:c7:7c:1b:4a:d0:9e:65:21:48:b4:79:b9:
                    26:80:c5:01:cb:4e:ab:6f:97:eb:69:db:36:db:47:
                    76:cd:ee:05:52:59:23:25:f1:ae:8b:98:af:d7:47:
                    00:ef:82:ef:e1:a9:82:cb:b4:97:82:7d:df:1e:39:
                    f2:3c:5c:41:cb:75:5b:60:79:09:17:c4:3e:b6:8d:
                    e8:5f:77:fa:df:fb:9a:8b:fb:83:c8:c7:b5:6e:5c:
                    a7:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:38:1C:BE:7E:AB:A0:CB:7A:6F:20:F0:69:92:82:E1:1E:4B:32:E8
            X509v3 Authority Key Identifier:
                keyid:9A:6C:0B:9F:B1:3F:43:16:ED:6C:A3:F8:6F:FC:71:85:C0:9D:B3:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mmwLn7E_QxbtbKP4b_xxhcCds9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/50a239-d5bc-42fe-95a5-1ac08e8a8cb4/1/4Dgcvn6roMt6byDwaZKC4R5LMug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/50a239-d5bc-42fe-95a5-1ac08e8a8cb4/1/mmwLn7E_QxbtbKP4b_xxhcCds9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.161.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:78:ac:90:01:85:41:5f:32:5c:7f:37:d0:a3:47:45:4c:0b:
         c9:37:fc:fc:6a:35:bc:0f:af:36:1d:71:77:23:84:7a:a1:cf:
         fe:f5:22:64:61:5d:17:be:0f:99:b9:d8:64:6d:73:7f:d2:23:
         f4:75:ad:5f:94:f8:1f:a9:8b:3c:84:60:4a:96:bb:1f:1b:4e:
         4a:bb:be:3d:4a:52:fc:45:f1:ba:3e:c4:0e:53:d6:2e:20:f7:
         59:41:32:aa:31:44:75:5a:39:44:1b:0b:fc:25:07:88:ae:ea:
         b2:6c:d7:0b:0a:50:a3:c3:c3:b9:0a:b1:4e:ba:a7:f8:bd:a8:
         5f:53:73:79:7f:8a:71:fa:d2:01:5c:3a:4c:fb:0d:78:60:e3:
         8e:7b:37:90:94:31:81:96:d7:da:9b:d2:80:93:03:44:f8:53:
         7d:de:69:0d:70:16:6c:55:50:66:72:31:88:2e:41:a5:07:d5:
         bf:d6:3f:ef:31:d6:33:98:b5:9b:41:78:f6:0f:a2:09:ea:b7:
         cd:56:5b:5b:8f:c5:b2:f9:60:42:e9:6e:da:75:70:13:73:4d:
         c6:b2:d5:f6:81:07:58:82:2b:76:97:35:f9:26:d6:6f:4e:cf:
         26:d6:98:dc:17:0f:67:e7:15:0d:f5:48:cf:5a:8c:b0:d8:86:
         08:57:87:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEsNqYWvKkigAO/LqiOntDMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNmMwYjlmYjEzZjQzMTZlZDZjYTNmODZmZmM3MTg1YzA5
ZGIzZDcwHhcNMjQwODA3MDk0MTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDM4MWNiZTdlYWJhMGNiN2E2ZjIwZjA2OTkyODJlMTFlNGIzMmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3HaYMsTl6/YHorkug8ZwT/lIRLj
Vis27xiW+VZ3GK3UMRDnWwnuHSqfwBoiVQXRFZyvDi7x6LOQyYNXPvtn0Kux+Cq1
RAgmgN8ON2W843ZGIKUk5uWeF54qM2GWwL0VoQPRN4QRfKVNvkbvrCE7DAhA9Vej
j/Ll4BRri8IlAhvz86y1EY4VD4HURK2m78hgzKX/vbLmhSvwuSoLmgWLd0Abs0ld
Y53HfBtK0J5lIUi0ebkmgMUBy06rb5frads220d2ze4FUlkjJfGui5iv10cA74Lv
4amCy7SXgn3fHjnyPFxBy3VbYHkJF8Q+to3oX3f63/uai/uDyMe1blynyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOA4HL5+q6DLem8g8GmSguEeSzLoMB8GA1UdIwQY
MBaAFJpsC5+xP0MW7Wyj+G/8cYXAnbPXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbW13TG43RV9ReGJ0YktQNGJfeHhoY0NkczljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi81MGEyMzktZDViYy00MmZlLTk1YTUt
MWFjMDhlOGE4Y2I0LzEvNERnY3ZuNnJvTXQ2YnlEd2FaS0M0UjVMTXVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi81MGEyMzktZDViYy00MmZlLTk1YTUtMWFjMDhlOGE4Y2I0
LzEvbW13TG43RV9ReGJ0YktQNGJfeHhoY0NkczljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaHBMA0G
CSqGSIb3DQEBCwUAA4IBAQAAeKyQAYVBXzJcfzfQo0dFTAvJN/z8ajW8D682HXF3
I4R6oc/+9SJkYV0Xvg+ZudhkbXN/0iP0da1flPgfqYs8hGBKlrsfG05Ku749SlL8
RfG6PsQOU9YuIPdZQTKqMUR1WjlEGwv8JQeIruqybNcLClCjw8O5CrFOuqf4vahf
U3N5f4px+tIBXDpM+w14YOOOezeQlDGBltfam9KAkwNE+FN93mkNcBZsVVBmcjGI
LkGlB9W/1j/vMdYzmLWbQXj2D6IJ6rfNVltbj8Wy+WBC6W7adXATc03GstX2gQdY
git2lzX5JtZvTs8m1pjcFw9n5xUN9UjPWoyw2IYIV4cx
-----END CERTIFICATE-----