Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/oGp4_FVBOLEN2F-KgybYRJgnJwQ.roa
File:                     oGp4_FVBOLEN2F-KgybYRJgnJwQ.roa (raw, json)
Hash identifier:          uNgnHbg9vRNH2XZqLUGivRkj/GMc7J8N9JjcHrE7NYA=
Subject key identifier:   A0:6A:78:FC:55:41:38:B1:0D:D8:5F:8A:83:26:D8:44:98:27:27:04
Certificate issuer:       /CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
Certificate serial:       018D79167033778298035A223CDCA2FC428E
Authority key identifier: 93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/oGp4_FVBOLEN2F-KgybYRJgnJwQ.roa
Signing time:             Mon 05 Feb 2024 11:45:30 +0000
ROA not before:           Mon 05 Feb 2024 11:45:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201884
IP address blocks:        217.113.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:79:16:70:33:77:82:98:03:5a:22:3c:dc:a2:fc:42:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
        Validity
            Not Before: Feb  5 11:45:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a06a78fc554138b10dd85f8a8326d84498272704
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:8a:db:4c:14:90:78:2d:48:d7:fe:6b:14:f5:
                    c2:f7:7f:3a:d2:c6:72:a7:be:9e:f6:3c:91:a0:3c:
                    37:37:00:30:d0:0b:98:f4:3b:a5:0c:07:92:15:18:
                    6c:43:0a:a3:38:5b:eb:b6:63:d7:a0:93:3e:29:e1:
                    6a:68:15:bd:31:55:34:9c:dd:55:70:bd:11:28:7b:
                    57:51:dd:b5:15:38:3c:2f:c1:d6:8c:b4:d5:e7:bd:
                    33:db:87:d3:47:d4:5c:a4:2d:59:bb:07:00:b2:eb:
                    40:4b:00:52:bc:37:75:57:73:86:87:20:bd:f1:9e:
                    44:1e:97:48:71:b8:24:20:36:23:fc:81:a8:e3:4f:
                    b8:ff:5d:2e:5a:4d:28:25:55:b6:88:14:b6:4f:30:
                    87:e4:3d:be:ba:08:cb:4f:79:08:d6:23:3a:de:c7:
                    91:bf:76:75:73:47:9a:80:a8:ab:ec:7a:24:ca:69:
                    c0:58:64:50:92:6b:48:8c:7e:fa:97:03:36:4a:db:
                    b9:c6:8e:fe:64:82:1f:2a:29:81:58:cb:53:b4:fc:
                    e4:49:2b:d3:82:e9:9b:12:88:3b:ba:14:df:60:5d:
                    7a:1e:3e:04:92:b1:5d:7d:71:c5:b2:da:12:ba:0b:
                    ae:19:b7:36:c0:36:b0:18:6f:d7:f7:ee:55:e5:60:
                    7e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:6A:78:FC:55:41:38:B1:0D:D8:5F:8A:83:26:D8:44:98:27:27:04
            X509v3 Authority Key Identifier:
                keyid:93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/oGp4_FVBOLEN2F-KgybYRJgnJwQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.113.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:d7:5d:52:a7:59:ec:05:0f:af:f8:cd:24:48:41:19:96:a1:
         1f:fd:61:2d:71:bf:4d:7d:bd:3e:cd:6f:f9:f3:98:3b:6d:c1:
         0c:55:1c:1a:a4:53:d8:e0:d6:77:51:38:f8:cb:97:a2:f5:14:
         01:b0:32:a3:ca:97:dd:85:cb:62:0e:1b:51:6d:64:e1:5c:63:
         d3:0a:00:10:ea:ce:47:af:ed:9f:04:cd:c0:3a:ab:59:44:ca:
         30:aa:a7:e9:e7:df:71:88:90:68:dc:be:84:a5:29:4f:82:5f:
         ad:11:34:da:91:60:45:9a:1e:bf:cf:01:3e:dd:a4:bd:ee:b3:
         e8:50:16:f9:ce:a3:c1:07:ba:e3:cf:55:40:7b:be:b5:15:f4:
         92:81:be:c9:35:f8:1c:de:51:0d:ea:c0:44:33:07:f1:ad:d4:
         f7:b7:b1:4b:27:55:c6:f6:93:a9:a1:d2:3e:b0:9f:a0:08:08:
         f5:4e:4f:86:8c:ac:36:0a:57:6f:69:65:07:c1:d7:04:e5:14:
         73:f9:4d:6e:73:ef:6f:1d:f5:f0:1d:50:48:1c:83:07:2f:67:
         34:9f:4f:3e:e7:c3:c8:2c:fc:22:20:37:68:e3:a4:4c:f8:85:
         b3:ec:ad:df:ae:30:09:4b:db:d8:96:eb:da:cf:1b:74:8f:87:
         bc:45:96:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY15FnAzd4KYA1oiPNyi/EKOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZThmNGVkNWRkMDYzMDFjNDIzOTg4ZTc4NmRhYmY1MWM1
ZjU2NzQwHhcNMjQwMjA1MTE0NTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDZhNzhmYzU1NDEzOGIxMGRkODVmOGE4MzI2ZDg0NDk4MjcyNzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYrbTBSQeC1I1/5rFPXC93860sZy
p76e9jyRoDw3NwAw0AuY9DulDAeSFRhsQwqjOFvrtmPXoJM+KeFqaBW9MVU0nN1V
cL0RKHtXUd21FTg8L8HWjLTV570z24fTR9RcpC1ZuwcAsutASwBSvDd1V3OGhyC9
8Z5EHpdIcbgkIDYj/IGo40+4/10uWk0oJVW2iBS2TzCH5D2+ugjLT3kI1iM63seR
v3Z1c0eagKir7HokymnAWGRQkmtIjH76lwM2Stu5xo7+ZIIfKimBWMtTtPzkSSvT
gumbEog7uhTfYF16Hj4EkrFdfXHFstoSuguuGbc2wDawGG/X9+5V5WB+tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKBqePxVQTixDdhfioMm2ESYJycEMB8GA1UdIwQY
MBaAFJPo9O1d0GMBxCOYjnhtq/UcX1Z0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQt
MWZjMTllYTczYTJhLzEvb0dwNF9GVkJPTEVOMkYtS2d5YllSSmduSndRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQtMWZjMTllYTczYTJh
LzEvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2XEJMA0G
CSqGSIb3DQEBCwUAA4IBAQCm111Sp1nsBQ+v+M0kSEEZlqEf/WEtcb9Nfb0+zW/5
85g7bcEMVRwapFPY4NZ3UTj4y5ei9RQBsDKjypfdhctiDhtRbWThXGPTCgAQ6s5H
r+2fBM3AOqtZRMowqqfp599xiJBo3L6EpSlPgl+tETTakWBFmh6/zwE+3aS97rPo
UBb5zqPBB7rjz1VAe761FfSSgb7JNfgc3lEN6sBEMwfxrdT3t7FLJ1XG9pOpodI+
sJ+gCAj1Tk+GjKw2CldvaWUHwdcE5RRz+U1uc+9vHfXwHVBIHIMHL2c0n08+58PI
LPwiIDdo46RM+IWz7K3frjAJS9vYluvazxt0j4e8RZZn
-----END CERTIFICATE-----