Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/yFRzZBx5uf-Kjh8OVzYPhusZFOo.roa
File:                     yFRzZBx5uf-Kjh8OVzYPhusZFOo.roa (raw, json)
Hash identifier:          Hukd53CNKD0tb6YHluu+04Ap1fIiSz98aCFE+k/2DyE=
Subject key identifier:   C8:54:73:64:1C:79:B9:FF:8A:8E:1F:0E:57:36:0F:86:EB:19:14:EA
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       018D0D8D674406336547597A2D8A0B026DE5
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/yFRzZBx5uf-Kjh8OVzYPhusZFOo.roa
Signing time:             Mon 15 Jan 2024 14:36:27 +0000
ROA not before:           Mon 15 Jan 2024 14:36:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48108
IP address blocks:        193.43.146.0/24 maxlen: 24
                          45.93.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0d:8d:67:44:06:33:65:47:59:7a:2d:8a:0b:02:6d:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Jan 15 14:36:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c85473641c79b9ff8a8e1f0e57360f86eb1914ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:25:79:b6:39:d6:e7:0b:25:3f:36:fb:b6:ef:
                    ef:43:6e:ca:be:42:50:70:cf:19:36:58:bf:46:40:
                    b1:97:7e:40:0b:4e:70:4e:69:6f:9b:82:a5:60:4f:
                    b3:ea:ca:61:ac:31:97:bd:89:d4:14:51:93:7b:7f:
                    cd:85:75:92:3c:80:52:b6:18:1b:47:e1:ec:6e:7c:
                    16:29:09:d1:a6:20:21:dc:94:a1:1c:4e:1e:c5:86:
                    c9:bb:bd:72:71:18:7e:c2:45:b9:74:fd:2a:ff:83:
                    95:f8:00:c7:ec:d3:92:a7:a0:4b:54:44:ea:65:2a:
                    fa:62:a3:d0:38:c3:77:6d:9d:8a:f2:56:dc:ec:57:
                    3f:68:e4:51:cf:d6:70:ed:3d:e3:a5:bc:5d:d9:01:
                    d3:2a:e7:10:45:1b:f8:76:11:c9:cc:c7:88:dc:74:
                    1d:df:0a:cc:16:01:b6:44:f1:f8:e7:5a:56:92:10:
                    1c:49:76:c7:97:2c:e8:dc:16:76:2a:40:dd:74:40:
                    21:a3:44:eb:8b:71:24:4f:d0:76:22:70:16:a1:82:
                    ab:31:b5:9f:8e:f5:20:22:d5:1a:69:35:8a:05:1e:
                    9d:f9:1a:91:ec:c5:62:2a:98:73:79:39:65:83:9d:
                    ad:ab:7e:d8:d1:b4:e4:3a:26:fa:ff:bf:16:3a:79:
                    41:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:54:73:64:1C:79:B9:FF:8A:8E:1F:0E:57:36:0F:86:EB:19:14:EA
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/yFRzZBx5uf-Kjh8OVzYPhusZFOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.8.0/24
                  193.43.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:d1:54:f9:c1:09:a1:bd:c6:d1:fc:88:d0:e4:4a:04:f7:49:
         b8:99:96:77:4b:62:94:97:1f:2c:0c:f2:13:3a:61:0d:e7:09:
         f9:1c:9f:06:7b:1e:a6:6a:6c:b1:46:06:40:03:a6:18:74:6c:
         7e:3d:c0:08:f1:13:a8:cf:b3:bd:e0:fd:1f:eb:d3:31:87:05:
         70:a5:5d:97:37:a9:ca:9b:42:94:d8:19:47:3f:13:d2:6c:6f:
         db:8a:74:2f:b6:e5:d6:19:b5:ab:aa:4a:1a:95:a3:75:5e:4d:
         bc:6b:4b:98:a4:d8:0a:6b:e1:12:0e:db:e0:a5:c1:7b:10:e9:
         29:b9:55:41:af:52:52:c3:01:58:4f:9f:1e:a8:fa:7f:e5:a0:
         a2:21:e7:fe:59:75:87:ff:87:f5:da:5a:9e:9f:64:53:7f:c9:
         6d:59:c0:a2:c2:70:ba:cf:eb:26:b3:2d:0e:c2:b9:c5:d5:aa:
         08:43:ea:e5:66:5d:67:20:0e:18:dc:92:46:80:5e:ba:e6:58:
         3a:51:b3:c6:65:3a:a2:0d:c8:78:eb:86:df:ce:68:f6:e3:3f:
         31:e8:a6:1c:49:2c:a7:d2:c0:75:1c:5e:5d:01:b9:3e:46:3f:
         fe:a0:fa:c4:01:d4:32:6a:bb:54:90:a5:7f:37:5f:61:9c:06:
         8b:26:7a:1c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY0NjWdEBjNlR1l6LYoLAm3lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjQwMTE1MTQzNjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODU0NzM2NDFjNzliOWZmOGE4ZTFmMGU1NzM2MGY4NmViMTkxNGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyV5tjnW5wslPzb7tu/vQ27KvkJQ
cM8ZNli/RkCxl35AC05wTmlvm4KlYE+z6sphrDGXvYnUFFGTe3/NhXWSPIBSthgb
R+HsbnwWKQnRpiAh3JShHE4exYbJu71ycRh+wkW5dP0q/4OV+ADH7NOSp6BLVETq
ZSr6YqPQOMN3bZ2K8lbc7Fc/aORRz9Zw7T3jpbxd2QHTKucQRRv4dhHJzMeI3HQd
3wrMFgG2RPH451pWkhAcSXbHlyzo3BZ2KkDddEAho0Tri3EkT9B2InAWoYKrMbWf
jvUgItUaaTWKBR6d+RqR7MViKphzeTllg52tq37Y0bTkOib6/78WOnlBlwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMhUc2Qcebn/io4fDlc2D4brGRTqMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEveUZSelpCeDV1Zi1Lamg4T1Z6WVBodXNaRk9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALV0IAwQA
wSuSMA0GCSqGSIb3DQEBCwUAA4IBAQBq0VT5wQmhvcbR/IjQ5EoE90m4mZZ3S2KU
lx8sDPITOmEN5wn5HJ8Gex6mamyxRgZAA6YYdGx+PcAI8ROoz7O94P0f69MxhwVw
pV2XN6nKm0KU2BlHPxPSbG/binQvtuXWGbWrqkoalaN1Xk28a0uYpNgKa+ESDtvg
pcF7EOkpuVVBr1JSwwFYT58eqPp/5aCiIef+WXWH/4f12lqen2RTf8ltWcCiwnC6
z+smsy0OwrnF1aoIQ+rlZl1nIA4Y3JJGgF665lg6UbPGZTqiDch464bfzmj24z8x
6KYcSSyn0sB1HF5dAbk+Rj/+oPrEAdQyartUkKV/N19hnAaLJnoc
-----END CERTIFICATE-----