Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/7c07e8-3b8c-4c93-9a08-a909cb0a138f/1/OxeGsXFSlQdWRl_e5o0WGuqVKfw.roa
File:                     OxeGsXFSlQdWRl_e5o0WGuqVKfw.roa (raw, json)
Hash identifier:          GTULuJdNEbVE8YapjrWDEv3J1ThwdyPWCP8FoG12b8M=
Subject key identifier:   3B:17:86:B1:71:52:95:07:56:46:5F:DE:E6:8D:16:1A:EA:95:29:FC
Certificate issuer:       /CN=a802b73ef4a8b6b0e0883a9c8bc6e7f012db93a0
Certificate serial:       018CC5DC1F7943B685371265A9966C4CAE16
Authority key identifier: A8:02:B7:3E:F4:A8:B6:B0:E0:88:3A:9C:8B:C6:E7:F0:12:DB:93:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qAK3PvSotrDgiDqci8bn8BLbk6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/7c07e8-3b8c-4c93-9a08-a909cb0a138f/1/OxeGsXFSlQdWRl_e5o0WGuqVKfw.roa
Signing time:             Mon 01 Jan 2024 16:29:46 +0000
ROA not before:           Mon 01 Jan 2024 16:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49581
IP address blocks:        193.141.60.0/24 maxlen: 24
                          2a12:8640::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/7c07e8-3b8c-4c93-9a08-a909cb0a138f/1/qAK3PvSotrDgiDqci8bn8BLbk6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/7c07e8-3b8c-4c93-9a08-a909cb0a138f/1/qAK3PvSotrDgiDqci8bn8BLbk6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qAK3PvSotrDgiDqci8bn8BLbk6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 04:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1f:79:43:b6:85:37:12:65:a9:96:6c:4c:ae:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a802b73ef4a8b6b0e0883a9c8bc6e7f012db93a0
        Validity
            Not Before: Jan  1 16:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b1786b17152950756465fdee68d161aea9529fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:12:49:f6:2b:39:0d:82:19:0b:73:41:e7:3d:
                    2b:fc:20:07:1f:f3:1e:12:56:fe:20:c6:1f:db:3b:
                    e8:f7:87:8b:6e:53:c8:e9:e0:b5:cb:ce:26:87:25:
                    da:84:aa:87:54:ab:42:d7:5a:75:ff:81:7b:73:9f:
                    44:a0:e0:67:a1:01:85:5b:ff:33:2e:a0:f2:2d:1b:
                    f2:63:04:16:b9:51:72:39:88:0d:31:e6:9a:d4:77:
                    3f:46:f2:a9:62:33:a6:1b:f0:6e:5c:47:40:8c:a0:
                    64:2a:a2:11:35:12:02:3d:dd:a8:c3:a6:c2:d7:5e:
                    b4:63:27:69:e3:f4:15:f4:77:69:a6:85:bc:4e:72:
                    8b:ea:6e:43:e2:c9:dc:69:86:55:dd:a7:59:ff:41:
                    c9:3b:9c:e5:c3:9b:2f:87:c9:59:36:f8:fc:ef:e3:
                    d9:24:c3:48:d3:73:6c:7f:2f:6e:9a:cb:09:6b:d1:
                    7a:2e:53:d0:41:c3:9c:b8:96:80:28:04:0f:72:c6:
                    08:7e:ec:c8:5d:76:82:cb:2a:b2:c8:c6:84:a4:63:
                    7b:03:90:41:5e:32:f0:ff:bb:3d:e0:9a:a4:7e:fe:
                    5b:2a:f8:b1:22:e5:4f:12:32:66:f2:35:f6:28:4b:
                    6d:18:86:11:3e:6d:60:af:38:cc:d9:98:95:c0:3f:
                    e1:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:17:86:B1:71:52:95:07:56:46:5F:DE:E6:8D:16:1A:EA:95:29:FC
            X509v3 Authority Key Identifier:
                keyid:A8:02:B7:3E:F4:A8:B6:B0:E0:88:3A:9C:8B:C6:E7:F0:12:DB:93:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qAK3PvSotrDgiDqci8bn8BLbk6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/7c07e8-3b8c-4c93-9a08-a909cb0a138f/1/OxeGsXFSlQdWRl_e5o0WGuqVKfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/7c07e8-3b8c-4c93-9a08-a909cb0a138f/1/qAK3PvSotrDgiDqci8bn8BLbk6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.141.60.0/24
                IPv6:
                  2a12:8640::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:8c:8f:c2:3e:7e:6f:d4:bc:47:77:81:7e:50:0f:94:e9:04:
         5b:fb:23:d2:8b:54:8a:4f:81:a9:ff:95:c5:f1:6c:b6:0b:75:
         51:c7:dd:8e:db:39:4a:c0:cc:e1:30:10:4c:fc:72:df:67:6e:
         09:cc:0f:0a:3e:0a:1e:5a:e3:ba:1c:96:87:23:68:52:51:b9:
         63:6a:90:94:49:03:99:de:a9:2f:1b:61:fb:ca:08:c8:95:b6:
         e8:5a:88:a6:23:fb:4c:e9:3e:65:44:d3:02:5f:40:8b:ad:03:
         54:27:73:c5:8d:9d:70:20:64:56:51:d6:e5:7d:6c:ff:c8:fd:
         9c:70:96:90:03:ec:24:da:2f:45:ee:fa:c4:84:35:a9:63:bf:
         42:7c:c1:f6:83:a7:98:20:58:32:72:bc:52:28:f0:50:9f:ab:
         b7:8b:97:e7:ef:01:76:54:27:a3:8e:37:96:39:12:02:a9:31:
         6f:8e:d5:a1:c9:9f:95:3e:11:e3:86:b1:85:6e:ea:cb:12:af:
         ff:34:c5:33:47:67:ac:76:31:e5:b7:eb:02:dd:73:ed:62:dc:
         93:73:c0:46:23:85:3e:34:f3:74:0b:bf:3b:cb:d5:02:aa:62:
         d3:d5:a9:81:78:79:e0:25:07:9e:db:ae:a3:8e:79:c1:44:90:
         14:ad:5a:b9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3B95Q7aFNxJlqZZsTK4WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MDJiNzNlZjRhOGI2YjBlMDg4M2E5YzhiYzZlN2YwMTJk
YjkzYTAwHhcNMjQwMTAxMTYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjE3ODZiMTcxNTI5NTA3NTY0NjVmZGVlNjhkMTYxYWVhOTUyOWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRJJ9is5DYIZC3NB5z0r/CAHH/Me
Elb+IMYf2zvo94eLblPI6eC1y84mhyXahKqHVKtC11p1/4F7c59EoOBnoQGFW/8z
LqDyLRvyYwQWuVFyOYgNMeaa1Hc/RvKpYjOmG/BuXEdAjKBkKqIRNRICPd2ow6bC
1160Yydp4/QV9HdppoW8TnKL6m5D4sncaYZV3adZ/0HJO5zlw5svh8lZNvj87+PZ
JMNI03Nsfy9umssJa9F6LlPQQcOcuJaAKAQPcsYIfuzIXXaCyyqyyMaEpGN7A5BB
XjLw/7s94Jqkfv5bKvixIuVPEjJm8jX2KEttGIYRPm1grzjM2ZiVwD/hdwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDsXhrFxUpUHVkZf3uaNFhrqlSn8MB8GA1UdIwQY
MBaAFKgCtz70qLaw4Ig6nIvG5/AS25OgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUFLM1B2U290ckRnaURxY2k4Ym44QkxiazZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy83YzA3ZTgtM2I4Yy00YzkzLTlhMDgt
YTkwOWNiMGExMzhmLzEvT3hlR3NYRlNsUWRXUmxfZTVvMFdHdXFWS2Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy83YzA3ZTgtM2I4Yy00YzkzLTlhMDgtYTkwOWNiMGExMzhm
LzEvcUFLM1B2U290ckRnaURxY2k4Ym44QkxiazZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwY08MA0E
AgACMAcDBQMqEoZAMA0GCSqGSIb3DQEBCwUAA4IBAQB4jI/CPn5v1LxHd4F+UA+U
6QRb+yPSi1SKT4Gp/5XF8Wy2C3VRx92O2zlKwMzhMBBM/HLfZ24JzA8KPgoeWuO6
HJaHI2hSUbljapCUSQOZ3qkvG2H7ygjIlbboWoimI/tM6T5lRNMCX0CLrQNUJ3PF
jZ1wIGRWUdblfWz/yP2ccJaQA+wk2i9F7vrEhDWpY79CfMH2g6eYIFgycrxSKPBQ
n6u3i5fn7wF2VCejjjeWORICqTFvjtWhyZ+VPhHjhrGFburLEq//NMUzR2esdjHl
t+sC3XPtYtyTc8BGI4U+NPN0C787y9UCqmLT1amBeHngJQee266jjnnBRJAUrVq5
-----END CERTIFICATE-----