Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/6zH-QaHqRUCVk3L-u7Uvcz749rg.roa
File:                     6zH-QaHqRUCVk3L-u7Uvcz749rg.roa (raw, json)
Hash identifier:          GYaNwiAe/AwZTS6HyVWxmPZTs/vOrTOO2G19hJFQXoA=
Subject key identifier:   EB:31:FE:41:A1:EA:45:40:95:93:72:FE:BB:B5:2F:73:3E:F8:F6:B8
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018DB2110B86044A497E5B6E0E89B2519A7D
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/6zH-QaHqRUCVk3L-u7Uvcz749rg.roa
Signing time:             Fri 16 Feb 2024 13:17:57 +0000
ROA not before:           Fri 16 Feb 2024 13:17:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197450
IP address blocks:        188.132.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b2:11:0b:86:04:4a:49:7e:5b:6e:0e:89:b2:51:9a:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Feb 16 13:17:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb31fe41a1ea4540959372febbb52f733ef8f6b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:90:6e:23:a9:af:3f:98:49:db:23:cf:08:36:
                    29:6a:45:93:df:b6:7a:c9:e1:bc:e5:15:8e:10:3c:
                    cd:c6:56:58:9d:ae:c6:35:05:3a:b4:a0:6a:67:8f:
                    cf:94:c3:9b:67:ff:64:68:d0:f8:17:86:12:b7:fa:
                    7a:ae:3d:cc:34:f8:5d:ea:c5:c4:30:0c:c3:cd:49:
                    e0:69:fc:92:de:25:1c:24:3b:34:69:28:09:5f:00:
                    48:3d:17:72:d6:fe:bd:8c:09:ee:48:ed:81:3e:25:
                    27:85:a5:9a:b9:b1:1c:f3:56:d6:95:10:7e:fc:5d:
                    f2:c8:0f:44:e1:b0:39:58:d0:ce:6c:2c:8c:ae:58:
                    b8:ca:6b:9a:0d:31:01:3b:91:1c:92:88:d4:00:aa:
                    de:db:07:30:33:e3:c5:49:2c:02:6f:24:31:8f:e5:
                    d0:33:0a:1a:3f:78:e5:07:5d:a1:89:20:f2:7d:94:
                    4a:03:d6:3f:91:81:20:c6:f8:24:37:7a:c7:b6:27:
                    f3:95:8c:5f:46:34:84:76:91:c9:77:95:9b:94:a0:
                    d1:d1:65:cc:eb:72:6c:9e:d6:48:f6:d1:74:a5:6a:
                    00:59:41:ae:02:56:0b:b4:1f:be:0c:15:7a:da:58:
                    a1:92:de:8e:69:b5:5a:d5:03:a2:09:a5:28:73:86:
                    4f:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:31:FE:41:A1:EA:45:40:95:93:72:FE:BB:B5:2F:73:3E:F8:F6:B8
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/6zH-QaHqRUCVk3L-u7Uvcz749rg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:93:c2:f3:95:37:98:3e:a6:65:de:21:5a:26:d1:37:13:b0:
         27:6d:57:1c:38:23:bb:5a:b9:7c:e1:00:8f:c6:40:7b:1c:19:
         5e:47:22:10:73:2a:44:76:13:22:78:70:08:02:84:4e:49:26:
         34:8d:15:4a:a1:b5:cf:d9:59:d3:8b:ef:2e:39:ae:ba:6c:b0:
         85:f5:67:70:8a:cc:a6:72:fb:23:9c:02:53:b6:23:12:d8:46:
         0c:9c:d6:1f:2d:0a:38:4d:ee:bd:c9:fb:b8:17:db:0a:c5:99:
         db:7a:bd:ec:b2:95:b0:c7:53:1a:fa:dd:d2:7b:83:76:fe:0a:
         53:ce:6a:2b:47:6b:49:63:5a:a2:30:fc:5c:8c:e9:97:19:b4:
         3d:2f:fe:e2:66:37:80:e5:af:fc:d6:56:33:10:04:1a:d2:46:
         e8:22:c8:7d:26:1f:ca:01:52:cb:3d:d9:6b:ff:3e:1e:f3:8a:
         51:42:ae:a1:81:1d:f6:50:f7:8c:6d:8c:4a:a4:f2:f9:2d:1d:
         fb:19:3f:d9:67:34:1e:a6:3a:b1:f4:10:f7:e4:fa:51:78:c8:
         9f:ad:c2:5e:29:09:43:41:d3:bf:e2:ef:3e:a4:4c:f1:ae:51:
         1b:33:e6:37:c6:a8:be:ac:90:30:a9:ea:a5:52:1d:40:5c:61:
         56:e5:0d:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2yEQuGBEpJfltuDomyUZp9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMjE2MTMxNzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjMxZmU0MWExZWE0NTQwOTU5MzcyZmViYmI1MmY3MzNlZjhmNmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZBuI6mvP5hJ2yPPCDYpakWT37Z6
yeG85RWOEDzNxlZYna7GNQU6tKBqZ4/PlMObZ/9kaND4F4YSt/p6rj3MNPhd6sXE
MAzDzUngafyS3iUcJDs0aSgJXwBIPRdy1v69jAnuSO2BPiUnhaWaubEc81bWlRB+
/F3yyA9E4bA5WNDObCyMrli4ymuaDTEBO5EckojUAKre2wcwM+PFSSwCbyQxj+XQ
MwoaP3jlB12hiSDyfZRKA9Y/kYEgxvgkN3rHtifzlYxfRjSEdpHJd5WblKDR0WXM
63JsntZI9tF0pWoAWUGuAlYLtB++DBV62lihkt6OabVa1QOiCaUoc4ZPSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOsx/kGh6kVAlZNy/ru1L3M++Pa4MB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvNnpILVFhSHFSVUNWazNMLXU3VXZjejc0OXJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvIToMA0G
CSqGSIb3DQEBCwUAA4IBAQAwk8LzlTeYPqZl3iFaJtE3E7AnbVccOCO7Wrl84QCP
xkB7HBleRyIQcypEdhMieHAIAoROSSY0jRVKobXP2VnTi+8uOa66bLCF9Wdwisym
cvsjnAJTtiMS2EYMnNYfLQo4Te69yfu4F9sKxZnber3sspWwx1Ma+t3Se4N2/gpT
zmorR2tJY1qiMPxcjOmXGbQ9L/7iZjeA5a/81lYzEAQa0kboIsh9Jh/KAVLLPdlr
/z4e84pRQq6hgR32UPeMbYxKpPL5LR37GT/ZZzQepjqx9BD35PpReMifrcJeKQlD
QdO/4u8+pEzxrlEbM+Y3xqi+rJAwqeqlUh1AXGFW5Q1s
-----END CERTIFICATE-----