Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/sRMVizrMm29wsxyzji663dQU-sk.roa
File:                     sRMVizrMm29wsxyzji663dQU-sk.roa (raw, json)
Hash identifier:          Ib7swJW4RuXs3nAKKwP5y1OvngboCkWu5FmEmJASa6g=
Subject key identifier:   B1:13:15:8B:3A:CC:9B:6F:70:B3:1C:B3:8E:2E:BA:DD:D4:14:FA:C9
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018CC8DF8DB7209594CA58901892B9A76AE7
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/sRMVizrMm29wsxyzji663dQU-sk.roa
Signing time:             Tue 02 Jan 2024 06:32:23 +0000
ROA not before:           Tue 02 Jan 2024 06:32:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211711
IP address blocks:        188.132.159.0/24 maxlen: 24
                          78.135.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:8d:b7:20:95:94:ca:58:90:18:92:b9:a7:6a:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 06:32:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b113158b3acc9b6f70b31cb38e2ebaddd414fac9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ae:63:6b:e6:02:2b:e1:76:7b:2c:9d:c0:48:
                    ce:1e:21:24:a8:25:52:fa:40:17:54:50:98:3f:80:
                    08:5b:4d:8a:d0:95:85:ab:a5:0b:4c:82:8d:8d:2e:
                    c6:e3:fe:b6:6f:ff:79:22:0a:60:5c:b7:6b:d3:8a:
                    2d:2f:c5:b3:ab:17:12:55:fa:88:fd:ba:04:f1:17:
                    b7:b3:f0:65:19:13:a4:64:ea:b6:cb:bd:ac:59:3f:
                    63:88:66:a9:32:1e:02:5c:45:99:dc:79:8e:24:4c:
                    36:d1:34:ae:09:a1:c4:8e:d8:e4:c0:9d:f4:6d:43:
                    5f:f1:e4:d6:c4:f3:3d:86:1e:97:b1:8c:85:fa:6b:
                    31:cb:70:ed:b2:c1:d7:c5:43:6c:09:53:92:b2:42:
                    e0:0e:83:c6:33:a3:75:02:9a:e7:ce:42:eb:da:d1:
                    51:39:69:4e:08:2b:b2:a4:51:c6:ee:7c:00:5a:b4:
                    65:18:77:8b:6b:31:0b:ae:18:5b:cb:04:1e:ff:d1:
                    08:be:29:05:b3:71:fd:7a:84:1b:ea:ed:d8:c1:cf:
                    e2:5f:68:04:ee:25:f6:9a:af:1d:b7:78:66:23:3d:
                    50:81:24:d1:8b:06:47:31:d2:b4:83:06:14:cc:e2:
                    df:43:4b:3e:2d:08:e7:87:08:2b:3d:2f:bc:2a:c1:
                    6f:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:13:15:8B:3A:CC:9B:6F:70:B3:1C:B3:8E:2E:BA:DD:D4:14:FA:C9
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/sRMVizrMm29wsxyzji663dQU-sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.135.70.0/24
                  188.132.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:55:5b:cc:79:2f:e2:77:d8:ac:16:83:77:de:75:6c:68:66:
         2e:c0:53:b4:51:ad:c9:db:92:c4:53:15:cc:04:2e:36:1c:7b:
         2f:e3:b5:84:d7:61:d4:db:33:03:f5:a9:50:4e:66:d9:20:c6:
         5a:f5:1c:07:2c:68:93:2c:7e:3a:0e:59:09:d5:19:e4:f0:c6:
         f4:62:2d:a9:14:f7:18:ac:72:d4:2c:4c:99:b8:9b:65:04:0d:
         29:26:25:4b:ac:c5:3d:c4:61:d7:9f:a3:60:fb:8d:71:ff:17:
         ed:af:9c:86:0b:05:94:9e:4e:6c:92:89:b3:a7:82:ca:f6:dc:
         98:0c:52:9b:dc:a0:10:d0:ea:6b:af:4d:73:1d:3c:32:21:17:
         fd:9c:17:d1:36:3b:c2:74:9f:55:da:29:51:e4:84:ab:e9:b5:
         68:7e:e6:b3:cf:23:e5:07:dd:8a:e9:77:b1:9d:8d:93:a9:a6:
         83:f0:48:e5:fe:a4:94:1f:96:bf:02:b1:69:39:f0:dc:bf:21:
         d2:3b:fa:29:2e:0d:86:6d:bd:af:d8:33:06:a8:21:31:e7:f4:
         5a:ca:e0:ca:3d:10:e5:9f:99:4c:05:59:47:11:60:26:cc:44:
         eb:9f:95:47:24:bf:96:0e:8d:10:62:65:78:97:64:83:ba:a3:
         29:39:15:9b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3423IJWUyliQGJK5p2rnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMTAyMDYzMjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTEzMTU4YjNhY2M5YjZmNzBiMzFjYjM4ZTJlYmFkZGQ0MTRmYWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmK5ja+YCK+F2eyydwEjOHiEkqCVS
+kAXVFCYP4AIW02K0JWFq6ULTIKNjS7G4/62b/95IgpgXLdr04otL8WzqxcSVfqI
/boE8Re3s/BlGROkZOq2y72sWT9jiGapMh4CXEWZ3HmOJEw20TSuCaHEjtjkwJ30
bUNf8eTWxPM9hh6XsYyF+msxy3DtssHXxUNsCVOSskLgDoPGM6N1AprnzkLr2tFR
OWlOCCuypFHG7nwAWrRlGHeLazELrhhbywQe/9EIvikFs3H9eoQb6u3Ywc/iX2gE
7iX2mq8dt3hmIz1QgSTRiwZHMdK0gwYUzOLfQ0s+LQjnhwgrPS+8KsFvlwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLETFYs6zJtvcLMcs44uut3UFPrJMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvc1JNVml6ck1tMjl3c3h5emppNjYzZFFVLXNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATodGAwQA
vISfMA0GCSqGSIb3DQEBCwUAA4IBAQBDVVvMeS/id9isFoN33nVsaGYuwFO0Ua3J
25LEUxXMBC42HHsv47WE12HU2zMD9alQTmbZIMZa9RwHLGiTLH46DlkJ1Rnk8Mb0
Yi2pFPcYrHLULEyZuJtlBA0pJiVLrMU9xGHXn6Ng+41x/xftr5yGCwWUnk5skomz
p4LK9tyYDFKb3KAQ0Oprr01zHTwyIRf9nBfRNjvCdJ9V2ilR5ISr6bVofuazzyPl
B92K6XexnY2TqaaD8Ejl/qSUH5a/ArFpOfDcvyHSO/opLg2Gbb2v2DMGqCEx5/Ra
yuDKPRDln5lMBVlHEWAmzETrn5VHJL+WDo0QYmV4l2SDuqMpORWb
-----END CERTIFICATE-----