Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/L4p7_9p5bNlryk94hSORAMEoJHc.roa
File:                     L4p7_9p5bNlryk94hSORAMEoJHc.roa (raw, json)
Hash identifier:          UjHTqjWFPaC2DM4Fw46AqU+Z7jYAex1vmZ3JhGIX94w=
Subject key identifier:   2F:8A:7B:FF:DA:79:6C:D9:6B:CA:4F:78:85:23:91:00:C1:28:24:77
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCD7B373CA939174AD8DF9C839BC1B
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/L4p7_9p5bNlryk94hSORAMEoJHc.roa
Signing time:             Tue 02 Jan 2024 10:34:05 +0000
ROA not before:           Tue 02 Jan 2024 10:34:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60802
IP address blocks:        193.58.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d7:b3:73:ca:93:91:74:ad:8d:f9:c8:39:bc:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f8a7bffda796cd96bca4f7885239100c1282477
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:de:fe:7d:74:4b:3b:a4:92:b1:68:03:1a:ea:
                    91:1c:fb:75:41:eb:cb:f6:d0:42:f6:4e:24:f2:62:
                    d7:4e:8d:ae:4f:c8:48:7c:59:2a:8c:1f:14:ef:df:
                    d1:8f:23:95:71:4a:88:fe:af:b2:c7:35:ef:73:ae:
                    c9:90:5f:43:d4:a6:df:48:70:5f:d0:a8:51:19:8a:
                    00:da:41:ef:32:40:97:f3:29:74:83:57:58:fa:cf:
                    c8:fa:7d:69:ed:bf:52:96:71:c6:da:d3:a1:b5:df:
                    db:c1:a9:b7:e8:fe:0b:9e:9a:b5:38:4a:e8:61:94:
                    3c:41:98:99:60:06:29:8f:07:3d:cf:fe:e2:b3:80:
                    e1:ba:ac:3a:19:00:75:7a:cd:df:14:18:97:7e:1d:
                    1b:b0:72:88:05:34:cb:68:f2:01:ca:3d:7c:92:49:
                    f9:ad:2e:eb:6c:d4:cb:f0:15:14:d5:7b:fd:bc:2f:
                    d0:22:9a:12:ba:a7:41:a2:65:16:44:08:be:e8:51:
                    05:3b:b8:0e:4b:60:ca:6f:d4:9d:b0:2b:9c:ee:83:
                    1e:8b:42:6c:c8:a1:fd:60:a3:13:3b:78:c7:9a:e2:
                    ad:4d:9d:3a:c1:1a:ad:7c:fd:66:a4:36:6b:43:11:
                    80:17:8b:c3:ec:af:30:ad:f0:8f:4e:d5:35:29:6c:
                    56:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:8A:7B:FF:DA:79:6C:D9:6B:CA:4F:78:85:23:91:00:C1:28:24:77
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/L4p7_9p5bNlryk94hSORAMEoJHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:63:ae:69:f3:7e:b1:96:fb:0b:a7:e0:2e:19:dc:af:59:bb:
         6a:f2:bf:42:c4:c1:e1:8a:39:97:74:95:8b:97:02:1d:bf:0e:
         30:56:ca:60:b4:57:68:8b:90:45:bd:31:d3:9f:77:52:3c:da:
         df:03:b1:da:e8:5a:3c:32:93:80:d1:1f:22:66:00:4d:33:79:
         8b:0d:0c:48:f4:8e:f7:c1:1f:7c:ee:5e:60:e4:9b:0c:65:20:
         cc:8b:5f:70:a5:8b:59:5f:b4:3b:3a:93:a4:60:74:f8:5d:bb:
         76:a4:74:9d:76:74:86:4f:03:54:91:ac:8a:48:c7:c1:2b:f0:
         f3:ab:e5:6e:c8:8a:90:4e:fe:50:42:41:8c:e0:39:89:02:de:
         de:a8:44:15:a6:98:ba:c9:59:ef:63:30:ec:1c:0a:00:5e:ad:
         46:77:17:0b:a1:0d:0f:bd:6c:b7:50:c9:02:2e:bf:d0:e0:19:
         1d:35:ff:0c:36:9c:3d:95:a3:e0:38:16:62:dd:dc:7a:bd:71:
         1c:9b:f3:fa:08:75:2d:8b:e3:dd:cc:bd:85:8d:21:e3:9e:cb:
         a0:0c:f4:a9:b0:f9:f3:2f:ba:a8:98:46:b8:dc:f7:7e:6a:ea:
         92:f8:cf:33:85:71:ca:16:bb:32:67:bd:a2:92:e2:fa:80:11:
         41:87:27:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvNezc8qTkXStjfnIObwbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjhhN2JmZmRhNzk2Y2Q5NmJjYTRmNzg4NTIzOTEwMGMxMjgyNDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApt7+fXRLO6SSsWgDGuqRHPt1QevL
9tBC9k4k8mLXTo2uT8hIfFkqjB8U79/RjyOVcUqI/q+yxzXvc67JkF9D1KbfSHBf
0KhRGYoA2kHvMkCX8yl0g1dY+s/I+n1p7b9SlnHG2tOhtd/bwam36P4Lnpq1OEro
YZQ8QZiZYAYpjwc9z/7is4Dhuqw6GQB1es3fFBiXfh0bsHKIBTTLaPIByj18kkn5
rS7rbNTL8BUU1Xv9vC/QIpoSuqdBomUWRAi+6FEFO7gOS2DKb9SdsCuc7oMei0Js
yKH9YKMTO3jHmuKtTZ06wRqtfP1mpDZrQxGAF4vD7K8wrfCPTtU1KWxWeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC+Ke//aeWzZa8pPeIUjkQDBKCR3MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTDRwN185cDViTmxyeWs5NGhTT1JBTUVvSkhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTrvMA0G
CSqGSIb3DQEBCwUAA4IBAQBlY65p836xlvsLp+AuGdyvWbtq8r9CxMHhijmXdJWL
lwIdvw4wVspgtFdoi5BFvTHTn3dSPNrfA7Ha6Fo8MpOA0R8iZgBNM3mLDQxI9I73
wR987l5g5JsMZSDMi19wpYtZX7Q7OpOkYHT4Xbt2pHSddnSGTwNUkayKSMfBK/Dz
q+VuyIqQTv5QQkGM4DmJAt7eqEQVppi6yVnvYzDsHAoAXq1GdxcLoQ0PvWy3UMkC
Lr/Q4BkdNf8MNpw9laPgOBZi3dx6vXEcm/P6CHUti+PdzL2FjSHjnsugDPSpsPnz
L7qomEa43Pd+auqS+M8zhXHKFrsyZ72ikuL6gBFBhyfZ
-----END CERTIFICATE-----