Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/ed3edb-d275-47c9-be7f-c4367592ae8a/1/55wdJKJqXA9lDCHqi6ddL5BuklM.roa
File:                     55wdJKJqXA9lDCHqi6ddL5BuklM.roa (raw, json)
Hash identifier:          rGCKZNkOJ5o/cMw0MV6I1nDmWN/wW05CoMMPmH8aOxQ=
Subject key identifier:   E7:9C:1D:24:A2:6A:5C:0F:65:0C:21:EA:8B:A7:5D:2F:90:6E:92:53
Certificate issuer:       /CN=83646ab7062148edb8fa9b60a831c8240dcab804
Certificate serial:       018CCA2A0CF1D32E013EA39470572E274087
Authority key identifier: 83:64:6A:B7:06:21:48:ED:B8:FA:9B:60:A8:31:C8:24:0D:CA:B8:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g2RqtwYhSO24-ptgqDHIJA3KuAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/ed3edb-d275-47c9-be7f-c4367592ae8a/1/55wdJKJqXA9lDCHqi6ddL5BuklM.roa
Signing time:             Tue 02 Jan 2024 12:33:22 +0000
ROA not before:           Tue 02 Jan 2024 12:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58114
IP address blocks:        193.30.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/ed3edb-d275-47c9-be7f-c4367592ae8a/1/g2RqtwYhSO24-ptgqDHIJA3KuAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/ed3edb-d275-47c9-be7f-c4367592ae8a/1/g2RqtwYhSO24-ptgqDHIJA3KuAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g2RqtwYhSO24-ptgqDHIJA3KuAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:03:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:0c:f1:d3:2e:01:3e:a3:94:70:57:2e:27:40:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83646ab7062148edb8fa9b60a831c8240dcab804
        Validity
            Not Before: Jan  2 12:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e79c1d24a26a5c0f650c21ea8ba75d2f906e9253
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:79:d6:8f:23:ec:a2:a9:a1:60:a2:e0:c0:a5:
                    24:d2:39:8a:16:9c:90:2c:bd:40:20:fb:31:93:9b:
                    69:16:1f:af:9d:0d:af:94:7d:d6:c6:d3:00:f4:1c:
                    77:0a:e6:8a:55:84:f3:23:e0:09:ad:91:01:45:4f:
                    0b:ce:9c:99:b7:b3:d5:c3:b4:a8:74:f0:fd:5a:45:
                    a5:a8:f1:2d:e6:ce:b3:0b:03:d5:e0:6a:21:61:a7:
                    b5:94:a7:2e:69:b3:dd:6f:3e:a2:d1:c1:f3:c6:44:
                    f3:bf:57:72:ba:d0:a0:c9:ed:78:ea:60:3a:3a:73:
                    43:4f:de:f9:38:a7:a3:5d:8f:6f:4a:2b:06:32:e7:
                    80:15:59:2e:2e:a4:8b:5b:c4:3b:bb:ad:3b:d6:de:
                    f2:ea:2b:87:f4:ab:84:49:a8:bc:00:14:95:33:46:
                    0a:d0:13:15:10:0e:72:fd:8c:62:3e:13:d1:6f:bd:
                    19:4a:9c:15:5b:c6:23:23:24:bd:6b:8c:89:ce:32:
                    58:40:60:d6:c1:66:84:56:5e:46:e9:93:50:55:68:
                    bc:ab:42:fb:db:0d:34:aa:52:b5:5f:31:b0:95:fc:
                    ec:aa:36:7d:b4:e1:f4:63:3c:e2:45:21:65:45:fd:
                    a6:43:ae:63:dd:05:00:87:ad:0f:bf:23:c2:0d:0c:
                    e3:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:9C:1D:24:A2:6A:5C:0F:65:0C:21:EA:8B:A7:5D:2F:90:6E:92:53
            X509v3 Authority Key Identifier:
                keyid:83:64:6A:B7:06:21:48:ED:B8:FA:9B:60:A8:31:C8:24:0D:CA:B8:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g2RqtwYhSO24-ptgqDHIJA3KuAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/ed3edb-d275-47c9-be7f-c4367592ae8a/1/55wdJKJqXA9lDCHqi6ddL5BuklM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/ed3edb-d275-47c9-be7f-c4367592ae8a/1/g2RqtwYhSO24-ptgqDHIJA3KuAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:c8:11:ae:4f:dd:35:17:05:3d:05:54:dc:73:a8:07:9a:7d:
         9d:bb:bf:2f:ef:f4:da:41:83:d9:cd:6d:b4:21:d0:e7:a7:83:
         1b:cc:51:ef:82:09:8f:ce:c4:df:58:d2:06:4a:47:a6:aa:b5:
         a8:cb:86:91:88:d3:bc:8b:09:f1:8e:80:98:f5:a7:8a:a3:be:
         02:fd:9c:74:59:59:55:7d:76:e0:31:1f:f1:b8:bc:62:e4:c8:
         64:48:b2:0f:07:71:4d:5e:d4:ec:e6:c2:18:50:6c:21:5f:e4:
         1e:e6:c3:aa:8a:15:fd:c6:98:64:ac:8e:ff:02:8a:e9:d2:f4:
         96:2a:72:cf:03:06:73:4f:25:c9:1f:b9:5c:8d:b8:ea:08:2f:
         b3:a7:aa:5b:40:4b:2a:bd:91:9a:9c:db:c4:ad:e5:7e:9a:e8:
         9e:4e:5c:3b:f1:9f:8f:53:00:f9:22:09:d1:1e:62:19:e7:15:
         d8:91:be:1f:18:30:62:89:ff:a8:dc:f9:22:57:27:84:2b:ae:
         95:33:9b:22:86:85:b1:f7:6c:ac:a0:12:9f:f9:d8:4e:56:e3:
         75:bb:7e:c9:ad:8f:07:30:3e:8c:21:5e:34:0c:97:d1:6e:30:
         47:f3:07:36:bb:7b:c1:07:08:53:56:1b:76:0a:14:df:6b:be:
         90:aa:d2:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKgzx0y4BPqOUcFcuJ0CHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNjQ2YWI3MDYyMTQ4ZWRiOGZhOWI2MGE4MzFjODI0MGRj
YWI4MDQwHhcNMjQwMTAyMTIzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzljMWQyNGEyNmE1YzBmNjUwYzIxZWE4YmE3NWQyZjkwNmU5MjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnnWjyPsoqmhYKLgwKUk0jmKFpyQ
LL1AIPsxk5tpFh+vnQ2vlH3WxtMA9Bx3CuaKVYTzI+AJrZEBRU8LzpyZt7PVw7So
dPD9WkWlqPEt5s6zCwPV4GohYae1lKcuabPdbz6i0cHzxkTzv1dyutCgye146mA6
OnNDT975OKejXY9vSisGMueAFVkuLqSLW8Q7u6071t7y6iuH9KuESai8ABSVM0YK
0BMVEA5y/YxiPhPRb70ZSpwVW8YjIyS9a4yJzjJYQGDWwWaEVl5G6ZNQVWi8q0L7
2w00qlK1XzGwlfzsqjZ9tOH0YzziRSFlRf2mQ65j3QUAh60PvyPCDQzjUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOecHSSialwPZQwh6ounXS+QbpJTMB8GA1UdIwQY
MBaAFINkarcGIUjtuPqbYKgxyCQNyrgEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzJScXR3WWhTTzI0LXB0Z3FESElKQTNLdUFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9lZDNlZGItZDI3NS00N2M5LWJlN2Yt
YzQzNjc1OTJhZThhLzEvNTV3ZEpLSnFYQTlsRENIcWk2ZGRMNUJ1a2xNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9lZDNlZGItZDI3NS00N2M5LWJlN2YtYzQzNjc1OTJhZThh
LzEvZzJScXR3WWhTTzI0LXB0Z3FESElKQTNLdUFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR4cMA0G
CSqGSIb3DQEBCwUAA4IBAQCLyBGuT901FwU9BVTcc6gHmn2du78v7/TaQYPZzW20
IdDnp4MbzFHvggmPzsTfWNIGSkemqrWoy4aRiNO8iwnxjoCY9aeKo74C/Zx0WVlV
fXbgMR/xuLxi5MhkSLIPB3FNXtTs5sIYUGwhX+Qe5sOqihX9xphkrI7/Aorp0vSW
KnLPAwZzTyXJH7lcjbjqCC+zp6pbQEsqvZGanNvEreV+muieTlw78Z+PUwD5IgnR
HmIZ5xXYkb4fGDBiif+o3PkiVyeEK66VM5sihoWx92ysoBKf+dhOVuN1u37JrY8H
MD6MIV40DJfRbjBH8wc2u3vBBwhTVht2ChTfa76QqtJk
-----END CERTIFICATE-----