Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/jqf9MZFJg4Au93XqV1Tej6pb44A.roa
File:                     jqf9MZFJg4Au93XqV1Tej6pb44A.roa (raw, json)
Hash identifier:          oL1hfa5Vt0J1FJi/5m8kWqCmF1OVMXgrLkAkPcLlMc4=
Subject key identifier:   8E:A7:FD:31:91:49:83:80:2E:F7:75:EA:57:54:DE:8F:AA:5B:E3:80
Certificate issuer:       /CN=d8772aac1b62b87d6b01d57a1a00a6a72b8a7da6
Certificate serial:       018CC3489F1BA05700EDF4759FD0E13541B6
Authority key identifier: D8:77:2A:AC:1B:62:B8:7D:6B:01:D5:7A:1A:00:A6:A7:2B:8A:7D:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2HcqrBtiuH1rAdV6GgCmpyuKfaY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/jqf9MZFJg4Au93XqV1Tej6pb44A.roa
Signing time:             Mon 01 Jan 2024 04:29:25 +0000
ROA not before:           Mon 01 Jan 2024 04:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3491
IP address blocks:        193.24.65.0/24 maxlen: 25
                          139.123.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/2HcqrBtiuH1rAdV6GgCmpyuKfaY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/2HcqrBtiuH1rAdV6GgCmpyuKfaY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2HcqrBtiuH1rAdV6GgCmpyuKfaY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:9f:1b:a0:57:00:ed:f4:75:9f:d0:e1:35:41:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8772aac1b62b87d6b01d57a1a00a6a72b8a7da6
        Validity
            Not Before: Jan  1 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ea7fd31914983802ef775ea5754de8faa5be380
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:07:bc:82:67:4e:65:18:ab:17:3b:1f:5f:50:
                    f8:0a:1a:7d:f5:4d:6a:26:52:ae:1d:6e:ed:ab:1f:
                    26:92:e5:62:b9:45:4e:f5:72:72:65:34:8b:f3:a7:
                    cb:38:98:45:0f:8b:2e:df:79:79:ca:d7:7d:1a:65:
                    2a:e6:7f:2b:be:ae:aa:5a:fb:1e:13:67:c7:5a:a2:
                    db:e7:d4:9d:2b:d7:4e:b4:2b:77:fe:5a:4c:a0:a1:
                    19:c2:d1:99:20:b8:22:cb:fc:b8:1d:bd:aa:93:ce:
                    3e:41:cc:cf:81:9d:bd:b1:12:a0:93:1e:ef:76:18:
                    c5:eb:e0:53:6b:df:47:08:0c:91:c2:ee:9b:22:79:
                    20:26:b9:ea:e8:a2:c1:93:7d:d5:69:bb:3b:be:2a:
                    be:46:7d:ea:a6:64:60:be:6c:2e:81:b8:e0:a1:cd:
                    8a:22:7d:0c:be:c0:02:a1:e1:b5:c0:60:ea:dd:01:
                    9e:44:ef:b2:43:d3:74:23:7a:79:ab:f9:d8:dd:92:
                    81:a4:11:83:2c:8d:4b:f8:e4:18:f9:f3:ca:32:16:
                    5d:79:2f:82:ce:af:da:d1:a4:5c:fd:af:72:50:15:
                    f4:0a:d3:65:dc:e1:b7:51:ee:78:11:b6:6a:c1:ec:
                    f2:d6:88:38:87:bb:26:84:2b:3b:91:13:ae:00:0b:
                    57:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:A7:FD:31:91:49:83:80:2E:F7:75:EA:57:54:DE:8F:AA:5B:E3:80
            X509v3 Authority Key Identifier:
                keyid:D8:77:2A:AC:1B:62:B8:7D:6B:01:D5:7A:1A:00:A6:A7:2B:8A:7D:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2HcqrBtiuH1rAdV6GgCmpyuKfaY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/jqf9MZFJg4Au93XqV1Tej6pb44A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/616a58-5342-432c-a9c5-333beecff6f4/1/2HcqrBtiuH1rAdV6GgCmpyuKfaY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.123.232.0/24
                  193.24.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:e3:e2:9e:e8:c1:9c:e2:de:12:40:65:3c:7c:42:ca:1a:d9:
         55:16:41:3a:ea:42:77:19:47:b3:d7:40:b3:0c:78:b4:f5:c1:
         35:c6:70:4f:66:aa:00:02:7e:fc:3d:17:43:f4:8f:2a:96:3d:
         07:b4:99:e7:e9:e2:6c:d7:78:5b:42:87:22:c1:b1:fd:3f:37:
         2b:09:8b:f7:51:df:20:19:b3:6d:9b:2c:d9:9f:84:39:70:fb:
         6c:47:10:9f:6e:bb:eb:ba:ee:95:b8:13:da:5b:a0:4d:e1:fe:
         f1:91:d9:e7:9a:9d:ad:e1:4d:9d:48:e9:90:44:7d:f6:c4:d8:
         d7:6a:30:97:5e:83:2b:61:fe:12:aa:e5:46:a9:ee:4c:b6:fe:
         2e:99:8b:46:64:23:79:b6:49:c5:07:cb:ee:d6:10:a5:a0:7f:
         23:a3:80:9b:7c:73:3d:e4:f0:7e:be:87:ce:0f:86:02:18:da:
         5c:a2:d3:50:1f:6a:9b:77:92:17:d6:eb:d4:1f:1e:45:03:3d:
         15:6c:60:82:9d:f2:8f:fd:32:fc:fc:6c:ca:69:76:11:ab:b5:
         18:26:dd:97:a5:8a:c8:3e:0e:51:e8:97:1e:c6:f2:fe:76:4c:
         57:f2:a4:f9:e4:0d:1d:b7:86:a2:ae:f1:91:d7:7f:c0:70:85:
         f3:f5:c1:87
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSJ8boFcA7fR1n9DhNUG2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4NzcyYWFjMWI2MmI4N2Q2YjAxZDU3YTFhMDBhNmE3MmI4
YTdkYTYwHhcNMjQwMTAxMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWE3ZmQzMTkxNDk4MzgwMmVmNzc1ZWE1NzU0ZGU4ZmFhNWJlMzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Qe8gmdOZRirFzsfX1D4Chp99U1q
JlKuHW7tqx8mkuViuUVO9XJyZTSL86fLOJhFD4su33l5ytd9GmUq5n8rvq6qWvse
E2fHWqLb59SdK9dOtCt3/lpMoKEZwtGZILgiy/y4Hb2qk84+QczPgZ29sRKgkx7v
dhjF6+BTa99HCAyRwu6bInkgJrnq6KLBk33Vabs7viq+Rn3qpmRgvmwugbjgoc2K
In0MvsACoeG1wGDq3QGeRO+yQ9N0I3p5q/nY3ZKBpBGDLI1L+OQY+fPKMhZdeS+C
zq/a0aRc/a9yUBX0CtNl3OG3Ue54EbZqwezy1og4h7smhCs7kROuAAtXKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI6n/TGRSYOALvd16ldU3o+qW+OAMB8GA1UdIwQY
MBaAFNh3KqwbYrh9awHVehoApqcrin2mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkhjcXJCdGl1SDFyQWRWNkdnQ21weXVLZmFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My82MTZhNTgtNTM0Mi00MzJjLWE5YzUt
MzMzYmVlY2ZmNmY0LzEvanFmOU1aRkpnNEF1OTNYcVYxVGVqNnBiNDRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My82MTZhNTgtNTM0Mi00MzJjLWE5YzUtMzMzYmVlY2ZmNmY0
LzEvMkhjcXJCdGl1SDFyQWRWNkdnQ21weXVLZmFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAi3voAwQA
wRhBMA0GCSqGSIb3DQEBCwUAA4IBAQB74+Ke6MGc4t4SQGU8fELKGtlVFkE66kJ3
GUez10CzDHi09cE1xnBPZqoAAn78PRdD9I8qlj0HtJnn6eJs13hbQociwbH9Pzcr
CYv3Ud8gGbNtmyzZn4Q5cPtsRxCfbrvruu6VuBPaW6BN4f7xkdnnmp2t4U2dSOmQ
RH32xNjXajCXXoMrYf4SquVGqe5Mtv4umYtGZCN5tknFB8vu1hCloH8jo4CbfHM9
5PB+vofOD4YCGNpcotNQH2qbd5IX1uvUHx5FAz0VbGCCnfKP/TL8/GzKaXYRq7UY
Jt2XpYrIPg5R6JcexvL+dkxX8qT55A0dt4airvGR13/AcIXz9cGH
-----END CERTIFICATE-----