Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/d3149c-f4dc-4837-8b86-c612305cf089/1/k3nmcmWeeFbjM-9jtmYRGYIwFQI.roa
File:                     k3nmcmWeeFbjM-9jtmYRGYIwFQI.roa (raw, json)
Hash identifier:          xZ4dQoBhTQZ6qf1Oc2OQhwatc4Uk4RURycJbwkzqV6g=
Subject key identifier:   93:79:E6:72:65:9E:78:56:E3:33:EF:63:B6:66:11:19:82:30:15:02
Certificate issuer:       /CN=179239f9913dfc7d7aaaa95ff4c9b61bf42b72d6
Certificate serial:       018CC5014240B38623FC9E02D7D962F96DD2
Authority key identifier: 17:92:39:F9:91:3D:FC:7D:7A:AA:A9:5F:F4:C9:B6:1B:F4:2B:72:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5I5-ZE9_H16qqlf9Mm2G_QrctY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/d3149c-f4dc-4837-8b86-c612305cf089/1/k3nmcmWeeFbjM-9jtmYRGYIwFQI.roa
Signing time:             Mon 01 Jan 2024 12:30:43 +0000
ROA not before:           Mon 01 Jan 2024 12:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15975
IP address blocks:        194.6.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/d3149c-f4dc-4837-8b86-c612305cf089/1/F5I5-ZE9_H16qqlf9Mm2G_QrctY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/d3149c-f4dc-4837-8b86-c612305cf089/1/F5I5-ZE9_H16qqlf9Mm2G_QrctY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5I5-ZE9_H16qqlf9Mm2G_QrctY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:42:40:b3:86:23:fc:9e:02:d7:d9:62:f9:6d:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=179239f9913dfc7d7aaaa95ff4c9b61bf42b72d6
        Validity
            Not Before: Jan  1 12:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9379e672659e7856e333ef63b666111982301502
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:77:a9:20:52:52:08:14:89:63:08:55:47:37:
                    06:41:2d:c0:69:d8:4b:7f:3b:3e:c1:10:63:f4:a6:
                    04:f2:aa:57:b6:56:5a:cf:d7:8b:0b:32:6e:74:d8:
                    42:51:d3:47:1a:8c:98:aa:9a:9d:4e:0e:b7:9b:61:
                    4b:6f:c9:03:f8:fd:51:8c:63:1b:aa:11:37:9d:ee:
                    27:ed:40:64:99:4d:e4:f9:05:dc:92:3f:33:81:3b:
                    a7:41:3a:e2:5e:db:b9:3b:9c:50:d4:2f:24:9b:c5:
                    b8:93:b3:c3:f4:1b:08:5b:ca:6e:86:7a:7d:5c:46:
                    d8:3b:21:1d:8e:88:05:50:39:5e:e1:17:58:12:c0:
                    23:11:66:fa:3c:ba:a1:3a:99:d3:ff:63:f9:3c:c4:
                    62:28:67:d7:ee:c9:9a:48:62:43:02:fc:2b:12:39:
                    b2:07:e9:a9:4c:3f:fe:7c:61:55:73:3a:f3:ae:13:
                    19:05:17:3d:90:bf:d6:8e:ed:1a:b8:be:ac:e2:7a:
                    7e:40:35:ea:ef:0a:59:4b:4f:b1:d1:55:80:52:47:
                    e3:fa:81:b1:56:cc:62:ba:12:92:dd:04:3e:44:23:
                    20:81:57:a7:5b:d8:84:9c:d4:76:16:7e:04:ae:84:
                    e8:12:90:fa:33:b2:f0:ab:5a:94:91:57:c8:cf:d8:
                    6f:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:79:E6:72:65:9E:78:56:E3:33:EF:63:B6:66:11:19:82:30:15:02
            X509v3 Authority Key Identifier:
                keyid:17:92:39:F9:91:3D:FC:7D:7A:AA:A9:5F:F4:C9:B6:1B:F4:2B:72:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5I5-ZE9_H16qqlf9Mm2G_QrctY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/d3149c-f4dc-4837-8b86-c612305cf089/1/k3nmcmWeeFbjM-9jtmYRGYIwFQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/d3149c-f4dc-4837-8b86-c612305cf089/1/F5I5-ZE9_H16qqlf9Mm2G_QrctY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.6.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:ae:69:53:66:23:09:59:cd:58:80:0b:cc:be:31:94:99:5f:
         c2:e8:6e:7e:0f:8d:30:61:0b:29:18:db:7d:f2:92:e0:2e:d9:
         6e:97:ef:d9:44:5d:e6:bd:26:67:24:d3:d3:85:19:6e:32:89:
         66:64:39:bf:62:42:d4:4a:ec:c1:61:cd:e5:57:1d:05:50:d7:
         43:3b:0f:be:b8:9f:c3:ac:56:b4:4c:90:17:f8:3f:18:38:3f:
         f5:4c:2c:00:63:f4:1b:ee:0e:4e:ed:d4:1d:6c:c5:d7:f7:de:
         51:b3:54:95:9d:ab:ed:02:a4:89:03:2b:e7:d7:20:eb:e6:23:
         7f:2a:ec:41:64:ed:61:85:42:ab:69:94:4c:d3:0e:8e:af:7c:
         a1:bc:7d:20:07:92:ee:4a:ff:0d:2d:e1:25:5a:c3:ba:a3:2f:
         a1:a4:39:15:26:24:ff:27:c7:4e:ff:b2:07:d0:35:96:86:7e:
         26:57:36:71:b8:3e:ca:75:bb:99:53:58:62:49:2d:1c:90:c3:
         36:a5:d7:26:f3:ba:29:5f:c7:46:ee:ad:9b:d1:67:ec:4b:fc:
         28:d2:e7:e6:3b:6c:ea:62:5f:7d:89:09:0b:1a:ef:f4:3b:b8:
         c0:01:17:df:f6:47:35:56:1c:9d:81:a7:fc:ab:08:bd:f1:0a:
         6c:95:06:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUJAs4Yj/J4C19li+W3SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTIzOWY5OTEzZGZjN2Q3YWFhYTk1ZmY0YzliNjFiZjQy
YjcyZDYwHhcNMjQwMTAxMTIzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mzc5ZTY3MjY1OWU3ODU2ZTMzM2VmNjNiNjY2MTExOTgyMzAxNTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3epIFJSCBSJYwhVRzcGQS3AadhL
fzs+wRBj9KYE8qpXtlZaz9eLCzJudNhCUdNHGoyYqpqdTg63m2FLb8kD+P1RjGMb
qhE3ne4n7UBkmU3k+QXckj8zgTunQTriXtu5O5xQ1C8km8W4k7PD9BsIW8puhnp9
XEbYOyEdjogFUDle4RdYEsAjEWb6PLqhOpnT/2P5PMRiKGfX7smaSGJDAvwrEjmy
B+mpTD/+fGFVczrzrhMZBRc9kL/Wju0auL6s4np+QDXq7wpZS0+x0VWAUkfj+oGx
VsxiuhKS3QQ+RCMggVenW9iEnNR2Fn4EroToEpD6M7Lwq1qUkVfIz9hvXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJN55nJlnnhW4zPvY7ZmERmCMBUCMB8GA1UdIwQY
MBaAFBeSOfmRPfx9eqqpX/TJthv0K3LWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVJNS1aRTlfSDE2cXFsZjlNbTJHX1FyY3RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9kMzE0OWMtZjRkYy00ODM3LThiODYt
YzYxMjMwNWNmMDg5LzEvazNubWNtV2VlRmJqTS05anRtWVJHWUl3RlFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9kMzE0OWMtZjRkYy00ODM3LThiODYtYzYxMjMwNWNmMDg5
LzEvRjVJNS1aRTlfSDE2cXFsZjlNbTJHX1FyY3RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgbhMA0G
CSqGSIb3DQEBCwUAA4IBAQBcrmlTZiMJWc1YgAvMvjGUmV/C6G5+D40wYQspGNt9
8pLgLtlul+/ZRF3mvSZnJNPThRluMolmZDm/YkLUSuzBYc3lVx0FUNdDOw++uJ/D
rFa0TJAX+D8YOD/1TCwAY/Qb7g5O7dQdbMXX995Rs1SVnavtAqSJAyvn1yDr5iN/
KuxBZO1hhUKraZRM0w6Or3yhvH0gB5LuSv8NLeElWsO6oy+hpDkVJiT/J8dO/7IH
0DWWhn4mVzZxuD7KdbuZU1hiSS0ckMM2pdcm87opX8dG7q2b0WfsS/wo0ufmO2zq
Yl99iQkLGu/0O7jAARff9kc1Vhydgaf8qwi98QpslQaS
-----END CERTIFICATE-----