Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/4ab5cb-5234-4b40-b2c6-7de42e118ded/1/x41mnXzca0tQJmBtLzY0Rdm1XI0.roa
File:                     x41mnXzca0tQJmBtLzY0Rdm1XI0.roa (raw, json)
Hash identifier:          d2DbpS346CZXrDnYPiK0FbQl+oOo8gno0pbv020usIc=
Subject key identifier:   C7:8D:66:9D:7C:DC:6B:4B:50:26:60:6D:2F:36:34:45:D9:B5:5C:8D
Certificate issuer:       /CN=8cd150ff1fbcd42a93eb4ddf43ca71c7be3c7288
Certificate serial:       018CC8DE7B7C8E6DF535E18FB3ABF544E0AD
Authority key identifier: 8C:D1:50:FF:1F:BC:D4:2A:93:EB:4D:DF:43:CA:71:C7:BE:3C:72:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jNFQ_x-81CqT603fQ8pxx748cog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/4ab5cb-5234-4b40-b2c6-7de42e118ded/1/x41mnXzca0tQJmBtLzY0Rdm1XI0.roa
Signing time:             Tue 02 Jan 2024 06:31:12 +0000
ROA not before:           Tue 02 Jan 2024 06:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50475
IP address blocks:        193.105.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/4ab5cb-5234-4b40-b2c6-7de42e118ded/1/jNFQ_x-81CqT603fQ8pxx748cog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/4ab5cb-5234-4b40-b2c6-7de42e118ded/1/jNFQ_x-81CqT603fQ8pxx748cog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jNFQ_x-81CqT603fQ8pxx748cog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:7b:7c:8e:6d:f5:35:e1:8f:b3:ab:f5:44:e0:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8cd150ff1fbcd42a93eb4ddf43ca71c7be3c7288
        Validity
            Not Before: Jan  2 06:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c78d669d7cdc6b4b5026606d2f363445d9b55c8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:2b:87:71:1f:71:9d:5a:a7:a3:b9:7e:5b:69:
                    9c:d2:22:91:a1:3f:5c:11:90:09:83:86:5a:bd:c5:
                    b4:51:c0:42:37:7d:f1:2a:d7:bb:1a:fd:bb:e6:2b:
                    6f:cd:e8:2f:49:4d:07:9a:75:4e:7f:2d:3b:05:80:
                    28:c3:65:ab:cd:6e:99:dc:44:24:9a:ff:7e:62:db:
                    3f:84:c7:a5:b9:ba:6a:8f:07:18:f7:56:61:50:0f:
                    f2:ca:c0:ca:36:3d:24:c3:4f:fa:68:ee:99:e2:1f:
                    3a:b6:73:2c:6e:81:18:e2:8a:fd:51:63:5f:83:09:
                    17:13:b2:99:4e:06:02:e1:c4:b6:26:f4:b7:58:d1:
                    f3:d4:07:db:06:0f:80:1f:6e:d3:e5:68:d4:d6:f9:
                    c6:40:dd:3d:54:bf:da:d2:28:a8:6a:fe:2d:f5:af:
                    fb:c0:0b:81:9a:87:64:f8:26:e2:6b:47:3b:fc:90:
                    19:83:d8:33:75:8b:b2:bf:56:88:bd:8b:5d:5b:5e:
                    6c:09:df:44:fc:29:7f:bd:01:4d:7e:fe:18:6e:ef:
                    5d:26:26:0c:15:01:a5:04:33:6a:a6:50:ff:b1:90:
                    15:cd:c8:70:b1:c9:1c:66:74:0e:d8:c8:98:01:58:
                    6b:24:05:09:2b:dd:53:ba:a0:a8:58:54:fc:ea:f5:
                    4e:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:8D:66:9D:7C:DC:6B:4B:50:26:60:6D:2F:36:34:45:D9:B5:5C:8D
            X509v3 Authority Key Identifier:
                keyid:8C:D1:50:FF:1F:BC:D4:2A:93:EB:4D:DF:43:CA:71:C7:BE:3C:72:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jNFQ_x-81CqT603fQ8pxx748cog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/4ab5cb-5234-4b40-b2c6-7de42e118ded/1/x41mnXzca0tQJmBtLzY0Rdm1XI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/4ab5cb-5234-4b40-b2c6-7de42e118ded/1/jNFQ_x-81CqT603fQ8pxx748cog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:f4:07:0e:b0:b1:be:98:29:d5:42:7c:b3:ee:52:6c:58:9a:
         6a:3c:7b:b0:27:35:6c:3f:a0:23:31:b6:c1:39:db:05:80:eb:
         8e:22:c1:a4:48:90:c8:59:56:f8:6b:17:fc:c2:19:c4:21:94:
         54:c3:c8:f0:85:d4:04:0c:41:25:dc:df:e6:24:a2:4f:d9:26:
         eb:0c:ad:9f:1a:79:82:6c:91:ea:f5:7e:ca:d5:61:47:fd:6f:
         45:3a:8e:1f:93:81:7b:b0:60:a4:db:36:27:6b:c9:92:21:4d:
         42:70:e2:ee:a2:f2:24:9e:58:c4:12:e1:d6:90:ff:ac:69:4c:
         02:1d:27:43:ef:41:fd:c4:55:b4:06:d3:e5:9e:64:4a:d2:51:
         50:a3:ed:5c:1b:f7:6d:79:36:f3:76:2e:91:a4:94:f5:9a:86:
         2a:0b:5d:c2:97:6b:a1:c7:85:dd:f2:7a:5f:bf:ca:e2:4d:15:
         e4:61:5b:75:8b:a1:08:bd:8b:6c:af:3c:8c:6b:33:cf:45:b9:
         77:8d:f5:5b:12:2b:aa:b4:b4:44:1b:5c:e6:13:62:b5:6f:7b:
         e3:2f:15:38:c4:39:db:e7:cd:b4:f7:07:e0:40:c5:85:e8:7d:
         89:37:49:2c:49:ef:28:b6:6d:29:4b:bc:90:12:e5:b8:9f:d1:
         5b:6c:d5:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3nt8jm31NeGPs6v1ROCtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZDE1MGZmMWZiY2Q0MmE5M2ViNGRkZjQzY2E3MWM3YmUz
YzcyODgwHhcNMjQwMTAyMDYzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzhkNjY5ZDdjZGM2YjRiNTAyNjYwNmQyZjM2MzQ0NWQ5YjU1YzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyuHcR9xnVqno7l+W2mc0iKRoT9c
EZAJg4ZavcW0UcBCN33xKte7Gv275itvzegvSU0HmnVOfy07BYAow2WrzW6Z3EQk
mv9+Yts/hMelubpqjwcY91ZhUA/yysDKNj0kw0/6aO6Z4h86tnMsboEY4or9UWNf
gwkXE7KZTgYC4cS2JvS3WNHz1AfbBg+AH27T5WjU1vnGQN09VL/a0iioav4t9a/7
wAuBmodk+Cbia0c7/JAZg9gzdYuyv1aIvYtdW15sCd9E/Cl/vQFNfv4Ybu9dJiYM
FQGlBDNqplD/sZAVzchwsckcZnQO2MiYAVhrJAUJK91TuqCoWFT86vVOzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMeNZp183GtLUCZgbS82NEXZtVyNMB8GA1UdIwQY
MBaAFIzRUP8fvNQqk+tN30PKcce+PHKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak5GUV94LTgxQ3FUNjAzZlE4cHh4NzQ4Y29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni80YWI1Y2ItNTIzNC00YjQwLWIyYzYt
N2RlNDJlMTE4ZGVkLzEveDQxbW5YemNhMHRRSm1CdEx6WTBSZG0xWEkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni80YWI1Y2ItNTIzNC00YjQwLWIyYzYtN2RlNDJlMTE4ZGVk
LzEvak5GUV94LTgxQ3FUNjAzZlE4cHh4NzQ4Y29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWk4MA0G
CSqGSIb3DQEBCwUAA4IBAQAv9AcOsLG+mCnVQnyz7lJsWJpqPHuwJzVsP6AjMbbB
OdsFgOuOIsGkSJDIWVb4axf8whnEIZRUw8jwhdQEDEEl3N/mJKJP2SbrDK2fGnmC
bJHq9X7K1WFH/W9FOo4fk4F7sGCk2zYna8mSIU1CcOLuovIknljEEuHWkP+saUwC
HSdD70H9xFW0BtPlnmRK0lFQo+1cG/dteTbzdi6RpJT1moYqC13Cl2uhx4Xd8npf
v8riTRXkYVt1i6EIvYtsrzyMazPPRbl3jfVbEiuqtLREG1zmE2K1b3vjLxU4xDnb
58209wfgQMWF6H2JN0ksSe8otm0pS7yQEuW4n9FbbNWY
-----END CERTIFICATE-----