Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/5c92d1-41e5-443e-a250-01baf78ec73f/1/mFuhnZUkeDGT8o4gYDcs3Hg2H2o.roa
File:                     mFuhnZUkeDGT8o4gYDcs3Hg2H2o.roa (raw, json)
Hash identifier:          OSY7eDraQxHqvBGXL4gNoNoDYFnImBvsM3ay3NATKPo=
Subject key identifier:   98:5B:A1:9D:95:24:78:31:93:F2:8E:20:60:37:2C:DC:78:36:1F:6A
Certificate issuer:       /CN=b6321eebf4f95be9f81f0f233f89f3602d2f0074
Certificate serial:       018CC4924462F5F08737A4DD80B12D0412B3
Authority key identifier: B6:32:1E:EB:F4:F9:5B:E9:F8:1F:0F:23:3F:89:F3:60:2D:2F:00:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tjIe6_T5W-n4Hw8jP4nzYC0vAHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/5c92d1-41e5-443e-a250-01baf78ec73f/1/mFuhnZUkeDGT8o4gYDcs3Hg2H2o.roa
Signing time:             Mon 01 Jan 2024 10:29:29 +0000
ROA not before:           Mon 01 Jan 2024 10:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39326
IP address blocks:        193.151.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/5c92d1-41e5-443e-a250-01baf78ec73f/1/tjIe6_T5W-n4Hw8jP4nzYC0vAHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/5c92d1-41e5-443e-a250-01baf78ec73f/1/tjIe6_T5W-n4Hw8jP4nzYC0vAHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tjIe6_T5W-n4Hw8jP4nzYC0vAHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:44:62:f5:f0:87:37:a4:dd:80:b1:2d:04:12:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6321eebf4f95be9f81f0f233f89f3602d2f0074
        Validity
            Not Before: Jan  1 10:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=985ba19d9524783193f28e2060372cdc78361f6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:35:62:c2:f0:c0:95:28:35:35:4d:ea:eb:65:
                    7c:a7:a6:86:a3:55:37:5b:b4:54:d7:9e:50:12:0e:
                    e2:57:17:e3:0a:f2:48:48:75:6a:01:18:bd:df:1f:
                    7c:1f:4a:72:a7:db:7e:7a:1c:18:85:84:6c:c5:48:
                    50:ae:4e:20:25:10:3b:46:31:6f:4d:61:fd:00:a3:
                    00:68:73:b3:e3:2d:1e:49:53:c8:4d:3b:7d:48:2e:
                    12:41:07:e1:9f:e7:4a:67:75:f7:eb:21:80:62:1d:
                    23:e8:6b:0d:0c:52:7b:a6:be:7a:1b:8c:9f:9c:73:
                    27:17:a0:1f:84:0f:a6:06:cd:6a:18:26:bd:0b:8e:
                    62:3c:dd:fa:25:cf:11:93:66:e9:a2:21:40:ec:4c:
                    78:ab:ed:ee:5c:2a:44:50:bd:a7:25:55:52:30:a8:
                    9c:7e:90:c7:96:ab:28:6b:73:9f:ce:1f:09:bf:d4:
                    dd:aa:59:d9:99:5a:6b:1b:61:d3:a0:cb:f0:45:3e:
                    34:e4:fb:4c:86:fa:be:47:a0:e0:9a:2f:a2:42:f1:
                    45:1d:98:50:35:50:78:bb:f5:78:4b:5a:a0:39:45:
                    3e:c6:c3:35:86:75:07:89:9f:a6:e0:0b:89:ea:65:
                    75:f6:12:36:cc:d7:5d:d7:63:3d:a3:47:e4:cc:ac:
                    5b:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:5B:A1:9D:95:24:78:31:93:F2:8E:20:60:37:2C:DC:78:36:1F:6A
            X509v3 Authority Key Identifier:
                keyid:B6:32:1E:EB:F4:F9:5B:E9:F8:1F:0F:23:3F:89:F3:60:2D:2F:00:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tjIe6_T5W-n4Hw8jP4nzYC0vAHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5c92d1-41e5-443e-a250-01baf78ec73f/1/mFuhnZUkeDGT8o4gYDcs3Hg2H2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5c92d1-41e5-443e-a250-01baf78ec73f/1/tjIe6_T5W-n4Hw8jP4nzYC0vAHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:7c:5c:35:8a:9f:bf:97:ee:cc:8c:51:57:cf:7e:c1:ff:90:
         92:90:a0:9d:16:06:c4:fe:73:76:bd:f5:83:26:88:8c:1e:6b:
         bf:3e:d0:1d:3a:d2:ec:f5:35:56:6f:b9:02:e2:89:e6:ef:b3:
         39:3a:eb:31:df:e0:7b:d9:3f:66:1e:9b:28:66:f0:e0:39:29:
         a4:c1:ff:2d:3a:52:41:8c:7c:96:ba:94:4e:39:72:0b:fe:0c:
         b3:f5:4b:7b:9f:a8:ab:30:ac:20:72:c8:41:ed:52:20:ee:a3:
         c3:dd:5d:76:ff:66:36:4b:a8:20:06:3a:15:9c:7b:7a:78:14:
         4c:38:9e:b1:bb:fc:b6:e2:13:a6:e6:96:5e:54:03:45:9b:e5:
         3c:77:3e:6f:4b:19:23:f8:3b:95:e7:06:84:11:cb:14:2f:e7:
         f7:ee:37:9f:5c:0b:6f:a9:30:a2:fc:8f:66:dd:29:35:27:fe:
         c7:bd:91:8b:a7:fe:4b:e4:32:66:55:6f:a2:7e:46:57:60:e3:
         c9:8d:7f:66:6f:b7:ec:a7:e8:5f:16:06:54:1f:c0:a0:45:52:
         05:40:18:1c:04:1d:1c:c5:9e:02:0d:f7:2a:e2:f2:c8:37:fd:
         1d:42:1e:f3:7e:f7:fb:fd:ab:9a:e5:67:fd:95:b4:3a:4a:54:
         a8:0f:33:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkkRi9fCHN6TdgLEtBBKzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MzIxZWViZjRmOTViZTlmODFmMGYyMzNmODlmMzYwMmQy
ZjAwNzQwHhcNMjQwMTAxMTAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODViYTE5ZDk1MjQ3ODMxOTNmMjhlMjA2MDM3MmNkYzc4MzYxZjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jViwvDAlSg1NU3q62V8p6aGo1U3
W7RU155QEg7iVxfjCvJISHVqARi93x98H0pyp9t+ehwYhYRsxUhQrk4gJRA7RjFv
TWH9AKMAaHOz4y0eSVPITTt9SC4SQQfhn+dKZ3X36yGAYh0j6GsNDFJ7pr56G4yf
nHMnF6AfhA+mBs1qGCa9C45iPN36Jc8Rk2bpoiFA7Ex4q+3uXCpEUL2nJVVSMKic
fpDHlqsoa3Ofzh8Jv9TdqlnZmVprG2HToMvwRT405PtMhvq+R6Dgmi+iQvFFHZhQ
NVB4u/V4S1qgOUU+xsM1hnUHiZ+m4AuJ6mV19hI2zNdd12M9o0fkzKxbRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJhboZ2VJHgxk/KOIGA3LNx4Nh9qMB8GA1UdIwQY
MBaAFLYyHuv0+Vvp+B8PIz+J82AtLwB0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGpJZTZfVDVXLW40SHc4alA0bnpZQzB2QUhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi81YzkyZDEtNDFlNS00NDNlLWEyNTAt
MDFiYWY3OGVjNzNmLzEvbUZ1aG5aVWtlREdUOG80Z1lEY3MzSGcySDJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi81YzkyZDEtNDFlNS00NDNlLWEyNTAtMDFiYWY3OGVjNzNm
LzEvdGpJZTZfVDVXLW40SHc4alA0bnpZQzB2QUhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZd8MA0G
CSqGSIb3DQEBCwUAA4IBAQBGfFw1ip+/l+7MjFFXz37B/5CSkKCdFgbE/nN2vfWD
JoiMHmu/PtAdOtLs9TVWb7kC4onm77M5Ousx3+B72T9mHpsoZvDgOSmkwf8tOlJB
jHyWupROOXIL/gyz9Ut7n6irMKwgcshB7VIg7qPD3V12/2Y2S6ggBjoVnHt6eBRM
OJ6xu/y24hOm5pZeVANFm+U8dz5vSxkj+DuV5waEEcsUL+f37jefXAtvqTCi/I9m
3Sk1J/7HvZGLp/5L5DJmVW+ifkZXYOPJjX9mb7fsp+hfFgZUH8CgRVIFQBgcBB0c
xZ4CDfcq4vLIN/0dQh7zfvf7/aua5Wf9lbQ6SlSoDzNE
-----END CERTIFICATE-----