Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/61D0OOHAAy7r3KsFhPv5je68mVc.roa
File:                     61D0OOHAAy7r3KsFhPv5je68mVc.roa (raw, json)
Hash identifier:          yru04lnRe3O4J3tlxrwgK4U6GkEC+VXywBfIVPe3IW8=
Subject key identifier:   EB:50:F4:38:E1:C0:03:2E:EB:DC:AB:05:84:FB:F9:8D:EE:BC:99:57
Certificate issuer:       /CN=26a5aa918cbfeb3e12997f33890feb258907b343
Certificate serial:       018CC500E0E140945CDC8D9407120D7319EC
Authority key identifier: 26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/61D0OOHAAy7r3KsFhPv5je68mVc.roa
Signing time:             Mon 01 Jan 2024 12:30:18 +0000
ROA not before:           Mon 01 Jan 2024 12:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34360
IP address blocks:        93.157.96.0/21 maxlen: 24
                          213.108.56.0/21 maxlen: 24
                          2a01:4660::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:e0:e1:40:94:5c:dc:8d:94:07:12:0d:73:19:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26a5aa918cbfeb3e12997f33890feb258907b343
        Validity
            Not Before: Jan  1 12:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb50f438e1c0032eebdcab0584fbf98deebc9957
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:81:2a:3e:e6:ba:18:19:bd:b8:94:ce:df:3f:
                    32:d0:4b:9d:2a:de:07:66:78:53:15:61:53:20:6b:
                    86:7d:dc:2b:59:32:dd:eb:da:83:2b:fa:c9:b4:08:
                    4f:52:43:3b:5d:8a:df:30:52:f6:3f:47:eb:ac:37:
                    df:a0:fa:dc:56:c8:25:2e:55:c9:03:18:13:ed:76:
                    53:bb:85:d8:40:d1:9d:12:47:c5:36:9f:b9:62:d1:
                    0b:9e:58:73:1a:87:e3:59:35:f6:87:87:89:8f:08:
                    3a:60:1c:5d:98:48:3b:52:8f:66:e9:ff:26:ce:24:
                    7a:52:02:e7:4b:87:90:04:7f:b0:77:9d:06:5f:af:
                    fa:79:80:2f:56:eb:75:d2:d7:14:a8:21:14:07:a6:
                    ab:8e:95:7b:65:63:8f:7d:b8:51:ab:a0:8d:dd:93:
                    bc:e3:9e:35:ab:5a:cc:3c:40:b5:e7:57:ce:d3:ce:
                    52:b6:30:1f:94:a5:cf:1d:85:d6:67:0d:ae:da:e7:
                    7e:60:e9:39:39:36:92:26:ca:7d:6c:d3:ac:37:c1:
                    25:64:71:88:c7:22:1c:63:07:81:3a:f3:13:3f:54:
                    af:9a:77:63:ca:1f:19:a0:df:08:18:f7:be:9b:01:
                    2a:e2:b3:77:76:34:05:8d:ec:4f:92:7e:2a:64:71:
                    26:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:50:F4:38:E1:C0:03:2E:EB:DC:AB:05:84:FB:F9:8D:EE:BC:99:57
            X509v3 Authority Key Identifier:
                keyid:26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/61D0OOHAAy7r3KsFhPv5je68mVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.157.96.0/21
                  213.108.56.0/21
                IPv6:
                  2a01:4660::/32

    Signature Algorithm: sha256WithRSAEncryption
         a8:2c:40:01:32:da:ce:e3:33:86:32:49:d4:86:55:dc:1a:47:
         c8:88:92:f3:d0:f5:b8:bf:62:d7:1f:83:00:09:a1:0f:58:20:
         78:e2:bf:7a:b9:7d:df:67:b4:aa:8d:00:50:80:51:d5:a7:ca:
         97:76:8a:7b:49:04:cf:54:b5:aa:96:7f:5b:fc:d8:8f:e7:00:
         d6:ea:8b:eb:5d:5b:79:7d:5a:d8:11:0a:2f:ca:a4:32:61:c6:
         71:2f:fc:1a:ef:d8:bf:53:2d:80:c8:fa:a6:02:59:ab:b0:d5:
         91:e1:c0:3c:d8:33:39:78:5a:33:f3:a6:a4:aa:12:1d:4c:4f:
         65:b8:7b:ee:de:00:4f:cb:02:d4:9a:8f:a4:32:5c:ca:0b:ef:
         85:39:ce:ae:e0:ed:f8:5a:39:42:fb:f9:16:95:3e:83:a0:ab:
         1a:13:e2:a7:6b:36:ee:0c:4e:4a:b9:51:32:1b:88:66:36:24:
         9d:a1:d4:ae:92:03:7b:24:ef:9e:b8:a8:9d:c4:e4:e3:ba:92:
         fb:7b:6d:09:0b:1a:15:ab:85:21:6f:e1:7b:1c:af:4a:7e:b3:
         09:ea:16:06:cc:13:1e:1e:1a:bd:f8:0e:ce:d6:9c:0a:f3:66:
         c1:08:c6:0f:9e:f1:69:2e:38:a0:24:41:f0:45:3c:37:e6:d2:
         52:5d:da:2d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFAODhQJRc3I2UBxINcxnsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YTVhYTkxOGNiZmViM2UxMjk5N2YzMzg5MGZlYjI1ODkw
N2IzNDMwHhcNMjQwMTAxMTIzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjUwZjQzOGUxYzAwMzJlZWJkY2FiMDU4NGZiZjk4ZGVlYmM5OTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4EqPua6GBm9uJTO3z8y0EudKt4H
ZnhTFWFTIGuGfdwrWTLd69qDK/rJtAhPUkM7XYrfMFL2P0frrDffoPrcVsglLlXJ
AxgT7XZTu4XYQNGdEkfFNp+5YtELnlhzGofjWTX2h4eJjwg6YBxdmEg7Uo9m6f8m
ziR6UgLnS4eQBH+wd50GX6/6eYAvVut10tcUqCEUB6arjpV7ZWOPfbhRq6CN3ZO8
4541q1rMPEC151fO085StjAflKXPHYXWZw2u2ud+YOk5OTaSJsp9bNOsN8ElZHGI
xyIcYweBOvMTP1Svmndjyh8ZoN8IGPe+mwEq4rN3djQFjexPkn4qZHEmPwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOtQ9DjhwAMu69yrBYT7+Y3uvJlXMB8GA1UdIwQY
MBaAFCalqpGMv+s+Epl/M4kP6yWJB7NDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnFXcWtZeV82ejRTbVg4emlRX3JKWWtIczBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8xNDMzZWEtMTA4MC00NmU1LWI2MTIt
Mjk3ZTI4MmQ2NmE4LzEvNjFEME9PSEFBeTdyM0tzRmhQdjVqZTY4bVZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8xNDMzZWEtMTA4MC00NmU1LWI2MTItMjk3ZTI4MmQ2NmE4
LzEvSnFXcWtZeV82ejRTbVg4emlRX3JKWWtIczBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDXZ1gAwQD
1Ww4MA0EAgACMAcDBQAqAUZgMA0GCSqGSIb3DQEBCwUAA4IBAQCoLEABMtrO4zOG
MknUhlXcGkfIiJLz0PW4v2LXH4MACaEPWCB44r96uX3fZ7SqjQBQgFHVp8qXdop7
SQTPVLWqln9b/NiP5wDW6ovrXVt5fVrYEQovyqQyYcZxL/wa79i/Uy2AyPqmAlmr
sNWR4cA82DM5eFoz86akqhIdTE9luHvu3gBPywLUmo+kMlzKC++FOc6u4O34WjlC
+/kWlT6DoKsaE+KnazbuDE5KuVEyG4hmNiSdodSukgN7JO+euKidxOTjupL7e20J
CxoVq4Uhb+F7HK9KfrMJ6hYGzBMeHhq9+A7O1pwK82bBCMYPnvFpLjigJEHwRTw3
5tJSXdot
-----END CERTIFICATE-----