Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/S62cKcBqfJi3HXs83HyB4K9qBeU.roa
File:                     S62cKcBqfJi3HXs83HyB4K9qBeU.roa (raw, json)
Hash identifier:          OHnyM7dVIOR1Nus4pVHOb/6vsmiUoxLisK9fs1v410o=
Subject key identifier:   4B:AD:9C:29:C0:6A:7C:98:B7:1D:7B:3C:DC:7C:81:E0:AF:6A:05:E5
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       018CC3B68CC9AC65CC5609943DC1E6769C96
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/S62cKcBqfJi3HXs83HyB4K9qBeU.roa
Signing time:             Mon 01 Jan 2024 06:29:29 +0000
ROA not before:           Mon 01 Jan 2024 06:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210931
IP address blocks:        93.179.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:8c:c9:ac:65:cc:56:09:94:3d:c1:e6:76:9c:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 06:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4bad9c29c06a7c98b71d7b3cdc7c81e0af6a05e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:0a:ce:28:8d:73:ce:57:46:bb:d4:a8:4d:32:
                    47:dc:f4:51:65:fc:b5:07:76:ee:ee:0a:9d:0c:e0:
                    44:31:bb:7e:c9:16:da:04:27:8f:d4:3b:ec:dd:a3:
                    cb:82:29:52:a6:be:e3:4a:d3:03:4f:a0:73:6b:d9:
                    01:76:85:ac:65:80:c5:3c:91:82:53:15:a3:dd:39:
                    68:9f:2e:e9:44:bb:35:a2:db:78:41:9a:cf:10:b4:
                    84:b8:fc:e2:12:a7:03:1b:00:94:1b:8f:7c:1e:bb:
                    d2:cb:6c:3a:bf:f9:24:46:55:82:61:08:d7:9c:fe:
                    56:80:45:31:a4:61:f3:5e:af:5f:04:d4:82:65:2b:
                    d1:5a:a0:ad:e2:36:6b:2b:86:19:d9:40:70:7b:81:
                    dc:53:df:08:b9:ba:65:6b:96:c4:80:a4:cd:16:c2:
                    45:17:69:38:70:63:c8:f2:af:59:7b:39:c9:65:2e:
                    0d:81:7d:3e:38:b2:c0:ad:52:02:90:4a:40:ad:10:
                    af:a0:41:74:a1:59:d0:4a:0a:62:ce:df:8e:49:ca:
                    fb:de:e4:77:6d:e2:66:1e:6b:ff:0f:97:36:38:67:
                    36:2b:cb:16:a9:9c:f0:4f:df:78:4d:81:2e:fe:f8:
                    2c:33:90:41:97:1e:cd:d8:b3:af:a3:50:83:7e:1c:
                    b3:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:AD:9C:29:C0:6A:7C:98:B7:1D:7B:3C:DC:7C:81:E0:AF:6A:05:E5
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/S62cKcBqfJi3HXs83HyB4K9qBeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.179.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:55:30:54:75:80:8d:47:f8:64:8f:62:e9:13:7b:b4:2e:8c:
         3f:49:97:d1:e9:f7:68:30:4f:1b:f3:41:82:c6:8f:d9:a6:ff:
         74:84:26:e6:70:25:4e:1d:c2:1c:cb:8d:08:a1:e2:76:36:01:
         93:cf:90:70:7f:5a:72:41:54:48:07:d6:76:5a:fa:55:87:cf:
         2c:e5:40:e8:3b:2a:fc:ef:24:28:35:43:8a:2e:af:6a:b7:b0:
         41:bb:92:ee:9d:c6:a8:23:4d:da:44:15:f0:1a:e8:f6:19:70:
         8e:d9:77:47:78:82:13:b0:67:ce:d9:84:84:10:5b:ef:f3:e6:
         b8:06:f2:e6:d3:84:da:cd:d1:a8:bb:95:6f:be:90:33:a1:25:
         e0:5c:6e:9e:fd:6b:35:1d:4e:bc:06:9e:6b:f2:f0:9b:34:b5:
         49:72:f6:38:8c:86:d5:fa:66:b1:43:6d:58:01:d4:18:0a:18:
         3d:67:29:84:ad:28:48:3b:ef:88:f2:2c:17:6f:a2:af:4e:0d:
         2f:51:37:81:c6:29:e7:21:c2:a8:ca:76:a7:44:dd:5b:ed:83:
         cf:7e:27:30:d9:20:cf:8d:f5:b5:81:44:c0:01:4d:fe:0e:ba:
         c7:78:2d:1f:4d:03:02:c8:54:5c:c6:2c:68:26:c8:94:d0:da:
         77:3e:99:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtozJrGXMVgmUPcHmdpyWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjQwMTAxMDYyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmFkOWMyOWMwNmE3Yzk4YjcxZDdiM2NkYzdjODFlMGFmNmEwNWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3grOKI1zzldGu9SoTTJH3PRRZfy1
B3bu7gqdDOBEMbt+yRbaBCeP1Dvs3aPLgilSpr7jStMDT6Bza9kBdoWsZYDFPJGC
UxWj3Tlony7pRLs1ott4QZrPELSEuPziEqcDGwCUG498HrvSy2w6v/kkRlWCYQjX
nP5WgEUxpGHzXq9fBNSCZSvRWqCt4jZrK4YZ2UBwe4HcU98Iubpla5bEgKTNFsJF
F2k4cGPI8q9ZeznJZS4NgX0+OLLArVICkEpArRCvoEF0oVnQSgpizt+OScr73uR3
beJmHmv/D5c2OGc2K8sWqZzwT994TYEu/vgsM5BBlx7N2LOvo1CDfhyzaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEutnCnAanyYtx17PNx8geCvagXlMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvUzYyY0tjQnFmSmkzSFhzODNIeUI0SzlxQmVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbN4MA0G
CSqGSIb3DQEBCwUAA4IBAQC9VTBUdYCNR/hkj2LpE3u0Low/SZfR6fdoME8b80GC
xo/Zpv90hCbmcCVOHcIcy40IoeJ2NgGTz5Bwf1pyQVRIB9Z2WvpVh88s5UDoOyr8
7yQoNUOKLq9qt7BBu5LuncaoI03aRBXwGuj2GXCO2XdHeIITsGfO2YSEEFvv8+a4
BvLm04TazdGou5VvvpAzoSXgXG6e/Ws1HU68Bp5r8vCbNLVJcvY4jIbV+maxQ21Y
AdQYChg9ZymErShIO++I8iwXb6KvTg0vUTeBxinnIcKoynanRN1b7YPPficw2SDP
jfW1gUTAAU3+DrrHeC0fTQMCyFRcxixoJsiU0Np3Ppn4
-----END CERTIFICATE-----