Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/cmrzKF6HH-6lg5fEkbuRsWbGMzM.roa
File:                     cmrzKF6HH-6lg5fEkbuRsWbGMzM.roa (raw, json)
Hash identifier:          WLLurSxFTkcBmmQadbQbtkILI9vOk7zZ+N0WjUeTeWY=
Subject key identifier:   72:6A:F3:28:5E:87:1F:EE:A5:83:97:C4:91:BB:91:B1:66:C6:33:33
Certificate issuer:       /CN=61e6ea83926bc478c785471d805a5c1210a8c993
Certificate serial:       0192D2FFA653E5E747BE51F04C51C2CF0B76
Authority key identifier: 61:E6:EA:83:92:6B:C4:78:C7:85:47:1D:80:5A:5C:12:10:A8:C9:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yebqg5JrxHjHhUcdgFpcEhCoyZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/cmrzKF6HH-6lg5fEkbuRsWbGMzM.roa
Signing time:             Mon 28 Oct 2024 12:00:22 +0000
ROA not before:           Mon 28 Oct 2024 12:00:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35273
IP address blocks:        193.110.174.0/23 maxlen: 23
                          195.238.112.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/Yebqg5JrxHjHhUcdgFpcEhCoyZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/Yebqg5JrxHjHhUcdgFpcEhCoyZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yebqg5JrxHjHhUcdgFpcEhCoyZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d2:ff:a6:53:e5:e7:47:be:51:f0:4c:51:c2:cf:0b:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61e6ea83926bc478c785471d805a5c1210a8c993
        Validity
            Not Before: Oct 28 12:00:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=726af3285e871feea58397c491bb91b166c63333
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:00:e7:0a:19:7d:fa:09:8b:da:07:4e:f2:66:
                    8a:83:b3:29:d7:ff:f6:66:39:6a:ac:09:ef:83:33:
                    c8:d3:b3:6c:bf:f3:36:96:f2:cb:a9:32:a5:10:2b:
                    f0:4e:f4:17:de:a1:6e:52:9c:4f:dc:77:32:98:e7:
                    cf:64:07:a2:47:2d:aa:d1:16:d4:07:ce:1b:f4:64:
                    81:d7:5d:fb:94:c2:96:82:03:12:14:55:78:b8:42:
                    59:67:b8:1c:7c:5c:07:cc:ff:b5:34:c9:11:f4:f5:
                    33:18:1f:55:9b:a2:6d:34:4d:b6:c4:7b:07:f4:a2:
                    be:b8:a1:e9:6e:10:ed:02:25:11:0c:80:08:e0:29:
                    b1:7b:71:8b:3e:2d:04:61:40:54:09:b6:f7:ab:dc:
                    e3:f5:51:a8:da:f8:bb:6f:19:74:77:e8:df:0a:9a:
                    4c:4d:cc:b6:da:a4:be:78:5b:b0:40:49:c0:0a:a2:
                    44:40:88:0d:4c:bc:7e:71:32:30:85:c5:38:30:41:
                    ae:c4:df:74:46:3c:83:d6:28:a4:4b:91:30:b0:36:
                    74:69:c5:64:80:aa:ef:a7:0a:1c:23:b7:42:ee:5f:
                    3b:71:7d:d8:aa:7a:97:99:3d:3f:89:7e:9d:24:cb:
                    d7:57:66:a7:d0:0e:25:7c:65:96:60:2b:cb:99:50:
                    8b:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:6A:F3:28:5E:87:1F:EE:A5:83:97:C4:91:BB:91:B1:66:C6:33:33
            X509v3 Authority Key Identifier:
                keyid:61:E6:EA:83:92:6B:C4:78:C7:85:47:1D:80:5A:5C:12:10:A8:C9:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yebqg5JrxHjHhUcdgFpcEhCoyZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/cmrzKF6HH-6lg5fEkbuRsWbGMzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/Yebqg5JrxHjHhUcdgFpcEhCoyZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.174.0/23
                  195.238.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:62:0b:8b:63:d6:56:bb:97:8c:ea:8e:08:11:5b:b9:f3:26:
         69:5d:ae:76:a9:51:03:1b:88:6c:d9:cb:48:a8:a9:44:68:7a:
         25:bd:b8:a7:40:78:0e:b0:62:2f:f8:29:99:63:07:95:41:56:
         53:3c:c7:52:3c:9b:4d:63:19:05:2b:8c:f1:74:00:33:c8:80:
         b3:b4:06:5c:3c:37:d4:25:c3:99:76:fd:ca:29:c1:fd:bb:3b:
         91:ad:83:04:bd:a4:bd:cf:d7:1d:e5:b2:3a:b1:f0:ab:6b:1a:
         cb:ee:c3:d1:db:8f:67:5b:b1:76:1d:a8:05:e1:24:ec:3b:e7:
         e8:02:00:e1:10:f8:aa:de:12:da:98:2b:f3:eb:c0:d0:97:55:
         5e:6e:3c:a0:73:8e:2c:00:4c:d5:73:ca:c1:b6:9e:54:ac:e3:
         ca:6e:13:91:9e:f4:47:0d:9d:b6:8e:23:26:dd:75:44:bb:f8:
         20:1e:20:1b:cf:f6:52:ba:73:b2:64:27:d0:99:bd:2a:0d:0f:
         60:90:29:79:d4:e0:09:72:ff:61:6f:0c:b2:b7:6e:1d:19:af:
         0d:23:83:9d:27:5d:ec:cc:bf:f4:39:62:f1:bc:48:e5:12:97:
         d8:d6:1b:58:de:d6:e8:81:98:d7:97:49:0d:2b:1e:ef:20:c6:
         e9:a9:4e:51
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLS/6ZT5edHvlHwTFHCzwt2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxZTZlYTgzOTI2YmM0NzhjNzg1NDcxZDgwNWE1YzEyMTBh
OGM5OTMwHhcNMjQxMDI4MTIwMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjZhZjMyODVlODcxZmVlYTU4Mzk3YzQ5MWJiOTFiMTY2YzYzMzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogDnChl9+gmL2gdO8maKg7Mp1//2
ZjlqrAnvgzPI07Nsv/M2lvLLqTKlECvwTvQX3qFuUpxP3HcymOfPZAeiRy2q0RbU
B84b9GSB1137lMKWggMSFFV4uEJZZ7gcfFwHzP+1NMkR9PUzGB9Vm6JtNE22xHsH
9KK+uKHpbhDtAiURDIAI4Cmxe3GLPi0EYUBUCbb3q9zj9VGo2vi7bxl0d+jfCppM
Tcy22qS+eFuwQEnACqJEQIgNTLx+cTIwhcU4MEGuxN90RjyD1iikS5EwsDZ0acVk
gKrvpwocI7dC7l87cX3YqnqXmT0/iX6dJMvXV2an0A4lfGWWYCvLmVCLawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHJq8yhehx/upYOXxJG7kbFmxjMzMB8GA1UdIwQY
MBaAFGHm6oOSa8R4x4VHHYBaXBIQqMmTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWVicWc1SnJ4SGpIaFVjZGdGcGNFaENveVpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83NGJmNDEtZDZhNy00ZmI1LTgwMWMt
MzNjYzNhZGIxZTc4LzEvY21yektGNkhILTZsZzVmRWtidVJzV2JHTXpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83NGJmNDEtZDZhNy00ZmI1LTgwMWMtMzNjYzNhZGIxZTc4
LzEvWWVicWc1SnJ4SGpIaFVjZGdGcGNFaENveVpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwW6uAwQC
w+5wMA0GCSqGSIb3DQEBCwUAA4IBAQByYguLY9ZWu5eM6o4IEVu58yZpXa52qVED
G4hs2ctIqKlEaHolvbinQHgOsGIv+CmZYweVQVZTPMdSPJtNYxkFK4zxdAAzyICz
tAZcPDfUJcOZdv3KKcH9uzuRrYMEvaS9z9cd5bI6sfCraxrL7sPR249nW7F2HagF
4STsO+foAgDhEPiq3hLamCvz68DQl1Vebjygc44sAEzVc8rBtp5UrOPKbhORnvRH
DZ22jiMm3XVEu/ggHiAbz/ZSunOyZCfQmb0qDQ9gkCl51OAJcv9hbwyyt24dGa8N
I4OdJ13szL/0OWLxvEjlEpfY1htY3tbogZjXl0kNKx7vIMbpqU5R
-----END CERTIFICATE-----