Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/g9E5BpKyj3l9HUC5D9cd6mb5TYI.roa
File:                     g9E5BpKyj3l9HUC5D9cd6mb5TYI.roa (raw, json)
Hash identifier:          GnbHntPQdV0Vb8cDc7Y6Xm6yF7UNQAsjnfM7jck5qgE=
Subject key identifier:   83:D1:39:06:92:B2:8F:79:7D:1D:40:B9:0F:D7:1D:EA:66:F9:4D:82
Certificate issuer:       /CN=e801f23ce821c264d67727536ec183537594c5f2
Certificate serial:       018CC493692AF2370C8C90080544E93D691C
Authority key identifier: E8:01:F2:3C:E8:21:C2:64:D6:77:27:53:6E:C1:83:53:75:94:C5:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/g9E5BpKyj3l9HUC5D9cd6mb5TYI.roa
Signing time:             Mon 01 Jan 2024 10:30:44 +0000
ROA not before:           Mon 01 Jan 2024 10:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2832
IP address blocks:        193.10.255.0/24 maxlen: 24
                          2001:6b0:4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 19:02:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:69:2a:f2:37:0c:8c:90:08:05:44:e9:3d:69:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e801f23ce821c264d67727536ec183537594c5f2
        Validity
            Not Before: Jan  1 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83d1390692b28f797d1d40b90fd71dea66f94d82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:c4:66:e6:de:a6:6e:45:f2:5c:01:a1:c0:a8:
                    09:75:8c:58:98:ce:0f:3b:5c:51:0f:7a:ce:b9:89:
                    fb:df:4b:c4:44:5e:3e:b6:df:96:17:aa:28:d9:9c:
                    38:c3:25:c9:61:8b:a9:a5:02:bf:56:77:5a:65:2a:
                    ea:07:0a:2f:73:c8:ae:e1:8c:74:fd:3e:f5:7b:28:
                    20:f6:2f:3f:0d:24:d0:60:62:b8:12:74:d1:c0:3f:
                    ab:f7:66:18:0f:7b:de:31:5a:18:33:43:02:7d:f8:
                    b2:30:ac:c5:eb:f0:72:3f:b5:67:6f:89:97:85:60:
                    6d:33:0a:41:f9:a2:9b:80:ea:af:4a:d4:78:14:02:
                    42:01:5d:44:03:c9:03:b3:1e:a1:35:05:e6:99:fa:
                    e2:5f:47:db:17:60:af:48:71:27:54:b4:ec:35:fe:
                    c6:6b:3c:ac:bc:2b:eb:b2:1e:e5:2f:b8:77:4e:35:
                    bb:c9:dd:78:1b:b8:74:4e:d3:c2:df:b4:9f:da:67:
                    5a:4d:26:26:1a:b3:c4:ef:ee:43:5c:39:c8:8e:b6:
                    e4:e1:36:08:63:57:7b:dd:0f:2a:10:b7:a4:24:8d:
                    3e:7b:f3:a0:c3:04:b9:34:28:6f:08:ca:fc:87:58:
                    3b:3f:fe:5a:8a:98:a6:93:43:a2:a4:85:0b:7c:07:
                    4c:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:D1:39:06:92:B2:8F:79:7D:1D:40:B9:0F:D7:1D:EA:66:F9:4D:82
            X509v3 Authority Key Identifier:
                keyid:E8:01:F2:3C:E8:21:C2:64:D6:77:27:53:6E:C1:83:53:75:94:C5:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/g9E5BpKyj3l9HUC5D9cd6mb5TYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.10.255.0/24
                IPv6:
                  2001:6b0:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:89:35:f8:4c:44:12:2f:bb:f4:e1:0b:34:28:8f:af:9f:27:
         e3:b7:e3:7c:d3:a4:6d:17:49:99:89:f6:d7:0e:5c:04:69:46:
         a0:ee:2b:f7:fa:18:02:7b:18:ad:82:a7:25:31:7d:4d:b9:28:
         1d:41:38:94:17:15:ab:39:cb:64:5f:ae:de:86:5d:1d:a4:42:
         f4:81:ac:a2:11:42:4a:72:9c:7e:04:aa:c4:3f:0c:9b:cd:84:
         f5:9a:95:39:0f:8d:a1:51:f6:00:3e:c2:c9:3e:75:56:6b:39:
         55:b2:c5:eb:69:ef:7a:e6:1e:11:be:88:49:8f:72:c2:58:ee:
         40:a7:6e:81:b9:50:7b:57:0c:18:72:77:8a:d8:0e:36:93:39:
         a1:92:d6:b7:64:6a:49:7e:7e:39:83:48:50:5d:59:c0:1a:79:
         97:7b:c0:7d:81:70:11:5b:3a:2c:2f:e4:56:26:10:0b:4d:e2:
         16:e6:ff:30:31:5c:23:a2:0c:5d:92:c2:f2:4c:e8:2e:e3:84:
         89:cc:7d:6e:a1:12:c7:5c:d8:6a:cc:ab:20:d6:f0:5e:0d:6b:
         57:a4:a4:ba:a1:e0:8f:d8:77:7d:ac:15:18:b0:4e:b9:9d:4c:
         9f:77:cf:5e:79:ac:62:d7:83:6f:36:e5:48:3f:d7:e9:d8:e1:
         02:9b:02:15
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEk2kq8jcMjJAIBUTpPWkcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MDFmMjNjZTgyMWMyNjRkNjc3Mjc1MzZlYzE4MzUzNzU5
NGM1ZjIwHhcNMjQwMTAxMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2QxMzkwNjkyYjI4Zjc5N2QxZDQwYjkwZmQ3MWRlYTY2Zjk0ZDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAisRm5t6mbkXyXAGhwKgJdYxYmM4P
O1xRD3rOuYn730vERF4+tt+WF6oo2Zw4wyXJYYuppQK/VndaZSrqBwovc8iu4Yx0
/T71eygg9i8/DSTQYGK4EnTRwD+r92YYD3veMVoYM0MCffiyMKzF6/ByP7Vnb4mX
hWBtMwpB+aKbgOqvStR4FAJCAV1EA8kDsx6hNQXmmfriX0fbF2CvSHEnVLTsNf7G
azysvCvrsh7lL7h3TjW7yd14G7h0TtPC37Sf2mdaTSYmGrPE7+5DXDnIjrbk4TYI
Y1d73Q8qELekJI0+e/OgwwS5NChvCMr8h1g7P/5aipimk0OipIULfAdMkQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIPROQaSso95fR1AuQ/XHepm+U2CMB8GA1UdIwQY
MBaAFOgB8jzoIcJk1ncnU27Bg1N1lMXyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkFIeVBPZ2h3bVRXZHlkVGJzR0RVM1dVeGZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9lYWI0ZDgtNmFmZC00ZjgxLWFiMTAt
NDY0ZWIxODNiNTY4LzEvZzlFNUJwS3lqM2w5SFVDNUQ5Y2Q2bWI1VFlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9lYWI0ZDgtNmFmZC00ZjgxLWFiMTAtNDY0ZWIxODNiNTY4
LzEvNkFIeVBPZ2h3bVRXZHlkVGJzR0RVM1dVeGZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwQr/MA8E
AgACMAkDBwAgAQawAAQwDQYJKoZIhvcNAQELBQADggEBAISJNfhMRBIvu/ThCzQo
j6+fJ+O343zTpG0XSZmJ9tcOXARpRqDuK/f6GAJ7GK2CpyUxfU25KB1BOJQXFas5
y2Rfrt6GXR2kQvSBrKIRQkpynH4EqsQ/DJvNhPWalTkPjaFR9gA+wsk+dVZrOVWy
xetp73rmHhG+iEmPcsJY7kCnboG5UHtXDBhyd4rYDjaTOaGS1rdkakl+fjmDSFBd
WcAaeZd7wH2BcBFbOiwv5FYmEAtN4hbm/zAxXCOiDF2SwvJM6C7jhInMfW6hEsdc
2GrMqyDW8F4Na1ekpLqh4I/Yd32sFRiwTrmdTJ93z155rGLXg2825Ug/1+nY4QKb
AhU=
-----END CERTIFICATE-----