Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/TkToD_H1ekCM_j4lHtsMx3f6OD4.roa
File:                     TkToD_H1ekCM_j4lHtsMx3f6OD4.roa (raw, json)
Hash identifier:          eDy7irDxRyzxUDEY9PbBrujENzF7ppTGScjUhZVdnUE=
Subject key identifier:   4E:44:E8:0F:F1:F5:7A:40:8C:FE:3E:25:1E:DB:0C:C7:77:FA:38:3E
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       0191EA4447ACC703825C9DB994A3D234B3E5
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/TkToD_H1ekCM_j4lHtsMx3f6OD4.roa
Signing time:             Fri 13 Sep 2024 07:23:48 +0000
ROA not before:           Fri 13 Sep 2024 07:23:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        193.142.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ea:44:47:ac:c7:03:82:5c:9d:b9:94:a3:d2:34:b3:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Sep 13 07:23:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e44e80ff1f57a408cfe3e251edb0cc777fa383e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:77:5c:42:b9:6b:a0:20:3c:07:45:21:26:41:
                    35:93:42:11:6b:ef:11:86:ab:ff:79:49:59:a7:63:
                    88:c0:44:21:c5:8c:a9:75:50:a2:1f:80:b1:f1:2f:
                    d6:6e:7d:60:60:33:f7:0f:6b:91:3e:ac:35:3d:bb:
                    37:aa:c4:35:28:fa:a5:f1:f8:be:c5:45:d4:2e:e9:
                    c0:b2:d8:5f:60:13:04:e6:0f:0b:40:94:a8:6e:e8:
                    99:e8:22:2f:30:ab:59:09:f9:9c:ad:ca:a6:d0:87:
                    46:7f:12:38:d4:b6:59:86:ca:9a:59:72:62:a6:af:
                    23:03:01:57:b6:6d:8d:ab:d5:c5:d8:b5:4d:a3:ad:
                    97:95:07:cd:eb:47:60:20:56:78:ef:d0:60:79:bc:
                    f3:be:e6:a3:53:d2:07:56:f2:bf:2c:b9:76:25:0f:
                    69:1f:0a:14:19:b5:55:25:8d:4d:40:93:c9:ff:f7:
                    d5:89:a5:8a:89:75:cd:a9:d6:ad:8a:ad:93:a8:7e:
                    25:77:0d:f2:12:b2:40:19:6d:93:53:8a:19:9a:cf:
                    ad:6d:27:9c:82:d3:f3:68:6b:61:80:1f:58:9b:ef:
                    c9:63:18:31:4a:8c:48:94:f1:54:11:be:5b:34:51:
                    db:63:ab:57:35:31:5a:f6:b5:7c:11:0d:86:be:37:
                    28:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:44:E8:0F:F1:F5:7A:40:8C:FE:3E:25:1E:DB:0C:C7:77:FA:38:3E
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/TkToD_H1ekCM_j4lHtsMx3f6OD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:f1:58:05:23:f1:48:31:c2:36:a2:fe:72:59:00:d3:84:07:
         06:aa:32:d5:59:0c:00:74:33:0a:ba:39:ea:90:ce:01:2b:da:
         18:81:34:70:2e:bf:3b:de:8c:f7:b6:bb:cd:6b:16:22:d2:42:
         1f:83:37:55:da:c0:72:d0:78:10:e5:6e:6c:6c:50:6a:e7:2f:
         47:d7:bf:00:b9:c2:c4:7c:ed:f6:77:39:8a:c8:16:ed:b8:21:
         65:ed:7e:30:8c:89:90:cf:9c:aa:ca:88:23:68:a7:da:22:a8:
         1e:3b:6c:fa:e4:03:bc:6a:5a:0c:bc:97:54:cb:01:48:0b:ab:
         28:26:87:b7:fd:44:0a:81:db:31:a1:9d:8b:1c:5f:b7:4f:00:
         fd:45:46:13:39:12:79:69:97:a6:2f:2c:b0:89:f0:ac:de:34:
         d2:75:12:db:74:f1:26:fe:bc:ee:45:f9:df:1c:f1:68:90:f0:
         fb:47:0f:aa:e0:86:41:54:6e:ca:a1:dd:eb:13:e7:0e:b6:1d:
         c0:22:87:ef:c5:88:ad:56:82:99:7f:a3:fd:0a:15:30:5c:a7:
         55:f2:5e:43:6b:19:af:6a:af:8a:34:1d:81:f5:5d:b8:78:15:
         93:54:54:57:3a:32:df:ea:de:6a:4d:c2:7b:83:d2:28:a7:97:
         e2:92:1e:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHqREesxwOCXJ25lKPSNLPlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjQwOTEzMDcyMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTQ0ZTgwZmYxZjU3YTQwOGNmZTNlMjUxZWRiMGNjNzc3ZmEzODNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAondcQrlroCA8B0UhJkE1k0IRa+8R
hqv/eUlZp2OIwEQhxYypdVCiH4Cx8S/Wbn1gYDP3D2uRPqw1Pbs3qsQ1KPql8fi+
xUXULunAsthfYBME5g8LQJSobuiZ6CIvMKtZCfmcrcqm0IdGfxI41LZZhsqaWXJi
pq8jAwFXtm2Nq9XF2LVNo62XlQfN60dgIFZ479BgebzzvuajU9IHVvK/LLl2JQ9p
HwoUGbVVJY1NQJPJ//fViaWKiXXNqdatiq2TqH4ldw3yErJAGW2TU4oZms+tbSec
gtPzaGthgB9Ym+/JYxgxSoxIlPFUEb5bNFHbY6tXNTFa9rV8EQ2GvjcoOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5E6A/x9XpAjP4+JR7bDMd3+jg+MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvVGtUb0RfSDFla0NNX2o0bEh0c014M2Y2T0Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwY46MA0G
CSqGSIb3DQEBCwUAA4IBAQBg8VgFI/FIMcI2ov5yWQDThAcGqjLVWQwAdDMKujnq
kM4BK9oYgTRwLr873oz3trvNaxYi0kIfgzdV2sBy0HgQ5W5sbFBq5y9H178AucLE
fO32dzmKyBbtuCFl7X4wjImQz5yqyogjaKfaIqgeO2z65AO8aloMvJdUywFIC6so
Joe3/UQKgdsxoZ2LHF+3TwD9RUYTORJ5aZemLyywifCs3jTSdRLbdPEm/rzuRfnf
HPFokPD7Rw+q4IZBVG7Kod3rE+cOth3AIofvxYitVoKZf6P9ChUwXKdV8l5Daxmv
aq+KNB2B9V24eBWTVFRXOjLf6t5qTcJ7g9Iop5fikh6L
-----END CERTIFICATE-----