Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/34c618-4d43-4736-859f-9d2a42affb1b/1/492_reVUIKNH3Ssldb9aW34TqY8.roa
File:                     492_reVUIKNH3Ssldb9aW34TqY8.roa (raw, json)
Hash identifier:          1x9h1Kdl4CHtLCRU+KuU4Xur9dpeglK1vY0BXE9P+88=
Subject key identifier:   E3:DD:BF:AD:E5:54:20:A3:47:DD:2B:25:75:BF:5A:5B:7E:13:A9:8F
Certificate issuer:       /CN=330e3fdb11d826bc01663290bd7ca406b8d76507
Certificate serial:       018CC86F8F3EC2B2DD161E06EF1A5165E259
Authority key identifier: 33:0E:3F:DB:11:D8:26:BC:01:66:32:90:BD:7C:A4:06:B8:D7:65:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mw4_2xHYJrwBZjKQvXykBrjXZQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/34c618-4d43-4736-859f-9d2a42affb1b/1/492_reVUIKNH3Ssldb9aW34TqY8.roa
Signing time:             Tue 02 Jan 2024 04:30:03 +0000
ROA not before:           Tue 02 Jan 2024 04:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39203
IP address blocks:        194.105.140.0/24 maxlen: 24
                          194.105.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/34c618-4d43-4736-859f-9d2a42affb1b/1/Mw4_2xHYJrwBZjKQvXykBrjXZQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/34c618-4d43-4736-859f-9d2a42affb1b/1/Mw4_2xHYJrwBZjKQvXykBrjXZQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mw4_2xHYJrwBZjKQvXykBrjXZQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:8f:3e:c2:b2:dd:16:1e:06:ef:1a:51:65:e2:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=330e3fdb11d826bc01663290bd7ca406b8d76507
        Validity
            Not Before: Jan  2 04:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3ddbfade55420a347dd2b2575bf5a5b7e13a98f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:7d:67:fc:8c:9d:88:88:40:91:c2:73:54:6e:
                    53:b1:20:c7:4c:6e:d6:62:c3:44:8c:f3:01:a1:90:
                    4c:fa:1f:c6:9b:de:ed:36:7f:8b:3e:b9:c4:02:6e:
                    34:6f:e9:20:c7:55:0b:90:24:1d:94:95:28:2f:5c:
                    62:f2:7f:a9:59:a5:14:94:73:32:5f:c6:a6:03:05:
                    5f:30:6b:32:d7:c0:c7:d4:a9:dc:88:83:27:03:b3:
                    18:72:a1:1e:2c:96:a4:1b:78:bf:25:f9:0c:ec:a9:
                    cd:ea:c4:4b:b7:7f:22:ae:fa:63:5c:34:cb:fb:68:
                    2b:dc:d2:11:56:5f:e8:f7:2d:db:31:a8:3c:01:ce:
                    0c:83:e1:d6:0c:6c:25:07:60:ad:25:8b:d6:5b:db:
                    ba:cd:0b:16:c5:ee:cb:b0:06:5e:ec:1b:d3:be:4c:
                    16:e8:08:aa:c5:3c:a4:e2:56:f9:25:5d:e1:4d:3c:
                    b5:a0:7e:75:31:32:b7:8a:95:a0:eb:01:d4:d7:8e:
                    d9:fb:cc:48:8a:5d:f4:57:59:85:f0:7a:86:03:45:
                    de:e7:97:82:a0:49:7c:49:ed:a6:44:e7:08:67:4d:
                    c9:e6:fc:f9:51:b7:67:42:a6:99:48:11:80:74:78:
                    08:d8:e3:f0:5e:17:a0:0c:7c:42:9f:e3:ea:55:eb:
                    04:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:DD:BF:AD:E5:54:20:A3:47:DD:2B:25:75:BF:5A:5B:7E:13:A9:8F
            X509v3 Authority Key Identifier:
                keyid:33:0E:3F:DB:11:D8:26:BC:01:66:32:90:BD:7C:A4:06:B8:D7:65:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mw4_2xHYJrwBZjKQvXykBrjXZQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/34c618-4d43-4736-859f-9d2a42affb1b/1/492_reVUIKNH3Ssldb9aW34TqY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/34c618-4d43-4736-859f-9d2a42affb1b/1/Mw4_2xHYJrwBZjKQvXykBrjXZQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.105.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:fc:3c:32:a7:a9:45:55:82:2d:df:71:01:c9:15:42:82:27:
         19:0d:38:e4:96:d9:35:21:b9:4d:d5:c1:c7:8f:49:0d:96:ee:
         96:b4:52:64:e6:2d:2f:37:96:66:10:2f:e4:98:6e:eb:60:2b:
         46:50:33:2e:3e:7d:02:07:a6:b5:d2:c7:c5:b9:76:5c:06:80:
         aa:62:66:ea:b1:2a:0a:d4:48:96:99:bc:59:37:3e:e6:f5:89:
         b3:04:ba:74:0c:2e:ce:03:47:97:ee:af:6a:60:5f:0e:9f:5e:
         e5:41:7f:0a:19:14:b6:d1:29:1c:2b:f6:1b:e0:bb:ac:34:73:
         54:5b:14:66:b1:2a:56:49:5c:79:da:2c:b0:52:49:23:75:85:
         02:10:e0:9f:46:33:7a:fb:1e:31:84:67:3c:d7:e1:d1:bc:44:
         41:31:7d:fe:8a:45:e4:5c:e3:97:b7:07:e7:44:b1:ed:0d:49:
         54:a1:c9:b9:58:e5:f2:f2:1c:76:d3:2d:df:2e:79:50:33:37:
         8b:ac:7d:7e:8d:e6:ce:01:94:54:e5:5c:9d:77:96:ef:24:2a:
         97:a6:20:38:94:b8:7b:09:f5:75:39:06:18:7b:53:b9:49:5a:
         9b:10:32:23:9c:eb:a9:00:63:50:1c:b9:ef:fe:b4:1a:62:d5:
         86:30:85:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb48+wrLdFh4G7xpRZeJZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMGUzZmRiMTFkODI2YmMwMTY2MzI5MGJkN2NhNDA2Yjhk
NzY1MDcwHhcNMjQwMTAyMDQzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2RkYmZhZGU1NTQyMGEzNDdkZDJiMjU3NWJmNWE1YjdlMTNhOThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApH1n/IydiIhAkcJzVG5TsSDHTG7W
YsNEjPMBoZBM+h/Gm97tNn+LPrnEAm40b+kgx1ULkCQdlJUoL1xi8n+pWaUUlHMy
X8amAwVfMGsy18DH1KnciIMnA7MYcqEeLJakG3i/JfkM7KnN6sRLt38irvpjXDTL
+2gr3NIRVl/o9y3bMag8Ac4Mg+HWDGwlB2CtJYvWW9u6zQsWxe7LsAZe7BvTvkwW
6AiqxTyk4lb5JV3hTTy1oH51MTK3ipWg6wHU147Z+8xIil30V1mF8HqGA0Xe55eC
oEl8Se2mROcIZ03J5vz5UbdnQqaZSBGAdHgI2OPwXhegDHxCn+PqVesETQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOPdv63lVCCjR90rJXW/Wlt+E6mPMB8GA1UdIwQY
MBaAFDMOP9sR2Ca8AWYykL18pAa412UHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXc0XzJ4SFlKcndCWmpLUXZYeWtCcmpYWlFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8zNGM2MTgtNGQ0My00NzM2LTg1OWYt
OWQyYTQyYWZmYjFiLzEvNDkyX3JlVlVJS05IM1NzbGRiOWFXMzRUcVk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8zNGM2MTgtNGQ0My00NzM2LTg1OWYtOWQyYTQyYWZmYjFi
LzEvTXc0XzJ4SFlKcndCWmpLUXZYeWtCcmpYWlFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwmmMMA0G
CSqGSIb3DQEBCwUAA4IBAQB8/Dwyp6lFVYIt33EByRVCgicZDTjkltk1IblN1cHH
j0kNlu6WtFJk5i0vN5ZmEC/kmG7rYCtGUDMuPn0CB6a10sfFuXZcBoCqYmbqsSoK
1EiWmbxZNz7m9YmzBLp0DC7OA0eX7q9qYF8On17lQX8KGRS20SkcK/Yb4LusNHNU
WxRmsSpWSVx52iywUkkjdYUCEOCfRjN6+x4xhGc81+HRvERBMX3+ikXkXOOXtwfn
RLHtDUlUocm5WOXy8hx20y3fLnlQMzeLrH1+jebOAZRU5Vydd5bvJCqXpiA4lLh7
CfV1OQYYe1O5SVqbEDIjnOupAGNQHLnv/rQaYtWGMIWd
-----END CERTIFICATE-----