Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/d8b6ea-730c-4639-94fa-457272837aa6/1/itkcOlcvGYUHyJQgbunUx_8ZTbI.roa
File:                     itkcOlcvGYUHyJQgbunUx_8ZTbI.roa (raw, json)
Hash identifier:          GRiNSfOMqKyBr0Ye7jNXMlf5W5KImSLe4yvFJj9O8Zk=
Subject key identifier:   8A:D9:1C:3A:57:2F:19:85:07:C8:94:20:6E:E9:D4:C7:FF:19:4D:B2
Certificate issuer:       /CN=1a92e37dc8cf45634b2cdbcf3f10054a1c611697
Certificate serial:       018CC3B671C91DEF5D47FF7900F2E79CE2D6
Authority key identifier: 1A:92:E3:7D:C8:CF:45:63:4B:2C:DB:CF:3F:10:05:4A:1C:61:16:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GpLjfcjPRWNLLNvPPxAFShxhFpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/d8b6ea-730c-4639-94fa-457272837aa6/1/itkcOlcvGYUHyJQgbunUx_8ZTbI.roa
Signing time:             Mon 01 Jan 2024 06:29:22 +0000
ROA not before:           Mon 01 Jan 2024 06:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196948
IP address blocks:        193.105.155.0/24 maxlen: 24
                          2001:67c:2980::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/d8b6ea-730c-4639-94fa-457272837aa6/1/GpLjfcjPRWNLLNvPPxAFShxhFpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/d8b6ea-730c-4639-94fa-457272837aa6/1/GpLjfcjPRWNLLNvPPxAFShxhFpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GpLjfcjPRWNLLNvPPxAFShxhFpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:71:c9:1d:ef:5d:47:ff:79:00:f2:e7:9c:e2:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a92e37dc8cf45634b2cdbcf3f10054a1c611697
        Validity
            Not Before: Jan  1 06:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ad91c3a572f198507c894206ee9d4c7ff194db2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:06:0f:5f:78:1b:e4:86:75:e8:67:2e:f5:fc:
                    9d:75:53:e8:e2:2b:18:2e:0a:9f:4d:d1:f5:c5:16:
                    69:f9:18:56:78:d1:57:99:b6:b4:17:e2:a0:aa:e7:
                    24:e6:1d:b5:d7:13:e4:b2:da:6f:44:b3:c9:a6:d9:
                    59:46:ac:8e:79:48:15:39:c1:23:30:b1:df:6c:c8:
                    ea:75:79:25:58:97:da:e9:5b:0c:f9:f1:63:a1:6c:
                    87:07:84:b4:8c:7e:dc:08:04:1a:58:a6:3b:1d:6e:
                    f3:40:e8:59:b8:9f:93:79:07:e5:96:ca:8a:12:f5:
                    ab:8d:b7:39:10:69:ca:bc:6c:2c:fe:22:ad:c3:02:
                    50:6d:a4:fe:05:e9:a8:5b:fd:09:c4:80:43:22:1a:
                    ec:28:93:8f:68:d2:60:e4:a0:d1:40:aa:34:d6:42:
                    05:1a:c5:a1:8a:fe:c8:f6:7d:01:e5:63:60:ca:a4:
                    a5:8c:f4:20:d7:ac:2a:16:25:9a:20:8d:23:de:ac:
                    84:82:93:07:e7:ea:cf:91:38:9f:71:7f:33:38:5a:
                    37:41:e6:2a:7a:b0:96:7d:ee:fa:bc:e0:2e:2b:37:
                    07:4e:c9:0c:45:45:3e:02:0a:97:53:86:84:13:54:
                    3e:22:6f:e2:1c:db:0e:41:de:e3:7c:b4:ce:9a:43:
                    94:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:D9:1C:3A:57:2F:19:85:07:C8:94:20:6E:E9:D4:C7:FF:19:4D:B2
            X509v3 Authority Key Identifier:
                keyid:1A:92:E3:7D:C8:CF:45:63:4B:2C:DB:CF:3F:10:05:4A:1C:61:16:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GpLjfcjPRWNLLNvPPxAFShxhFpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/d8b6ea-730c-4639-94fa-457272837aa6/1/itkcOlcvGYUHyJQgbunUx_8ZTbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/d8b6ea-730c-4639-94fa-457272837aa6/1/GpLjfcjPRWNLLNvPPxAFShxhFpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.155.0/24
                IPv6:
                  2001:67c:2980::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:b5:52:1a:2f:69:35:c7:2c:ec:bc:5f:0e:74:73:3d:13:a7:
         33:a1:99:d7:21:fb:86:cc:87:e3:ec:f1:e1:68:ec:48:9e:14:
         a7:73:75:6e:12:c5:d7:55:bf:25:35:89:5a:85:38:ce:3a:91:
         92:91:fe:44:ff:d5:5f:e2:4f:94:7e:02:6b:34:38:2f:87:37:
         e8:2b:89:fe:5d:dc:9e:0e:25:eb:82:91:8f:e3:00:f0:73:cf:
         70:1a:8e:90:41:73:f7:4a:99:9c:c8:cc:3b:71:1c:41:af:07:
         b3:79:c1:6d:8c:14:67:84:82:01:83:b2:c2:fc:55:bc:6e:43:
         e0:d1:5d:12:1d:ee:93:16:fa:d2:a1:7d:d9:03:3e:a5:2c:ed:
         ef:fc:f7:56:47:d7:1e:90:6d:08:f4:a9:ac:54:17:0d:38:63:
         b9:04:0b:78:e9:84:7d:81:2a:e6:48:c8:5f:38:fe:0f:56:51:
         e1:64:59:78:0c:a3:a1:c7:33:28:12:b9:43:00:2b:5f:81:b3:
         55:03:b1:13:9a:b6:36:5b:93:a8:97:a5:0c:9e:d5:7d:c5:1b:
         4e:e6:11:8a:d2:12:c9:40:64:88:ac:0b:91:65:01:74:56:fe:
         f4:9c:4c:60:9a:82:f8:89:d1:e5:fc:f4:e1:3c:57:0c:3c:36:
         23:d1:28:bf
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDtnHJHe9dR/95APLnnOLWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhOTJlMzdkYzhjZjQ1NjM0YjJjZGJjZjNmMTAwNTRhMWM2
MTE2OTcwHhcNMjQwMTAxMDYyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWQ5MWMzYTU3MmYxOTg1MDdjODk0MjA2ZWU5ZDRjN2ZmMTk0ZGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQYPX3gb5IZ16Gcu9fyddVPo4isY
LgqfTdH1xRZp+RhWeNFXmba0F+Kgquck5h211xPkstpvRLPJptlZRqyOeUgVOcEj
MLHfbMjqdXklWJfa6VsM+fFjoWyHB4S0jH7cCAQaWKY7HW7zQOhZuJ+TeQfllsqK
EvWrjbc5EGnKvGws/iKtwwJQbaT+BemoW/0JxIBDIhrsKJOPaNJg5KDRQKo01kIF
GsWhiv7I9n0B5WNgyqSljPQg16wqFiWaII0j3qyEgpMH5+rPkTifcX8zOFo3QeYq
erCWfe76vOAuKzcHTskMRUU+AgqXU4aEE1Q+Im/iHNsOQd7jfLTOmkOUkQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIrZHDpXLxmFB8iUIG7p1Mf/GU2yMB8GA1UdIwQY
MBaAFBqS433Iz0VjSyzbzz8QBUocYRaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3BMamZjalBSV05MTE52UFB4QUZTaHhoRnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9kOGI2ZWEtNzMwYy00NjM5LTk0ZmEt
NDU3MjcyODM3YWE2LzEvaXRrY09sY3ZHWVVIeUpRZ2J1blV4XzhaVGJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9kOGI2ZWEtNzMwYy00NjM5LTk0ZmEtNDU3MjcyODM3YWE2
LzEvR3BMamZjalBSV05MTE52UFB4QUZTaHhoRnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwWmbMA8E
AgACMAkDBwAgAQZ8KYAwDQYJKoZIhvcNAQELBQADggEBAFa1UhovaTXHLOy8Xw50
cz0TpzOhmdch+4bMh+Ps8eFo7EieFKdzdW4SxddVvyU1iVqFOM46kZKR/kT/1V/i
T5R+Ams0OC+HN+grif5d3J4OJeuCkY/jAPBzz3AajpBBc/dKmZzIzDtxHEGvB7N5
wW2MFGeEggGDssL8VbxuQ+DRXRId7pMW+tKhfdkDPqUs7e/891ZH1x6QbQj0qaxU
Fw04Y7kEC3jphH2BKuZIyF84/g9WUeFkWXgMo6HHMygSuUMAK1+Bs1UDsROatjZb
k6iXpQye1X3FG07mEYrSEslAZIisC5FlAXRW/vScTGCagviJ0eX89OE8Vww8NiPR
KL8=
-----END CERTIFICATE-----