Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/9260d5-f97d-4168-b22a-fbb9f91c8cce/1/nXo0jQC_N_DawW_obVGdmjMKql0.roa
File:                     nXo0jQC_N_DawW_obVGdmjMKql0.roa (raw, json)
Hash identifier:          rT/ivrPts8m/Eqz+yl5RIBZ8n9uYQG+8gCFXajN6J6c=
Subject key identifier:   9D:7A:34:8D:00:BF:37:F0:DA:C1:6F:E8:6D:51:9D:9A:33:0A:AA:5D
Certificate issuer:       /CN=cf70f3d1118361b59f3315f591643e1dabbb2008
Certificate serial:       018CC34894FC6C84507A5C2F31D5E5D573CF
Authority key identifier: CF:70:F3:D1:11:83:61:B5:9F:33:15:F5:91:64:3E:1D:AB:BB:20:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z3Dz0RGDYbWfMxX1kWQ-Hau7IAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/9260d5-f97d-4168-b22a-fbb9f91c8cce/1/nXo0jQC_N_DawW_obVGdmjMKql0.roa
Signing time:             Mon 01 Jan 2024 04:29:22 +0000
ROA not before:           Mon 01 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211322
IP address blocks:        193.228.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/9260d5-f97d-4168-b22a-fbb9f91c8cce/1/z3Dz0RGDYbWfMxX1kWQ-Hau7IAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/9260d5-f97d-4168-b22a-fbb9f91c8cce/1/z3Dz0RGDYbWfMxX1kWQ-Hau7IAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z3Dz0RGDYbWfMxX1kWQ-Hau7IAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:94:fc:6c:84:50:7a:5c:2f:31:d5:e5:d5:73:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf70f3d1118361b59f3315f591643e1dabbb2008
        Validity
            Not Before: Jan  1 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d7a348d00bf37f0dac16fe86d519d9a330aaa5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0b:84:3b:37:fc:d5:08:c6:b5:b9:49:50:ef:
                    95:81:b9:49:62:4a:09:ac:93:b0:61:1f:8d:ec:6e:
                    f3:69:1c:3e:30:ea:83:8b:e5:2e:a7:65:7c:ae:e2:
                    21:50:55:40:42:34:a1:95:ac:09:c9:fe:e9:39:55:
                    05:fd:2f:01:61:7c:a3:cd:03:74:05:c5:6b:da:a6:
                    10:01:e7:6a:73:4a:0b:50:db:30:22:a4:32:11:75:
                    ce:6a:65:09:f8:29:b0:69:99:f0:bf:42:68:55:81:
                    a4:15:12:55:95:2c:eb:83:5d:9a:06:85:66:a8:73:
                    00:8f:64:55:44:04:f0:5e:26:54:45:16:e1:42:b9:
                    76:9d:cd:3c:ae:5b:a9:e3:97:66:1b:44:cc:63:d4:
                    d5:6f:69:26:b0:a0:cf:94:28:ac:4b:5f:5f:aa:9f:
                    3c:59:bd:d1:99:dd:a4:40:34:bf:c4:eb:84:0e:fb:
                    3f:bf:b5:e6:40:af:18:eb:8d:4c:d9:9c:72:19:79:
                    c8:ce:24:28:9c:b6:eb:c1:ad:ab:33:c0:a2:c3:6a:
                    e0:84:50:42:7d:94:f3:b0:9e:36:af:d3:09:4d:f4:
                    83:97:a7:79:33:7d:4f:b3:9d:a9:84:2b:e6:56:87:
                    41:05:57:e1:54:bf:b3:8b:9a:af:c1:3c:80:19:7e:
                    66:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:7A:34:8D:00:BF:37:F0:DA:C1:6F:E8:6D:51:9D:9A:33:0A:AA:5D
            X509v3 Authority Key Identifier:
                keyid:CF:70:F3:D1:11:83:61:B5:9F:33:15:F5:91:64:3E:1D:AB:BB:20:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z3Dz0RGDYbWfMxX1kWQ-Hau7IAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/9260d5-f97d-4168-b22a-fbb9f91c8cce/1/nXo0jQC_N_DawW_obVGdmjMKql0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/9260d5-f97d-4168-b22a-fbb9f91c8cce/1/z3Dz0RGDYbWfMxX1kWQ-Hau7IAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.228.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:4e:df:1d:65:67:91:0f:38:61:60:2d:28:8f:4e:68:a8:82:
         59:55:62:24:34:ec:05:5c:f8:ec:0e:45:83:62:d1:56:42:99:
         85:1f:79:f1:74:f6:19:74:21:3b:ff:b0:f7:fc:67:13:c1:e2:
         8c:ce:08:dc:90:87:50:bd:93:08:03:af:5c:eb:a4:c8:95:f2:
         13:98:4d:2b:92:3c:3e:ed:13:f8:60:e5:ce:fc:f2:16:0c:49:
         62:a8:ad:cd:05:62:25:b6:2f:35:3c:28:ff:1c:bc:90:f9:9a:
         3d:c4:cb:52:89:a9:81:f1:ee:d2:23:90:91:1c:8f:96:ca:68:
         40:39:b7:54:7e:74:c1:53:d1:2c:01:64:1d:a3:62:84:ed:57:
         15:7f:49:b3:d1:5e:8f:36:ac:b7:76:7e:0e:00:c3:cf:32:e3:
         a0:3e:c0:be:94:d3:9b:bd:41:74:73:b2:69:ec:74:e7:65:88:
         f3:da:d9:63:ea:0b:24:4e:5c:47:85:60:4f:37:44:9e:90:f8:
         f6:7a:9e:4e:28:c4:1f:a1:fa:23:d9:24:3e:30:65:97:d1:87:
         6e:5b:b6:30:cb:2e:e4:cb:df:c1:e0:d4:e2:7b:91:ff:2c:ed:
         11:85:fd:f2:1b:89:7b:ac:64:33:e3:03:6f:e2:9a:90:0f:79:
         39:00:d6:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJT8bIRQelwvMdXl1XPPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNzBmM2QxMTE4MzYxYjU5ZjMzMTVmNTkxNjQzZTFkYWJi
YjIwMDgwHhcNMjQwMTAxMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDdhMzQ4ZDAwYmYzN2YwZGFjMTZmZTg2ZDUxOWQ5YTMzMGFhYTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQuEOzf81QjGtblJUO+VgblJYkoJ
rJOwYR+N7G7zaRw+MOqDi+Uup2V8ruIhUFVAQjShlawJyf7pOVUF/S8BYXyjzQN0
BcVr2qYQAedqc0oLUNswIqQyEXXOamUJ+CmwaZnwv0JoVYGkFRJVlSzrg12aBoVm
qHMAj2RVRATwXiZURRbhQrl2nc08rlup45dmG0TMY9TVb2kmsKDPlCisS19fqp88
Wb3Rmd2kQDS/xOuEDvs/v7XmQK8Y641M2ZxyGXnIziQonLbrwa2rM8Ciw2rghFBC
fZTzsJ42r9MJTfSDl6d5M31Ps52phCvmVodBBVfhVL+zi5qvwTyAGX5mtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ16NI0Avzfw2sFv6G1RnZozCqpdMB8GA1UdIwQY
MBaAFM9w89ERg2G1nzMV9ZFkPh2ruyAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejNEejBSR0RZYldmTXhYMWtXUS1IYXU3SUFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS85MjYwZDUtZjk3ZC00MTY4LWIyMmEt
ZmJiOWY5MWM4Y2NlLzEvblhvMGpRQ19OX0Rhd1dfb2JWR2Rtak1LcWwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS85MjYwZDUtZjk3ZC00MTY4LWIyMmEtZmJiOWY5MWM4Y2Nl
LzEvejNEejBSR0RZYldmTXhYMWtXUS1IYXU3SUFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweR+MA0G
CSqGSIb3DQEBCwUAA4IBAQCxTt8dZWeRDzhhYC0oj05oqIJZVWIkNOwFXPjsDkWD
YtFWQpmFH3nxdPYZdCE7/7D3/GcTweKMzgjckIdQvZMIA69c66TIlfITmE0rkjw+
7RP4YOXO/PIWDEliqK3NBWIlti81PCj/HLyQ+Zo9xMtSiamB8e7SI5CRHI+WymhA
ObdUfnTBU9EsAWQdo2KE7VcVf0mz0V6PNqy3dn4OAMPPMuOgPsC+lNObvUF0c7Jp
7HTnZYjz2tlj6gskTlxHhWBPN0SekPj2ep5OKMQfofoj2SQ+MGWX0YduW7Ywyy7k
y9/B4NTie5H/LO0Rhf3yG4l7rGQz4wNv4pqQD3k5ANb7
-----END CERTIFICATE-----