Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/1d8e80-33a8-4d55-a3d6-5ecdef2fb68d/1/sTDu01HtCgAvWDLSmYax48X1Dfw.roa
File:                     sTDu01HtCgAvWDLSmYax48X1Dfw.roa (raw, json)
Hash identifier:          8JqPCesz6Vd0Wnf++tOGEUD194xuDJsVW/Z+izeeHQU=
Subject key identifier:   B1:30:EE:D3:51:ED:0A:00:2F:58:32:D2:99:86:B1:E3:C5:F5:0D:FC
Certificate issuer:       /CN=8fbc1063a6efb45e27b111e9207827c9f732502b
Certificate serial:       018CC86F3949EA889E697FB3E944DC6F2432
Authority key identifier: 8F:BC:10:63:A6:EF:B4:5E:27:B1:11:E9:20:78:27:C9:F7:32:50:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j7wQY6bvtF4nsRHpIHgnyfcyUCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/1d8e80-33a8-4d55-a3d6-5ecdef2fb68d/1/sTDu01HtCgAvWDLSmYax48X1Dfw.roa
Signing time:             Tue 02 Jan 2024 04:29:41 +0000
ROA not before:           Tue 02 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206461
IP address blocks:        93.94.199.0/24 maxlen: 24
                          93.94.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/1d8e80-33a8-4d55-a3d6-5ecdef2fb68d/1/j7wQY6bvtF4nsRHpIHgnyfcyUCs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/1d8e80-33a8-4d55-a3d6-5ecdef2fb68d/1/j7wQY6bvtF4nsRHpIHgnyfcyUCs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j7wQY6bvtF4nsRHpIHgnyfcyUCs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Dec 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:39:49:ea:88:9e:69:7f:b3:e9:44:dc:6f:24:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fbc1063a6efb45e27b111e9207827c9f732502b
        Validity
            Not Before: Jan  2 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b130eed351ed0a002f5832d29986b1e3c5f50dfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:6f:c8:a8:a7:1c:ca:3b:e9:a0:54:b3:69:9e:
                    42:2b:26:bf:99:53:e8:5c:fb:9b:96:fc:49:92:9d:
                    4d:ac:9a:6e:27:48:93:08:ea:9e:33:4e:81:f2:d2:
                    f4:97:1f:f5:02:3b:32:df:94:19:a8:7f:92:09:58:
                    78:2f:84:a2:a2:9c:08:87:2d:fb:32:ef:60:5b:1e:
                    65:97:a0:6f:2b:54:7a:4b:ce:64:62:2d:d2:02:fb:
                    ee:95:46:9a:53:96:2d:cd:3e:76:49:d3:85:4e:18:
                    9e:23:c6:2f:a7:b1:f2:74:32:5f:66:1f:f6:50:b5:
                    ea:5d:77:05:87:e8:a3:da:53:82:75:1c:a8:70:ad:
                    12:46:99:86:81:7b:0e:7b:61:95:be:02:35:d9:68:
                    87:a3:57:10:58:2b:4e:5d:e8:d1:02:f1:04:86:a4:
                    cc:ae:e0:47:ff:6e:49:4d:4d:5e:30:bb:2a:cf:bc:
                    50:a0:e2:09:99:aa:eb:27:3e:97:41:6b:a6:9b:e0:
                    09:46:7b:e6:17:f1:57:44:5b:25:e8:23:37:c9:9c:
                    d5:c7:59:85:ad:f6:d8:8d:eb:f4:9c:46:ce:fb:34:
                    02:2a:77:f4:39:c7:04:57:54:d7:be:a1:20:69:e6:
                    84:d3:a6:10:f9:0f:d4:0b:29:5a:59:0e:9f:3d:10:
                    a4:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:30:EE:D3:51:ED:0A:00:2F:58:32:D2:99:86:B1:E3:C5:F5:0D:FC
            X509v3 Authority Key Identifier:
                keyid:8F:BC:10:63:A6:EF:B4:5E:27:B1:11:E9:20:78:27:C9:F7:32:50:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j7wQY6bvtF4nsRHpIHgnyfcyUCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/1d8e80-33a8-4d55-a3d6-5ecdef2fb68d/1/sTDu01HtCgAvWDLSmYax48X1Dfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/1d8e80-33a8-4d55-a3d6-5ecdef2fb68d/1/j7wQY6bvtF4nsRHpIHgnyfcyUCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.94.194.0/24
                  93.94.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:6e:e0:7e:1f:23:ea:84:5a:d1:52:66:5a:e6:e7:9f:cf:4d:
         19:37:ae:dd:d7:4b:a6:b7:b5:66:a9:98:a3:4c:15:93:f9:af:
         23:3f:28:b9:5a:50:8c:7d:4d:f8:ff:9e:9e:35:96:60:34:9e:
         98:e3:13:58:eb:29:69:7f:18:3e:30:4b:45:c8:30:cd:84:87:
         6d:d2:a5:da:b6:1c:66:af:1c:12:52:62:71:05:12:0a:e5:cf:
         33:8c:cd:9c:5a:1d:b5:ef:e8:76:96:e7:a6:e5:67:87:df:76:
         d5:a0:67:8c:59:68:c0:77:c4:09:3a:36:e0:97:f6:1b:11:8c:
         d1:69:7a:29:47:6b:d2:23:ba:5a:ca:d4:83:f1:58:33:31:be:
         33:3c:1a:19:f4:f8:e3:75:08:c4:ce:6f:f7:8e:7c:0b:e4:49:
         24:f0:97:01:e7:b1:e7:a6:95:36:58:de:8d:65:67:5d:bb:07:
         44:fb:23:df:ec:b8:53:47:bb:c6:57:23:55:7f:c1:6a:a3:cc:
         9f:e8:d7:59:c2:4f:90:b8:ca:8a:fa:d9:fc:c2:ac:43:8f:a0:
         58:fd:14:13:ae:6e:97:61:76:b8:bf:2e:cf:c8:db:fb:1e:dd:
         2c:8c:e5:2b:e4:15:81:30:df:53:19:f0:40:52:49:25:36:f7:
         da:3f:62:ac
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIbzlJ6oieaX+z6UTcbyQyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYmMxMDYzYTZlZmI0NWUyN2IxMTFlOTIwNzgyN2M5Zjcz
MjUwMmIwHhcNMjQwMTAyMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTMwZWVkMzUxZWQwYTAwMmY1ODMyZDI5OTg2YjFlM2M1ZjUwZGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2/IqKccyjvpoFSzaZ5CKya/mVPo
XPublvxJkp1NrJpuJ0iTCOqeM06B8tL0lx/1Ajsy35QZqH+SCVh4L4SiopwIhy37
Mu9gWx5ll6BvK1R6S85kYi3SAvvulUaaU5YtzT52SdOFThieI8Yvp7HydDJfZh/2
ULXqXXcFh+ij2lOCdRyocK0SRpmGgXsOe2GVvgI12WiHo1cQWCtOXejRAvEEhqTM
ruBH/25JTU1eMLsqz7xQoOIJmarrJz6XQWumm+AJRnvmF/FXRFsl6CM3yZzVx1mF
rfbYjev0nEbO+zQCKnf0OccEV1TXvqEgaeaE06YQ+Q/UCylaWQ6fPRCkAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLEw7tNR7QoAL1gy0pmGsePF9Q38MB8GA1UdIwQY
MBaAFI+8EGOm77ReJ7ER6SB4J8n3MlArMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajd3UVk2YnZ0RjRuc1JIcElIZ255ZmN5VUNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8xZDhlODAtMzNhOC00ZDU1LWEzZDYt
NWVjZGVmMmZiNjhkLzEvc1REdTAxSHRDZ0F2V0RMU21ZYXg0OFgxRGZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8xZDhlODAtMzNhOC00ZDU1LWEzZDYtNWVjZGVmMmZiNjhk
LzEvajd3UVk2YnZ0RjRuc1JIcElIZ255ZmN5VUNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXV7CAwQA
XV7HMA0GCSqGSIb3DQEBCwUAA4IBAQCrbuB+HyPqhFrRUmZa5uefz00ZN67d10um
t7VmqZijTBWT+a8jPyi5WlCMfU34/56eNZZgNJ6Y4xNY6ylpfxg+MEtFyDDNhIdt
0qXathxmrxwSUmJxBRIK5c8zjM2cWh217+h2luem5WeH33bVoGeMWWjAd8QJOjbg
l/YbEYzRaXopR2vSI7paytSD8VgzMb4zPBoZ9PjjdQjEzm/3jnwL5Ekk8JcB57Hn
ppU2WN6NZWdduwdE+yPf7LhTR7vGVyNVf8Fqo8yf6NdZwk+QuMqK+tn8wqxDj6BY
/RQTrm6XYXa4vy7PyNv7Ht0sjOUr5BWBMN9TGfBAUkklNvfaP2Ks
-----END CERTIFICATE-----