Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/c8797b-02e0-4718-bdfd-0929cbcdb7aa/1/be_n3GTHZjSZvVwZW4BhMjqNF0Q.roa
File:                     be_n3GTHZjSZvVwZW4BhMjqNF0Q.roa (raw, json)
Hash identifier:          VR75NAm5BUY40j6AMsKwYokd+B+70p8RMcVBtb/Hlrg=
Subject key identifier:   6D:EF:E7:DC:64:C7:66:34:99:BD:5C:19:5B:80:61:32:3A:8D:17:44
Certificate issuer:       /CN=f9cd2980c1c78bcf6bb9b80a0792058b0bcaed4b
Certificate serial:       018CC870A2153856EB12C562C894FC5C4963
Authority key identifier: F9:CD:29:80:C1:C7:8B:CF:6B:B9:B8:0A:07:92:05:8B:0B:CA:ED:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-c0pgMHHi89rubgKB5IFiwvK7Us.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/c8797b-02e0-4718-bdfd-0929cbcdb7aa/1/be_n3GTHZjSZvVwZW4BhMjqNF0Q.roa
Signing time:             Tue 02 Jan 2024 04:31:13 +0000
ROA not before:           Tue 02 Jan 2024 04:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208040
IP address blocks:        193.161.24.0/23 maxlen: 23
                          193.161.28.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/c8797b-02e0-4718-bdfd-0929cbcdb7aa/1/1-c0pgMHHi89rubgKB5IFiwvK7Us.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/c8797b-02e0-4718-bdfd-0929cbcdb7aa/1/1-c0pgMHHi89rubgKB5IFiwvK7Us.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-c0pgMHHi89rubgKB5IFiwvK7Us.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:a2:15:38:56:eb:12:c5:62:c8:94:fc:5c:49:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f9cd2980c1c78bcf6bb9b80a0792058b0bcaed4b
        Validity
            Not Before: Jan  2 04:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6defe7dc64c7663499bd5c195b8061323a8d1744
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:07:a8:08:37:ee:25:f5:73:b0:7d:a3:a0:31:
                    3e:2c:a1:d1:1f:81:82:60:f0:53:76:55:6b:35:be:
                    bb:73:3f:7e:57:f5:e1:3a:66:83:3c:55:bf:c4:1b:
                    33:9e:17:96:8c:7e:f6:02:8f:68:0a:95:34:ad:f8:
                    f0:a9:e5:c3:33:43:e0:db:5d:0d:32:44:b5:18:e1:
                    56:75:1e:bc:27:8c:72:54:38:d4:b5:33:8d:5b:17:
                    c1:c3:f8:b9:17:4e:ad:4e:3e:57:e2:91:e6:ab:20:
                    a5:04:d1:7d:0d:73:e3:fa:cb:1e:77:1f:1c:7c:aa:
                    07:49:8e:10:bb:16:2d:de:50:92:8c:62:0a:ea:72:
                    3a:34:5d:33:d9:eb:f0:52:65:c4:06:62:2d:7f:44:
                    93:f3:d0:bb:15:ab:0a:5a:69:4c:61:bf:f5:c6:ac:
                    87:cf:b5:93:c1:a5:ef:35:61:17:68:79:41:14:4d:
                    69:f2:66:94:09:9b:b5:75:9f:09:75:3e:75:7f:b7:
                    7d:55:7d:02:0a:e0:fc:46:e1:8f:75:9e:15:65:9e:
                    ed:77:c3:90:08:45:b2:04:a7:bd:b4:2f:75:7c:b9:
                    2e:fb:00:b3:8f:d7:0c:d6:f6:3e:f2:62:7c:22:ee:
                    f2:22:4b:20:de:ed:15:49:fb:c6:80:b0:44:2b:d3:
                    db:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:EF:E7:DC:64:C7:66:34:99:BD:5C:19:5B:80:61:32:3A:8D:17:44
            X509v3 Authority Key Identifier:
                keyid:F9:CD:29:80:C1:C7:8B:CF:6B:B9:B8:0A:07:92:05:8B:0B:CA:ED:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-c0pgMHHi89rubgKB5IFiwvK7Us.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c8797b-02e0-4718-bdfd-0929cbcdb7aa/1/be_n3GTHZjSZvVwZW4BhMjqNF0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c8797b-02e0-4718-bdfd-0929cbcdb7aa/1/1-c0pgMHHi89rubgKB5IFiwvK7Us.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.161.24.0/23
                  193.161.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b3:9d:97:e8:67:16:13:ba:43:27:a3:5a:2c:e9:20:8f:c8:50:
         f9:d6:af:00:85:22:b8:a9:7d:4f:47:12:c3:0e:2a:69:8b:36:
         c5:f4:bc:12:dd:e3:4f:46:ec:97:64:b5:f3:0d:7f:41:08:3c:
         c1:9d:c7:62:e7:05:58:2f:dc:fa:36:11:a9:26:7d:5a:3e:bb:
         5d:bb:c7:f1:a1:57:78:9d:b4:92:a7:aa:33:34:ae:a4:16:90:
         dc:e3:67:b2:f4:a5:3a:b4:e2:55:10:26:49:8a:a0:ce:94:c2:
         61:c0:d1:04:5e:f8:18:ae:96:05:82:a6:53:17:39:16:b7:b9:
         9e:62:59:b3:4e:21:3f:ce:de:f2:d7:41:26:af:94:17:15:62:
         b1:ce:29:5b:83:cb:4f:e0:20:24:2d:b3:38:62:25:a5:c3:5a:
         ae:fd:9c:a9:18:f2:58:6f:b2:81:6d:31:12:2d:10:5e:1d:5f:
         48:e7:26:77:c3:11:60:6b:4a:53:bf:bb:c5:b2:2a:d6:6c:15:
         77:a2:29:08:b2:08:e2:b8:75:a3:d1:da:b3:88:51:97:43:22:
         69:44:8b:79:f9:ac:8f:a9:dc:b3:e6:f4:a3:84:52:73:06:68:
         9c:78:c8:99:6f:9b:ee:29:94:9a:33:5f:21:6f:57:41:a6:1d:
         3b:3c:77:80
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIcKIVOFbrEsViyJT8XEljMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5Y2QyOTgwYzFjNzhiY2Y2YmI5YjgwYTA3OTIwNThiMGJj
YWVkNGIwHhcNMjQwMTAyMDQzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGVmZTdkYzY0Yzc2NjM0OTliZDVjMTk1YjgwNjEzMjNhOGQxNzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAeoCDfuJfVzsH2joDE+LKHRH4GC
YPBTdlVrNb67cz9+V/XhOmaDPFW/xBsznheWjH72Ao9oCpU0rfjwqeXDM0Pg210N
MkS1GOFWdR68J4xyVDjUtTONWxfBw/i5F06tTj5X4pHmqyClBNF9DXPj+ssedx8c
fKoHSY4QuxYt3lCSjGIK6nI6NF0z2evwUmXEBmItf0ST89C7FasKWmlMYb/1xqyH
z7WTwaXvNWEXaHlBFE1p8maUCZu1dZ8JdT51f7d9VX0CCuD8RuGPdZ4VZZ7td8OQ
CEWyBKe9tC91fLku+wCzj9cM1vY+8mJ8Iu7yIksg3u0VSfvGgLBEK9PbKwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFG3v59xkx2Y0mb1cGVuAYTI6jRdEMB8GA1UdIwQY
MBaAFPnNKYDBx4vPa7m4CgeSBYsLyu1LMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1jMHBnTUhIaTg5cnViZ0tCNUlGaXd2SzdVcy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzIvYzg3OTdiLTAyZTAtNDcxOC1iZGZk
LTA5MjljYmNkYjdhYS8xL2JlX24zR1RIWmpTWnZWd1pXNEJoTWpxTkYwUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzIvYzg3OTdiLTAyZTAtNDcxOC1iZGZkLTA5MjljYmNkYjdh
YS8xLzEtYzBwZ01ISGk4OXJ1YmdLQjVJRml3dks3VXMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAHBoRgD
BAHBoRwwDQYJKoZIhvcNAQELBQADggEBALOdl+hnFhO6QyejWizpII/IUPnWrwCF
IripfU9HEsMOKmmLNsX0vBLd409G7JdktfMNf0EIPMGdx2LnBVgv3Po2EakmfVo+
u127x/GhV3idtJKnqjM0rqQWkNzjZ7L0pTq04lUQJkmKoM6UwmHA0QRe+BiulgWC
plMXORa3uZ5iWbNOIT/O3vLXQSavlBcVYrHOKVuDy0/gICQtszhiJaXDWq79nKkY
8lhvsoFtMRItEF4dX0jnJnfDEWBrSlO/u8WyKtZsFXeiKQiyCOK4daPR2rOIUZdD
ImlEi3n5rI+p3LPm9KOEUnMGaJx4yJlvm+4plJozXyFvV0GmHTs8d4A=
-----END CERTIFICATE-----