Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/Dzjm-dRUCEwIJF7oGvd6oWViXeY.roa
File:                     Dzjm-dRUCEwIJF7oGvd6oWViXeY.roa (raw, json)
Hash identifier:          Gs3jTXU8pRchN+b1A0n39SNDur/2UAOqvJ43Yt+2l9Q=
Subject key identifier:   0F:38:E6:F9:D4:54:08:4C:08:24:5E:E8:1A:F7:7A:A1:65:62:5D:E6
Certificate issuer:       /CN=06c92df2c9faa2915fc5feb5a4270183419faef2
Certificate serial:       018CCA2BA875E7C3ED98B55A774771348852
Authority key identifier: 06:C9:2D:F2:C9:FA:A2:91:5F:C5:FE:B5:A4:27:01:83:41:9F:AE:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bskt8sn6opFfxf61pCcBg0GfrvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/Dzjm-dRUCEwIJF7oGvd6oWViXeY.roa
Signing time:             Tue 02 Jan 2024 12:35:07 +0000
ROA not before:           Tue 02 Jan 2024 12:35:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61423
IP address blocks:        193.200.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/Bskt8sn6opFfxf61pCcBg0GfrvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/Bskt8sn6opFfxf61pCcBg0GfrvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Bskt8sn6opFfxf61pCcBg0GfrvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:03:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:a8:75:e7:c3:ed:98:b5:5a:77:47:71:34:88:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06c92df2c9faa2915fc5feb5a4270183419faef2
        Validity
            Not Before: Jan  2 12:35:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f38e6f9d454084c08245ee81af77aa165625de6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:21:e4:58:8b:a0:8a:70:64:51:e6:a3:0a:59:
                    86:96:e9:bb:aa:67:7b:43:4e:e1:60:8d:e1:d7:d3:
                    b9:b0:1b:89:95:92:41:6f:3c:99:6a:f1:d6:61:f2:
                    81:54:4b:6d:ad:fb:92:d8:88:df:d7:d0:81:54:f6:
                    20:58:e9:0f:ed:22:57:b1:e0:e1:c7:34:86:2b:2f:
                    a3:ee:bd:dd:78:66:8c:87:d7:40:09:a9:54:fa:ea:
                    86:dd:15:44:dd:3d:0b:35:c0:5e:a1:04:81:29:43:
                    4c:58:01:1f:d6:51:30:e4:e4:6b:60:6e:64:af:4f:
                    a3:21:74:6e:02:85:b2:41:58:d6:af:2f:15:7e:42:
                    63:d6:06:ff:05:f5:6a:ba:80:52:e7:a5:49:71:0f:
                    20:62:f8:7c:3c:d9:b6:20:40:6f:6c:0f:fd:ca:07:
                    6a:06:ba:f5:51:7e:5a:3a:41:47:2f:9c:5c:25:fb:
                    12:98:10:8f:65:af:75:26:3f:ba:35:b8:40:24:83:
                    f4:62:5f:66:05:f9:4f:ac:92:5b:02:97:5d:cc:5a:
                    6b:eb:0f:7f:d0:15:09:c4:b2:02:dc:39:31:e3:39:
                    8f:7b:d6:bb:16:fc:5b:f7:ff:28:c5:64:1d:0f:49:
                    1f:40:ca:58:37:17:f2:f5:33:1d:19:8e:db:4e:2d:
                    be:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:38:E6:F9:D4:54:08:4C:08:24:5E:E8:1A:F7:7A:A1:65:62:5D:E6
            X509v3 Authority Key Identifier:
                keyid:06:C9:2D:F2:C9:FA:A2:91:5F:C5:FE:B5:A4:27:01:83:41:9F:AE:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bskt8sn6opFfxf61pCcBg0GfrvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/Dzjm-dRUCEwIJF7oGvd6oWViXeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/Bskt8sn6opFfxf61pCcBg0GfrvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:65:42:79:e2:87:eb:75:7e:13:c4:bc:ab:b2:06:29:5b:ac:
         ae:54:e3:ea:a6:94:44:73:62:56:82:ab:58:f8:90:a0:f0:fe:
         32:82:eb:2e:4c:db:37:d7:9b:da:2c:fe:1d:9e:cd:8b:e8:68:
         7f:37:7b:20:aa:8c:14:61:83:6e:6e:db:48:cc:27:a7:43:2c:
         c7:58:34:1d:45:7e:64:66:09:4b:56:28:e0:81:68:c9:77:eb:
         db:37:c0:0e:c6:78:07:5c:b8:b0:69:e1:65:ce:41:a6:7a:2b:
         02:c3:a0:0c:d2:ce:7e:5f:db:f5:fc:f6:a8:70:77:19:91:6f:
         7a:6e:fd:d4:e5:43:b0:7c:c5:08:87:43:85:6f:41:d3:32:7f:
         53:99:d1:ca:6e:93:ca:38:59:05:68:d3:c2:eb:7b:e2:77:7c:
         05:67:ba:b9:7f:b0:bb:db:1d:33:9b:b1:43:af:80:00:7e:4e:
         fc:9f:d6:12:d6:f3:d8:c2:a0:d3:a8:a8:9a:c6:8c:13:aa:91:
         3f:03:6f:4d:90:b4:21:53:06:34:ff:a3:ed:ef:35:27:8e:7d:
         97:bf:cc:15:f0:c9:a2:97:b5:56:a2:18:21:a5:a9:a1:a7:ed:
         24:b9:2b:ee:74:0f:78:ff:a8:27:2c:b7:e5:74:a1:af:da:4d:
         9f:18:69:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK6h158PtmLVad0dxNIhSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YzkyZGYyYzlmYWEyOTE1ZmM1ZmViNWE0MjcwMTgzNDE5
ZmFlZjIwHhcNMjQwMTAyMTIzNTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjM4ZTZmOWQ0NTQwODRjMDgyNDVlZTgxYWY3N2FhMTY1NjI1ZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0iHkWIuginBkUeajClmGlum7qmd7
Q07hYI3h19O5sBuJlZJBbzyZavHWYfKBVEttrfuS2Ijf19CBVPYgWOkP7SJXseDh
xzSGKy+j7r3deGaMh9dACalU+uqG3RVE3T0LNcBeoQSBKUNMWAEf1lEw5ORrYG5k
r0+jIXRuAoWyQVjWry8VfkJj1gb/BfVquoBS56VJcQ8gYvh8PNm2IEBvbA/9ygdq
Brr1UX5aOkFHL5xcJfsSmBCPZa91Jj+6NbhAJIP0Yl9mBflPrJJbApddzFpr6w9/
0BUJxLIC3Dkx4zmPe9a7Fvxb9/8oxWQdD0kfQMpYNxfy9TMdGY7bTi2+bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA845vnUVAhMCCRe6Br3eqFlYl3mMB8GA1UdIwQY
MBaAFAbJLfLJ+qKRX8X+taQnAYNBn67yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnNrdDhzbjZvcEZmeGY2MXBDY0JnMEdmcnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9hYWU5YTEtZDA1ZC00N2NhLTkxZGUt
ZDZkNTVjMTY5ZTE2LzEvRHpqbS1kUlVDRXdJSkY3b0d2ZDZvV1ZpWGVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9hYWU5YTEtZDA1ZC00N2NhLTkxZGUtZDZkNTVjMTY5ZTE2
LzEvQnNrdDhzbjZvcEZmeGY2MXBDY0JnMEdmcnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcjEMA0G
CSqGSIb3DQEBCwUAA4IBAQBZZUJ54ofrdX4TxLyrsgYpW6yuVOPqppREc2JWgqtY
+JCg8P4ygusuTNs315vaLP4dns2L6Gh/N3sgqowUYYNubttIzCenQyzHWDQdRX5k
ZglLVijggWjJd+vbN8AOxngHXLiwaeFlzkGmeisCw6AM0s5+X9v1/PaocHcZkW96
bv3U5UOwfMUIh0OFb0HTMn9TmdHKbpPKOFkFaNPC63vid3wFZ7q5f7C72x0zm7FD
r4AAfk78n9YS1vPYwqDTqKiaxowTqpE/A29NkLQhUwY0/6Pt7zUnjn2Xv8wV8Mmi
l7VWohghpamhp+0kuSvudA94/6gnLLfldKGv2k2fGGkh
-----END CERTIFICATE-----