Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/MdaygczUUW5OCis_Ts2QU56a61A.roa
File:                     MdaygczUUW5OCis_Ts2QU56a61A.roa (raw, json)
Hash identifier:          b/8pLUrQKgdVKMkXSNmrO83y/ZMfhdahbdOz/QRGVe0=
Subject key identifier:   31:D6:B2:81:CC:D4:51:6E:4E:0A:2B:3F:4E:CD:90:53:9E:9A:EB:50
Certificate issuer:       /CN=10543a5197eb2544447e9d36b3ebf14452c777eb
Certificate serial:       018CC501319A28BBAB9618A6CBB52EAA80AE
Authority key identifier: 10:54:3A:51:97:EB:25:44:44:7E:9D:36:B3:EB:F1:44:52:C7:77:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/MdaygczUUW5OCis_Ts2QU56a61A.roa
Signing time:             Mon 01 Jan 2024 12:30:38 +0000
ROA not before:           Mon 01 Jan 2024 12:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24622
IP address blocks:        193.120.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/EFQ6UZfrJUREfp02s-vxRFLHd-s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/EFQ6UZfrJUREfp02s-vxRFLHd-s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:31:9a:28:bb:ab:96:18:a6:cb:b5:2e:aa:80:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10543a5197eb2544447e9d36b3ebf14452c777eb
        Validity
            Not Before: Jan  1 12:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31d6b281ccd4516e4e0a2b3f4ecd90539e9aeb50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:29:ce:d4:71:9a:ed:2a:53:26:66:0c:3c:3c:
                    a6:44:38:8f:52:12:34:72:24:fc:5b:85:c1:36:59:
                    38:2c:5f:6a:ab:3a:a9:25:41:c6:d1:54:c7:0c:78:
                    24:d9:56:25:3c:da:35:22:38:81:92:ca:09:4b:e1:
                    ec:14:e4:e8:43:03:26:09:ac:aa:f7:7e:69:92:54:
                    59:21:64:d5:09:75:d4:1f:50:4b:a8:29:bc:60:b4:
                    10:a7:5f:0a:43:08:0b:1d:ff:8f:3b:cf:c2:7a:bb:
                    e7:1f:b1:20:a9:75:16:4f:ee:9e:e5:b0:78:f3:ff:
                    29:5c:ec:45:6f:33:d9:79:b6:9d:64:67:9f:b5:5f:
                    b8:7e:12:9a:9d:f9:e4:b2:89:bc:10:a3:65:a5:cd:
                    4d:b6:0f:04:37:12:8f:6d:5b:fd:d9:49:e3:ab:b0:
                    3a:a1:c8:5c:c7:0e:37:1d:60:ad:0b:83:ab:47:62:
                    04:c7:b6:50:d0:38:c3:10:70:c8:ac:8a:05:94:da:
                    68:ec:c1:30:5d:a3:1a:33:4d:45:58:47:dc:99:3d:
                    90:1b:60:9d:ce:62:43:c4:d0:dc:be:79:c8:7f:d1:
                    92:d2:ed:b7:18:d3:0b:2d:8a:01:5a:b9:66:e2:82:
                    e4:5f:49:fe:32:80:1e:62:21:e7:77:e1:18:73:22:
                    82:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:D6:B2:81:CC:D4:51:6E:4E:0A:2B:3F:4E:CD:90:53:9E:9A:EB:50
            X509v3 Authority Key Identifier:
                keyid:10:54:3A:51:97:EB:25:44:44:7E:9D:36:B3:EB:F1:44:52:C7:77:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/MdaygczUUW5OCis_Ts2QU56a61A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/EFQ6UZfrJUREfp02s-vxRFLHd-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.120.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:dd:e8:3d:1b:71:2a:08:97:96:a9:9c:b4:3f:f5:d8:05:60:
         8c:31:98:1a:48:f0:74:0b:e5:d5:a4:fb:93:bc:2f:d9:9d:7c:
         b9:4f:64:ca:76:90:14:af:f9:dd:0c:16:8d:a3:19:19:7b:c0:
         02:c7:f1:68:8d:b3:53:2a:6d:35:aa:33:92:2c:7f:59:ad:cc:
         31:fb:6b:f5:03:9a:50:80:4c:c1:ea:dd:9f:4a:59:3a:0f:03:
         9b:c8:41:28:e4:07:d2:64:95:62:c4:b3:93:33:23:1e:f9:aa:
         35:93:f7:e8:ad:d8:2d:bc:df:14:fd:3a:48:ee:bd:15:1e:d4:
         e0:6b:c5:64:aa:c4:c7:11:21:00:5a:e3:ca:6e:05:c7:a0:d2:
         93:0f:f1:da:f2:36:27:90:c6:13:0d:cd:d8:ea:91:d3:b2:6e:
         41:00:53:4a:2c:b8:86:39:3a:dc:3f:61:f6:2d:56:5c:76:2c:
         6e:60:7f:d1:75:48:db:c2:18:46:39:45:cd:dc:66:6a:02:80:
         50:21:ac:da:c4:81:04:18:a8:1b:44:3c:d2:4f:14:92:6c:4f:
         7a:53:27:da:85:be:e8:53:9e:95:73:72:e0:15:28:eb:d6:95:
         05:be:70:05:ac:e0:e5:f3:49:39:3a:15:a1:c6:44:49:c6:4b:
         ff:1d:d9:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATGaKLurlhimy7UuqoCuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTQzYTUxOTdlYjI1NDQ0NDdlOWQzNmIzZWJmMTQ0NTJj
Nzc3ZWIwHhcNMjQwMTAxMTIzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWQ2YjI4MWNjZDQ1MTZlNGUwYTJiM2Y0ZWNkOTA1MzllOWFlYjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5inO1HGa7SpTJmYMPDymRDiPUhI0
ciT8W4XBNlk4LF9qqzqpJUHG0VTHDHgk2VYlPNo1IjiBksoJS+HsFOToQwMmCayq
935pklRZIWTVCXXUH1BLqCm8YLQQp18KQwgLHf+PO8/CervnH7EgqXUWT+6e5bB4
8/8pXOxFbzPZebadZGeftV+4fhKanfnksom8EKNlpc1Ntg8ENxKPbVv92Unjq7A6
ochcxw43HWCtC4OrR2IEx7ZQ0DjDEHDIrIoFlNpo7MEwXaMaM01FWEfcmT2QG2Cd
zmJDxNDcvnnIf9GS0u23GNMLLYoBWrlm4oLkX0n+MoAeYiHnd+EYcyKCBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHWsoHM1FFuTgorP07NkFOemutQMB8GA1UdIwQY
MBaAFBBUOlGX6yVERH6dNrPr8URSx3frMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZRNlVaZnJKVVJFZnAwMnMtdnhSRkxIZC1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8xYmU3YmMtYjY0Mi00YTBkLThlNmIt
ZjdlMGM1ZTI3MDJlLzEvTWRheWdjelVVVzVPQ2lzX1RzMlFVNTZhNjFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8xYmU3YmMtYjY0Mi00YTBkLThlNmItZjdlMGM1ZTI3MDJl
LzEvRUZRNlVaZnJKVVJFZnAwMnMtdnhSRkxIZC1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXihMA0G
CSqGSIb3DQEBCwUAA4IBAQCb3eg9G3EqCJeWqZy0P/XYBWCMMZgaSPB0C+XVpPuT
vC/ZnXy5T2TKdpAUr/ndDBaNoxkZe8ACx/FojbNTKm01qjOSLH9Zrcwx+2v1A5pQ
gEzB6t2fSlk6DwObyEEo5AfSZJVixLOTMyMe+ao1k/fordgtvN8U/TpI7r0VHtTg
a8VkqsTHESEAWuPKbgXHoNKTD/Ha8jYnkMYTDc3Y6pHTsm5BAFNKLLiGOTrcP2H2
LVZcdixuYH/RdUjbwhhGOUXN3GZqAoBQIazaxIEEGKgbRDzSTxSSbE96Uyfahb7o
U56Vc3LgFSjr1pUFvnAFrODl80k5OhWhxkRJxkv/HdmC
-----END CERTIFICATE-----