Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/b55ef1-ca63-4ca1-a659-f9720285e797/1/U3hnwMAxgjk8_w0i_rQKSq5Wdk0.roa
File:                     U3hnwMAxgjk8_w0i_rQKSq5Wdk0.roa (raw, json)
Hash identifier:          IKd3o7sE5WDlwWxC6jMmmU8INI8T0WKVoAKxYWvZS8Y=
Subject key identifier:   53:78:67:C0:C0:31:82:39:3C:FF:0D:22:FE:B4:0A:4A:AE:56:76:4D
Certificate issuer:       /CN=6f074d2efb5f3e1d35c291f8a11c0bc0be7ec1b8
Certificate serial:       018CC72769AF56DBE614CFD4637C84572885
Authority key identifier: 6F:07:4D:2E:FB:5F:3E:1D:35:C2:91:F8:A1:1C:0B:C0:BE:7E:C1:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bwdNLvtfPh01wpH4oRwLwL5-wbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/b55ef1-ca63-4ca1-a659-f9720285e797/1/U3hnwMAxgjk8_w0i_rQKSq5Wdk0.roa
Signing time:             Mon 01 Jan 2024 22:31:38 +0000
ROA not before:           Mon 01 Jan 2024 22:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53667
IP address blocks:        193.108.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/b55ef1-ca63-4ca1-a659-f9720285e797/1/bwdNLvtfPh01wpH4oRwLwL5-wbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/b55ef1-ca63-4ca1-a659-f9720285e797/1/bwdNLvtfPh01wpH4oRwLwL5-wbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bwdNLvtfPh01wpH4oRwLwL5-wbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:69:af:56:db:e6:14:cf:d4:63:7c:84:57:28:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f074d2efb5f3e1d35c291f8a11c0bc0be7ec1b8
        Validity
            Not Before: Jan  1 22:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=537867c0c03182393cff0d22feb40a4aae56764d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:bf:a1:87:cb:50:2d:47:82:53:0e:66:38:e0:
                    97:6d:e8:69:95:b6:47:a8:2d:97:d1:74:37:54:8b:
                    c4:46:44:33:64:a6:1e:7f:bd:17:7b:7d:4f:4c:ac:
                    3a:a4:7e:16:69:cf:48:98:e2:99:f2:e9:9b:9b:2d:
                    83:c9:c9:6c:32:da:c8:96:03:75:cb:b8:61:a4:ce:
                    09:dd:f7:74:fe:0d:8b:57:e0:e3:74:57:1d:b1:98:
                    3a:8f:87:5b:0f:e7:3e:69:fa:00:c9:09:5b:69:70:
                    50:0f:83:20:7a:99:42:e8:f0:dc:d1:05:38:b8:9f:
                    c1:75:9e:0f:1c:24:a4:54:14:ac:db:ec:90:be:75:
                    89:d5:f0:5c:84:9b:b9:a7:c1:9a:cb:79:82:df:99:
                    d9:7c:9c:09:1c:04:fc:ba:a7:11:5c:1f:c7:91:17:
                    e9:3f:52:37:61:b8:3d:ab:47:4d:31:46:1e:e2:50:
                    d2:ef:79:d3:ca:5f:c2:8d:6e:c1:1f:c7:f5:c3:68:
                    d9:fb:82:38:43:c6:7c:6b:2f:13:5c:4e:0e:68:f8:
                    7b:fa:2b:24:c2:2b:cc:04:86:24:97:f3:86:56:32:
                    5f:7d:b6:f9:13:15:6f:59:ee:50:12:6a:95:25:f1:
                    6b:3b:86:78:15:74:48:9f:ed:ab:7a:39:20:33:86:
                    97:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:78:67:C0:C0:31:82:39:3C:FF:0D:22:FE:B4:0A:4A:AE:56:76:4D
            X509v3 Authority Key Identifier:
                keyid:6F:07:4D:2E:FB:5F:3E:1D:35:C2:91:F8:A1:1C:0B:C0:BE:7E:C1:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bwdNLvtfPh01wpH4oRwLwL5-wbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/b55ef1-ca63-4ca1-a659-f9720285e797/1/U3hnwMAxgjk8_w0i_rQKSq5Wdk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/b55ef1-ca63-4ca1-a659-f9720285e797/1/bwdNLvtfPh01wpH4oRwLwL5-wbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:54:69:9e:49:df:a4:04:9c:09:b6:83:66:f2:fb:81:df:90:
         f9:f8:27:17:4f:94:1e:a4:ec:40:51:02:fd:71:4e:fa:7a:9c:
         90:eb:5b:45:db:eb:13:64:39:b0:ba:49:73:f1:8d:14:46:69:
         d2:e7:36:22:c1:91:c7:7c:2e:7c:66:f5:ac:31:f7:95:19:9b:
         60:35:a0:df:46:5f:f1:e1:9e:97:1b:b1:23:5d:0a:6c:ad:83:
         0e:ae:7d:04:c3:be:a3:a7:b5:0e:5e:65:e4:e2:b9:61:f3:54:
         3c:61:b7:b9:fe:09:8d:ac:81:6d:bf:ed:8b:07:e4:e3:6a:ef:
         41:9a:c4:43:76:98:d4:e1:47:23:d4:07:68:f5:a1:75:d7:90:
         51:36:b5:23:1f:c9:4b:a4:b4:33:ec:3c:52:0f:d7:89:39:0d:
         bf:be:a1:24:d8:a7:ae:b3:e0:91:1c:7d:c7:2b:fe:02:18:6b:
         c7:26:64:4e:42:2b:e2:ad:e6:17:b3:f0:53:b4:bd:3b:eb:2c:
         a2:97:7a:19:07:75:1a:e9:d2:1b:f0:ac:2e:cb:e7:1b:be:1a:
         b9:3e:5d:3f:62:9b:49:a7:52:62:4f:9e:66:ec:2f:b5:76:6d:
         b3:2e:84:62:c7:2a:55:fc:18:65:41:f1:a1:91:12:50:51:99:
         bf:21:a8:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2mvVtvmFM/UY3yEVyiFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMDc0ZDJlZmI1ZjNlMWQzNWMyOTFmOGExMWMwYmMwYmU3
ZWMxYjgwHhcNMjQwMTAxMjIzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mzc4NjdjMGMwMzE4MjM5M2NmZjBkMjJmZWI0MGE0YWFlNTY3NjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtr+hh8tQLUeCUw5mOOCXbehplbZH
qC2X0XQ3VIvERkQzZKYef70Xe31PTKw6pH4Wac9ImOKZ8umbmy2DyclsMtrIlgN1
y7hhpM4J3fd0/g2LV+DjdFcdsZg6j4dbD+c+afoAyQlbaXBQD4MgeplC6PDc0QU4
uJ/BdZ4PHCSkVBSs2+yQvnWJ1fBchJu5p8Gay3mC35nZfJwJHAT8uqcRXB/HkRfp
P1I3Ybg9q0dNMUYe4lDS73nTyl/CjW7BH8f1w2jZ+4I4Q8Z8ay8TXE4OaPh7+isk
wivMBIYkl/OGVjJffbb5ExVvWe5QEmqVJfFrO4Z4FXRIn+2rejkgM4aXiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFN4Z8DAMYI5PP8NIv60CkquVnZNMB8GA1UdIwQY
MBaAFG8HTS77Xz4dNcKR+KEcC8C+fsG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYndkTkx2dGZQaDAxd3BING9Sd0x3TDUtd2JnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9iNTVlZjEtY2E2My00Y2ExLWE2NTkt
Zjk3MjAyODVlNzk3LzEvVTNobndNQXhnams4X3cwaV9yUUtTcTVXZGswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9iNTVlZjEtY2E2My00Y2ExLWE2NTktZjk3MjAyODVlNzk3
LzEvYndkTkx2dGZQaDAxd3BING9Sd0x3TDUtd2JnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWyCMA0G
CSqGSIb3DQEBCwUAA4IBAQB0VGmeSd+kBJwJtoNm8vuB35D5+CcXT5QepOxAUQL9
cU76epyQ61tF2+sTZDmwuklz8Y0URmnS5zYiwZHHfC58ZvWsMfeVGZtgNaDfRl/x
4Z6XG7EjXQpsrYMOrn0Ew76jp7UOXmXk4rlh81Q8Ybe5/gmNrIFtv+2LB+Tjau9B
msRDdpjU4Ucj1Ado9aF115BRNrUjH8lLpLQz7DxSD9eJOQ2/vqEk2Keus+CRHH3H
K/4CGGvHJmROQivireYXs/BTtL076yyil3oZB3Ua6dIb8Kwuy+cbvhq5Pl0/YptJ
p1JiT55m7C+1dm2zLoRixypV/BhlQfGhkRJQUZm/Iagd
-----END CERTIFICATE-----