Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/ea0863-2db8-46ff-9950-d12830b3b1e0/1/cCSsU6t34k3FQ8s9IxqOolYTwu4.roa
File:                     cCSsU6t34k3FQ8s9IxqOolYTwu4.roa (raw, json)
Hash identifier:          BFixZVKa+wjMwPOQEZeW9PgpNDerAGWRo3tz+sDc5G0=
Subject key identifier:   70:24:AC:53:AB:77:E2:4D:C5:43:CB:3D:23:1A:8E:A2:56:13:C2:EE
Certificate issuer:       /CN=5c0273657ec5a1384d536f1bd99d916507fe7b29
Certificate serial:       018F1140297BD934BB0BB764C7430DBD7EB1
Authority key identifier: 5C:02:73:65:7E:C5:A1:38:4D:53:6F:1B:D9:9D:91:65:07:FE:7B:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XAJzZX7FoThNU28b2Z2RZQf-eyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/ea0863-2db8-46ff-9950-d12830b3b1e0/1/cCSsU6t34k3FQ8s9IxqOolYTwu4.roa
Signing time:             Wed 24 Apr 2024 17:56:08 +0000
ROA not before:           Wed 24 Apr 2024 17:56:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213094
IP address blocks:        193.3.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/ea0863-2db8-46ff-9950-d12830b3b1e0/1/XAJzZX7FoThNU28b2Z2RZQf-eyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/ea0863-2db8-46ff-9950-d12830b3b1e0/1/XAJzZX7FoThNU28b2Z2RZQf-eyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XAJzZX7FoThNU28b2Z2RZQf-eyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:11:40:29:7b:d9:34:bb:0b:b7:64:c7:43:0d:bd:7e:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c0273657ec5a1384d536f1bd99d916507fe7b29
        Validity
            Not Before: Apr 24 17:56:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7024ac53ab77e24dc543cb3d231a8ea25613c2ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:cc:f6:52:7a:30:8d:fb:8b:3c:c1:ae:f9:c7:
                    21:90:01:a0:2a:06:e0:7a:a2:44:d5:ab:d7:42:83:
                    81:9c:10:6c:51:30:c3:b6:25:7a:cd:05:8d:ce:70:
                    34:fa:dc:bf:09:0f:24:11:86:1d:b5:3e:c2:3f:5d:
                    92:b1:2c:e8:6d:be:6d:f6:56:5b:6b:92:43:bf:d6:
                    67:ad:21:ab:17:2b:b3:d0:5b:5a:05:c2:1b:72:46:
                    0f:3c:71:02:8c:23:db:70:4c:85:30:25:0a:33:a3:
                    12:2c:0b:9f:22:fc:1a:3e:f5:ee:c1:6c:62:46:63:
                    72:bf:a3:ba:9b:13:89:ec:eb:60:6e:80:c0:1f:b6:
                    9d:75:df:e0:05:2e:28:dc:66:91:b3:c9:80:35:7a:
                    fe:5a:18:f2:e8:af:34:9f:6d:75:3a:53:4f:cf:9b:
                    0b:9e:94:a0:b6:b6:e9:4e:82:96:df:fb:51:fc:13:
                    28:12:c4:ad:66:88:0a:ff:43:78:53:cd:cf:79:21:
                    6e:f4:76:f5:8b:ab:64:58:bf:c8:b1:c6:de:cb:b5:
                    ec:64:9d:c3:79:d4:98:f1:ec:ec:88:00:4d:fc:cf:
                    b1:7e:dc:cd:14:bf:78:6b:87:5b:b4:c4:ad:85:e6:
                    b6:c3:51:88:bc:b1:54:a7:29:c4:56:6a:8b:5e:af:
                    48:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:24:AC:53:AB:77:E2:4D:C5:43:CB:3D:23:1A:8E:A2:56:13:C2:EE
            X509v3 Authority Key Identifier:
                keyid:5C:02:73:65:7E:C5:A1:38:4D:53:6F:1B:D9:9D:91:65:07:FE:7B:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XAJzZX7FoThNU28b2Z2RZQf-eyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/ea0863-2db8-46ff-9950-d12830b3b1e0/1/cCSsU6t34k3FQ8s9IxqOolYTwu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/ea0863-2db8-46ff-9950-d12830b3b1e0/1/XAJzZX7FoThNU28b2Z2RZQf-eyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:02:f3:5f:be:e9:a2:36:12:c2:77:71:7c:ea:c3:e7:d0:97:
         c1:9f:d0:0a:09:b0:6e:e0:fb:12:e4:e2:a2:a7:25:cb:43:b0:
         a0:49:a7:ee:7a:0f:3e:c0:25:11:44:53:2f:08:85:f0:b3:aa:
         0b:6e:a2:f5:b1:f3:45:68:81:8d:03:2c:31:3d:80:9f:13:e5:
         f4:0c:ba:7a:77:17:bd:3d:b1:73:7a:c3:e2:03:43:67:85:1b:
         6f:49:ce:b3:c3:de:29:e1:bf:e5:b3:81:23:2b:7f:7a:05:ac:
         34:70:06:c5:79:59:64:8d:16:78:12:a7:48:a4:d7:15:b6:cc:
         fc:ea:40:13:ff:bd:ff:c2:f5:b2:a3:43:41:a3:73:53:0d:91:
         8c:60:d0:8c:41:2d:2a:4a:80:a8:1c:b8:42:10:91:e3:96:37:
         1a:31:94:f9:0d:7a:dc:ba:ca:7e:f0:24:11:e3:db:ad:ec:fd:
         de:c0:2f:b3:df:a0:88:2f:fc:04:20:86:ea:1b:8f:f7:e8:84:
         33:1c:3a:3b:e6:39:41:7d:bb:c8:43:fe:fb:e7:ba:ea:2c:bc:
         a8:13:00:70:48:5e:49:2a:85:73:7e:c5:72:f3:a5:14:b6:18:
         e5:5f:02:38:9d:c3:13:f5:04:84:4a:5a:00:a1:5c:05:24:ac:
         72:c4:6a:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8RQCl72TS7C7dkx0MNvX6xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjMDI3MzY1N2VjNWExMzg0ZDUzNmYxYmQ5OWQ5MTY1MDdm
ZTdiMjkwHhcNMjQwNDI0MTc1NjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDI0YWM1M2FiNzdlMjRkYzU0M2NiM2QyMzFhOGVhMjU2MTNjMmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMz2UnowjfuLPMGu+cchkAGgKgbg
eqJE1avXQoOBnBBsUTDDtiV6zQWNznA0+ty/CQ8kEYYdtT7CP12SsSzobb5t9lZb
a5JDv9ZnrSGrFyuz0FtaBcIbckYPPHECjCPbcEyFMCUKM6MSLAufIvwaPvXuwWxi
RmNyv6O6mxOJ7OtgboDAH7addd/gBS4o3GaRs8mANXr+Whjy6K80n211OlNPz5sL
npSgtrbpToKW3/tR/BMoEsStZogK/0N4U83PeSFu9Hb1i6tkWL/Iscbey7XsZJ3D
edSY8ezsiABN/M+xftzNFL94a4dbtMSthea2w1GIvLFUpynEVmqLXq9IlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHAkrFOrd+JNxUPLPSMajqJWE8LuMB8GA1UdIwQY
MBaAFFwCc2V+xaE4TVNvG9mdkWUH/nspMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEFKelpYN0ZvVGhOVTI4YjJaMlJaUWYtZXlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lYTA4NjMtMmRiOC00NmZmLTk5NTAt
ZDEyODMwYjNiMWUwLzEvY0NTc1U2dDM0azNGUThzOUl4cU9vbFlUd3U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lYTA4NjMtMmRiOC00NmZmLTk5NTAtZDEyODMwYjNiMWUw
LzEvWEFKelpYN0ZvVGhOVTI4YjJaMlJaUWYtZXlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQMiMA0G
CSqGSIb3DQEBCwUAA4IBAQAxAvNfvumiNhLCd3F86sPn0JfBn9AKCbBu4PsS5OKi
pyXLQ7CgSafueg8+wCURRFMvCIXws6oLbqL1sfNFaIGNAywxPYCfE+X0DLp6dxe9
PbFzesPiA0NnhRtvSc6zw94p4b/ls4EjK396Baw0cAbFeVlkjRZ4EqdIpNcVtsz8
6kAT/73/wvWyo0NBo3NTDZGMYNCMQS0qSoCoHLhCEJHjljcaMZT5DXrcusp+8CQR
49ut7P3ewC+z36CIL/wEIIbqG4/36IQzHDo75jlBfbvIQ/7757rqLLyoEwBwSF5J
KoVzfsVy86UUthjlXwI4ncMT9QSESloAoVwFJKxyxGpS
-----END CERTIFICATE-----