Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/cf7c19-1c7d-4ebe-b4dd-cbccf90455fe/1/1-I4AdBznds9GaGHbjjQJdTfr6lg.roa
File:                     1-I4AdBznds9GaGHbjjQJdTfr6lg.roa (raw, json)
Hash identifier:          ZrLQTh80NyOs52m9dL7lhb8lh/88jGNHaleIrbUUHFo=
Subject key identifier:   F8:8E:00:74:1C:E7:76:CF:46:68:61:DB:8E:34:09:75:37:EB:EA:58
Certificate issuer:       /CN=2d2d7d9743de2efa2f633378a268f58f2aa16050
Certificate serial:       018CC2DB02DEE9B288157EC79383C81E2618
Authority key identifier: 2D:2D:7D:97:43:DE:2E:FA:2F:63:33:78:A2:68:F5:8F:2A:A1:60:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LS19l0PeLvovYzN4omj1jyqhYFA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/cf7c19-1c7d-4ebe-b4dd-cbccf90455fe/1/1-I4AdBznds9GaGHbjjQJdTfr6lg.roa
Signing time:             Mon 01 Jan 2024 02:29:42 +0000
ROA not before:           Mon 01 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207656
IP address blocks:        193.218.118.0/24 maxlen: 24
                          193.218.119.0/24 maxlen: 24
                          2a0f:e586::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/cf7c19-1c7d-4ebe-b4dd-cbccf90455fe/1/LS19l0PeLvovYzN4omj1jyqhYFA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/cf7c19-1c7d-4ebe-b4dd-cbccf90455fe/1/LS19l0PeLvovYzN4omj1jyqhYFA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LS19l0PeLvovYzN4omj1jyqhYFA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:02:de:e9:b2:88:15:7e:c7:93:83:c8:1e:26:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d2d7d9743de2efa2f633378a268f58f2aa16050
        Validity
            Not Before: Jan  1 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f88e00741ce776cf466861db8e34097537ebea58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:2b:d5:3b:ba:47:ac:f5:42:cd:5f:39:1d:42:
                    08:31:5e:ad:f8:01:4f:73:e3:7f:51:95:a4:10:d1:
                    6e:8c:36:74:6e:86:80:19:bd:61:e8:18:8d:60:d9:
                    bf:44:7a:95:2e:b1:1d:2c:3c:9f:02:2a:03:5b:85:
                    15:67:80:55:f2:cf:fc:84:87:1d:84:91:c3:83:30:
                    3e:a2:f1:2d:23:02:a1:32:d7:1a:05:c1:a4:00:c9:
                    3c:53:ff:bd:79:e7:47:c8:23:de:07:68:65:75:da:
                    ee:1f:77:40:48:31:f0:53:06:29:0f:73:a2:e3:18:
                    33:a0:67:cc:df:8d:24:ef:b6:22:f4:89:e5:09:1c:
                    ba:c7:80:1e:b8:b8:e9:75:b7:60:34:34:cc:fa:38:
                    2f:a0:35:91:42:62:dd:0b:38:2f:15:de:2a:95:49:
                    7d:d7:ac:47:8f:80:4c:58:42:8e:9c:6b:94:18:a1:
                    00:46:25:37:53:a3:bc:1e:9e:6d:9f:26:e7:54:1a:
                    18:a2:95:33:15:96:73:5b:ab:3d:0a:04:99:29:fd:
                    e1:59:e6:c9:c3:c4:be:5e:17:88:a5:e3:2d:2e:1c:
                    fc:c1:8f:d3:58:7c:98:62:b0:d4:35:f0:f2:71:b3:
                    12:b8:cf:3b:72:1f:25:42:83:8e:b4:97:7d:1b:e4:
                    46:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:8E:00:74:1C:E7:76:CF:46:68:61:DB:8E:34:09:75:37:EB:EA:58
            X509v3 Authority Key Identifier:
                keyid:2D:2D:7D:97:43:DE:2E:FA:2F:63:33:78:A2:68:F5:8F:2A:A1:60:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LS19l0PeLvovYzN4omj1jyqhYFA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/cf7c19-1c7d-4ebe-b4dd-cbccf90455fe/1/1-I4AdBznds9GaGHbjjQJdTfr6lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/cf7c19-1c7d-4ebe-b4dd-cbccf90455fe/1/LS19l0PeLvovYzN4omj1jyqhYFA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.218.118.0/23
                IPv6:
                  2a0f:e586::/32

    Signature Algorithm: sha256WithRSAEncryption
         b7:86:64:9f:59:60:50:6c:63:3f:15:f5:1f:5e:83:7e:f7:65:
         fc:ef:ab:67:85:78:ba:1d:ca:81:dd:2a:6d:e3:0c:0c:8c:2e:
         40:fe:c1:74:08:75:e4:a5:c9:37:19:73:bf:ab:f2:39:54:23:
         c0:dd:9c:07:3c:1a:71:83:94:1a:33:0d:5f:b3:66:9c:0f:75:
         8e:0a:f7:4f:7f:15:36:c5:26:16:1a:f4:be:9e:b1:52:54:87:
         95:2c:f6:de:4d:d4:51:f9:97:80:59:3c:fa:b0:85:04:3c:89:
         12:13:a3:c3:9e:d3:f0:6e:13:4d:de:dd:ad:f8:2f:71:be:7b:
         27:be:f7:db:12:f0:45:8e:48:28:42:82:8e:e7:08:d0:3d:31:
         f4:be:52:2f:c2:52:31:84:2d:28:e2:8f:f4:b5:17:48:a2:05:
         78:c3:28:36:d9:b4:14:50:16:85:b2:0b:fb:7d:23:3f:b4:2a:
         38:52:74:50:e4:02:23:59:09:29:f9:73:a5:bd:6a:d8:62:4f:
         86:51:81:e7:c2:f1:99:aa:07:05:3d:ce:4a:a9:e7:bd:ae:fd:
         0f:e2:85:0a:b8:4d:4d:d0:e5:6b:47:2f:ae:98:e2:44:33:f4:
         19:8b:1b:06:03:a9:1b:58:e7:31:ba:07:b7:a8:5f:f8:b4:1c:
         42:33:70:7a
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzC2wLe6bKIFX7Hk4PIHiYYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMmQ3ZDk3NDNkZTJlZmEyZjYzMzM3OGEyNjhmNThmMmFh
MTYwNTAwHhcNMjQwMTAxMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODhlMDA3NDFjZTc3NmNmNDY2ODYxZGI4ZTM0MDk3NTM3ZWJlYTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3SvVO7pHrPVCzV85HUIIMV6t+AFP
c+N/UZWkENFujDZ0boaAGb1h6BiNYNm/RHqVLrEdLDyfAioDW4UVZ4BV8s/8hIcd
hJHDgzA+ovEtIwKhMtcaBcGkAMk8U/+9eedHyCPeB2hlddruH3dASDHwUwYpD3Oi
4xgzoGfM340k77Yi9InlCRy6x4AeuLjpdbdgNDTM+jgvoDWRQmLdCzgvFd4qlUl9
16xHj4BMWEKOnGuUGKEARiU3U6O8Hp5tnybnVBoYopUzFZZzW6s9CgSZKf3hWebJ
w8S+XheIpeMtLhz8wY/TWHyYYrDUNfDycbMSuM87ch8lQoOOtJd9G+RGYwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPiOAHQc53bPRmhh2440CXU36+pYMB8GA1UdIwQY
MBaAFC0tfZdD3i76L2MzeKJo9Y8qoWBQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFMxOWwwUGVMdm92WXpONG9tajFqeXFoWUZBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9jZjdjMTktMWM3ZC00ZWJlLWI0ZGQt
Y2JjY2Y5MDQ1NWZlLzEvMS1JNEFkQnpuZHM5R2FHSGJqalFKZFRmcjZsZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODMvY2Y3YzE5LTFjN2QtNGViZS1iNGRkLWNiY2NmOTA0NTVm
ZS8xL0xTMTlsMFBlTHZvdll6TjRvbWoxanlxaFlGQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAcHadjAN
BAIAAjAHAwUAKg/lhjANBgkqhkiG9w0BAQsFAAOCAQEAt4Zkn1lgUGxjPxX1H16D
fvdl/O+rZ4V4uh3Kgd0qbeMMDIwuQP7BdAh15KXJNxlzv6vyOVQjwN2cBzwacYOU
GjMNX7NmnA91jgr3T38VNsUmFhr0vp6xUlSHlSz23k3UUfmXgFk8+rCFBDyJEhOj
w57T8G4TTd7drfgvcb57J7732xLwRY5IKEKCjucI0D0x9L5SL8JSMYQtKOKP9LUX
SKIFeMMoNtm0FFAWhbIL+30jP7QqOFJ0UOQCI1kJKflzpb1q2GJPhlGB58LxmaoH
BT3OSqnnva79D+KFCrhNTdDla0cvrpjiRDP0GYsbBgOpG1jnMboHt6hf+LQcQjNw
eg==
-----END CERTIFICATE-----