Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/de34b5-0320-4cd9-9ee3-c4ce3e8073db/1/r9F6xLE6SXXmIhl2hiAxIspeJxc.roa
File:                     r9F6xLE6SXXmIhl2hiAxIspeJxc.roa (raw, json)
Hash identifier:          Qb1UrJxesLYzob0lj+nBr4nLsNewGVh2e9CpqCyhVBw=
Subject key identifier:   AF:D1:7A:C4:B1:3A:49:75:E6:22:19:76:86:20:31:22:CA:5E:27:17
Certificate issuer:       /CN=d2eda4f8d9e482952a112b2ef5a4f239b7f62551
Certificate serial:       018CC79538F76D8D4F02EB4AFE47A10C9521
Authority key identifier: D2:ED:A4:F8:D9:E4:82:95:2A:11:2B:2E:F5:A4:F2:39:B7:F6:25:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0u2k-NnkgpUqESsu9aTyObf2JVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/de34b5-0320-4cd9-9ee3-c4ce3e8073db/1/r9F6xLE6SXXmIhl2hiAxIspeJxc.roa
Signing time:             Tue 02 Jan 2024 00:31:34 +0000
ROA not before:           Tue 02 Jan 2024 00:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50251
IP address blocks:        193.106.48.0/22 maxlen: 24
                          2a0b:d7c4::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/de34b5-0320-4cd9-9ee3-c4ce3e8073db/1/0u2k-NnkgpUqESsu9aTyObf2JVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/de34b5-0320-4cd9-9ee3-c4ce3e8073db/1/0u2k-NnkgpUqESsu9aTyObf2JVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0u2k-NnkgpUqESsu9aTyObf2JVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:38:f7:6d:8d:4f:02:eb:4a:fe:47:a1:0c:95:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2eda4f8d9e482952a112b2ef5a4f239b7f62551
        Validity
            Not Before: Jan  2 00:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afd17ac4b13a4975e622197686203122ca5e2717
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:b8:6b:67:91:fd:68:f9:d9:e2:70:43:a0:54:
                    4c:4e:4e:9a:82:45:bd:c6:23:19:0e:ca:d6:c5:23:
                    9e:50:83:ee:5c:4f:ba:af:a2:5b:e2:99:e1:2b:89:
                    ca:22:31:6c:83:83:89:ef:07:1f:6f:10:59:52:29:
                    2c:9f:28:77:98:27:37:b7:b2:7d:26:63:0c:d1:24:
                    8f:1a:d0:f4:e1:8e:46:51:4b:31:ba:ca:ae:04:19:
                    8c:c8:80:0f:37:23:90:4a:90:5c:43:da:85:52:ba:
                    3a:25:c0:b6:10:7c:dd:c4:84:ce:7f:86:cf:c6:e8:
                    d3:4f:7d:71:1e:6a:45:46:66:c8:51:dd:df:87:44:
                    6f:86:1f:7c:3d:ee:c9:a8:8e:c7:e6:b8:1f:1a:77:
                    b0:70:fd:a6:0e:89:cf:a6:53:da:ac:89:f6:bd:e4:
                    65:7a:95:fc:e8:5e:ed:05:af:97:b5:1c:73:33:84:
                    95:1f:e6:a8:f9:30:3c:4c:f3:0d:35:45:02:05:4f:
                    5d:a8:eb:6b:61:9d:8f:f6:ca:ef:c7:77:19:9e:4a:
                    b1:a8:e0:66:d0:4a:3b:fa:2c:e3:cd:68:c2:05:1b:
                    77:17:d7:f3:d1:eb:39:76:7d:1a:64:45:2d:02:78:
                    db:11:f4:5a:fc:0e:d6:59:9e:d9:4d:c7:eb:8a:91:
                    ea:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:D1:7A:C4:B1:3A:49:75:E6:22:19:76:86:20:31:22:CA:5E:27:17
            X509v3 Authority Key Identifier:
                keyid:D2:ED:A4:F8:D9:E4:82:95:2A:11:2B:2E:F5:A4:F2:39:B7:F6:25:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0u2k-NnkgpUqESsu9aTyObf2JVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/de34b5-0320-4cd9-9ee3-c4ce3e8073db/1/r9F6xLE6SXXmIhl2hiAxIspeJxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/de34b5-0320-4cd9-9ee3-c4ce3e8073db/1/0u2k-NnkgpUqESsu9aTyObf2JVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.106.48.0/22
                IPv6:
                  2a0b:d7c4::/30

    Signature Algorithm: sha256WithRSAEncryption
         bf:c7:c8:21:1c:73:e3:88:9d:2c:5e:e9:bf:9d:43:cc:04:c8:
         23:d9:c1:c9:de:05:b7:0b:ef:68:81:25:2f:6c:aa:54:ed:f4:
         36:6a:e1:50:ae:d1:40:27:ef:8d:07:16:64:d6:92:81:2d:af:
         35:b0:15:27:89:fd:b6:64:b4:49:9b:70:8a:d2:db:ec:de:90:
         5a:e2:34:73:47:cf:e9:20:5b:80:fa:56:9a:35:e9:f5:4f:9e:
         e9:63:0d:ac:a0:21:d6:da:66:15:2b:c8:8c:be:26:91:37:e1:
         82:3b:06:e9:46:f5:97:9a:83:e0:8d:68:25:a9:82:8f:a4:a5:
         ce:11:dd:8b:cf:84:80:ca:85:ac:77:a2:8f:c5:3e:7d:c1:eb:
         42:26:41:90:27:c5:a4:6d:28:f0:ab:05:bf:d5:a8:ad:ed:2e:
         43:62:53:2e:e8:e0:ab:ea:cc:c3:dc:bb:14:61:17:05:ec:73:
         c0:d5:ca:f2:af:31:67:7d:cc:52:c9:81:f7:0d:dd:76:c6:fd:
         dd:5e:56:6a:90:78:5b:b5:b0:8e:89:a9:72:08:d8:89:57:95:
         6f:bf:df:ed:94:fc:bf:7d:c2:43:2b:8a:39:1f:2a:6a:66:d3:
         a0:55:8e:f6:f2:cf:dd:7b:c1:e3:73:6d:eb:e8:39:86:ae:ab:
         20:0a:56:43
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlTj3bY1PAutK/kehDJUhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyZWRhNGY4ZDllNDgyOTUyYTExMmIyZWY1YTRmMjM5Yjdm
NjI1NTEwHhcNMjQwMTAyMDAzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmQxN2FjNGIxM2E0OTc1ZTYyMjE5NzY4NjIwMzEyMmNhNWUyNzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLhrZ5H9aPnZ4nBDoFRMTk6agkW9
xiMZDsrWxSOeUIPuXE+6r6Jb4pnhK4nKIjFsg4OJ7wcfbxBZUiksnyh3mCc3t7J9
JmMM0SSPGtD04Y5GUUsxusquBBmMyIAPNyOQSpBcQ9qFUro6JcC2EHzdxITOf4bP
xujTT31xHmpFRmbIUd3fh0Rvhh98Pe7JqI7H5rgfGnewcP2mDonPplParIn2veRl
epX86F7tBa+XtRxzM4SVH+ao+TA8TPMNNUUCBU9dqOtrYZ2P9srvx3cZnkqxqOBm
0Eo7+izjzWjCBRt3F9fz0es5dn0aZEUtAnjbEfRa/A7WWZ7ZTcfripHqgwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK/ResSxOkl15iIZdoYgMSLKXicXMB8GA1UdIwQY
MBaAFNLtpPjZ5IKVKhErLvWk8jm39iVRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHUyay1ObmtncFVxRVNzdTlhVHlPYmYySlZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9kZTM0YjUtMDMyMC00Y2Q5LTllZTMt
YzRjZTNlODA3M2RiLzEvcjlGNnhMRTZTWFhtSWhsMmhpQXhJc3BlSnhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9kZTM0YjUtMDMyMC00Y2Q5LTllZTMtYzRjZTNlODA3M2Ri
LzEvMHUyay1ObmtncFVxRVNzdTlhVHlPYmYySlZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwWowMA0E
AgACMAcDBQIqC9fEMA0GCSqGSIb3DQEBCwUAA4IBAQC/x8ghHHPjiJ0sXum/nUPM
BMgj2cHJ3gW3C+9ogSUvbKpU7fQ2auFQrtFAJ++NBxZk1pKBLa81sBUnif22ZLRJ
m3CK0tvs3pBa4jRzR8/pIFuA+laaNen1T57pYw2soCHW2mYVK8iMviaRN+GCOwbp
RvWXmoPgjWglqYKPpKXOEd2Lz4SAyoWsd6KPxT59wetCJkGQJ8WkbSjwqwW/1ait
7S5DYlMu6OCr6szD3LsUYRcF7HPA1cryrzFnfcxSyYH3Dd12xv3dXlZqkHhbtbCO
ialyCNiJV5Vvv9/tlPy/fcJDK4o5HypqZtOgVY728s/de8Hjc23r6DmGrqsgClZD
-----END CERTIFICATE-----