Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/1-sdLyNh6hlJQir7aI6q15ve6Mg8.roa
File:                     1-sdLyNh6hlJQir7aI6q15ve6Mg8.roa (raw, json)
Hash identifier:          wCXFeL5eO0Qkxev4Eciyp1prZdVXlLBPlJTUbhCYIMM=
Subject key identifier:   FA:C7:4B:C8:D8:7A:86:52:50:8A:BE:DA:23:AA:B5:E6:F7:BA:32:0F
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       018CCA2A4522E1F65377484DAD8985215832
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/1-sdLyNh6hlJQir7aI6q15ve6Mg8.roa
Signing time:             Tue 02 Jan 2024 12:33:37 +0000
ROA not before:           Tue 02 Jan 2024 12:33:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39616
IP address blocks:        194.242.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:45:22:e1:f6:53:77:48:4d:ad:89:85:21:58:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Jan  2 12:33:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fac74bc8d87a8652508abeda23aab5e6f7ba320f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:19:4b:fc:e2:28:0b:c4:c2:1a:d2:f0:1e:e9:
                    fd:dd:80:7b:d9:38:6c:c1:c7:e5:4d:27:85:39:fe:
                    c0:16:14:b2:e0:b9:88:d6:44:1b:9b:b8:f3:05:de:
                    3a:e4:9e:2c:b7:93:e4:5b:70:72:f9:e9:5d:d8:3a:
                    07:32:df:b7:d5:35:1b:f4:1c:aa:41:99:c4:22:f5:
                    34:80:4d:bc:d2:5b:d3:c8:12:c7:9a:b0:89:8a:3f:
                    66:a9:7a:19:61:79:0d:c7:4d:ca:e9:04:01:a8:7b:
                    f8:24:af:27:6b:35:15:bf:0c:d2:4a:a9:80:dd:5c:
                    08:0c:da:d3:c3:a1:ec:df:8d:82:82:46:81:c6:77:
                    fc:50:f5:73:12:5a:9b:d3:ae:76:ef:15:52:bc:f3:
                    fe:1f:37:06:76:a9:89:db:c5:e5:48:e5:8f:e0:6a:
                    d5:9c:e5:4b:b2:07:2a:bc:e6:7c:26:84:6a:d1:1a:
                    3a:2f:d9:d0:a4:32:fe:b2:29:da:94:0d:b8:4a:5d:
                    50:48:b4:a9:37:9d:6a:c0:37:b5:ea:74:0e:a7:ab:
                    2f:fb:d6:c6:f8:ec:85:de:7a:39:56:1e:00:5e:25:
                    3e:4f:a9:82:ec:6c:5e:c1:c1:33:c5:f1:fe:2f:a7:
                    47:06:c2:af:b8:9c:87:9b:77:97:df:e0:30:60:45:
                    11:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:C7:4B:C8:D8:7A:86:52:50:8A:BE:DA:23:AA:B5:E6:F7:BA:32:0F
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/1-sdLyNh6hlJQir7aI6q15ve6Mg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.242.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:38:93:80:1a:0f:36:7f:8b:69:f7:1d:5d:28:d0:05:9e:75:
         63:10:47:81:b7:02:cc:18:34:c2:ff:54:e1:99:6b:c6:06:b0:
         18:a0:00:15:d5:44:b1:14:ad:99:36:28:02:7c:43:44:a6:16:
         ea:95:9b:d9:49:5e:26:c5:d1:aa:8a:64:d1:a2:27:03:f2:41:
         58:01:8c:48:59:df:7f:d5:28:cc:a2:35:64:0c:dd:5b:a6:69:
         a6:1c:fc:18:9a:dd:ee:d3:4e:96:ed:aa:10:44:47:0c:42:75:
         a9:f0:84:01:ec:5d:63:fb:14:14:92:46:ed:f6:df:3b:e7:38:
         6d:01:54:fa:8f:d9:65:eb:f1:b2:8f:3f:a3:b0:44:08:a3:a7:
         40:48:0c:e5:0b:c7:8c:52:ae:eb:bd:07:9d:0f:37:21:b6:4a:
         fb:59:74:e7:e6:00:15:c9:95:a9:47:8b:94:34:c5:46:b6:8c:
         3b:10:96:01:58:cd:9e:37:d8:2d:61:42:c4:b2:4c:a3:28:00:
         8d:74:a9:43:e9:aa:89:ee:cf:c7:f6:f3:8c:82:79:05:5a:6b:
         77:dc:10:86:e4:ae:6e:b9:90:32:4a:c5:d4:54:a3:17:d5:90:
         db:35:b1:f2:95:89:3f:f9:1e:2d:87:98:e9:9e:b1:0e:30:c1:
         d5:35:09:69
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKKkUi4fZTd0hNrYmFIVgyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjQwMTAyMTIzMzM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWM3NGJjOGQ4N2E4NjUyNTA4YWJlZGEyM2FhYjVlNmY3YmEzMjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhlL/OIoC8TCGtLwHun93YB72Ths
wcflTSeFOf7AFhSy4LmI1kQbm7jzBd465J4st5PkW3By+eld2DoHMt+31TUb9Byq
QZnEIvU0gE280lvTyBLHmrCJij9mqXoZYXkNx03K6QQBqHv4JK8nazUVvwzSSqmA
3VwIDNrTw6Hs342CgkaBxnf8UPVzElqb06527xVSvPP+HzcGdqmJ28XlSOWP4GrV
nOVLsgcqvOZ8JoRq0Ro6L9nQpDL+sinalA24Sl1QSLSpN51qwDe16nQOp6sv+9bG
+OyF3no5Vh4AXiU+T6mC7GxewcEzxfH+L6dHBsKvuJyHm3eX3+AwYEURIwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPrHS8jYeoZSUIq+2iOqteb3ujIPMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvMS1zZEx5Tmg2aGxKUWlyN2FJNnExNXZlNk1nOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODYvOWRiNTI1LTEwNTktNGMwNy1hNWFkLTE5MTg5YjNjOWM3
ZC8xL1NlVVdsTVRVYTBfTUF2cm5IbDI1UXFjUWprYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMLyPzAN
BgkqhkiG9w0BAQsFAAOCAQEAkTiTgBoPNn+LafcdXSjQBZ51YxBHgbcCzBg0wv9U
4ZlrxgawGKAAFdVEsRStmTYoAnxDRKYW6pWb2UleJsXRqopk0aInA/JBWAGMSFnf
f9UozKI1ZAzdW6Zpphz8GJrd7tNOlu2qEERHDEJ1qfCEAexdY/sUFJJG7fbfO+c4
bQFU+o/ZZevxso8/o7BECKOnQEgM5QvHjFKu670HnQ83IbZK+1l05+YAFcmVqUeL
lDTFRraMOxCWAVjNnjfYLWFCxLJMoygAjXSpQ+mqie7Px/bzjIJ5BVprd9wQhuSu
brmQMkrF1FSjF9WQ2zWx8pWJP/keLYeY6Z6xDjDB1TUJaQ==
-----END CERTIFICATE-----