Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/c4210e-90de-4eca-8206-5537d85d2bd0/1/4VL3eJfr6GAZ00FkWCJREufcmgQ.roa
File:                     4VL3eJfr6GAZ00FkWCJREufcmgQ.roa (raw, json)
Hash identifier:          lcvn+xo9YQ3p2LDymGvahp4ZxVXdQ/l59Hmtz09T6Pg=
Subject key identifier:   E1:52:F7:78:97:EB:E8:60:19:D3:41:64:58:22:51:12:E7:DC:9A:04
Certificate issuer:       /CN=a0bb1718963ddd9128b76fd3d8213a1565ef856d
Certificate serial:       018CC3B69AD903110B0045D5F2EFFE97B4AE
Authority key identifier: A0:BB:17:18:96:3D:DD:91:28:B7:6F:D3:D8:21:3A:15:65:EF:85:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oLsXGJY93ZEot2_T2CE6FWXvhW0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/c4210e-90de-4eca-8206-5537d85d2bd0/1/4VL3eJfr6GAZ00FkWCJREufcmgQ.roa
Signing time:             Mon 01 Jan 2024 06:29:33 +0000
ROA not before:           Mon 01 Jan 2024 06:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1764
IP address blocks:        193.201.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/c4210e-90de-4eca-8206-5537d85d2bd0/1/oLsXGJY93ZEot2_T2CE6FWXvhW0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/c4210e-90de-4eca-8206-5537d85d2bd0/1/oLsXGJY93ZEot2_T2CE6FWXvhW0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oLsXGJY93ZEot2_T2CE6FWXvhW0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:9a:d9:03:11:0b:00:45:d5:f2:ef:fe:97:b4:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0bb1718963ddd9128b76fd3d8213a1565ef856d
        Validity
            Not Before: Jan  1 06:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e152f77897ebe86019d3416458225112e7dc9a04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:4f:fe:ee:dc:e2:e5:a5:2c:b8:51:8c:a9:85:
                    c0:e9:2c:09:74:4f:11:7b:30:8d:2b:7a:2a:79:10:
                    ac:82:21:41:c4:0e:d8:59:3e:ca:81:61:79:94:2f:
                    df:7d:a0:0d:73:7d:6a:9e:8c:14:37:ac:66:b7:5f:
                    55:96:12:eb:8f:5b:a5:a1:80:e9:fe:8c:73:36:99:
                    7b:f5:1b:91:5f:ed:ba:19:95:de:93:a8:4e:3d:e5:
                    e6:12:cb:d9:4d:fc:e0:42:14:62:31:db:c2:ef:fb:
                    30:83:83:94:6a:00:12:db:e6:24:7c:dc:2e:75:b1:
                    c9:72:d9:9c:b5:38:2e:82:f4:6c:eb:39:2c:dd:61:
                    a6:af:75:f7:30:bc:30:dd:0a:56:6d:0f:1d:f8:40:
                    ee:97:da:f6:56:8c:92:ff:fb:d5:c1:fa:a2:27:8f:
                    ed:63:45:1a:d3:c3:a7:11:54:df:82:1b:c2:e5:36:
                    5f:f6:f1:40:2b:29:36:50:56:03:ad:05:7b:56:03:
                    b8:02:a2:54:28:b9:de:77:a6:03:f0:bc:bb:6b:24:
                    5f:8d:56:cd:ca:8f:ae:99:b9:0c:12:34:fc:67:87:
                    80:f7:71:79:23:46:0a:ff:00:97:f3:ff:85:87:c1:
                    79:bf:d3:83:30:b3:c4:73:17:99:4c:0c:f0:80:81:
                    71:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:52:F7:78:97:EB:E8:60:19:D3:41:64:58:22:51:12:E7:DC:9A:04
            X509v3 Authority Key Identifier:
                keyid:A0:BB:17:18:96:3D:DD:91:28:B7:6F:D3:D8:21:3A:15:65:EF:85:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oLsXGJY93ZEot2_T2CE6FWXvhW0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/c4210e-90de-4eca-8206-5537d85d2bd0/1/4VL3eJfr6GAZ00FkWCJREufcmgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/c4210e-90de-4eca-8206-5537d85d2bd0/1/oLsXGJY93ZEot2_T2CE6FWXvhW0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:01:34:c8:41:c1:26:dc:4c:70:ff:5f:d4:d5:bc:f0:ef:f1:
         79:c6:10:82:3b:30:7c:1f:3c:33:7f:da:af:9a:3c:b4:f8:01:
         c1:32:35:65:fa:2b:59:a5:d6:8b:e1:ff:55:9d:5a:48:f9:5c:
         f2:d2:34:02:ba:1e:a8:1e:bb:81:c6:74:85:e4:bd:cc:28:1b:
         71:82:91:0d:d8:81:54:09:5a:82:b9:e7:d4:8b:54:32:62:69:
         9e:55:95:b6:cf:1b:a6:f7:71:d6:55:58:c4:36:78:73:47:37:
         25:86:db:19:a2:39:93:10:7f:59:a0:b7:4b:c0:bd:ab:0d:eb:
         aa:a0:0c:e3:6a:12:ee:06:5f:60:dd:79:b0:e9:8a:af:a5:43:
         6a:bf:24:bb:8b:08:5d:53:eb:04:d4:80:c4:c2:03:06:d1:e9:
         72:7f:08:63:7c:1c:80:b3:ad:59:e6:8f:60:8f:46:da:d7:7e:
         e4:2d:21:e3:c3:2f:ae:71:01:17:7c:b8:42:fa:e4:e2:8a:aa:
         a7:39:44:10:7e:de:0d:a9:29:af:66:7f:87:20:30:b3:68:43:
         5d:6e:c5:8c:9b:ab:ee:71:d3:14:0b:77:bd:ba:1b:3f:0b:43:
         6d:28:8e:92:f0:c8:2b:e4:59:29:97:ed:ba:0f:39:98:f7:6e:
         ac:5c:d5:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtprZAxELAEXV8u/+l7SuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwYmIxNzE4OTYzZGRkOTEyOGI3NmZkM2Q4MjEzYTE1NjVl
Zjg1NmQwHhcNMjQwMTAxMDYyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTUyZjc3ODk3ZWJlODYwMTlkMzQxNjQ1ODIyNTExMmU3ZGM5YTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0/+7tzi5aUsuFGMqYXA6SwJdE8R
ezCNK3oqeRCsgiFBxA7YWT7KgWF5lC/ffaANc31qnowUN6xmt19VlhLrj1uloYDp
/oxzNpl79RuRX+26GZXek6hOPeXmEsvZTfzgQhRiMdvC7/swg4OUagAS2+YkfNwu
dbHJctmctTgugvRs6zks3WGmr3X3MLww3QpWbQ8d+EDul9r2VoyS//vVwfqiJ4/t
Y0Ua08OnEVTfghvC5TZf9vFAKyk2UFYDrQV7VgO4AqJUKLned6YD8Ly7ayRfjVbN
yo+umbkMEjT8Z4eA93F5I0YK/wCX8/+Fh8F5v9ODMLPEcxeZTAzwgIFxtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFS93iX6+hgGdNBZFgiURLn3JoEMB8GA1UdIwQY
MBaAFKC7FxiWPd2RKLdv09ghOhVl74VtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0xzWEdKWTkzWkVvdDJfVDJDRTZGV1h2aFcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9jNDIxMGUtOTBkZS00ZWNhLTgyMDYt
NTUzN2Q4NWQyYmQwLzEvNFZMM2VKZnI2R0FaMDBGa1dDSlJFdWZjbWdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9jNDIxMGUtOTBkZS00ZWNhLTgyMDYtNTUzN2Q4NWQyYmQw
LzEvb0xzWEdKWTkzWkVvdDJfVDJDRTZGV1h2aFcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwckpMA0G
CSqGSIb3DQEBCwUAA4IBAQChATTIQcEm3Exw/1/U1bzw7/F5xhCCOzB8Hzwzf9qv
mjy0+AHBMjVl+itZpdaL4f9VnVpI+Vzy0jQCuh6oHruBxnSF5L3MKBtxgpEN2IFU
CVqCuefUi1QyYmmeVZW2zxum93HWVVjENnhzRzclhtsZojmTEH9ZoLdLwL2rDeuq
oAzjahLuBl9g3Xmw6YqvpUNqvyS7iwhdU+sE1IDEwgMG0elyfwhjfByAs61Z5o9g
j0ba137kLSHjwy+ucQEXfLhC+uTiiqqnOUQQft4NqSmvZn+HIDCzaENdbsWMm6vu
cdMUC3e9uhs/C0NtKI6S8Mgr5Fkpl+26DzmY926sXNXQ
-----END CERTIFICATE-----