Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/71779b-5830-4c87-9e79-e5c459c91a48/1/dSbSFG5sfL958_lN1yyOaJsPNvA.roa
File:                     dSbSFG5sfL958_lN1yyOaJsPNvA.roa (raw, json)
Hash identifier:          En3H8/cPayH+2Z2eOW/+9j3ijdcrs9YOOSk22ibU9zY=
Subject key identifier:   75:26:D2:14:6E:6C:7C:BF:79:F3:F9:4D:D7:2C:8E:68:9B:0F:36:F0
Certificate issuer:       /CN=466bf8762fe42f0a13da7d21ca96c4301500ebcc
Certificate serial:       018CC6B7B6E05425A60BB20E0AF1E81D9779
Authority key identifier: 46:6B:F8:76:2F:E4:2F:0A:13:DA:7D:21:CA:96:C4:30:15:00:EB:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rmv4di_kLwoT2n0hypbEMBUA68w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/71779b-5830-4c87-9e79-e5c459c91a48/1/dSbSFG5sfL958_lN1yyOaJsPNvA.roa
Signing time:             Mon 01 Jan 2024 20:29:37 +0000
ROA not before:           Mon 01 Jan 2024 20:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199017
IP address blocks:        93.114.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/71779b-5830-4c87-9e79-e5c459c91a48/1/Rmv4di_kLwoT2n0hypbEMBUA68w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/71779b-5830-4c87-9e79-e5c459c91a48/1/Rmv4di_kLwoT2n0hypbEMBUA68w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rmv4di_kLwoT2n0hypbEMBUA68w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b6:e0:54:25:a6:0b:b2:0e:0a:f1:e8:1d:97:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=466bf8762fe42f0a13da7d21ca96c4301500ebcc
        Validity
            Not Before: Jan  1 20:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7526d2146e6c7cbf79f3f94dd72c8e689b0f36f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:6d:cf:81:09:73:c9:5e:43:46:5f:27:6f:e3:
                    0e:5e:df:b9:9c:e9:40:5c:ab:6c:c2:11:75:0d:e9:
                    b8:31:ac:43:a7:90:4f:d1:7d:3e:27:e6:fc:16:4f:
                    86:8a:41:aa:3b:fa:fc:8a:73:ff:ce:ab:ae:fd:b8:
                    ee:28:48:3f:41:99:c3:31:9a:62:94:9f:d2:65:2f:
                    a5:9e:57:a5:48:22:9e:3a:ed:0f:ba:f9:6e:af:5c:
                    37:61:cf:76:ae:bc:34:d9:3d:fa:3e:44:82:d5:80:
                    b9:d2:f6:38:48:6d:11:ba:e9:a2:e8:60:ef:dd:01:
                    96:01:cc:ce:07:c5:16:76:18:1d:88:3f:35:98:65:
                    ee:63:42:25:2e:6b:22:38:fd:0b:1f:cf:26:20:72:
                    71:dc:82:89:1d:a7:45:be:d5:66:6f:0f:c6:4d:d0:
                    77:1f:54:55:73:ac:cc:68:84:8b:0e:47:9d:65:58:
                    14:78:eb:fd:56:16:ef:ca:bf:b6:ab:a2:75:59:f4:
                    01:3c:32:df:56:89:11:10:11:9f:81:29:7b:d6:31:
                    c4:86:80:65:be:71:c6:46:ed:9d:26:ca:3c:7a:b7:
                    cf:fa:f1:a0:ba:ed:a8:dc:4b:f3:c3:9b:be:d2:a3:
                    92:28:ca:ab:ba:e7:3d:5e:ce:d8:77:11:f5:23:97:
                    c5:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:26:D2:14:6E:6C:7C:BF:79:F3:F9:4D:D7:2C:8E:68:9B:0F:36:F0
            X509v3 Authority Key Identifier:
                keyid:46:6B:F8:76:2F:E4:2F:0A:13:DA:7D:21:CA:96:C4:30:15:00:EB:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rmv4di_kLwoT2n0hypbEMBUA68w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/71779b-5830-4c87-9e79-e5c459c91a48/1/dSbSFG5sfL958_lN1yyOaJsPNvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/71779b-5830-4c87-9e79-e5c459c91a48/1/Rmv4di_kLwoT2n0hypbEMBUA68w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:20:68:80:37:cd:88:86:9f:57:c0:a0:50:9c:b4:fe:3a:a2:
         77:53:82:15:45:ff:17:ef:ac:75:1b:24:1d:8f:32:5f:51:4c:
         e6:be:c4:8f:e6:09:09:f4:4a:60:a4:c6:37:dc:36:ae:36:6a:
         7f:0f:54:62:6a:cb:6d:52:ff:7c:54:24:4b:06:cd:04:08:73:
         94:2e:42:6c:3e:f4:f6:d9:e1:cd:45:75:fa:73:67:cc:61:b6:
         3a:34:bc:bf:97:7f:75:cb:d0:2c:7a:e9:de:fb:ab:3d:3f:2d:
         7d:3d:40:b5:de:58:2b:9f:ee:80:e0:5c:74:58:c1:b1:de:9b:
         98:08:68:25:3b:2d:28:c5:30:f1:8e:f4:c1:ee:ac:35:a7:1b:
         9a:c1:15:a4:5f:5e:92:ed:44:43:88:23:06:91:b5:99:7d:0a:
         52:37:ca:d1:ac:80:3b:69:c7:c0:8b:d9:ef:6f:79:05:9c:54:
         95:b1:e8:02:63:34:76:05:0d:e6:69:72:b3:82:86:a8:93:a8:
         5b:e9:37:11:a5:a6:90:7b:0d:5d:3c:df:83:ae:fd:e8:99:d8:
         1e:c3:8b:5d:a8:73:c9:71:b3:05:6c:61:cb:4e:44:43:ba:04:
         d3:67:e3:bf:4b:d5:95:82:e3:d9:f9:1f:1a:6d:25:28:da:b9:
         4b:44:6e:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt7bgVCWmC7IOCvHoHZd5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NmJmODc2MmZlNDJmMGExM2RhN2QyMWNhOTZjNDMwMTUw
MGViY2MwHhcNMjQwMTAxMjAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTI2ZDIxNDZlNmM3Y2JmNzlmM2Y5NGRkNzJjOGU2ODliMGYzNmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoW3PgQlzyV5DRl8nb+MOXt+5nOlA
XKtswhF1Dem4MaxDp5BP0X0+J+b8Fk+GikGqO/r8inP/zquu/bjuKEg/QZnDMZpi
lJ/SZS+lnlelSCKeOu0Puvlur1w3Yc92rrw02T36PkSC1YC50vY4SG0Ruumi6GDv
3QGWAczOB8UWdhgdiD81mGXuY0IlLmsiOP0LH88mIHJx3IKJHadFvtVmbw/GTdB3
H1RVc6zMaISLDkedZVgUeOv9Vhbvyr+2q6J1WfQBPDLfVokREBGfgSl71jHEhoBl
vnHGRu2dJso8erfP+vGguu2o3Evzw5u+0qOSKMqruuc9Xs7YdxH1I5fF4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUm0hRubHy/efP5TdcsjmibDzbwMB8GA1UdIwQY
MBaAFEZr+HYv5C8KE9p9IcqWxDAVAOvMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm12NGRpX2tMd29UMm4waHlwYkVNQlVBNjh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny83MTc3OWItNTgzMC00Yzg3LTllNzkt
ZTVjNDU5YzkxYTQ4LzEvZFNiU0ZHNXNmTDk1OF9sTjF5eU9hSnNQTnZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny83MTc3OWItNTgzMC00Yzg3LTllNzktZTVjNDU5YzkxYTQ4
LzEvUm12NGRpX2tMd29UMm4waHlwYkVNQlVBNjh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXKDMA0G
CSqGSIb3DQEBCwUAA4IBAQCWIGiAN82Ihp9XwKBQnLT+OqJ3U4IVRf8X76x1GyQd
jzJfUUzmvsSP5gkJ9EpgpMY33DauNmp/D1RiasttUv98VCRLBs0ECHOULkJsPvT2
2eHNRXX6c2fMYbY6NLy/l391y9Aseune+6s9Py19PUC13lgrn+6A4Fx0WMGx3puY
CGglOy0oxTDxjvTB7qw1pxuawRWkX16S7URDiCMGkbWZfQpSN8rRrIA7acfAi9nv
b3kFnFSVsegCYzR2BQ3maXKzgoaok6hb6TcRpaaQew1dPN+Drv3omdgew4tdqHPJ
cbMFbGHLTkRDugTTZ+O/S9WVguPZ+R8abSUo2rlLRG6o
-----END CERTIFICATE-----