Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/4BwCUuKMNHA8_c11opY1y5DHRms.roa
File:                     4BwCUuKMNHA8_c11opY1y5DHRms.roa (raw, json)
Hash identifier:          ORxZ2V8wJnqnpNLrKaXtL4EZ44tJFOaDGenY+FNx7SA=
Subject key identifier:   E0:1C:02:52:E2:8C:34:70:3C:FD:CD:75:A2:96:35:CB:90:C7:46:6B
Certificate issuer:       /CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Certificate serial:       018CC8DECAD40C78BDD6671EB429AC1C11BF
Authority key identifier: 9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/4BwCUuKMNHA8_c11opY1y5DHRms.roa
Signing time:             Tue 02 Jan 2024 06:31:33 +0000
ROA not before:           Tue 02 Jan 2024 06:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12310
IP address blocks:        93.113.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ca:d4:0c:78:bd:d6:67:1e:b4:29:ac:1c:11:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
        Validity
            Not Before: Jan  2 06:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e01c0252e28c34703cfdcd75a29635cb90c7466b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:12:0f:a0:9b:1a:16:6d:ce:71:1c:1b:4d:95:
                    2e:d0:55:72:9b:57:10:42:86:d5:d0:80:95:2e:36:
                    41:52:a2:d2:47:23:34:fb:6b:de:ce:11:7c:21:1b:
                    c4:d0:99:db:63:a8:fd:ea:ff:f8:f5:8e:f1:39:6a:
                    28:fb:b4:0d:0c:91:e7:db:0e:0b:30:f3:39:cf:00:
                    89:43:6f:e7:85:b9:00:69:da:22:3e:d0:8d:1b:55:
                    78:05:14:6a:c9:9f:63:f4:9d:3d:dc:95:33:d0:ba:
                    94:93:b2:2c:00:8c:dc:e3:b9:3a:7f:1c:3b:aa:44:
                    2f:da:81:29:0e:c2:d7:30:8f:c0:cd:4a:08:b9:31:
                    df:bc:8c:60:38:15:22:6f:47:03:d6:b0:41:bc:a5:
                    6f:64:85:9a:0b:2c:0d:59:cd:63:71:ea:09:ed:21:
                    6b:5a:23:eb:9f:82:8b:d5:44:e7:88:ed:7c:94:0b:
                    e1:30:7d:fc:59:a3:1b:82:39:72:4e:fe:1a:4a:9f:
                    28:a2:ea:2d:41:00:95:a5:84:21:00:aa:29:6f:23:
                    b4:8b:d5:06:c8:80:e4:00:09:86:57:f2:15:81:66:
                    5d:83:54:c9:d9:ad:95:7b:9c:a6:e5:5b:97:44:b0:
                    9c:ff:b9:ef:06:63:b7:03:0d:38:b1:6b:a5:52:bc:
                    16:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:1C:02:52:E2:8C:34:70:3C:FD:CD:75:A2:96:35:CB:90:C7:46:6B
            X509v3 Authority Key Identifier:
                keyid:9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/4BwCUuKMNHA8_c11opY1y5DHRms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.113.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:2b:af:8c:75:7c:97:37:bd:d4:e0:a3:b5:bc:d0:54:9b:1c:
         76:50:e4:08:e7:b9:2e:27:ec:d7:c1:b9:68:97:4c:5b:d4:56:
         e6:72:08:d0:39:76:74:38:4d:f5:85:dc:87:8d:27:fa:e8:8c:
         eb:70:c8:7b:04:20:34:57:6a:c8:1e:a3:f0:09:20:13:56:d4:
         82:f7:8b:26:da:f1:4c:73:2f:d6:2a:35:77:4e:6c:79:8f:ec:
         1d:6d:ba:2c:34:72:dd:4d:63:9e:ac:bd:ae:2a:65:73:2b:b0:
         6b:60:a1:55:21:96:71:2a:0e:60:88:84:5a:6a:04:3c:f9:2d:
         4e:90:67:4a:ba:b2:02:01:07:41:32:db:2d:df:f1:e3:67:67:
         a9:3b:19:45:a0:8d:01:5d:9b:62:64:d4:a2:b4:dc:9b:81:c0:
         04:bf:86:57:0a:32:e5:e7:2c:fd:b0:25:73:20:f4:a7:28:70:
         41:05:2d:93:5a:11:3a:28:f2:61:17:11:4b:c1:71:5a:7d:24:
         9b:e4:c5:88:d7:d0:ab:98:27:0a:04:d2:f0:fd:47:57:0c:05:
         c8:43:3f:a2:84:e8:9d:fa:b4:60:47:2a:30:d0:07:ee:c8:03:
         70:8a:f9:5c:8d:ab:44:37:c8:ac:8d:f4:ab:97:44:ec:d6:82:
         8e:86:c3:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3srUDHi91mcetCmsHBG/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTQyZjVkZjNjMWFjYjg1N2ZkNTBlZWIwMTZlZWQwNzM4
NWZmOGMwHhcNMjQwMTAyMDYzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDFjMDI1MmUyOGMzNDcwM2NmZGNkNzVhMjk2MzVjYjkwYzc0NjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5xIPoJsaFm3OcRwbTZUu0FVym1cQ
QobV0ICVLjZBUqLSRyM0+2vezhF8IRvE0JnbY6j96v/49Y7xOWoo+7QNDJHn2w4L
MPM5zwCJQ2/nhbkAadoiPtCNG1V4BRRqyZ9j9J093JUz0LqUk7IsAIzc47k6fxw7
qkQv2oEpDsLXMI/AzUoIuTHfvIxgOBUib0cD1rBBvKVvZIWaCywNWc1jceoJ7SFr
WiPrn4KL1UTniO18lAvhMH38WaMbgjlyTv4aSp8oouotQQCVpYQhAKopbyO0i9UG
yIDkAAmGV/IVgWZdg1TJ2a2Ve5ym5VuXRLCc/7nvBmO3Aw04sWulUrwW1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOAcAlLijDRwPP3NdaKWNcuQx0ZrMB8GA1UdIwQY
MBaAFJxUL13zway4V/1Q7rAW7tBzhf+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUt
MjVkYmY0MzgwNGM1LzEvNEJ3Q1V1S01OSEE4X2MxMW9wWTF5NURIUm1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUtMjVkYmY0MzgwNGM1
LzEvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXGbMA0G
CSqGSIb3DQEBCwUAA4IBAQCVK6+MdXyXN73U4KO1vNBUmxx2UOQI57kuJ+zXwblo
l0xb1FbmcgjQOXZ0OE31hdyHjSf66IzrcMh7BCA0V2rIHqPwCSATVtSC94sm2vFM
cy/WKjV3Tmx5j+wdbbosNHLdTWOerL2uKmVzK7BrYKFVIZZxKg5giIRaagQ8+S1O
kGdKurICAQdBMtst3/HjZ2epOxlFoI0BXZtiZNSitNybgcAEv4ZXCjLl5yz9sCVz
IPSnKHBBBS2TWhE6KPJhFxFLwXFafSSb5MWI19CrmCcKBNLw/UdXDAXIQz+ihOid
+rRgRyow0AfuyANwivlcjatEN8isjfSrl0Ts1oKOhsN0
-----END CERTIFICATE-----