Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/dab867-a579-4a95-aef7-1617f38a6dfc/1/up9u_JDMOY7h2FfITFa2I0TLE38.roa
File:                     up9u_JDMOY7h2FfITFa2I0TLE38.roa (raw, json)
Hash identifier:          33jY+ac6huMzrTZ6WLaHXYIUZCxcYLdb1+U1tWN6Ah0=
Subject key identifier:   BA:9F:6E:FC:90:CC:39:8E:E1:D8:57:C8:4C:56:B6:23:44:CB:13:7F
Certificate issuer:       /CN=a9cc44d7f1d0dc0a5abf2776495b61de4819925f
Certificate serial:       0193453B3CAAAC48042323AA4102558B84C3
Authority key identifier: A9:CC:44:D7:F1:D0:DC:0A:5A:BF:27:76:49:5B:61:DE:48:19:92:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qcxE1_HQ3Apavyd2SVth3kgZkl8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/dab867-a579-4a95-aef7-1617f38a6dfc/1/up9u_JDMOY7h2FfITFa2I0TLE38.roa
Signing time:             Tue 19 Nov 2024 16:22:10 +0000
ROA not before:           Tue 19 Nov 2024 16:22:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        93.115.102.0/24 maxlen: 24
                          2a14:7ac0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/dab867-a579-4a95-aef7-1617f38a6dfc/1/qcxE1_HQ3Apavyd2SVth3kgZkl8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/dab867-a579-4a95-aef7-1617f38a6dfc/1/qcxE1_HQ3Apavyd2SVth3kgZkl8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qcxE1_HQ3Apavyd2SVth3kgZkl8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:45:3b:3c:aa:ac:48:04:23:23:aa:41:02:55:8b:84:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9cc44d7f1d0dc0a5abf2776495b61de4819925f
        Validity
            Not Before: Nov 19 16:22:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba9f6efc90cc398ee1d857c84c56b62344cb137f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:5a:c8:69:f3:87:e3:76:b1:15:02:ed:ed:56:
                    09:0e:60:fd:6d:d7:c1:0e:7d:05:c3:11:52:bd:07:
                    e6:ad:55:86:41:5a:8f:53:3b:94:e7:1d:96:14:28:
                    f6:6d:5d:4d:2f:27:c5:3c:7b:9c:c9:6e:67:01:9f:
                    9c:f9:1f:65:83:bf:23:5a:0c:cc:d9:db:24:3e:12:
                    be:18:c0:e0:14:6d:99:22:b1:35:95:bf:69:68:18:
                    e6:24:eb:fd:88:06:9e:cb:56:01:8e:a8:ce:ae:87:
                    91:f9:63:56:c0:92:ed:1c:59:10:01:04:1d:69:88:
                    a2:86:78:2e:d1:f4:75:db:6a:a5:68:1d:0c:9a:48:
                    e6:9a:78:68:4a:73:9f:e0:df:95:32:c4:ea:c4:93:
                    86:58:6f:73:b4:f2:7a:22:6e:ad:77:fd:bd:f8:fd:
                    af:bc:b2:b4:0e:16:7a:4b:8b:1c:8f:df:28:cc:c6:
                    e5:92:d7:89:59:2c:9e:d5:20:e3:bb:9d:c1:16:a0:
                    c0:7a:5c:fb:66:b5:9c:d0:06:70:46:99:2f:63:e2:
                    36:02:7f:2c:5c:45:2a:3d:18:16:fc:12:60:af:a7:
                    3f:00:9f:8c:86:03:28:c9:e5:fa:28:41:a3:65:9d:
                    66:2e:7d:10:4f:03:31:96:91:94:aa:5e:f1:24:27:
                    8f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:9F:6E:FC:90:CC:39:8E:E1:D8:57:C8:4C:56:B6:23:44:CB:13:7F
            X509v3 Authority Key Identifier:
                keyid:A9:CC:44:D7:F1:D0:DC:0A:5A:BF:27:76:49:5B:61:DE:48:19:92:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qcxE1_HQ3Apavyd2SVth3kgZkl8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/dab867-a579-4a95-aef7-1617f38a6dfc/1/up9u_JDMOY7h2FfITFa2I0TLE38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/dab867-a579-4a95-aef7-1617f38a6dfc/1/qcxE1_HQ3Apavyd2SVth3kgZkl8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.115.102.0/24
                IPv6:
                  2a14:7ac0::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:ff:45:3a:62:bb:40:9f:35:43:64:48:b5:e7:04:f9:42:5f:
         30:4f:7d:dc:29:a4:d1:44:d2:1c:d4:71:15:f4:f4:2e:76:34:
         28:09:d5:db:ba:99:09:37:f5:34:a9:b5:b8:5a:92:fe:77:b3:
         72:ff:62:9c:58:b1:eb:3b:67:a9:42:73:c9:60:1f:cc:54:40:
         7e:0a:3f:48:43:b6:86:86:d8:e2:f1:2e:d9:40:63:17:cf:bb:
         97:0c:7d:f3:a1:83:83:40:e2:16:86:24:94:d6:77:c5:72:98:
         83:8e:ff:98:da:d5:f9:30:5a:65:44:10:a5:30:e3:eb:35:5e:
         e6:50:5f:e2:49:68:a0:8f:51:9a:d1:8e:f0:0f:de:b8:51:cf:
         78:97:59:4c:29:4c:59:25:b4:c1:1f:de:f7:4e:37:b7:97:28:
         72:3b:ef:3e:01:44:c9:c4:e9:eb:55:c5:5c:96:b1:6d:47:42:
         d1:c7:db:2d:53:fe:70:57:02:ff:2a:a9:f9:2b:3b:69:43:6f:
         87:c2:92:b5:89:9a:6c:4f:62:db:bb:31:04:0c:bf:25:4b:2f:
         4a:67:95:7b:68:ad:a3:14:23:30:13:f4:5e:b9:aa:1c:b5:f4:
         ac:2c:2a:d2:fa:4c:5b:b5:a0:1b:17:73:2e:61:6f:18:ce:6d:
         25:a8:89:9c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZNFOzyqrEgEIyOqQQJVi4TDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5Y2M0NGQ3ZjFkMGRjMGE1YWJmMjc3NjQ5NWI2MWRlNDgx
OTkyNWYwHhcNMjQxMTE5MTYyMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTlmNmVmYzkwY2MzOThlZTFkODU3Yzg0YzU2YjYyMzQ0Y2IxMzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAllrIafOH43axFQLt7VYJDmD9bdfB
Dn0FwxFSvQfmrVWGQVqPUzuU5x2WFCj2bV1NLyfFPHucyW5nAZ+c+R9lg78jWgzM
2dskPhK+GMDgFG2ZIrE1lb9paBjmJOv9iAaey1YBjqjOroeR+WNWwJLtHFkQAQQd
aYiihngu0fR122qlaB0MmkjmmnhoSnOf4N+VMsTqxJOGWG9ztPJ6Im6td/29+P2v
vLK0DhZ6S4scj98ozMblkteJWSye1SDju53BFqDAelz7ZrWc0AZwRpkvY+I2An8s
XEUqPRgW/BJgr6c/AJ+MhgMoyeX6KEGjZZ1mLn0QTwMxlpGUql7xJCePxwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLqfbvyQzDmO4dhXyExWtiNEyxN/MB8GA1UdIwQY
MBaAFKnMRNfx0NwKWr8ndklbYd5IGZJfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWN4RTFfSFEzQXBhdnlkMlNWdGgza2daa2w4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9kYWI4NjctYTU3OS00YTk1LWFlZjct
MTYxN2YzOGE2ZGZjLzEvdXA5dV9KRE1PWTdoMkZmSVRGYTJJMFRMRTM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9kYWI4NjctYTU3OS00YTk1LWFlZjctMTYxN2YzOGE2ZGZj
LzEvcWN4RTFfSFEzQXBhdnlkMlNWdGgza2daa2w4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAXXNmMA8E
AgACMAkDBwAqFHrAAAAwDQYJKoZIhvcNAQELBQADggEBABL/RTpiu0CfNUNkSLXn
BPlCXzBPfdwppNFE0hzUcRX09C52NCgJ1du6mQk39TSptbhakv53s3L/YpxYses7
Z6lCc8lgH8xUQH4KP0hDtoaG2OLxLtlAYxfPu5cMffOhg4NA4haGJJTWd8VymIOO
/5ja1fkwWmVEEKUw4+s1XuZQX+JJaKCPUZrRjvAP3rhRz3iXWUwpTFkltMEf3vdO
N7eXKHI77z4BRMnE6etVxVyWsW1HQtHH2y1T/nBXAv8qqfkrO2lDb4fCkrWJmmxP
Ytu7MQQMvyVLL0pnlXtoraMUIzAT9F65qhy19KwsKtL6TFu1oBsXcy5hbxjObSWo
iZw=
-----END CERTIFICATE-----