Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/07bf93-6b71-4752-887e-71b5056d5b02/1/AC48e80nrR6iXJ_Y4pdvY2J95Zc.roa
File:                     AC48e80nrR6iXJ_Y4pdvY2J95Zc.roa (raw, json)
Hash identifier:          thWAPKzvM3KimOd2GmTVQHRQVu/w4dBHCI+hzvicfpA=
Subject key identifier:   00:2E:3C:7B:CD:27:AD:1E:A2:5C:9F:D8:E2:97:6F:63:62:7D:E5:97
Certificate issuer:       /CN=be8baeae76001a87daeeb0bc2a8dd10ce65f865d
Certificate serial:       018CC726BDA11481CF76E435A9E1D15D1279
Authority key identifier: BE:8B:AE:AE:76:00:1A:87:DA:EE:B0:BC:2A:8D:D1:0C:E6:5F:86:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vouurnYAGofa7rC8Ko3RDOZfhl0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/07bf93-6b71-4752-887e-71b5056d5b02/1/AC48e80nrR6iXJ_Y4pdvY2J95Zc.roa
Signing time:             Mon 01 Jan 2024 22:30:53 +0000
ROA not before:           Mon 01 Jan 2024 22:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207674
IP address blocks:        193.26.146.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/07bf93-6b71-4752-887e-71b5056d5b02/1/vouurnYAGofa7rC8Ko3RDOZfhl0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/07bf93-6b71-4752-887e-71b5056d5b02/1/vouurnYAGofa7rC8Ko3RDOZfhl0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vouurnYAGofa7rC8Ko3RDOZfhl0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:bd:a1:14:81:cf:76:e4:35:a9:e1:d1:5d:12:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be8baeae76001a87daeeb0bc2a8dd10ce65f865d
        Validity
            Not Before: Jan  1 22:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=002e3c7bcd27ad1ea25c9fd8e2976f63627de597
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b2:4f:4c:3c:dd:d1:9b:3f:45:13:7f:05:24:
                    76:70:da:bb:2e:7d:4b:5f:98:9c:0e:f8:ff:72:48:
                    e4:28:05:f9:71:7d:ca:9b:bb:a1:76:96:8b:6d:09:
                    4b:87:19:10:d1:e2:35:79:0b:30:f7:53:e7:c6:27:
                    cf:1c:f6:64:6f:8a:68:77:e1:fa:26:67:45:e0:05:
                    42:fd:29:a9:27:94:ee:81:2e:10:7a:5d:d5:1d:68:
                    79:31:e6:7c:00:d0:a1:26:c7:e3:ad:b7:95:07:90:
                    2b:18:b6:38:d9:1b:16:be:ee:58:c7:01:25:78:fe:
                    d6:c2:92:22:29:7c:1b:8a:c5:33:76:ed:cc:ef:5b:
                    4c:42:45:a1:72:7a:00:40:8e:d5:b0:a5:03:24:b6:
                    a4:e2:4d:ae:c8:b4:6e:60:b5:ff:2e:4e:f1:cd:b2:
                    72:ee:5d:c6:4e:a7:17:24:3d:32:30:8f:5c:a6:4d:
                    75:97:24:ab:88:34:a0:5c:4f:a0:08:14:2b:c0:64:
                    77:87:d8:37:0b:0f:7a:76:8e:56:13:93:9a:48:a4:
                    52:b3:2f:36:d6:91:f4:8c:9c:75:cf:1e:b4:77:37:
                    4c:07:4e:d8:7b:a4:55:a5:08:e9:3e:0a:3e:aa:1d:
                    68:2c:55:d5:dc:bb:32:2d:2a:b3:f1:a7:2d:42:3e:
                    d7:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:2E:3C:7B:CD:27:AD:1E:A2:5C:9F:D8:E2:97:6F:63:62:7D:E5:97
            X509v3 Authority Key Identifier:
                keyid:BE:8B:AE:AE:76:00:1A:87:DA:EE:B0:BC:2A:8D:D1:0C:E6:5F:86:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vouurnYAGofa7rC8Ko3RDOZfhl0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/07bf93-6b71-4752-887e-71b5056d5b02/1/AC48e80nrR6iXJ_Y4pdvY2J95Zc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/07bf93-6b71-4752-887e-71b5056d5b02/1/vouurnYAGofa7rC8Ko3RDOZfhl0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a0:a3:07:08:76:2e:98:17:4e:c2:de:4f:d3:a8:6f:b4:eb:48:
         aa:d2:ea:66:0c:f1:21:12:86:40:32:29:23:64:59:f6:22:b1:
         bf:73:ef:d4:49:01:04:d8:9a:8e:77:ff:c7:7f:05:ff:8e:0f:
         fd:3e:b8:0a:68:e3:58:59:e5:fb:4e:8b:fa:e7:9e:a8:de:22:
         6c:e1:e3:06:e4:66:61:08:6e:7d:fd:ff:df:57:c6:8c:92:ec:
         8b:d9:38:8c:08:01:e1:c7:55:07:fe:67:fe:1b:36:83:7e:1a:
         07:f2:1e:47:86:95:72:61:eb:a0:0f:a3:80:8a:76:0c:a6:b3:
         02:61:14:b6:6f:1d:91:81:cd:42:9a:62:ec:85:a9:71:f5:ba:
         0c:59:4d:f0:d1:79:87:27:ab:d2:e2:d0:20:7b:2a:2f:8d:f2:
         ad:7c:4b:ff:eb:0e:56:b0:ce:a4:79:ca:dc:e2:d2:f5:b9:8f:
         d0:38:26:38:0c:a7:da:17:46:30:68:e9:7b:9f:ae:8f:66:8f:
         72:80:dc:d5:aa:c0:fc:9f:20:fa:49:67:b2:81:54:62:44:50:
         f5:8f:e5:81:5c:12:fb:83:bd:f4:9c:4e:e3:1b:fe:43:cc:2c:
         40:71:77:3f:76:e8:53:9f:11:6a:fe:10:f2:48:60:4e:15:6e:
         b6:cb:7c:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJr2hFIHPduQ1qeHRXRJ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlOGJhZWFlNzYwMDFhODdkYWVlYjBiYzJhOGRkMTBjZTY1
Zjg2NWQwHhcNMjQwMTAxMjIzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDJlM2M3YmNkMjdhZDFlYTI1YzlmZDhlMjk3NmY2MzYyN2RlNTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrJPTDzd0Zs/RRN/BSR2cNq7Ln1L
X5icDvj/ckjkKAX5cX3Km7uhdpaLbQlLhxkQ0eI1eQsw91PnxifPHPZkb4pod+H6
JmdF4AVC/SmpJ5TugS4Qel3VHWh5MeZ8ANChJsfjrbeVB5ArGLY42RsWvu5YxwEl
eP7WwpIiKXwbisUzdu3M71tMQkWhcnoAQI7VsKUDJLak4k2uyLRuYLX/Lk7xzbJy
7l3GTqcXJD0yMI9cpk11lySriDSgXE+gCBQrwGR3h9g3Cw96do5WE5OaSKRSsy82
1pH0jJx1zx60dzdMB07Ye6RVpQjpPgo+qh1oLFXV3LsyLSqz8actQj7XHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAAuPHvNJ60eolyf2OKXb2NifeWXMB8GA1UdIwQY
MBaAFL6Lrq52ABqH2u6wvCqN0QzmX4ZdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdm91dXJuWUFHb2ZhN3JDOEtvM1JET1pmaGwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi8wN2JmOTMtNmI3MS00NzUyLTg4N2Ut
NzFiNTA1NmQ1YjAyLzEvQUM0OGU4MG5yUjZpWEpfWTRwZHZZMko5NVpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi8wN2JmOTMtNmI3MS00NzUyLTg4N2UtNzFiNTA1NmQ1YjAy
LzEvdm91dXJuWUFHb2ZhN3JDOEtvM1JET1pmaGwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwRqSMA0G
CSqGSIb3DQEBCwUAA4IBAQCgowcIdi6YF07C3k/TqG+060iq0upmDPEhEoZAMikj
ZFn2IrG/c+/USQEE2JqOd//HfwX/jg/9PrgKaONYWeX7Tov6556o3iJs4eMG5GZh
CG59/f/fV8aMkuyL2TiMCAHhx1UH/mf+GzaDfhoH8h5HhpVyYeugD6OAinYMprMC
YRS2bx2Rgc1CmmLshalx9boMWU3w0XmHJ6vS4tAgeyovjfKtfEv/6w5WsM6kecrc
4tL1uY/QOCY4DKfaF0YwaOl7n66PZo9ygNzVqsD8nyD6SWeygVRiRFD1j+WBXBL7
g730nE7jG/5DzCxAcXc/duhTnxFq/hDySGBOFW62y3zW
-----END CERTIFICATE-----