Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/a48388-2ed7-44cf-9557-f38b289ff969/1/9MSM8TV9OSqoCc9AbRZb6Uo3VCs.roa
File:                     9MSM8TV9OSqoCc9AbRZb6Uo3VCs.roa (raw, json)
Hash identifier:          HtGJ/FSzoR3XEVnpfndi1P4aGvyqbqVBOfuDzLqUbV4=
Subject key identifier:   F4:C4:8C:F1:35:7D:39:2A:A8:09:CF:40:6D:16:5B:E9:4A:37:54:2B
Certificate issuer:       /CN=256452a3420f4f18dfa3a14d26b3348fdfcf3d3b
Certificate serial:       018CC3492A894E27B851864D95FCA4302306
Authority key identifier: 25:64:52:A3:42:0F:4F:18:DF:A3:A1:4D:26:B3:34:8F:DF:CF:3D:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JWRSo0IPTxjfo6FNJrM0j9_PPTs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/a48388-2ed7-44cf-9557-f38b289ff969/1/9MSM8TV9OSqoCc9AbRZb6Uo3VCs.roa
Signing time:             Mon 01 Jan 2024 04:30:01 +0000
ROA not before:           Mon 01 Jan 2024 04:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206894
IP address blocks:        193.24.38.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/a48388-2ed7-44cf-9557-f38b289ff969/1/JWRSo0IPTxjfo6FNJrM0j9_PPTs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/a48388-2ed7-44cf-9557-f38b289ff969/1/JWRSo0IPTxjfo6FNJrM0j9_PPTs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JWRSo0IPTxjfo6FNJrM0j9_PPTs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:2a:89:4e:27:b8:51:86:4d:95:fc:a4:30:23:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=256452a3420f4f18dfa3a14d26b3348fdfcf3d3b
        Validity
            Not Before: Jan  1 04:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4c48cf1357d392aa809cf406d165be94a37542b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:bf:fd:99:df:b0:df:ad:95:72:bc:88:13:b0:
                    18:c0:62:b0:50:b6:a6:30:ed:3a:96:1d:2f:72:5b:
                    a6:70:29:98:32:33:b6:f2:a3:f1:87:af:ae:6d:9b:
                    f7:61:c8:aa:ea:08:23:32:c6:5a:9b:f9:83:94:e8:
                    8d:f0:ec:c3:3c:89:70:fd:86:c9:0b:73:77:e1:f1:
                    41:1a:f9:da:da:16:f4:8d:d7:16:3c:b3:05:68:c0:
                    ab:2d:0d:0f:65:4b:ca:82:88:aa:8c:93:57:55:41:
                    9f:17:96:fc:23:f0:ba:28:5e:dc:72:bb:34:01:ff:
                    0f:2d:14:10:4b:71:17:6e:8a:1e:0a:70:65:74:7d:
                    9d:c3:fb:51:4a:36:f7:c8:a7:59:81:a0:61:81:d6:
                    51:eb:fc:63:56:dc:25:78:c4:df:6f:1d:5e:3d:98:
                    26:7b:ad:6f:56:7d:08:76:7b:fd:d0:79:41:ac:d5:
                    24:24:8c:08:6e:5a:3f:64:20:2f:e4:80:13:12:3a:
                    3b:fe:16:63:95:9a:7e:80:97:f7:a6:f9:33:4f:ae:
                    3a:f9:02:a2:d1:e8:69:c1:d5:22:68:a0:15:83:b6:
                    40:d3:71:02:b7:4e:9e:f8:8d:8d:43:cb:ab:ff:99:
                    3f:ef:af:0b:88:56:ba:9f:46:a0:ff:fe:c4:52:1f:
                    de:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:C4:8C:F1:35:7D:39:2A:A8:09:CF:40:6D:16:5B:E9:4A:37:54:2B
            X509v3 Authority Key Identifier:
                keyid:25:64:52:A3:42:0F:4F:18:DF:A3:A1:4D:26:B3:34:8F:DF:CF:3D:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JWRSo0IPTxjfo6FNJrM0j9_PPTs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/a48388-2ed7-44cf-9557-f38b289ff969/1/9MSM8TV9OSqoCc9AbRZb6Uo3VCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/a48388-2ed7-44cf-9557-f38b289ff969/1/JWRSo0IPTxjfo6FNJrM0j9_PPTs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:fd:f1:62:83:2d:d5:71:dd:95:69:fb:19:dc:4b:64:aa:66:
         71:22:62:57:0f:66:64:94:e8:ee:a8:d3:18:aa:b2:1b:ab:18:
         f2:45:f4:e9:9c:37:a6:1e:1a:76:85:cb:f7:f5:5e:65:26:5d:
         8c:35:70:70:02:e5:1f:58:a0:c2:1c:ec:de:dc:5a:8b:a3:5f:
         6d:ba:54:48:06:65:fc:22:83:87:b9:1b:64:b7:54:c0:27:82:
         e4:95:02:b9:54:aa:9f:c4:a9:2f:f7:e5:23:18:b1:d0:4d:90:
         e7:da:9e:e7:f8:32:e4:1a:46:57:8c:8b:01:86:9e:e7:09:5b:
         9e:1d:14:9a:cd:8d:95:40:af:b9:03:f3:fb:05:4e:0f:82:5b:
         1d:a8:7f:92:f4:68:89:b6:92:02:ac:db:c5:0b:04:1a:80:ac:
         85:df:cc:24:89:d3:f0:0d:28:f5:b9:8a:ec:e9:8f:f0:1c:49:
         9d:f9:44:b1:ca:08:01:7a:7a:4b:51:6a:5f:7c:24:e4:88:48:
         3f:5f:5a:b4:41:3a:c8:27:3b:a0:8b:39:46:cd:1e:5b:c3:a0:
         7b:54:cd:b7:67:3b:3c:95:c2:f3:5b:63:81:23:d9:6f:78:bf:
         eb:49:d9:4f:19:47:00:2f:8d:92:8a:7d:0b:35:ca:d4:b0:48:
         67:0f:10:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSSqJTie4UYZNlfykMCMGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NjQ1MmEzNDIwZjRmMThkZmEzYTE0ZDI2YjMzNDhmZGZj
ZjNkM2IwHhcNMjQwMTAxMDQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGM0OGNmMTM1N2QzOTJhYTgwOWNmNDA2ZDE2NWJlOTRhMzc1NDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApb/9md+w362VcryIE7AYwGKwULam
MO06lh0vclumcCmYMjO28qPxh6+ubZv3Yciq6ggjMsZam/mDlOiN8OzDPIlw/YbJ
C3N34fFBGvna2hb0jdcWPLMFaMCrLQ0PZUvKgoiqjJNXVUGfF5b8I/C6KF7ccrs0
Af8PLRQQS3EXbooeCnBldH2dw/tRSjb3yKdZgaBhgdZR6/xjVtwleMTfbx1ePZgm
e61vVn0Idnv90HlBrNUkJIwIblo/ZCAv5IATEjo7/hZjlZp+gJf3pvkzT646+QKi
0ehpwdUiaKAVg7ZA03ECt06e+I2NQ8ur/5k/768LiFa6n0ag//7EUh/eMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPTEjPE1fTkqqAnPQG0WW+lKN1QrMB8GA1UdIwQY
MBaAFCVkUqNCD08Y36OhTSazNI/fzz07MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSldSU28wSVBUeGpmbzZGTkpyTTBqOV9QUFRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9hNDgzODgtMmVkNy00NGNmLTk1NTct
ZjM4YjI4OWZmOTY5LzEvOU1TTThUVjlPU3FvQ2M5QWJSWmI2VW8zVkNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9hNDgzODgtMmVkNy00NGNmLTk1NTctZjM4YjI4OWZmOTY5
LzEvSldSU28wSVBUeGpmbzZGTkpyTTBqOV9QUFRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwRgmMA0G
CSqGSIb3DQEBCwUAA4IBAQBl/fFigy3Vcd2VafsZ3EtkqmZxImJXD2ZklOjuqNMY
qrIbqxjyRfTpnDemHhp2hcv39V5lJl2MNXBwAuUfWKDCHOze3FqLo19tulRIBmX8
IoOHuRtkt1TAJ4LklQK5VKqfxKkv9+UjGLHQTZDn2p7n+DLkGkZXjIsBhp7nCVue
HRSazY2VQK+5A/P7BU4PglsdqH+S9GiJtpICrNvFCwQagKyF38wkidPwDSj1uYrs
6Y/wHEmd+USxyggBenpLUWpffCTkiEg/X1q0QTrIJzugizlGzR5bw6B7VM23Zzs8
lcLzW2OBI9lveL/rSdlPGUcAL42Sin0LNcrUsEhnDxDj
-----END CERTIFICATE-----