Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f11dea-305e-4898-9192-365347f416c0/1/tkJ_2f_hABtl4J1gZ1sIGKxTT1U.roa
File:                     tkJ_2f_hABtl4J1gZ1sIGKxTT1U.roa (raw, json)
Hash identifier:          HD+U1g+2X+ezM5poOzJnUiBVR9GfUM+SSQ92w1cjWOE=
Subject key identifier:   B6:42:7F:D9:FF:E1:00:1B:65:E0:9D:60:67:5B:08:18:AC:53:4F:55
Certificate issuer:       /CN=927b1e56ac7d07802c4567c4679435159b422096
Certificate serial:       018CC3B702BF955D50D41B9C29F7D42FF0DA
Authority key identifier: 92:7B:1E:56:AC:7D:07:80:2C:45:67:C4:67:94:35:15:9B:42:20:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/knseVqx9B4AsRWfEZ5Q1FZtCIJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f11dea-305e-4898-9192-365347f416c0/1/tkJ_2f_hABtl4J1gZ1sIGKxTT1U.roa
Signing time:             Mon 01 Jan 2024 06:30:00 +0000
ROA not before:           Mon 01 Jan 2024 06:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197688
IP address blocks:        193.142.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f11dea-305e-4898-9192-365347f416c0/1/knseVqx9B4AsRWfEZ5Q1FZtCIJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f11dea-305e-4898-9192-365347f416c0/1/knseVqx9B4AsRWfEZ5Q1FZtCIJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/knseVqx9B4AsRWfEZ5Q1FZtCIJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:02:bf:95:5d:50:d4:1b:9c:29:f7:d4:2f:f0:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=927b1e56ac7d07802c4567c4679435159b422096
        Validity
            Not Before: Jan  1 06:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6427fd9ffe1001b65e09d60675b0818ac534f55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ce:dd:e2:e3:a7:2e:e9:c3:ab:1e:b6:c1:f0:
                    bc:a6:c2:23:62:68:e8:74:f0:0d:02:d8:56:5a:ea:
                    a7:42:ed:e3:ae:d1:bf:f8:42:b5:eb:94:ce:73:bb:
                    12:19:8b:98:a2:0b:5d:de:c2:21:26:26:6b:ee:a1:
                    3d:29:64:4a:12:26:3a:ac:31:30:6a:6b:87:71:74:
                    95:b4:6d:d7:d8:46:41:e6:93:c9:b2:4e:ec:fa:c2:
                    2a:aa:4c:b6:77:7b:2b:aa:a5:fe:85:c5:3f:35:ae:
                    12:c6:24:d9:b4:96:42:a7:c9:a6:c3:4f:75:31:23:
                    33:b8:64:f2:38:39:43:ac:ed:fa:be:ed:3d:8f:2f:
                    d3:8e:ee:92:80:ef:95:84:64:4e:ff:0d:c4:93:54:
                    11:ca:ee:e1:0b:01:d3:18:83:3f:1a:46:80:f1:45:
                    fb:96:5d:01:bd:40:ca:ff:0c:14:1e:a2:86:c9:46:
                    b0:04:e8:b3:d0:bd:fb:8d:93:e3:77:61:4e:66:58:
                    56:a2:36:c6:40:d2:37:f9:0f:0f:b6:e0:a5:6d:c0:
                    43:ba:a0:b6:8d:35:df:59:e7:29:00:35:37:44:df:
                    9c:6e:85:d0:8b:9a:d6:ab:ce:24:eb:1e:5f:f8:37:
                    8a:2b:d6:69:3f:dd:fc:4b:e9:00:6c:e0:56:53:25:
                    92:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:42:7F:D9:FF:E1:00:1B:65:E0:9D:60:67:5B:08:18:AC:53:4F:55
            X509v3 Authority Key Identifier:
                keyid:92:7B:1E:56:AC:7D:07:80:2C:45:67:C4:67:94:35:15:9B:42:20:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/knseVqx9B4AsRWfEZ5Q1FZtCIJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f11dea-305e-4898-9192-365347f416c0/1/tkJ_2f_hABtl4J1gZ1sIGKxTT1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f11dea-305e-4898-9192-365347f416c0/1/knseVqx9B4AsRWfEZ5Q1FZtCIJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:ff:54:4f:f1:da:6c:fa:70:3b:8a:5b:b8:6e:68:4c:19:53:
         3b:5f:d2:13:3a:ca:fd:6d:aa:a2:6f:92:68:f3:64:bf:00:60:
         48:b1:2c:a9:52:b0:de:f4:3e:f2:f5:ed:29:b9:1d:25:b7:44:
         3a:bc:c7:d4:fa:46:df:8f:c0:ca:ad:f7:f1:0b:5c:ea:86:28:
         e3:c6:69:80:26:dd:82:5d:d9:38:f9:ad:4f:d8:a8:fd:11:2a:
         f8:db:48:9a:7a:01:fd:83:1f:99:68:17:9f:62:e8:15:fc:59:
         13:65:79:58:30:08:21:9d:03:bb:f8:ff:7c:cf:50:da:4d:53:
         d9:7d:a3:7d:fa:47:a6:1c:09:e8:11:09:27:c4:e0:ac:bb:30:
         ae:ad:d3:c3:e3:90:80:d3:37:7e:df:34:cd:ce:7f:8b:4a:e1:
         c4:33:5a:82:cc:f8:da:3b:7a:2f:8c:45:91:b3:85:15:26:9d:
         1c:3f:00:b8:a4:e3:e4:e1:4b:33:0c:c4:e9:3d:42:e2:01:e7:
         46:5b:6f:5a:a2:58:27:71:cc:27:46:4e:f4:32:d8:1c:5c:18:
         c9:c9:21:05:d7:50:c9:78:65:56:5e:94:cc:8f:d9:c1:58:c7:
         4a:1a:65:48:2f:7d:11:7a:dc:6e:b6:71:2c:16:51:17:51:c5:
         3d:cd:3d:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtwK/lV1Q1BucKffUL/DaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyN2IxZTU2YWM3ZDA3ODAyYzQ1NjdjNDY3OTQzNTE1OWI0
MjIwOTYwHhcNMjQwMTAxMDYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjQyN2ZkOWZmZTEwMDFiNjVlMDlkNjA2NzViMDgxOGFjNTM0ZjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnc7d4uOnLunDqx62wfC8psIjYmjo
dPANAthWWuqnQu3jrtG/+EK165TOc7sSGYuYogtd3sIhJiZr7qE9KWRKEiY6rDEw
amuHcXSVtG3X2EZB5pPJsk7s+sIqqky2d3srqqX+hcU/Na4SxiTZtJZCp8mmw091
MSMzuGTyODlDrO36vu09jy/Tju6SgO+VhGRO/w3Ek1QRyu7hCwHTGIM/GkaA8UX7
ll0BvUDK/wwUHqKGyUawBOiz0L37jZPjd2FOZlhWojbGQNI3+Q8PtuClbcBDuqC2
jTXfWecpADU3RN+cboXQi5rWq84k6x5f+DeKK9ZpP938S+kAbOBWUyWSswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLZCf9n/4QAbZeCdYGdbCBisU09VMB8GA1UdIwQY
MBaAFJJ7HlasfQeALEVnxGeUNRWbQiCWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva25zZVZxeDlCNEFzUldmRVo1UTFGWnRDSUpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMTFkZWEtMzA1ZS00ODk4LTkxOTIt
MzY1MzQ3ZjQxNmMwLzEvdGtKXzJmX2hBQnRsNEoxZ1oxc0lHS3hUVDFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMTFkZWEtMzA1ZS00ODk4LTkxOTItMzY1MzQ3ZjQxNmMw
LzEva25zZVZxeDlCNEFzUldmRVo1UTFGWnRDSUpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwY6fMA0G
CSqGSIb3DQEBCwUAA4IBAQAD/1RP8dps+nA7ilu4bmhMGVM7X9ITOsr9baqib5Jo
82S/AGBIsSypUrDe9D7y9e0puR0lt0Q6vMfU+kbfj8DKrffxC1zqhijjxmmAJt2C
Xdk4+a1P2Kj9ESr420iaegH9gx+ZaBefYugV/FkTZXlYMAghnQO7+P98z1DaTVPZ
faN9+kemHAnoEQknxOCsuzCurdPD45CA0zd+3zTNzn+LSuHEM1qCzPjaO3ovjEWR
s4UVJp0cPwC4pOPk4UszDMTpPULiAedGW29aolgnccwnRk70MtgcXBjJySEF11DJ
eGVWXpTMj9nBWMdKGmVIL30RetxutnEsFlEXUcU9zT1O
-----END CERTIFICATE-----