Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f7ca4a-ca73-47f8-9fd7-9b2f51b80a98/1/rYQeDNPUyS7IAtAax7wezTUU3Vc.roa
File:                     rYQeDNPUyS7IAtAax7wezTUU3Vc.roa (raw, json)
Hash identifier:          lK8n4j7MRMriTEMHGIXAVzL9ZrSf5WJmgfd/NKlweKk=
Subject key identifier:   AD:84:1E:0C:D3:D4:C9:2E:C8:02:D0:1A:C7:BC:1E:CD:35:14:DD:57
Certificate issuer:       /CN=30d5e2022ea82ec77f92dddb776618cd6c057575
Certificate serial:       01933E42DED4E8198046034722AD6D47E95B
Authority key identifier: 30:D5:E2:02:2E:A8:2E:C7:7F:92:DD:DB:77:66:18:CD:6C:05:75:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MNXiAi6oLsd_kt3bd2YYzWwFdXU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f7ca4a-ca73-47f8-9fd7-9b2f51b80a98/1/rYQeDNPUyS7IAtAax7wezTUU3Vc.roa
Signing time:             Mon 18 Nov 2024 07:53:09 +0000
ROA not before:           Mon 18 Nov 2024 07:53:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39647
IP address blocks:        193.84.247.0/24 maxlen: 24
                          193.84.253.0/24 maxlen: 24
                          193.84.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f7ca4a-ca73-47f8-9fd7-9b2f51b80a98/1/MNXiAi6oLsd_kt3bd2YYzWwFdXU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f7ca4a-ca73-47f8-9fd7-9b2f51b80a98/1/MNXiAi6oLsd_kt3bd2YYzWwFdXU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MNXiAi6oLsd_kt3bd2YYzWwFdXU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:3e:42:de:d4:e8:19:80:46:03:47:22:ad:6d:47:e9:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30d5e2022ea82ec77f92dddb776618cd6c057575
        Validity
            Not Before: Nov 18 07:53:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad841e0cd3d4c92ec802d01ac7bc1ecd3514dd57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f4:dd:68:5e:15:46:54:83:6c:83:a1:84:1b:
                    dc:e2:11:3f:6d:db:ee:af:3b:3f:a3:f6:e9:58:33:
                    26:c7:40:c8:d0:43:23:d5:bb:e0:be:52:e1:af:f2:
                    fa:25:f2:4c:cb:60:db:52:9f:da:53:b7:53:9c:64:
                    80:80:57:f3:81:f6:5a:ff:d3:ad:6f:a7:b1:88:54:
                    b5:10:30:15:f1:13:73:6c:d4:73:41:0c:a9:97:9a:
                    00:92:5a:2e:ba:9a:e6:8c:f0:c1:87:df:14:3a:68:
                    8e:ac:39:9e:bb:bf:c6:91:2c:2d:70:3b:10:94:c5:
                    23:37:93:41:8d:e2:b8:f2:c6:e3:34:2b:16:e3:e4:
                    d7:d9:4d:a8:ef:1b:63:b6:64:dd:fb:c4:a8:16:b8:
                    bd:f5:4a:ad:52:16:9f:65:78:38:55:67:73:ac:3c:
                    9b:75:7c:ce:d0:18:1c:e5:4a:85:5d:68:be:cb:b7:
                    cd:3d:41:17:c2:d1:48:86:a1:56:98:a7:7a:e7:f7:
                    b5:2f:32:97:c8:29:e1:34:66:64:db:94:d9:2c:07:
                    f8:b1:75:ee:06:83:c5:5d:14:ca:d5:10:4d:92:10:
                    ad:ed:fe:42:04:f9:ae:7e:f1:98:4d:2f:e4:38:f2:
                    c1:25:35:fc:40:8b:3e:75:b7:27:0c:44:61:87:db:
                    5b:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:84:1E:0C:D3:D4:C9:2E:C8:02:D0:1A:C7:BC:1E:CD:35:14:DD:57
            X509v3 Authority Key Identifier:
                keyid:30:D5:E2:02:2E:A8:2E:C7:7F:92:DD:DB:77:66:18:CD:6C:05:75:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MNXiAi6oLsd_kt3bd2YYzWwFdXU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f7ca4a-ca73-47f8-9fd7-9b2f51b80a98/1/rYQeDNPUyS7IAtAax7wezTUU3Vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f7ca4a-ca73-47f8-9fd7-9b2f51b80a98/1/MNXiAi6oLsd_kt3bd2YYzWwFdXU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.247.0/24
                  193.84.253.0-193.84.254.255

    Signature Algorithm: sha256WithRSAEncryption
         3a:ff:2b:a5:21:2a:c0:5b:af:f9:e4:be:38:19:88:bd:57:72:
         42:b6:1b:ed:f8:fc:46:79:6e:74:15:29:c1:9e:21:6f:75:b4:
         02:fa:84:bd:56:6d:38:35:40:77:3a:8d:c0:2a:45:12:a5:af:
         fc:6f:7d:e9:c2:12:5b:52:01:f0:ce:a2:2e:ca:eb:d6:b1:6d:
         b4:e5:40:f3:7f:fd:ce:46:36:b0:a3:22:c1:41:f1:3c:d0:1c:
         a5:c9:44:8e:1d:38:83:93:0f:c2:1d:93:fa:8e:83:96:36:03:
         90:e4:f9:4a:3b:90:52:ce:88:74:4f:c2:ac:cb:c5:52:4b:00:
         b6:df:e0:bd:bb:e4:56:fa:f8:12:ae:ca:b2:50:71:68:14:65:
         88:a9:06:a7:b8:88:0a:cd:4a:17:4f:9b:66:a0:bb:61:0e:4d:
         ec:f6:14:87:16:63:48:d9:46:3b:27:52:b0:21:28:4d:9f:30:
         2b:a6:1c:8d:a8:17:aa:f6:87:13:43:55:32:c3:1c:1b:1b:4b:
         b7:51:d3:24:81:aa:97:a1:cf:4b:51:46:26:67:df:e6:c9:88:
         70:82:b5:82:1a:05:0c:55:e9:37:32:2b:a8:1b:24:a9:c0:b8:
         46:67:4e:5a:84:93:ac:9e:18:e4:b4:67:1a:d8:b8:53:50:1d:
         ad:95:d4:5a
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZM+Qt7U6BmARgNHIq1tR+lbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZDVlMjAyMmVhODJlYzc3ZjkyZGRkYjc3NjYxOGNkNmMw
NTc1NzUwHhcNMjQxMTE4MDc1MzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDg0MWUwY2QzZDRjOTJlYzgwMmQwMWFjN2JjMWVjZDM1MTRkZDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvTdaF4VRlSDbIOhhBvc4hE/bdvu
rzs/o/bpWDMmx0DI0EMj1bvgvlLhr/L6JfJMy2DbUp/aU7dTnGSAgFfzgfZa/9Ot
b6exiFS1EDAV8RNzbNRzQQypl5oAklouuprmjPDBh98UOmiOrDmeu7/GkSwtcDsQ
lMUjN5NBjeK48sbjNCsW4+TX2U2o7xtjtmTd+8SoFri99UqtUhafZXg4VWdzrDyb
dXzO0Bgc5UqFXWi+y7fNPUEXwtFIhqFWmKd65/e1LzKXyCnhNGZk25TZLAf4sXXu
BoPFXRTK1RBNkhCt7f5CBPmufvGYTS/kOPLBJTX8QIs+dbcnDERhh9tbowIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFK2EHgzT1MkuyALQGse8Hs01FN1XMB8GA1UdIwQY
MBaAFDDV4gIuqC7Hf5Ld23dmGM1sBXV1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU5YaUFpNm9Mc2Rfa3QzYmQyWVl6V3dGZFhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mN2NhNGEtY2E3My00N2Y4LTlmZDct
OWIyZjUxYjgwYTk4LzEvcllRZUROUFV5UzdJQXRBYXg3d2V6VFVVM1ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mN2NhNGEtY2E3My00N2Y4LTlmZDctOWIyZjUxYjgwYTk4
LzEvTU5YaUFpNm9Mc2Rfa3QzYmQyWVl6V3dGZFhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAwVT3MAwD
BADBVP0DBADBVP4wDQYJKoZIhvcNAQELBQADggEBADr/K6UhKsBbr/nkvjgZiL1X
ckK2G+34/EZ5bnQVKcGeIW91tAL6hL1WbTg1QHc6jcAqRRKlr/xvfenCEltSAfDO
oi7K69axbbTlQPN//c5GNrCjIsFB8TzQHKXJRI4dOIOTD8Idk/qOg5Y2A5Dk+Uo7
kFLOiHRPwqzLxVJLALbf4L275Fb6+BKuyrJQcWgUZYipBqe4iArNShdPm2agu2EO
Tez2FIcWY0jZRjsnUrAhKE2fMCumHI2oF6r2hxNDVTLDHBsbS7dR0ySBqpehz0tR
RiZn3+bJiHCCtYIaBQxV6TcyK6gbJKnAuEZnTlqEk6yeGOS0ZxrYuFNQHa2V1Fo=
-----END CERTIFICATE-----