Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/0600f8-2958-4417-bb67-3c5e1744acdd/1/OeJWPjt1ftdzIr1OWiL1VyudWPQ.roa
File:                     OeJWPjt1ftdzIr1OWiL1VyudWPQ.roa (raw, json)
Hash identifier:          g5xkANiyzNOH4Bj18KNWBmMkwDh6CMo4REZ3AtxfecA=
Subject key identifier:   39:E2:56:3E:3B:75:7E:D7:73:22:BD:4E:5A:22:F5:57:2B:9D:58:F4
Certificate issuer:       /CN=af503e5b835f0a81381d1c4c1233d38fb7ddf23d
Certificate serial:       018F5CE7F605DF74630DB2C13578BD4D3CF6
Authority key identifier: AF:50:3E:5B:83:5F:0A:81:38:1D:1C:4C:12:33:D3:8F:B7:DD:F2:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r1A-W4NfCoE4HRxMEjPTj7fd8j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/0600f8-2958-4417-bb67-3c5e1744acdd/1/OeJWPjt1ftdzIr1OWiL1VyudWPQ.roa
Signing time:             Thu 09 May 2024 10:30:56 +0000
ROA not before:           Thu 09 May 2024 10:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19318
IP address blocks:        92.119.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/0600f8-2958-4417-bb67-3c5e1744acdd/1/r1A-W4NfCoE4HRxMEjPTj7fd8j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/0600f8-2958-4417-bb67-3c5e1744acdd/1/r1A-W4NfCoE4HRxMEjPTj7fd8j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r1A-W4NfCoE4HRxMEjPTj7fd8j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:5c:e7:f6:05:df:74:63:0d:b2:c1:35:78:bd:4d:3c:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af503e5b835f0a81381d1c4c1233d38fb7ddf23d
        Validity
            Not Before: May  9 10:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39e2563e3b757ed77322bd4e5a22f5572b9d58f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ad:f8:dc:f6:41:d0:d4:af:83:44:e8:cb:ad:
                    4e:41:2c:c9:06:bf:7b:f2:52:f7:bc:c4:5f:53:a6:
                    1d:a7:5f:66:1e:78:59:b6:a1:68:eb:11:a3:ab:a1:
                    af:c7:b6:37:83:2f:87:08:b6:86:97:78:31:dd:52:
                    d6:e9:21:c7:21:35:76:a0:e6:9e:22:de:af:c9:d0:
                    07:65:0b:1e:d7:f1:ab:9a:21:48:9a:56:3d:03:e8:
                    5c:69:ba:2f:a7:cc:fb:5a:50:7d:01:0e:0f:9d:f9:
                    95:3a:bb:ec:ea:bd:b3:a6:61:e8:39:44:b9:00:1d:
                    87:6b:d2:47:8d:27:28:67:b2:50:cd:00:b6:6f:3d:
                    fb:65:6b:d7:3e:76:2d:cd:ef:e7:df:cb:c6:b2:00:
                    9c:c8:b7:b5:b5:73:c1:b5:77:33:20:9c:8b:77:de:
                    89:3c:ba:37:be:3b:b6:af:09:c1:ae:f1:dc:52:99:
                    c9:0b:f8:e8:24:bb:8f:39:6f:09:c2:30:3e:cf:2a:
                    91:78:a2:af:ab:03:c6:8d:bd:31:ff:03:7a:83:d0:
                    9a:07:51:67:24:47:52:1c:e3:c0:ea:b0:80:c5:c9:
                    0b:2d:5b:6c:5c:5c:7e:a9:05:ba:2d:f4:9c:36:db:
                    32:6f:d2:d3:50:7e:a1:35:81:36:c6:e6:b1:e4:8b:
                    28:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:E2:56:3E:3B:75:7E:D7:73:22:BD:4E:5A:22:F5:57:2B:9D:58:F4
            X509v3 Authority Key Identifier:
                keyid:AF:50:3E:5B:83:5F:0A:81:38:1D:1C:4C:12:33:D3:8F:B7:DD:F2:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r1A-W4NfCoE4HRxMEjPTj7fd8j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/0600f8-2958-4417-bb67-3c5e1744acdd/1/OeJWPjt1ftdzIr1OWiL1VyudWPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/0600f8-2958-4417-bb67-3c5e1744acdd/1/r1A-W4NfCoE4HRxMEjPTj7fd8j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:41:3c:9e:cc:1b:2a:83:d4:38:cc:a1:d9:0d:a8:10:23:c3:
         22:66:07:3d:bb:87:cc:97:76:f3:15:b8:ff:94:1a:a7:6f:84:
         95:db:b8:5f:d1:74:b7:86:f4:8e:f9:3a:76:bd:5f:cf:01:8a:
         fe:8b:95:0c:7e:c9:93:04:37:d6:7b:d5:4c:d4:df:7a:19:38:
         fd:97:c0:e1:c9:ff:d3:3b:99:a5:29:31:56:ad:d7:a7:d8:55:
         6b:b9:01:fe:ed:6f:42:bd:e9:08:90:59:fd:79:95:d4:28:6a:
         2e:fa:97:80:a2:5e:4b:6d:ab:37:df:ab:b2:c6:70:a7:c2:ff:
         e3:8d:d6:ef:82:2c:22:52:fe:91:0f:59:6f:0b:5e:e0:19:e8:
         36:f1:1a:15:77:f3:89:e4:3b:75:a2:be:e9:08:27:53:c4:b4:
         91:ca:2c:6f:f7:4b:3c:27:18:b4:eb:a1:dc:c1:6d:fb:53:b3:
         ec:54:66:2a:df:35:d1:ec:3b:56:2e:9a:c8:42:a1:14:e6:cc:
         78:76:67:15:86:10:d5:c9:e1:0f:3a:1a:de:91:a0:a1:fd:56:
         99:7c:ad:b7:5b:6f:c3:dc:7e:99:fd:e7:ab:ad:7c:a5:fc:9c:
         43:c2:ce:7d:13:73:f4:17:5c:d7:25:4f:ec:7d:bb:c1:27:84:
         34:db:e1:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9c5/YF33RjDbLBNXi9TTz2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNTAzZTViODM1ZjBhODEzODFkMWM0YzEyMzNkMzhmYjdk
ZGYyM2QwHhcNMjQwNTA5MTAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWUyNTYzZTNiNzU3ZWQ3NzMyMmJkNGU1YTIyZjU1NzJiOWQ1OGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlK343PZB0NSvg0Toy61OQSzJBr97
8lL3vMRfU6Ydp19mHnhZtqFo6xGjq6Gvx7Y3gy+HCLaGl3gx3VLW6SHHITV2oOae
It6vydAHZQse1/GrmiFImlY9A+hcabovp8z7WlB9AQ4PnfmVOrvs6r2zpmHoOUS5
AB2Ha9JHjScoZ7JQzQC2bz37ZWvXPnYtze/n38vGsgCcyLe1tXPBtXczIJyLd96J
PLo3vju2rwnBrvHcUpnJC/joJLuPOW8JwjA+zyqReKKvqwPGjb0x/wN6g9CaB1Fn
JEdSHOPA6rCAxckLLVtsXFx+qQW6LfScNtsyb9LTUH6hNYE2xuax5IsoqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDniVj47dX7XcyK9Tloi9VcrnVj0MB8GA1UdIwQY
MBaAFK9QPluDXwqBOB0cTBIz04+33fI9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjFBLVc0TmZDb0U0SFJ4TUVqUFRqN2ZkOGowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS8wNjAwZjgtMjk1OC00NDE3LWJiNjct
M2M1ZTE3NDRhY2RkLzEvT2VKV1BqdDFmdGR6SXIxT1dpTDFWeXVkV1BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS8wNjAwZjgtMjk1OC00NDE3LWJiNjctM2M1ZTE3NDRhY2Rk
LzEvcjFBLVc0TmZDb0U0SFJ4TUVqUFRqN2ZkOGowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHedMA0G
CSqGSIb3DQEBCwUAA4IBAQBMQTyezBsqg9Q4zKHZDagQI8MiZgc9u4fMl3bzFbj/
lBqnb4SV27hf0XS3hvSO+Tp2vV/PAYr+i5UMfsmTBDfWe9VM1N96GTj9l8Dhyf/T
O5mlKTFWrden2FVruQH+7W9CvekIkFn9eZXUKGou+peAol5Lbas336uyxnCnwv/j
jdbvgiwiUv6RD1lvC17gGeg28RoVd/OJ5Dt1or7pCCdTxLSRyixv90s8Jxi066Hc
wW37U7PsVGYq3zXR7DtWLprIQqEU5sx4dmcVhhDVyeEPOhrekaCh/VaZfK23W2/D
3H6Z/eerrXyl/JxDws59E3P0F1zXJU/sfbvBJ4Q02+Gl
-----END CERTIFICATE-----