Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/c5bb61-a617-414a-a34c-a5e435c190e3/1/x-KkgP1Weyr_majUKVSIQM5tgfY.roa
File:                     x-KkgP1Weyr_majUKVSIQM5tgfY.roa (raw, json)
Hash identifier:          Og9tXQSZKBUlkOBEX4b0hnrGKdhKehxcNDaPrIq5KFo=
Subject key identifier:   C7:E2:A4:80:FD:56:7B:2A:FF:99:A8:D4:29:54:88:40:CE:6D:81:F6
Certificate issuer:       /CN=ab863267b5b73db07c80e74d715b6736d4fba9fb
Certificate serial:       018EF5FB87AD5A4315A165532D2973E93539
Authority key identifier: AB:86:32:67:B5:B7:3D:B0:7C:80:E7:4D:71:5B:67:36:D4:FB:A9:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q4YyZ7W3PbB8gOdNcVtnNtT7qfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/c5bb61-a617-414a-a34c-a5e435c190e3/1/x-KkgP1Weyr_majUKVSIQM5tgfY.roa
Signing time:             Fri 19 Apr 2024 10:51:25 +0000
ROA not before:           Fri 19 Apr 2024 10:51:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198838
IP address blocks:        193.109.58.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/c5bb61-a617-414a-a34c-a5e435c190e3/1/q4YyZ7W3PbB8gOdNcVtnNtT7qfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/c5bb61-a617-414a-a34c-a5e435c190e3/1/q4YyZ7W3PbB8gOdNcVtnNtT7qfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q4YyZ7W3PbB8gOdNcVtnNtT7qfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f5:fb:87:ad:5a:43:15:a1:65:53:2d:29:73:e9:35:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab863267b5b73db07c80e74d715b6736d4fba9fb
        Validity
            Not Before: Apr 19 10:51:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7e2a480fd567b2aff99a8d429548840ce6d81f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b7:71:af:95:cd:7c:4e:7f:b4:40:b2:18:b1:
                    43:79:7b:0a:20:0f:93:1f:35:0e:c1:57:21:49:94:
                    51:2f:64:db:fa:b4:34:1e:cb:d2:97:4e:f6:14:33:
                    ea:b5:f3:66:05:35:da:a9:33:bb:61:53:86:e0:39:
                    3c:59:7a:25:93:47:66:e5:b8:79:4c:ab:c5:15:e6:
                    b9:3a:9e:fb:42:39:e4:a4:32:51:8f:29:3b:60:fe:
                    16:78:fd:fb:ce:e5:3d:ed:e2:30:58:44:7b:47:01:
                    97:fe:67:b8:db:62:7e:f1:07:ee:a0:25:01:5e:64:
                    c1:cc:c0:c1:e7:68:40:aa:27:02:c3:fb:0d:75:94:
                    36:25:29:1a:18:f8:f8:93:9e:b4:70:f4:c7:bd:6b:
                    3b:1f:92:9d:d9:a7:d4:e7:3e:f0:d5:e2:43:6a:e6:
                    85:89:72:ec:af:36:16:7e:39:6d:04:c7:a2:81:51:
                    07:b8:b9:2f:00:36:e3:82:f6:00:93:87:6b:1f:2d:
                    3f:5d:d9:1a:e7:c8:af:3e:6b:b7:1d:a8:9e:20:f2:
                    3a:d1:f8:8a:e7:70:81:67:99:46:d9:94:e5:0c:75:
                    d8:08:0f:cd:c9:fd:3e:fb:d2:b2:41:4c:fe:6d:fc:
                    c0:7a:b8:9b:6f:4a:e6:c8:3c:c8:99:62:ef:7f:6f:
                    89:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:E2:A4:80:FD:56:7B:2A:FF:99:A8:D4:29:54:88:40:CE:6D:81:F6
            X509v3 Authority Key Identifier:
                keyid:AB:86:32:67:B5:B7:3D:B0:7C:80:E7:4D:71:5B:67:36:D4:FB:A9:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q4YyZ7W3PbB8gOdNcVtnNtT7qfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/c5bb61-a617-414a-a34c-a5e435c190e3/1/x-KkgP1Weyr_majUKVSIQM5tgfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/c5bb61-a617-414a-a34c-a5e435c190e3/1/q4YyZ7W3PbB8gOdNcVtnNtT7qfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b8:e0:3b:9c:6b:e5:c1:50:98:57:57:a6:85:5c:6b:3e:31:e2:
         1f:52:63:41:a2:e4:28:cd:0e:c0:5c:5a:ea:56:f8:1e:bf:dc:
         1b:e8:19:28:3e:dc:82:09:9e:18:77:86:3b:66:ae:b1:e8:6b:
         bb:33:99:10:fc:b7:ac:d0:ea:a1:85:a2:cf:73:f1:38:b8:e7:
         0a:f8:88:c3:ab:ea:ad:60:44:f9:9c:cb:c5:75:24:94:b1:f3:
         1c:2b:d0:52:55:b2:5d:d3:93:e6:24:30:50:f5:f4:c5:c7:9d:
         f9:fb:19:d1:ce:ba:1c:2b:b6:94:a3:62:fb:dc:fb:b8:3d:c6:
         9c:07:b1:20:55:ea:5e:0d:7c:22:61:cf:f6:f8:28:76:ad:67:
         71:93:fe:df:86:38:1d:b7:c8:dc:9c:90:1f:dd:67:6c:4b:61:
         9a:96:cd:ae:a2:b6:e2:ef:a0:ec:e3:8f:b8:9b:8a:75:16:83:
         bd:c4:8f:cc:ca:7e:c2:53:12:1a:05:3d:54:78:eb:cc:86:cc:
         e8:ca:be:74:fc:f3:be:c9:24:d5:8d:ae:5b:ee:ee:80:0c:68:
         1a:be:93:5d:85:4d:6e:88:85:33:f7:ec:88:01:8b:6b:18:8b:
         a3:1e:c0:5f:f8:9b:8b:84:1d:df:41:b8:37:9d:43:e3:66:07:
         ef:76:75:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY71+4etWkMVoWVTLSlz6TU5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiODYzMjY3YjViNzNkYjA3YzgwZTc0ZDcxNWI2NzM2ZDRm
YmE5ZmIwHhcNMjQwNDE5MTA1MTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2UyYTQ4MGZkNTY3YjJhZmY5OWE4ZDQyOTU0ODg0MGNlNmQ4MWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrdxr5XNfE5/tECyGLFDeXsKIA+T
HzUOwVchSZRRL2Tb+rQ0HsvSl072FDPqtfNmBTXaqTO7YVOG4Dk8WXolk0dm5bh5
TKvFFea5Op77QjnkpDJRjyk7YP4WeP37zuU97eIwWER7RwGX/me422J+8QfuoCUB
XmTBzMDB52hAqicCw/sNdZQ2JSkaGPj4k560cPTHvWs7H5Kd2afU5z7w1eJDauaF
iXLsrzYWfjltBMeigVEHuLkvADbjgvYAk4drHy0/Xdka58ivPmu3HaieIPI60fiK
53CBZ5lG2ZTlDHXYCA/Nyf0++9KyQUz+bfzAeribb0rmyDzImWLvf2+JOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMfipID9Vnsq/5mo1ClUiEDObYH2MB8GA1UdIwQY
MBaAFKuGMme1tz2wfIDnTXFbZzbU+6n7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTRZeVo3VzNQYkI4Z09kTmNWdG5OdFQ3cWZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9jNWJiNjEtYTYxNy00MTRhLWEzNGMt
YTVlNDM1YzE5MGUzLzEveC1La2dQMVdleXJfbWFqVUtWU0lRTTV0Z2ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9jNWJiNjEtYTYxNy00MTRhLWEzNGMtYTVlNDM1YzE5MGUz
LzEvcTRZeVo3VzNQYkI4Z09kTmNWdG5OdFQ3cWZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwW06MA0G
CSqGSIb3DQEBCwUAA4IBAQC44Duca+XBUJhXV6aFXGs+MeIfUmNBouQozQ7AXFrq
Vvgev9wb6BkoPtyCCZ4Yd4Y7Zq6x6Gu7M5kQ/Les0OqhhaLPc/E4uOcK+IjDq+qt
YET5nMvFdSSUsfMcK9BSVbJd05PmJDBQ9fTFx535+xnRzrocK7aUo2L73Pu4Pcac
B7EgVepeDXwiYc/2+Ch2rWdxk/7fhjgdt8jcnJAf3WdsS2Gals2uorbi76Ds44+4
m4p1FoO9xI/Myn7CUxIaBT1UeOvMhszoyr50/PO+ySTVja5b7u6ADGgavpNdhU1u
iIUz9+yIAYtrGIujHsBf+JuLhB3fQbg3nUPjZgfvdnV6
-----END CERTIFICATE-----