Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/04f474-e3b5-4595-a044-657e41c63ca9/1/vYiw0GXNfeIVJ7PtV2QQXWxyo04.roa
File:                     vYiw0GXNfeIVJ7PtV2QQXWxyo04.roa (raw, json)
Hash identifier:          qtpXwTwNGn+4OhTYZURFF4vDI9QiXmmSBrhlBbTB0uo=
Subject key identifier:   BD:88:B0:D0:65:CD:7D:E2:15:27:B3:ED:57:64:10:5D:6C:72:A3:4E
Certificate issuer:       /CN=294a1cdb68f154cf95418a308c82d8da50775109
Certificate serial:       018CC794AB156B11D4252526351718E37DFE
Authority key identifier: 29:4A:1C:DB:68:F1:54:CF:95:41:8A:30:8C:82:D8:DA:50:77:51:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KUoc22jxVM-VQYowjILY2lB3UQk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/04f474-e3b5-4595-a044-657e41c63ca9/1/vYiw0GXNfeIVJ7PtV2QQXWxyo04.roa
Signing time:             Tue 02 Jan 2024 00:30:58 +0000
ROA not before:           Tue 02 Jan 2024 00:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        193.16.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/04f474-e3b5-4595-a044-657e41c63ca9/1/KUoc22jxVM-VQYowjILY2lB3UQk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/04f474-e3b5-4595-a044-657e41c63ca9/1/KUoc22jxVM-VQYowjILY2lB3UQk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KUoc22jxVM-VQYowjILY2lB3UQk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:ab:15:6b:11:d4:25:25:26:35:17:18:e3:7d:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=294a1cdb68f154cf95418a308c82d8da50775109
        Validity
            Not Before: Jan  2 00:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd88b0d065cd7de21527b3ed5764105d6c72a34e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:65:a3:ca:4f:a7:79:f9:fd:7b:27:00:33:a0:
                    45:0b:e8:1f:a1:db:3e:d0:bd:ae:d3:58:32:09:53:
                    66:19:b6:1b:a1:e4:65:5b:d1:22:cd:35:60:24:72:
                    18:97:94:5e:f9:37:ec:0f:73:0e:5e:8b:9e:6f:e1:
                    ee:3f:00:b3:86:56:a8:51:47:3d:ab:8e:9b:01:c0:
                    d5:90:b7:2d:b9:46:17:9f:59:c6:a2:04:fc:a3:34:
                    84:8e:09:5f:a1:70:2c:7d:48:1c:da:e0:52:1d:f6:
                    46:76:f8:80:5c:3f:ee:84:45:16:e7:a4:88:34:1c:
                    a7:d6:33:dd:5a:57:94:63:85:c0:bb:e1:e5:12:8e:
                    2c:9a:07:34:8a:9e:06:22:d8:06:d7:33:d9:9d:c1:
                    28:63:b8:46:39:90:b7:ad:08:37:28:c7:40:7f:8b:
                    f3:ba:26:83:fc:25:a1:16:7b:51:6a:12:aa:72:aa:
                    c0:3e:7d:80:ed:ba:d8:4e:fb:63:38:4f:30:c2:5d:
                    8c:97:52:75:7a:89:c4:3a:26:c3:a0:a5:07:b8:14:
                    17:5f:73:ae:3c:0a:b3:4f:3a:9b:35:33:be:20:62:
                    8b:60:68:bd:63:32:93:1e:80:a1:d8:7a:9d:c4:ba:
                    10:b5:45:c7:06:f8:44:93:51:fd:07:8a:d7:d8:da:
                    c7:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:88:B0:D0:65:CD:7D:E2:15:27:B3:ED:57:64:10:5D:6C:72:A3:4E
            X509v3 Authority Key Identifier:
                keyid:29:4A:1C:DB:68:F1:54:CF:95:41:8A:30:8C:82:D8:DA:50:77:51:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KUoc22jxVM-VQYowjILY2lB3UQk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/04f474-e3b5-4595-a044-657e41c63ca9/1/vYiw0GXNfeIVJ7PtV2QQXWxyo04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/04f474-e3b5-4595-a044-657e41c63ca9/1/KUoc22jxVM-VQYowjILY2lB3UQk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:8f:8d:b1:0d:99:42:7d:d3:7b:b2:e1:5d:6b:3e:d4:59:cb:
         2e:ed:60:fa:cc:95:72:c4:0e:56:84:f4:bf:e1:08:63:34:44:
         93:40:95:97:3f:f1:63:11:de:4e:57:e0:9d:35:4c:5c:91:88:
         71:32:53:cf:29:65:ce:0b:9f:14:24:f7:87:74:d5:4a:2b:3a:
         b9:ae:b7:f0:6a:85:3f:42:f9:b9:8b:11:89:fb:13:64:04:65:
         b2:47:d0:5b:77:d2:4b:5a:2e:0b:b1:d0:2b:e6:6b:bf:88:a2:
         6c:2d:36:bd:d1:8c:4d:7d:37:80:3d:34:5f:bd:8b:cd:89:3a:
         e0:8b:95:c0:7c:ca:f0:73:68:90:de:5f:bb:4a:c7:03:c5:5a:
         14:c1:6d:1d:88:30:ab:6f:04:f8:81:b2:ad:14:a4:66:75:5a:
         cd:71:f4:ea:4a:b1:52:00:85:93:06:8d:98:20:b3:a5:0a:40:
         07:da:b5:5e:6c:ad:7d:1e:dc:25:49:96:ae:57:26:2b:01:3d:
         20:a0:7f:ec:8b:1e:36:00:08:18:56:92:85:11:41:02:90:f0:
         63:52:c6:60:f8:47:70:2c:d9:e7:46:29:aa:7f:d9:80:21:81:
         1d:9c:32:27:51:e0:08:a6:18:5f:10:98:e3:71:0f:f1:1b:e6:
         bb:ef:15:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlKsVaxHUJSUmNRcY433+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NGExY2RiNjhmMTU0Y2Y5NTQxOGEzMDhjODJkOGRhNTA3
NzUxMDkwHhcNMjQwMTAyMDAzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDg4YjBkMDY1Y2Q3ZGUyMTUyN2IzZWQ1NzY0MTA1ZDZjNzJhMzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWWjyk+nefn9eycAM6BFC+gfods+
0L2u01gyCVNmGbYboeRlW9EizTVgJHIYl5Re+TfsD3MOXoueb+HuPwCzhlaoUUc9
q46bAcDVkLctuUYXn1nGogT8ozSEjglfoXAsfUgc2uBSHfZGdviAXD/uhEUW56SI
NByn1jPdWleUY4XAu+HlEo4smgc0ip4GItgG1zPZncEoY7hGOZC3rQg3KMdAf4vz
uiaD/CWhFntRahKqcqrAPn2A7brYTvtjOE8wwl2Ml1J1eonEOibDoKUHuBQXX3Ou
PAqzTzqbNTO+IGKLYGi9YzKTHoCh2HqdxLoQtUXHBvhEk1H9B4rX2NrHkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2IsNBlzX3iFSez7VdkEF1scqNOMB8GA1UdIwQY
MBaAFClKHNto8VTPlUGKMIyC2NpQd1EJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1VvYzIyanhWTS1WUVlvd2pJTFkybEIzVVFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8wNGY0NzQtZTNiNS00NTk1LWEwNDQt
NjU3ZTQxYzYzY2E5LzEvdllpdzBHWE5mZUlWSjdQdFYyUVFYV3h5bzA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8wNGY0NzQtZTNiNS00NTk1LWEwNDQtNjU3ZTQxYzYzY2E5
LzEvS1VvYzIyanhWTS1WUVlvd2pJTFkybEIzVVFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRD1MA0G
CSqGSIb3DQEBCwUAA4IBAQB1j42xDZlCfdN7suFdaz7UWcsu7WD6zJVyxA5WhPS/
4QhjNESTQJWXP/FjEd5OV+CdNUxckYhxMlPPKWXOC58UJPeHdNVKKzq5rrfwaoU/
Qvm5ixGJ+xNkBGWyR9Bbd9JLWi4LsdAr5mu/iKJsLTa90YxNfTeAPTRfvYvNiTrg
i5XAfMrwc2iQ3l+7SscDxVoUwW0diDCrbwT4gbKtFKRmdVrNcfTqSrFSAIWTBo2Y
ILOlCkAH2rVebK19HtwlSZauVyYrAT0goH/six42AAgYVpKFEUECkPBjUsZg+Edw
LNnnRimqf9mAIYEdnDInUeAIphhfEJjjcQ/xG+a77xVa
-----END CERTIFICATE-----