Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/jIv-sXNCDkuBlXy7FHmcCYNpARQ.roa
File:                     jIv-sXNCDkuBlXy7FHmcCYNpARQ.roa (raw, json)
Hash identifier:          32v2gdg05ualub/MOuveYgfa8/6L1Zlo30w94Wz1vKs=
Subject key identifier:   8C:8B:FE:B1:73:42:0E:4B:81:95:7C:BB:14:79:9C:09:83:69:01:14
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       018CC94E705CDB72069CC8594F0F1DFE450A
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/jIv-sXNCDkuBlXy7FHmcCYNpARQ.roa
Signing time:             Tue 02 Jan 2024 08:33:30 +0000
ROA not before:           Tue 02 Jan 2024 08:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50939
IP address blocks:        93.174.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 09:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:70:5c:db:72:06:9c:c8:59:4f:0f:1d:fe:45:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  2 08:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c8bfeb173420e4b81957cbb14799c0983690114
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:5d:82:62:a4:c7:20:d7:3f:29:eb:63:2b:31:
                    da:b0:39:31:c7:22:5e:18:ca:1f:50:e0:bf:3e:b8:
                    5e:7e:2b:4c:6a:2b:92:03:cb:b7:44:02:a9:3c:49:
                    0a:2a:5d:94:4e:05:9d:04:03:3d:eb:1d:da:34:a6:
                    de:80:a9:e2:f8:75:ee:5e:2f:82:85:23:1d:c5:2f:
                    f3:fa:9b:f0:43:9e:98:cf:57:07:b0:2d:85:ca:47:
                    68:38:d6:fd:2c:8c:aa:40:87:c6:75:31:85:26:d5:
                    a3:12:b8:98:4f:dd:eb:6f:6f:a6:28:a8:69:64:6b:
                    19:02:c6:63:b0:06:90:32:9a:af:e7:e4:3b:b2:49:
                    c8:8f:74:5c:e5:1b:c3:53:52:03:d4:0c:92:3c:be:
                    5c:4d:7a:ac:d4:b6:9e:c0:e0:29:34:86:ae:59:54:
                    67:0e:a4:d3:0e:3f:e9:fc:15:45:ff:59:64:12:45:
                    ec:e1:7e:68:db:bf:1e:9b:64:57:c1:3e:6a:14:b6:
                    6c:56:a0:bc:fd:c1:5c:06:07:18:05:ed:61:34:89:
                    f3:cb:5a:de:d2:a7:61:b5:17:b5:40:1d:bf:6d:71:
                    e8:35:d8:d7:f1:16:6b:89:39:b0:05:43:b2:f9:06:
                    57:b5:fa:d4:2d:79:8b:61:c3:e3:03:9a:59:4d:1e:
                    1b:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:8B:FE:B1:73:42:0E:4B:81:95:7C:BB:14:79:9C:09:83:69:01:14
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/jIv-sXNCDkuBlXy7FHmcCYNpARQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.174.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:19:5a:bc:6c:4d:2e:b3:73:c4:b5:e2:33:1b:ed:90:ff:eb:
         ee:75:8a:38:0e:e0:f2:cb:ee:c9:e4:08:1c:3e:4e:60:18:42:
         5c:91:c8:fc:ce:8c:b3:17:7a:a1:bf:19:04:24:dc:1b:38:99:
         47:b2:fb:ea:10:2d:04:52:44:46:d1:e6:d7:54:05:36:3d:5d:
         64:4a:ad:44:c9:df:4b:4e:51:07:78:be:58:af:d2:44:ff:76:
         9d:71:4c:8b:26:53:7a:77:70:56:dc:39:66:c5:3e:7d:b9:74:
         79:bd:d1:b2:17:d2:d1:87:08:15:e0:4e:93:b0:19:e4:04:60:
         0b:17:a4:8d:8b:4c:d1:8f:e1:ed:e7:8f:b1:39:d6:12:f0:4b:
         21:9a:85:49:04:43:0b:60:2e:a6:6b:c2:eb:ae:e0:2c:88:1f:
         cd:16:20:91:b7:44:7e:9b:d7:3b:fe:c5:64:8e:57:72:97:c1:
         b6:19:ef:c5:8f:23:a2:da:39:1e:9b:66:ee:32:a6:85:c9:df:
         21:a3:a3:16:72:1a:45:bc:2b:aa:7b:32:ff:62:3f:bb:df:ba:
         6d:35:0f:12:e3:5e:2c:66:d0:df:8f:9a:5e:f3:1a:21:28:00:
         05:fc:75:fa:66:2b:cd:55:01:02:bb:08:eb:01:04:cb:26:51:
         cf:85:97:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTnBc23IGnMhZTw8d/kUKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjQwMTAyMDgzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzhiZmViMTczNDIwZTRiODE5NTdjYmIxNDc5OWMwOTgzNjkwMTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtl2CYqTHINc/KetjKzHasDkxxyJe
GMofUOC/PrhefitMaiuSA8u3RAKpPEkKKl2UTgWdBAM96x3aNKbegKni+HXuXi+C
hSMdxS/z+pvwQ56Yz1cHsC2FykdoONb9LIyqQIfGdTGFJtWjEriYT93rb2+mKKhp
ZGsZAsZjsAaQMpqv5+Q7sknIj3Rc5RvDU1ID1AySPL5cTXqs1LaewOApNIauWVRn
DqTTDj/p/BVF/1lkEkXs4X5o278em2RXwT5qFLZsVqC8/cFcBgcYBe1hNInzy1re
0qdhtRe1QB2/bXHoNdjX8RZriTmwBUOy+QZXtfrULXmLYcPjA5pZTR4b4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIyL/rFzQg5LgZV8uxR5nAmDaQEUMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvakl2LXNYTkNEa3VCbFh5N0ZIbWNDWU5wQVJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXa6mMA0G
CSqGSIb3DQEBCwUAA4IBAQCZGVq8bE0us3PEteIzG+2Q/+vudYo4DuDyy+7J5Agc
Pk5gGEJckcj8zoyzF3qhvxkEJNwbOJlHsvvqEC0EUkRG0ebXVAU2PV1kSq1Eyd9L
TlEHeL5Yr9JE/3adcUyLJlN6d3BW3DlmxT59uXR5vdGyF9LRhwgV4E6TsBnkBGAL
F6SNi0zRj+Ht54+xOdYS8EshmoVJBEMLYC6ma8LrruAsiB/NFiCRt0R+m9c7/sVk
jldyl8G2Ge/FjyOi2jkem2buMqaFyd8ho6MWchpFvCuqezL/Yj+737ptNQ8S414s
ZtDfj5pe8xohKAAF/HX6ZivNVQECuwjrAQTLJlHPhZc8
-----END CERTIFICATE-----