Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/ROwVEwL-z29-Xu1ss-VVQCqLzQ4.roa
File:                     ROwVEwL-z29-Xu1ss-VVQCqLzQ4.roa (raw, json)
Hash identifier:          E9gXKWJm8/C5R30ZEEUag2PYMWA108qDvtStzbj2xZU=
Subject key identifier:   44:EC:15:13:02:FE:CF:6F:7E:5E:ED:6C:B3:E5:55:40:2A:8B:CD:0E
Certificate issuer:       /CN=021b3ea35edfdd138c15506d74a76022dd37694b
Certificate serial:       018CC5DBF02815A513CB63C0A0769AB3A66F
Authority key identifier: 02:1B:3E:A3:5E:DF:DD:13:8C:15:50:6D:74:A7:60:22:DD:37:69:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ahs-o17f3ROMFVBtdKdgIt03aUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/ROwVEwL-z29-Xu1ss-VVQCqLzQ4.roa
Signing time:             Mon 01 Jan 2024 16:29:34 +0000
ROA not before:           Mon 01 Jan 2024 16:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42873
IP address blocks:        193.196.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/Ahs-o17f3ROMFVBtdKdgIt03aUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/Ahs-o17f3ROMFVBtdKdgIt03aUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ahs-o17f3ROMFVBtdKdgIt03aUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 13:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f0:28:15:a5:13:cb:63:c0:a0:76:9a:b3:a6:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=021b3ea35edfdd138c15506d74a76022dd37694b
        Validity
            Not Before: Jan  1 16:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44ec151302fecf6f7e5eed6cb3e555402a8bcd0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:08:0c:f9:3b:b8:1f:f3:3c:09:11:6d:01:5f:
                    8a:6c:6c:db:f2:d2:f6:df:90:e2:0d:1c:f2:63:d2:
                    37:6a:62:10:36:0d:a3:40:7c:c0:e9:44:91:06:6f:
                    63:3b:f1:89:b8:7b:ee:6e:83:3f:05:23:3d:f6:d0:
                    61:bb:af:a1:14:6b:2d:42:44:2b:ae:ab:8a:a7:03:
                    e1:c9:ad:7e:7f:97:f3:0f:ca:4e:95:33:4e:e3:38:
                    cd:bb:57:a7:55:d5:d9:fe:28:95:a4:47:60:1d:9b:
                    ed:c7:3e:16:9a:d9:ed:ed:5f:34:98:0f:3d:aa:ef:
                    83:fb:1c:01:a1:f2:23:db:53:61:ef:43:c2:4f:7f:
                    23:f6:ec:2f:8f:28:cd:6e:f2:a4:93:0d:6b:79:43:
                    9e:ac:66:b7:e1:49:e2:d7:91:d1:f5:84:24:ad:c5:
                    bc:60:75:39:3d:7e:f0:7b:b6:fc:8c:e7:a3:29:61:
                    ac:ef:bc:cf:d7:fe:ed:dd:a6:15:4b:18:de:4e:96:
                    6f:38:a4:5c:ad:81:9d:c9:ac:d9:36:36:1b:47:49:
                    17:97:87:f7:90:71:9c:62:fa:f0:3b:6f:62:b7:e3:
                    70:2c:54:1f:ab:84:84:14:d1:05:c4:6f:0c:c6:a6:
                    dd:39:b5:af:c6:7e:e6:25:b7:41:a7:eb:76:e3:c0:
                    2c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:EC:15:13:02:FE:CF:6F:7E:5E:ED:6C:B3:E5:55:40:2A:8B:CD:0E
            X509v3 Authority Key Identifier:
                keyid:02:1B:3E:A3:5E:DF:DD:13:8C:15:50:6D:74:A7:60:22:DD:37:69:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ahs-o17f3ROMFVBtdKdgIt03aUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/ROwVEwL-z29-Xu1ss-VVQCqLzQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f89b64-87b7-48f4-8b60-c3204bde7773/1/Ahs-o17f3ROMFVBtdKdgIt03aUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.196.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:2e:af:dc:6a:30:3c:93:98:f2:e6:e0:d6:1e:eb:af:bf:61:
         bc:6f:d9:52:71:19:20:0c:44:d4:21:d4:4b:12:ab:f8:e1:38:
         75:e5:48:e8:25:8f:f8:a3:1f:48:bc:f4:4b:5d:a1:41:b9:ac:
         18:4a:b9:69:cd:fc:83:ab:38:67:43:12:3a:db:fa:66:1a:05:
         85:a7:56:b6:39:75:13:21:c1:29:4d:81:a5:65:15:d0:35:6d:
         77:64:c7:5c:4e:41:7f:1a:7a:9f:94:c2:b8:1a:2d:24:ea:5b:
         f4:4e:c3:19:53:21:7d:ef:73:08:67:51:52:8a:fa:71:f5:0d:
         a2:69:43:77:ff:e0:46:58:98:9d:07:95:7a:4c:fd:3e:d9:c0:
         13:a2:91:e4:59:81:60:67:43:61:e1:43:5f:3e:39:8f:e7:e3:
         a3:93:b3:b5:52:b3:a5:3e:e6:2b:9b:f0:9d:5a:b9:d7:ae:ae:
         9a:2a:58:7a:f2:aa:65:36:7f:08:23:92:ec:3d:82:e5:57:9c:
         a8:fc:be:08:13:45:d4:36:d1:bf:0e:38:b3:3a:0c:77:fb:74:
         c2:a7:c0:96:cd:35:44:72:47:e1:28:c0:ce:1a:7b:93:08:ef:
         3d:11:f0:ab:06:16:8b:2f:89:71:80:01:15:e7:f3:7d:80:78:
         10:7a:92:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/AoFaUTy2PAoHaas6ZvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyMWIzZWEzNWVkZmRkMTM4YzE1NTA2ZDc0YTc2MDIyZGQz
NzY5NGIwHhcNMjQwMTAxMTYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGVjMTUxMzAyZmVjZjZmN2U1ZWVkNmNiM2U1NTU0MDJhOGJjZDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwgM+Tu4H/M8CRFtAV+KbGzb8tL2
35DiDRzyY9I3amIQNg2jQHzA6USRBm9jO/GJuHvuboM/BSM99tBhu6+hFGstQkQr
rquKpwPhya1+f5fzD8pOlTNO4zjNu1enVdXZ/iiVpEdgHZvtxz4Wmtnt7V80mA89
qu+D+xwBofIj21Nh70PCT38j9uwvjyjNbvKkkw1reUOerGa34Uni15HR9YQkrcW8
YHU5PX7we7b8jOejKWGs77zP1/7t3aYVSxjeTpZvOKRcrYGdyazZNjYbR0kXl4f3
kHGcYvrwO29it+NwLFQfq4SEFNEFxG8MxqbdObWvxn7mJbdBp+t248AstQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFETsFRMC/s9vfl7tbLPlVUAqi80OMB8GA1UdIwQY
MBaAFAIbPqNe390TjBVQbXSnYCLdN2lLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWhzLW8xN2YzUk9NRlZCdGRLZGdJdDAzYVVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mODliNjQtODdiNy00OGY0LThiNjAt
YzMyMDRiZGU3NzczLzEvUk93VkV3TC16MjktWHUxc3MtVlZRQ3FMelE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mODliNjQtODdiNy00OGY0LThiNjAtYzMyMDRiZGU3Nzcz
LzEvQWhzLW8xN2YzUk9NRlZCdGRLZGdJdDAzYVVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcQMMA0G
CSqGSIb3DQEBCwUAA4IBAQBiLq/cajA8k5jy5uDWHuuvv2G8b9lScRkgDETUIdRL
Eqv44Th15UjoJY/4ox9IvPRLXaFBuawYSrlpzfyDqzhnQxI62/pmGgWFp1a2OXUT
IcEpTYGlZRXQNW13ZMdcTkF/GnqflMK4Gi0k6lv0TsMZUyF973MIZ1FSivpx9Q2i
aUN3/+BGWJidB5V6TP0+2cATopHkWYFgZ0Nh4UNfPjmP5+Ojk7O1UrOlPuYrm/Cd
WrnXrq6aKlh68qplNn8II5LsPYLlV5yo/L4IE0XUNtG/DjizOgx3+3TCp8CWzTVE
ckfhKMDOGnuTCO89EfCrBhaLL4lxgAEV5/N9gHgQepJL
-----END CERTIFICATE-----