Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/50d4d2-cb94-40f5-9bce-90dde85d8fa7/1/hdTErgku64x8iidPrqTyoGNfIaE.roa
File:                     hdTErgku64x8iidPrqTyoGNfIaE.roa (raw, json)
Hash identifier:          F83KS3HQ4B5++ZIp+iQWPrl9ofMRqa5Hq55AWMS4rjw=
Subject key identifier:   85:D4:C4:AE:09:2E:EB:8C:7C:8A:27:4F:AE:A4:F2:A0:63:5F:21:A1
Certificate issuer:       /CN=d15646a3c9acb6a4b201bb6326a9f0074224f387
Certificate serial:       018CC94BEABFC08CB811F2BF0D3EDE2C4725
Authority key identifier: D1:56:46:A3:C9:AC:B6:A4:B2:01:BB:63:26:A9:F0:07:42:24:F3:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0VZGo8mstqSyAbtjJqnwB0Ik84c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/50d4d2-cb94-40f5-9bce-90dde85d8fa7/1/hdTErgku64x8iidPrqTyoGNfIaE.roa
Signing time:             Tue 02 Jan 2024 08:30:44 +0000
ROA not before:           Tue 02 Jan 2024 08:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198236
IP address blocks:        92.243.69.0/24 maxlen: 24
                          2a10:f6c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/50d4d2-cb94-40f5-9bce-90dde85d8fa7/1/0VZGo8mstqSyAbtjJqnwB0Ik84c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/50d4d2-cb94-40f5-9bce-90dde85d8fa7/1/0VZGo8mstqSyAbtjJqnwB0Ik84c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0VZGo8mstqSyAbtjJqnwB0Ik84c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:ea:bf:c0:8c:b8:11:f2:bf:0d:3e:de:2c:47:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d15646a3c9acb6a4b201bb6326a9f0074224f387
        Validity
            Not Before: Jan  2 08:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85d4c4ae092eeb8c7c8a274faea4f2a0635f21a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:7a:17:11:8b:d1:d3:6f:de:36:c9:95:55:e3:
                    e5:07:8d:0e:e4:d2:99:cf:9e:a5:ca:dc:5a:ea:08:
                    ce:5f:6a:94:6a:0c:c3:3c:9c:6e:af:82:7c:c9:47:
                    ef:ba:6b:1b:33:41:12:25:9c:07:28:61:7e:c0:f4:
                    12:a3:20:71:ef:4a:41:89:2f:59:b4:48:c2:55:d9:
                    2b:99:52:a3:48:e7:24:79:5e:9e:c4:ea:ce:04:d1:
                    1f:f1:0d:d6:04:4d:66:28:3a:ac:ad:f0:c4:8c:bd:
                    35:43:06:50:17:5d:6a:5e:de:11:5b:4f:da:1e:2d:
                    45:4e:7c:f6:5f:6c:60:9d:41:f1:b0:f2:cc:b9:a0:
                    a9:44:7c:e6:74:26:7e:2f:fc:07:18:3c:d0:a0:43:
                    ce:69:28:5a:78:b9:98:20:3f:4b:a5:01:4d:d6:be:
                    fd:62:76:f3:60:79:bf:1a:73:0a:87:26:85:73:a6:
                    38:46:fb:fb:bd:df:9a:00:85:3e:be:8d:2c:ee:ea:
                    1a:fc:ba:48:e1:dc:d3:78:0b:08:a8:86:39:1c:d5:
                    fb:b4:a4:9d:e3:79:02:53:11:f5:27:c5:b1:b6:3f:
                    1f:64:2b:2e:5b:ec:a3:17:9a:72:79:bb:43:95:d4:
                    92:c8:1b:80:f0:07:0f:f5:63:3f:c1:31:57:01:2f:
                    f9:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:D4:C4:AE:09:2E:EB:8C:7C:8A:27:4F:AE:A4:F2:A0:63:5F:21:A1
            X509v3 Authority Key Identifier:
                keyid:D1:56:46:A3:C9:AC:B6:A4:B2:01:BB:63:26:A9:F0:07:42:24:F3:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0VZGo8mstqSyAbtjJqnwB0Ik84c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/50d4d2-cb94-40f5-9bce-90dde85d8fa7/1/hdTErgku64x8iidPrqTyoGNfIaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/50d4d2-cb94-40f5-9bce-90dde85d8fa7/1/0VZGo8mstqSyAbtjJqnwB0Ik84c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.243.69.0/24
                IPv6:
                  2a10:f6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:1d:68:75:a8:7a:c3:19:90:d6:7b:e4:17:09:0a:01:4d:ce:
         93:de:2b:71:6c:34:60:6b:35:47:09:1a:29:5b:91:4d:ce:f6:
         41:3a:94:cc:92:18:72:8b:3e:18:7d:92:bd:7a:49:08:66:11:
         af:7a:43:db:7e:eb:87:8f:f2:5d:27:b1:79:fd:aa:63:fd:52:
         1a:e4:60:1e:d2:4a:49:ee:c9:64:70:66:7b:9a:a9:c9:6e:62:
         f1:82:bf:0a:6e:cb:c1:8d:04:24:c2:5d:51:22:40:9f:03:a9:
         e2:20:33:b4:96:6e:25:36:19:96:f8:44:1e:69:56:48:39:da:
         f5:94:d6:6a:f3:f1:55:68:fe:5c:b4:74:c0:f7:e5:ef:60:02:
         1e:f3:85:89:d9:a0:0d:cb:d9:03:54:f1:8a:69:d6:59:5d:55:
         c3:b5:3d:44:a8:2b:55:4c:86:07:6f:b4:c9:ff:4e:44:8f:d8:
         84:94:5b:99:e6:a6:6f:91:7b:95:33:88:d1:36:75:c6:c6:e9:
         b9:af:b3:e3:af:6e:5b:86:1c:1b:c3:89:4b:a7:3b:c0:22:e2:
         17:55:39:9a:04:7f:d3:ea:7a:75:9f:42:28:9a:04:5c:dc:fb:
         20:e8:a4:59:9b:09:9e:80:2c:97:9f:3c:0a:84:21:c8:ef:00:
         8f:ce:f8:e1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJS+q/wIy4EfK/DT7eLEclMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxNTY0NmEzYzlhY2I2YTRiMjAxYmI2MzI2YTlmMDA3NDIy
NGYzODcwHhcNMjQwMTAyMDgzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWQ0YzRhZTA5MmVlYjhjN2M4YTI3NGZhZWE0ZjJhMDYzNWYyMWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHoXEYvR02/eNsmVVePlB40O5NKZ
z56lytxa6gjOX2qUagzDPJxur4J8yUfvumsbM0ESJZwHKGF+wPQSoyBx70pBiS9Z
tEjCVdkrmVKjSOckeV6exOrOBNEf8Q3WBE1mKDqsrfDEjL01QwZQF11qXt4RW0/a
Hi1FTnz2X2xgnUHxsPLMuaCpRHzmdCZ+L/wHGDzQoEPOaShaeLmYID9LpQFN1r79
YnbzYHm/GnMKhyaFc6Y4Rvv7vd+aAIU+vo0s7uoa/LpI4dzTeAsIqIY5HNX7tKSd
43kCUxH1J8Wxtj8fZCsuW+yjF5pyebtDldSSyBuA8AcP9WM/wTFXAS/5nwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIXUxK4JLuuMfIonT66k8qBjXyGhMB8GA1UdIwQY
MBaAFNFWRqPJrLaksgG7Yyap8AdCJPOHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFZaR284bXN0cVN5QWJ0akpxbndCMElrODRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi81MGQ0ZDItY2I5NC00MGY1LTliY2Ut
OTBkZGU4NWQ4ZmE3LzEvaGRURXJna3U2NHg4aWlkUHJxVHlvR05mSWFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi81MGQ0ZDItY2I5NC00MGY1LTliY2UtOTBkZGU4NWQ4ZmE3
LzEvMFZaR284bXN0cVN5QWJ0akpxbndCMElrODRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAXPNFMA0E
AgACMAcDBQMqEPbAMA0GCSqGSIb3DQEBCwUAA4IBAQBlHWh1qHrDGZDWe+QXCQoB
Tc6T3itxbDRgazVHCRopW5FNzvZBOpTMkhhyiz4YfZK9ekkIZhGvekPbfuuHj/Jd
J7F5/apj/VIa5GAe0kpJ7slkcGZ7mqnJbmLxgr8KbsvBjQQkwl1RIkCfA6niIDO0
lm4lNhmW+EQeaVZIOdr1lNZq8/FVaP5ctHTA9+XvYAIe84WJ2aANy9kDVPGKadZZ
XVXDtT1EqCtVTIYHb7TJ/05Ej9iElFuZ5qZvkXuVM4jRNnXGxum5r7Pjr25bhhwb
w4lLpzvAIuIXVTmaBH/T6np1n0IomgRc3Psg6KRZmwmegCyXnzwKhCHI7wCPzvjh
-----END CERTIFICATE-----