Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/QPizp8uOy9L8mBvr-yJoFigCL_g.roa
File:                     QPizp8uOy9L8mBvr-yJoFigCL_g.roa (raw, json)
Hash identifier:          bm0lqjxrUwzVI+b77IVitpXLuQMzm1qZqKRcjVosq6A=
Subject key identifier:   40:F8:B3:A7:CB:8E:CB:D2:FC:98:1B:EB:FB:22:68:16:28:02:2F:F8
Certificate issuer:       /CN=bf1d5feafd39174725bfe4bef91bd27c7b2f6f91
Certificate serial:       0192090FE1EC3E2913A2595AD9230E588324
Authority key identifier: BF:1D:5F:EA:FD:39:17:47:25:BF:E4:BE:F9:1B:D2:7C:7B:2F:6F:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/QPizp8uOy9L8mBvr-yJoFigCL_g.roa
Signing time:             Thu 19 Sep 2024 06:54:48 +0000
ROA not before:           Thu 19 Sep 2024 06:54:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     273196
IP address blocks:        193.31.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:09:0f:e1:ec:3e:29:13:a2:59:5a:d9:23:0e:58:83:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf1d5feafd39174725bfe4bef91bd27c7b2f6f91
        Validity
            Not Before: Sep 19 06:54:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40f8b3a7cb8ecbd2fc981bebfb22681628022ff8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4d:ba:1f:9c:93:e0:9a:f4:b7:cf:15:d6:e8:
                    d3:75:f9:f3:be:d9:19:19:e2:27:a1:36:bf:4c:cc:
                    43:ad:5d:f3:48:46:d5:c6:dd:2a:e9:4c:d6:9a:8d:
                    de:3e:2b:ed:6e:cf:b6:40:a9:ab:15:db:c5:ca:79:
                    42:99:cc:a8:87:26:4b:7b:6a:c6:a3:6d:07:f5:b6:
                    9c:9d:8e:c9:9c:f2:aa:c3:68:3e:c2:c6:7f:1c:eb:
                    24:c8:c9:35:35:45:9a:f0:68:0b:d0:5e:ee:e9:c6:
                    0b:4b:1e:96:3a:45:be:91:04:f5:6a:17:50:7a:35:
                    53:b1:b0:0c:58:88:f1:17:7a:71:a5:09:14:7b:0e:
                    96:93:06:49:cc:06:53:4d:6d:07:74:63:9b:37:7d:
                    ce:31:f8:85:ac:39:b5:26:c2:1f:a2:76:b5:ab:71:
                    99:6a:17:f3:40:79:ce:29:c0:89:76:68:92:5a:0b:
                    e7:32:0a:16:0a:c5:c6:3e:bd:a1:b2:e0:b8:8f:2e:
                    29:b7:2e:f1:68:6e:f2:50:a3:90:d5:ef:91:95:a6:
                    67:c4:15:8a:b8:4f:1c:6c:b3:9a:26:8a:23:9f:97:
                    b9:a3:1b:82:6c:ba:2c:c4:be:52:f6:14:99:82:1a:
                    1d:8e:93:21:e3:b3:ca:6c:e7:4a:8c:ab:7b:8d:4b:
                    dc:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:F8:B3:A7:CB:8E:CB:D2:FC:98:1B:EB:FB:22:68:16:28:02:2F:F8
            X509v3 Authority Key Identifier:
                keyid:BF:1D:5F:EA:FD:39:17:47:25:BF:E4:BE:F9:1B:D2:7C:7B:2F:6F:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/QPizp8uOy9L8mBvr-yJoFigCL_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:7d:14:06:37:67:de:1a:99:28:f1:1e:bd:48:36:27:94:e8:
         93:13:cb:15:00:29:21:0d:9d:1e:39:7c:e7:a3:63:8d:49:9c:
         56:94:04:07:b6:e2:04:80:84:38:dc:0e:54:d7:e3:a4:b2:59:
         5b:49:95:03:1a:4d:bb:97:1c:d4:65:28:5f:1c:c0:e5:86:a6:
         7f:c3:d8:95:63:ba:5d:a8:8d:a0:6a:7a:07:9d:af:71:26:eb:
         af:94:c3:2f:7e:09:eb:3b:c5:90:b0:aa:86:a2:2b:09:e7:ce:
         ce:9d:af:4c:c2:05:f2:4c:57:c3:1a:c3:9c:cb:8d:c8:43:bc:
         b5:80:84:06:69:ea:0f:62:da:33:1f:3f:b5:00:71:fc:f7:3d:
         0d:b7:85:f7:df:3d:33:e4:a2:79:31:55:84:8b:2b:57:7e:d3:
         d2:76:69:b8:77:4a:0e:75:9c:96:3f:26:96:21:69:b4:b5:72:
         df:42:5b:91:2b:39:d4:9b:1a:97:cc:72:e5:97:54:97:34:d3:
         ed:57:90:6c:a7:30:12:54:f0:03:63:45:c1:83:44:09:69:34:
         26:d8:e6:ab:ed:47:1e:03:0c:a0:d4:69:88:ee:e7:ef:67:39:
         ed:a8:59:f2:76:ab:c3:24:3c:f3:22:93:e6:1e:63:a7:01:4d:
         35:97:cb:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIJD+HsPikTolla2SMOWIMkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMWQ1ZmVhZmQzOTE3NDcyNWJmZTRiZWY5MWJkMjdjN2Iy
ZjZmOTEwHhcNMjQwOTE5MDY1NDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGY4YjNhN2NiOGVjYmQyZmM5ODFiZWJmYjIyNjgxNjI4MDIyZmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnk26H5yT4Jr0t88V1ujTdfnzvtkZ
GeInoTa/TMxDrV3zSEbVxt0q6UzWmo3ePivtbs+2QKmrFdvFynlCmcyohyZLe2rG
o20H9bacnY7JnPKqw2g+wsZ/HOskyMk1NUWa8GgL0F7u6cYLSx6WOkW+kQT1ahdQ
ejVTsbAMWIjxF3pxpQkUew6WkwZJzAZTTW0HdGObN33OMfiFrDm1JsIfona1q3GZ
ahfzQHnOKcCJdmiSWgvnMgoWCsXGPr2hsuC4jy4pty7xaG7yUKOQ1e+RlaZnxBWK
uE8cbLOaJoojn5e5oxuCbLosxL5S9hSZghodjpMh47PKbOdKjKt7jUvcrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFED4s6fLjsvS/Jgb6/siaBYoAi/4MB8GA1UdIwQY
MBaAFL8dX+r9ORdHJb/kvvkb0nx7L2+RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdngxZjZ2MDVGMGNsdi1TLS1SdlNmSHN2YjVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82MDY1ZDItMTAzZS00YWI3LWJmYjMt
MWE4Yzg0MmFmZTJhLzEvUVBpenA4dU95OUw4bUJ2ci15Sm9GaWdDTF9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82MDY1ZDItMTAzZS00YWI3LWJmYjMtMWE4Yzg0MmFmZTJh
LzEvdngxZjZ2MDVGMGNsdi1TLS1SdlNmSHN2YjVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR88MA0G
CSqGSIb3DQEBCwUAA4IBAQCEfRQGN2feGpko8R69SDYnlOiTE8sVACkhDZ0eOXzn
o2ONSZxWlAQHtuIEgIQ43A5U1+OksllbSZUDGk27lxzUZShfHMDlhqZ/w9iVY7pd
qI2ganoHna9xJuuvlMMvfgnrO8WQsKqGoisJ587Ona9MwgXyTFfDGsOcy43IQ7y1
gIQGaeoPYtozHz+1AHH89z0Nt4X33z0z5KJ5MVWEiytXftPSdmm4d0oOdZyWPyaW
IWm0tXLfQluRKznUmxqXzHLll1SXNNPtV5BspzASVPADY0XBg0QJaTQm2Oar7Uce
Awyg1GmI7ufvZzntqFnydqvDJDzzIpPmHmOnAU01l8uZ
-----END CERTIFICATE-----