Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/gpNvtjPtrvf3aZt3uFqWzr1IRcE.roa
File:                     gpNvtjPtrvf3aZt3uFqWzr1IRcE.roa (raw, json)
Hash identifier:          Bl1Z0T32RluorV5nyKeba/yLlNK1mvuJ9DJwXLe0w9Y=
Subject key identifier:   82:93:6F:B6:33:ED:AE:F7:F7:69:9B:77:B8:5A:96:CE:BD:48:45:C1
Certificate issuer:       /CN=bf1d5feafd39174725bfe4bef91bd27c7b2f6f91
Certificate serial:       018CC34930F432016DEF5CDAE1EF24BB3203
Authority key identifier: BF:1D:5F:EA:FD:39:17:47:25:BF:E4:BE:F9:1B:D2:7C:7B:2F:6F:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/gpNvtjPtrvf3aZt3uFqWzr1IRcE.roa
Signing time:             Mon 01 Jan 2024 04:30:02 +0000
ROA not before:           Mon 01 Jan 2024 04:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209605
IP address blocks:        193.31.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:30:f4:32:01:6d:ef:5c:da:e1:ef:24:bb:32:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf1d5feafd39174725bfe4bef91bd27c7b2f6f91
        Validity
            Not Before: Jan  1 04:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82936fb633edaef7f7699b77b85a96cebd4845c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:98:a1:55:2e:f4:d5:69:6c:22:6f:f2:b9:a7:
                    85:36:33:2a:88:ac:67:e1:db:8f:ed:37:43:d6:92:
                    5c:c5:84:c6:09:26:75:fe:3a:32:83:92:7e:ce:dc:
                    67:e4:05:54:7e:69:bb:f0:13:5f:61:f9:c0:c7:40:
                    b2:41:6c:f1:5c:f5:49:89:c0:21:5b:40:2c:fd:2d:
                    90:f6:36:02:48:b0:bb:eb:b1:a6:10:c3:80:f7:0c:
                    cb:9b:51:c9:35:6b:66:72:c8:18:65:86:47:84:72:
                    82:5b:43:4d:cd:5c:f5:e2:a0:ec:5a:58:c9:5f:fc:
                    3a:f1:71:36:f4:b7:4b:03:f5:c1:8e:e0:b3:bf:82:
                    c0:0a:65:f6:50:4d:c0:e0:0c:88:65:9f:b3:42:ce:
                    a9:74:0e:0a:80:8c:66:d4:da:ee:13:46:95:1f:b6:
                    fd:e4:f7:c4:15:58:4a:d9:58:5d:44:cc:87:09:36:
                    9d:07:37:0c:3f:6c:61:da:45:f0:63:ed:54:a4:5b:
                    a9:12:b0:26:38:44:0d:b1:f5:26:71:b3:df:60:bd:
                    3e:86:58:37:35:c4:5e:20:1a:89:eb:a9:7f:69:85:
                    51:f0:48:04:26:e0:16:cc:76:e2:a6:24:ad:ad:aa:
                    7a:1c:03:0e:c1:3f:40:3d:c8:6c:13:20:42:d9:a2:
                    93:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:93:6F:B6:33:ED:AE:F7:F7:69:9B:77:B8:5A:96:CE:BD:48:45:C1
            X509v3 Authority Key Identifier:
                keyid:BF:1D:5F:EA:FD:39:17:47:25:BF:E4:BE:F9:1B:D2:7C:7B:2F:6F:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vx1f6v05F0clv-S--RvSfHsvb5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/gpNvtjPtrvf3aZt3uFqWzr1IRcE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6065d2-103e-4ab7-bfb3-1a8c842afe2a/1/vx1f6v05F0clv-S--RvSfHsvb5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:19:27:cf:3c:f6:db:f1:1b:b7:d4:4e:39:9d:96:c5:d0:9f:
         44:01:6b:94:72:26:4b:89:7a:73:3a:70:e5:97:e3:f6:43:41:
         c9:d5:e4:e8:3d:3b:30:83:1a:b1:8e:37:42:b1:22:f6:11:2e:
         8a:f2:d8:95:71:3e:85:ec:e3:34:43:89:9e:ea:e5:21:dc:e2:
         14:56:3d:93:4e:6d:6a:ac:d6:ea:28:12:91:75:c5:2f:37:cd:
         85:d7:51:87:8a:cd:e5:76:bd:96:c4:9c:98:c8:80:6d:8d:66:
         a9:11:9e:98:c9:c9:d7:38:8c:45:4b:05:be:ab:46:0d:59:e2:
         1f:2b:4c:e7:e7:2e:00:a0:ae:a9:90:02:bd:fd:ee:28:52:7d:
         1c:4e:8b:c1:38:65:c0:2b:30:e9:0f:19:14:1e:1a:78:cc:ef:
         b5:58:7e:f3:42:25:73:67:33:20:dc:de:42:c4:4c:09:2e:b0:
         ac:49:3c:31:ff:d2:a2:13:7b:af:7d:d0:ff:3e:70:f1:6f:c5:
         12:f9:2c:34:4a:cd:3f:75:b9:e0:c8:e1:7d:00:bd:62:c3:27:
         90:c1:48:6b:32:63:31:43:61:b5:f8:3e:8f:b5:a1:2f:99:99:
         6d:f7:98:00:a2:ff:b9:e3:80:8f:63:74:f7:80:07:b4:86:c5:
         65:03:0f:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSTD0MgFt71za4e8kuzIDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMWQ1ZmVhZmQzOTE3NDcyNWJmZTRiZWY5MWJkMjdjN2Iy
ZjZmOTEwHhcNMjQwMTAxMDQzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjkzNmZiNjMzZWRhZWY3Zjc2OTliNzdiODVhOTZjZWJkNDg0NWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZihVS701WlsIm/yuaeFNjMqiKxn
4duP7TdD1pJcxYTGCSZ1/joyg5J+ztxn5AVUfmm78BNfYfnAx0CyQWzxXPVJicAh
W0As/S2Q9jYCSLC767GmEMOA9wzLm1HJNWtmcsgYZYZHhHKCW0NNzVz14qDsWljJ
X/w68XE29LdLA/XBjuCzv4LACmX2UE3A4AyIZZ+zQs6pdA4KgIxm1NruE0aVH7b9
5PfEFVhK2VhdRMyHCTadBzcMP2xh2kXwY+1UpFupErAmOEQNsfUmcbPfYL0+hlg3
NcReIBqJ66l/aYVR8EgEJuAWzHbipiStrap6HAMOwT9APchsEyBC2aKTTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIKTb7Yz7a7392mbd7hals69SEXBMB8GA1UdIwQY
MBaAFL8dX+r9ORdHJb/kvvkb0nx7L2+RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdngxZjZ2MDVGMGNsdi1TLS1SdlNmSHN2YjVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82MDY1ZDItMTAzZS00YWI3LWJmYjMt
MWE4Yzg0MmFmZTJhLzEvZ3BOdnRqUHRydmYzYVp0M3VGcVd6cjFJUmNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82MDY1ZDItMTAzZS00YWI3LWJmYjMtMWE4Yzg0MmFmZTJh
LzEvdngxZjZ2MDVGMGNsdi1TLS1SdlNmSHN2YjVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR8GMA0G
CSqGSIb3DQEBCwUAA4IBAQAUGSfPPPbb8Ru31E45nZbF0J9EAWuUciZLiXpzOnDl
l+P2Q0HJ1eToPTswgxqxjjdCsSL2ES6K8tiVcT6F7OM0Q4me6uUh3OIUVj2TTm1q
rNbqKBKRdcUvN82F11GHis3ldr2WxJyYyIBtjWapEZ6YycnXOIxFSwW+q0YNWeIf
K0zn5y4AoK6pkAK9/e4oUn0cTovBOGXAKzDpDxkUHhp4zO+1WH7zQiVzZzMg3N5C
xEwJLrCsSTwx/9KiE3uvfdD/PnDxb8US+Sw0Ss0/dbngyOF9AL1iwyeQwUhrMmMx
Q2G1+D6PtaEvmZlt95gAov+544CPY3T3gAe0hsVlAw97
-----END CERTIFICATE-----