Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/v1wUByvonLpoDOvy8ojkUeSF-_A.roa
File:                     v1wUByvonLpoDOvy8ojkUeSF-_A.roa (raw, json)
Hash identifier:          TCqcomIij60cvYHN0cIoXkVG9+84mJR4a9JXMm+TyHg=
Subject key identifier:   BF:5C:14:07:2B:E8:9C:BA:68:0C:EB:F2:F2:88:E4:51:E4:85:FB:F0
Certificate issuer:       /CN=3bfa6636fe6440acf293b75705a7a1dcada8420b
Certificate serial:       018CC870956F543C8BFFB27DF4C30646F62C
Authority key identifier: 3B:FA:66:36:FE:64:40:AC:F2:93:B7:57:05:A7:A1:DC:AD:A8:42:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O_pmNv5kQKzyk7dXBaeh3K2oQgs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/v1wUByvonLpoDOvy8ojkUeSF-_A.roa
Signing time:             Tue 02 Jan 2024 04:31:10 +0000
ROA not before:           Tue 02 Jan 2024 04:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199308
IP address blocks:        80.245.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/O_pmNv5kQKzyk7dXBaeh3K2oQgs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/O_pmNv5kQKzyk7dXBaeh3K2oQgs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O_pmNv5kQKzyk7dXBaeh3K2oQgs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:95:6f:54:3c:8b:ff:b2:7d:f4:c3:06:46:f6:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bfa6636fe6440acf293b75705a7a1dcada8420b
        Validity
            Not Before: Jan  2 04:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf5c14072be89cba680cebf2f288e451e485fbf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:9b:20:74:4e:3e:19:14:01:6f:07:06:21:ea:
                    7c:c0:af:0b:80:63:69:a9:6e:58:29:ea:38:e7:51:
                    72:9c:df:82:2e:b4:e5:07:d2:37:46:5e:16:0f:b9:
                    6a:b8:f6:be:27:25:a9:2b:1b:f1:3b:0c:a0:21:b2:
                    a6:d8:86:37:c5:64:f8:f6:1f:53:21:27:7d:d0:6d:
                    db:f4:c7:56:9e:b0:f0:95:00:25:9f:df:6a:70:14:
                    88:65:b3:f0:09:16:21:a7:9b:ab:22:3a:f5:03:bc:
                    82:fc:51:17:86:36:22:7b:fd:32:62:53:25:8b:1e:
                    4a:d5:00:a9:14:4e:44:77:2a:34:5e:99:c0:1f:89:
                    24:b8:37:e6:44:36:1d:a5:fa:ae:fc:de:78:59:ac:
                    00:2b:4d:13:ad:87:a3:d9:31:14:14:8b:d7:36:29:
                    d6:6d:97:32:13:bf:38:4b:12:1f:d6:1a:93:a3:f1:
                    46:97:ef:0d:58:56:66:15:93:6f:83:b1:d5:b0:87:
                    e5:fd:8c:c4:da:f8:e0:97:b0:65:c2:75:9d:7a:e4:
                    95:cd:ab:08:10:4c:57:d3:50:d0:e6:6a:72:ac:e8:
                    c3:13:a5:a5:b4:19:8f:10:68:ef:28:b7:68:21:1f:
                    11:9f:6b:3a:fc:17:f3:fe:a5:8c:52:a1:7e:76:38:
                    ce:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:5C:14:07:2B:E8:9C:BA:68:0C:EB:F2:F2:88:E4:51:E4:85:FB:F0
            X509v3 Authority Key Identifier:
                keyid:3B:FA:66:36:FE:64:40:AC:F2:93:B7:57:05:A7:A1:DC:AD:A8:42:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O_pmNv5kQKzyk7dXBaeh3K2oQgs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/v1wUByvonLpoDOvy8ojkUeSF-_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/O_pmNv5kQKzyk7dXBaeh3K2oQgs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.245.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:2c:8c:03:0b:b0:91:9f:11:00:09:e3:2c:9f:46:80:96:ad:
         20:b7:94:c6:50:6f:25:df:d6:63:6c:ab:22:cf:e3:c2:91:7b:
         7b:3c:58:80:68:54:38:4e:0e:a7:a4:aa:1d:8a:aa:95:aa:4b:
         91:3e:30:5c:fe:de:7f:25:e4:9b:1c:cb:e4:61:de:63:6b:ee:
         6c:75:9f:c2:87:ad:0b:19:5e:8b:a7:10:bf:a9:b2:e9:8e:0a:
         ac:62:55:f8:f7:77:a4:73:28:63:af:43:49:36:aa:ea:4f:79:
         bc:10:66:da:3c:16:59:ed:b8:0c:3f:b6:90:fc:5b:d2:51:4c:
         9e:e6:3a:12:b8:85:34:f5:30:61:90:c3:c0:5a:43:5d:0d:1b:
         6b:6c:04:fe:cc:00:8f:f3:e2:a2:0b:d2:3c:23:c9:47:35:72:
         1e:6a:9e:13:6d:f1:8b:9d:17:67:b6:20:51:b4:f5:ff:3f:ba:
         db:13:4b:7f:6e:ae:9f:cb:ff:d0:7d:8d:e6:d6:4c:e8:dd:a3:
         63:03:29:46:69:74:05:0c:84:da:7e:9c:32:f6:d2:ef:a7:61:
         0b:29:95:32:16:d9:15:3c:40:e8:88:08:ba:95:54:34:2a:ee:
         84:e8:6e:07:de:f7:77:cd:9a:7f:b7:b6:f5:b6:e2:1f:89:eb:
         68:c8:1a:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcJVvVDyL/7J99MMGRvYsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZmE2NjM2ZmU2NDQwYWNmMjkzYjc1NzA1YTdhMWRjYWRh
ODQyMGIwHhcNMjQwMTAyMDQzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjVjMTQwNzJiZTg5Y2JhNjgwY2ViZjJmMjg4ZTQ1MWU0ODVmYmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJsgdE4+GRQBbwcGIep8wK8LgGNp
qW5YKeo451FynN+CLrTlB9I3Rl4WD7lquPa+JyWpKxvxOwygIbKm2IY3xWT49h9T
ISd90G3b9MdWnrDwlQAln99qcBSIZbPwCRYhp5urIjr1A7yC/FEXhjYie/0yYlMl
ix5K1QCpFE5Edyo0XpnAH4kkuDfmRDYdpfqu/N54WawAK00TrYej2TEUFIvXNinW
bZcyE784SxIf1hqTo/FGl+8NWFZmFZNvg7HVsIfl/YzE2vjgl7BlwnWdeuSVzasI
EExX01DQ5mpyrOjDE6WltBmPEGjvKLdoIR8Rn2s6/Bfz/qWMUqF+djjODwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9cFAcr6Jy6aAzr8vKI5FHkhfvwMB8GA1UdIwQY
MBaAFDv6Zjb+ZECs8pO3VwWnodytqEILMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT19wbU52NWtRS3p5azdkWEJhZWgzSzJvUWdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9hNDdjZGYtZDIxYi00ZjFkLTg5MDEt
OTJlYzUxNWM1OTVhLzEvdjF3VUJ5dm9uTHBvRE92eThvamtVZVNGLV9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9hNDdjZGYtZDIxYi00ZjFkLTg5MDEtOTJlYzUxNWM1OTVh
LzEvT19wbU52NWtRS3p5azdkWEJhZWgzSzJvUWdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPVdMA0G
CSqGSIb3DQEBCwUAA4IBAQCqLIwDC7CRnxEACeMsn0aAlq0gt5TGUG8l39ZjbKsi
z+PCkXt7PFiAaFQ4Tg6npKodiqqVqkuRPjBc/t5/JeSbHMvkYd5ja+5sdZ/Ch60L
GV6LpxC/qbLpjgqsYlX493ekcyhjr0NJNqrqT3m8EGbaPBZZ7bgMP7aQ/FvSUUye
5joSuIU09TBhkMPAWkNdDRtrbAT+zACP8+KiC9I8I8lHNXIeap4TbfGLnRdntiBR
tPX/P7rbE0t/bq6fy//QfY3m1kzo3aNjAylGaXQFDITafpwy9tLvp2ELKZUyFtkV
PEDoiAi6lVQ0Ku6E6G4H3vd3zZp/t7b1tuIfietoyBru
-----END CERTIFICATE-----