Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/731b4c-8ca8-497b-8a2b-43c1c61d02eb/1/T4VFYHWDnIJyu5UUxJvthYEusWk.roa
File:                     T4VFYHWDnIJyu5UUxJvthYEusWk.roa (raw, json)
Hash identifier:          kwmMzEXIuZMIfesuUJ9hyQG+lfyZs2DkQgQknFLJAWs=
Subject key identifier:   4F:85:45:60:75:83:9C:82:72:BB:95:14:C4:9B:ED:85:81:2E:B1:69
Certificate issuer:       /CN=50da588f5e9a1c2af56be08f7e6a2c9981ab6026
Certificate serial:       018CC2DAF87057605C9A5A80A8F246EB4417
Authority key identifier: 50:DA:58:8F:5E:9A:1C:2A:F5:6B:E0:8F:7E:6A:2C:99:81:AB:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UNpYj16aHCr1a-CPfmosmYGrYCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/731b4c-8ca8-497b-8a2b-43c1c61d02eb/1/T4VFYHWDnIJyu5UUxJvthYEusWk.roa
Signing time:             Mon 01 Jan 2024 02:29:39 +0000
ROA not before:           Mon 01 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        193.178.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/731b4c-8ca8-497b-8a2b-43c1c61d02eb/1/UNpYj16aHCr1a-CPfmosmYGrYCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/731b4c-8ca8-497b-8a2b-43c1c61d02eb/1/UNpYj16aHCr1a-CPfmosmYGrYCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UNpYj16aHCr1a-CPfmosmYGrYCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f8:70:57:60:5c:9a:5a:80:a8:f2:46:eb:44:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50da588f5e9a1c2af56be08f7e6a2c9981ab6026
        Validity
            Not Before: Jan  1 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f85456075839c8272bb9514c49bed85812eb169
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:05:e5:61:9b:ca:f6:b7:01:d2:63:d8:83:5f:
                    1b:9b:64:98:fd:9b:5f:ab:c3:a4:2e:e2:5c:13:99:
                    99:67:39:71:8a:15:c4:a4:27:36:da:46:eb:bf:7a:
                    cb:5f:0f:ef:c1:1c:e7:0b:33:4c:90:7c:e4:10:de:
                    1b:20:2c:6b:9d:11:cc:26:69:2b:b6:11:2d:fc:17:
                    8a:75:af:4b:ad:42:6f:3f:e9:85:94:9b:13:4e:71:
                    11:d3:59:73:0d:30:b4:96:81:56:0e:5a:ef:4e:0c:
                    09:ea:e8:8e:ef:6c:4e:fa:ab:ce:4a:f6:7b:a1:31:
                    2a:e4:4b:08:f9:b1:d1:ac:0a:9e:fc:64:33:7d:a4:
                    58:02:28:75:fd:7a:43:c0:89:de:bd:67:d8:6b:26:
                    1c:ed:87:41:4a:31:f3:be:e6:84:10:7c:57:dc:c0:
                    46:ab:14:1e:48:61:70:6c:4a:84:8b:97:34:9e:4d:
                    0b:26:75:7a:8a:2e:43:0d:98:c8:de:78:17:8a:3a:
                    8b:17:6f:44:87:f8:86:76:e8:8e:04:ff:9b:86:b6:
                    b8:7d:b5:ac:4d:f1:a2:12:5f:f5:53:68:0f:de:af:
                    90:b5:09:65:9e:b0:ac:6b:11:35:51:1a:34:45:1e:
                    4d:f9:d5:a3:67:f3:8c:fb:8d:d5:62:07:6c:0d:44:
                    1e:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:85:45:60:75:83:9C:82:72:BB:95:14:C4:9B:ED:85:81:2E:B1:69
            X509v3 Authority Key Identifier:
                keyid:50:DA:58:8F:5E:9A:1C:2A:F5:6B:E0:8F:7E:6A:2C:99:81:AB:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UNpYj16aHCr1a-CPfmosmYGrYCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/731b4c-8ca8-497b-8a2b-43c1c61d02eb/1/T4VFYHWDnIJyu5UUxJvthYEusWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/731b4c-8ca8-497b-8a2b-43c1c61d02eb/1/UNpYj16aHCr1a-CPfmosmYGrYCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:f0:d3:ae:ce:c4:55:51:9b:bd:d1:47:53:cc:ae:a5:29:d2:
         65:f7:bd:56:9d:67:df:56:b7:85:54:dd:e5:d9:9e:62:06:8a:
         7d:f1:89:38:e5:1a:45:bd:f5:e5:59:a6:bc:c0:f4:d6:99:00:
         d0:bc:c5:32:fa:aa:a2:96:47:a6:35:90:d8:fa:e0:57:d2:e3:
         e6:82:37:ce:5f:c1:f5:8e:8e:74:bf:0c:de:86:2b:49:63:14:
         af:2d:d7:0c:3b:5b:e0:26:1d:9e:b5:22:1c:df:a3:42:40:4b:
         68:a5:a2:f8:3b:72:51:cc:29:9c:4c:ba:6a:29:c7:a1:18:0b:
         c2:15:73:35:94:55:e5:41:9a:a0:30:62:5a:92:eb:2f:14:34:
         b7:2c:5a:cd:32:48:54:52:b5:d0:75:d6:f4:bd:40:8c:90:b5:
         51:a2:69:37:02:b7:f4:d1:a2:ac:6a:61:2e:f5:64:3d:96:a4:
         3a:31:ac:7a:69:08:59:ea:45:c7:be:3c:5d:bb:2b:51:fa:96:
         3d:af:26:92:94:89:00:33:82:bd:a9:3b:e2:25:71:91:57:e7:
         f1:55:ac:ad:e9:73:70:e9:1a:18:20:4c:fa:98:a1:58:4f:87:
         aa:87:88:5b:f6:d6:3f:1d:b2:18:fc:0d:1b:54:15:3e:e8:6d:
         20:53:bc:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2vhwV2BcmlqAqPJG60QXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwZGE1ODhmNWU5YTFjMmFmNTZiZTA4ZjdlNmEyYzk5ODFh
YjYwMjYwHhcNMjQwMTAxMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Zjg1NDU2MDc1ODM5YzgyNzJiYjk1MTRjNDliZWQ4NTgxMmViMTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwXlYZvK9rcB0mPYg18bm2SY/Ztf
q8OkLuJcE5mZZzlxihXEpCc22kbrv3rLXw/vwRznCzNMkHzkEN4bICxrnRHMJmkr
thEt/BeKda9LrUJvP+mFlJsTTnER01lzDTC0loFWDlrvTgwJ6uiO72xO+qvOSvZ7
oTEq5EsI+bHRrAqe/GQzfaRYAih1/XpDwInevWfYayYc7YdBSjHzvuaEEHxX3MBG
qxQeSGFwbEqEi5c0nk0LJnV6ii5DDZjI3ngXijqLF29Eh/iGduiOBP+bhra4fbWs
TfGiEl/1U2gP3q+QtQllnrCsaxE1URo0RR5N+dWjZ/OM+43VYgdsDUQeDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+FRWB1g5yCcruVFMSb7YWBLrFpMB8GA1UdIwQY
MBaAFFDaWI9emhwq9Wvgj35qLJmBq2AmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVU5wWWoxNmFIQ3IxYS1DUGZtb3NtWUdyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy83MzFiNGMtOGNhOC00OTdiLThhMmIt
NDNjMWM2MWQwMmViLzEvVDRWRllIV0RuSUp5dTVVVXhKdnRoWUV1c1drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy83MzFiNGMtOGNhOC00OTdiLThhMmItNDNjMWM2MWQwMmVi
LzEvVU5wWWoxNmFIQ3IxYS1DUGZtb3NtWUdyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbKmMA0G
CSqGSIb3DQEBCwUAA4IBAQBI8NOuzsRVUZu90UdTzK6lKdJl971WnWffVreFVN3l
2Z5iBop98Yk45RpFvfXlWaa8wPTWmQDQvMUy+qqilkemNZDY+uBX0uPmgjfOX8H1
jo50vwzehitJYxSvLdcMO1vgJh2etSIc36NCQEtopaL4O3JRzCmcTLpqKcehGAvC
FXM1lFXlQZqgMGJakusvFDS3LFrNMkhUUrXQddb0vUCMkLVRomk3Arf00aKsamEu
9WQ9lqQ6Max6aQhZ6kXHvjxduytR+pY9ryaSlIkAM4K9qTviJXGRV+fxVayt6XNw
6RoYIEz6mKFYT4eqh4hb9tY/HbIY/A0bVBU+6G0gU7w4
-----END CERTIFICATE-----