Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/DgOGi1naL0dHCbonCc_nVi-xa4Y.roa
File:                     DgOGi1naL0dHCbonCc_nVi-xa4Y.roa (raw, json)
Hash identifier:          W9gwIyGidP0GC3YDeB4RByKNS/Wf6mpFZWwbTN82flM=
Subject key identifier:   0E:03:86:8B:59:DA:2F:47:47:09:BA:27:09:CF:E7:56:2F:B1:6B:86
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       0191802F09FF0F15C27C49D800ABD917C665
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/DgOGi1naL0dHCbonCc_nVi-xa4Y.roa
Signing time:             Fri 23 Aug 2024 17:00:51 +0000
ROA not before:           Fri 23 Aug 2024 17:00:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     945
IP address blocks:        192.200.192.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:80:2f:09:ff:0f:15:c2:7c:49:d8:00:ab:d9:17:c6:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Aug 23 17:00:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e03868b59da2f474709ba2709cfe7562fb16b86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:3e:56:63:2a:27:67:2b:7c:69:24:31:4e:a2:
                    39:f6:d2:bf:7c:6a:05:0c:4f:6f:c6:00:2e:81:1d:
                    d7:cf:fe:4a:07:4f:db:69:58:ee:50:e6:b3:8d:2c:
                    e2:07:d4:88:8d:a8:8d:29:ae:da:b0:7d:0c:16:25:
                    68:df:d6:54:69:f6:52:49:25:03:6a:14:2d:99:bc:
                    b3:ce:d7:eb:fe:61:1c:dc:77:ff:6e:38:eb:20:47:
                    e7:5a:d5:a2:bb:93:ec:21:d4:5a:ef:46:64:55:9f:
                    a8:03:99:8a:8f:b3:58:ae:42:c0:d5:f8:8b:ac:82:
                    11:ae:f3:00:76:6c:2d:10:75:c8:fd:6c:cc:06:f7:
                    98:09:37:83:62:c7:bd:20:18:09:9e:b0:44:4c:af:
                    e9:33:49:cb:be:49:92:31:65:29:08:88:1c:1b:4f:
                    69:c5:3c:20:e4:5b:67:17:46:98:1d:76:08:f3:8e:
                    c5:ca:e8:63:65:3b:03:f6:a3:c1:db:34:f3:0b:d0:
                    11:c0:1b:a0:f2:68:e7:a1:56:5d:5d:48:81:01:0f:
                    4e:dd:6b:a3:0c:1f:0c:a6:3c:a4:1c:99:b2:2e:54:
                    cb:37:45:fb:7f:03:9c:58:1c:30:e4:6d:df:fe:25:
                    bf:f6:a6:89:61:9d:15:0e:55:2b:3a:ea:53:55:7f:
                    8d:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:03:86:8B:59:DA:2F:47:47:09:BA:27:09:CF:E7:56:2F:B1:6B:86
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/DgOGi1naL0dHCbonCc_nVi-xa4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.200.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         73:3a:61:22:08:4e:8e:be:76:a1:01:ea:40:83:d6:3c:3d:9f:
         60:2c:56:97:07:a9:08:83:b4:e7:02:fa:ec:95:ce:7d:cb:52:
         68:b3:0e:cb:c3:6e:3f:24:9a:75:2f:08:88:7f:28:f9:30:c6:
         c9:18:79:61:7f:e8:02:89:3a:0f:d2:b7:01:6d:92:0d:68:50:
         fd:fd:06:00:a0:ba:0a:82:7a:0f:e7:e1:1f:26:3a:1c:96:14:
         e9:75:3f:60:d8:9b:24:b9:38:4e:27:07:a6:4b:ab:b5:ae:f6:
         6a:22:67:b0:1c:a0:74:38:b5:11:98:06:1b:26:44:ed:f0:09:
         85:63:53:5e:2b:ab:49:c4:67:96:6e:e2:9b:00:74:e3:8f:6c:
         e0:80:f4:9b:29:50:7b:b0:1b:09:61:9b:f8:94:53:30:73:68:
         79:dc:dc:d5:15:6b:e4:ca:47:5c:32:72:1a:2e:a1:16:98:12:
         b7:de:12:92:53:9d:14:79:60:94:af:58:f3:31:92:b1:9c:2d:
         42:85:a9:a3:c6:3d:f5:94:6c:14:c0:91:4e:f5:98:47:39:fa:
         94:92:8c:3e:88:16:10:98:5d:93:d6:9a:58:6e:ef:36:81:48:
         33:8b:ac:f9:0a:3a:1b:7e:9c:da:ae:03:d1:d1:52:ec:a2:e1:
         0c:c9:da:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGALwn/DxXCfEnYAKvZF8ZlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjQwODIzMTcwMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTAzODY4YjU5ZGEyZjQ3NDcwOWJhMjcwOWNmZTc1NjJmYjE2Yjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqD5WYyonZyt8aSQxTqI59tK/fGoF
DE9vxgAugR3Xz/5KB0/baVjuUOazjSziB9SIjaiNKa7asH0MFiVo39ZUafZSSSUD
ahQtmbyzztfr/mEc3Hf/bjjrIEfnWtWiu5PsIdRa70ZkVZ+oA5mKj7NYrkLA1fiL
rIIRrvMAdmwtEHXI/WzMBveYCTeDYse9IBgJnrBETK/pM0nLvkmSMWUpCIgcG09p
xTwg5FtnF0aYHXYI847FyuhjZTsD9qPB2zTzC9ARwBug8mjnoVZdXUiBAQ9O3Wuj
DB8MpjykHJmyLlTLN0X7fwOcWBww5G3f/iW/9qaJYZ0VDlUrOupTVX+NaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA4DhotZ2i9HRwm6JwnP51YvsWuGMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvRGdPR2kxbmFMMGRIQ2JvbkNjX25WaS14YTRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFwMjAMA0G
CSqGSIb3DQEBCwUAA4IBAQBzOmEiCE6OvnahAepAg9Y8PZ9gLFaXB6kIg7TnAvrs
lc59y1Josw7Lw24/JJp1LwiIfyj5MMbJGHlhf+gCiToP0rcBbZINaFD9/QYAoLoK
gnoP5+EfJjoclhTpdT9g2JskuThOJwemS6u1rvZqImewHKB0OLURmAYbJkTt8AmF
Y1NeK6tJxGeWbuKbAHTjj2zggPSbKVB7sBsJYZv4lFMwc2h53NzVFWvkykdcMnIa
LqEWmBK33hKSU50UeWCUr1jzMZKxnC1Chamjxj31lGwUwJFO9ZhHOfqUkow+iBYQ
mF2T1ppYbu82gUgzi6z5CjobfpzargPR0VLsouEMydo1
-----END CERTIFICATE-----