Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/c1b3c8-0693-49c4-8132-905407eb0f53/1/T1Dlx4OKk-IXpmvytrFtwuSR2VE.roa
File:                     T1Dlx4OKk-IXpmvytrFtwuSR2VE.roa (raw, json)
Hash identifier:          wS0OhvHBaznvLkuA2M3oGiI5weMZCQKu520KRL/Isl0=
Subject key identifier:   4F:50:E5:C7:83:8A:93:E2:17:A6:6B:F2:B6:B1:6D:C2:E4:91:D9:51
Certificate issuer:       /CN=ff48fb9cf17dece6addb08eefd9bee842c1e2b60
Certificate serial:       018CC3B697AFEA0D9757D01B8DD8EA14780B
Authority key identifier: FF:48:FB:9C:F1:7D:EC:E6:AD:DB:08:EE:FD:9B:EE:84:2C:1E:2B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0j7nPF97Oat2wju_ZvuhCweK2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/c1b3c8-0693-49c4-8132-905407eb0f53/1/T1Dlx4OKk-IXpmvytrFtwuSR2VE.roa
Signing time:             Mon 01 Jan 2024 06:29:32 +0000
ROA not before:           Mon 01 Jan 2024 06:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        193.42.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/c1b3c8-0693-49c4-8132-905407eb0f53/1/_0j7nPF97Oat2wju_ZvuhCweK2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/c1b3c8-0693-49c4-8132-905407eb0f53/1/_0j7nPF97Oat2wju_ZvuhCweK2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0j7nPF97Oat2wju_ZvuhCweK2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:97:af:ea:0d:97:57:d0:1b:8d:d8:ea:14:78:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff48fb9cf17dece6addb08eefd9bee842c1e2b60
        Validity
            Not Before: Jan  1 06:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f50e5c7838a93e217a66bf2b6b16dc2e491d951
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:4c:67:e9:c4:d9:72:bc:5a:40:86:21:3d:d3:
                    2f:75:30:02:22:28:07:5b:18:af:54:2f:01:1e:8f:
                    43:b4:3d:01:82:b8:1f:a2:cd:3a:5b:64:2a:2b:6c:
                    39:85:d2:b7:b3:d8:0c:93:e2:90:75:8b:42:fc:e7:
                    49:3f:20:34:1c:ec:57:74:b6:78:d7:77:85:a6:7a:
                    67:80:a6:e2:af:74:9e:b6:da:55:84:30:c0:d3:01:
                    c4:67:2d:3c:6c:12:1b:0a:8c:00:09:c5:f9:0b:fb:
                    47:1a:19:8f:04:a3:38:b8:37:78:b5:61:24:b6:8d:
                    2a:f6:c3:b7:9d:1a:6c:7f:f8:f8:be:e9:71:9e:cf:
                    61:67:e1:91:c8:a8:aa:22:f2:1a:43:58:69:9e:29:
                    2e:94:b1:8e:b2:75:4b:57:40:e2:4c:71:7a:f1:1f:
                    4e:e1:e2:5a:de:c3:7b:24:d1:9d:bc:27:ad:a7:3e:
                    12:72:00:cb:29:df:07:c2:68:aa:b0:00:75:16:5b:
                    f5:c1:40:81:23:2e:3a:6e:0c:7f:3f:fb:a2:ca:05:
                    e6:86:f0:03:76:fd:ba:7d:16:20:1d:37:e8:2f:f4:
                    77:74:7c:a2:b8:b7:15:29:1d:85:af:5d:e9:31:ff:
                    7d:9f:6c:f1:eb:b5:7a:61:f5:50:e4:67:ac:cf:b3:
                    52:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:50:E5:C7:83:8A:93:E2:17:A6:6B:F2:B6:B1:6D:C2:E4:91:D9:51
            X509v3 Authority Key Identifier:
                keyid:FF:48:FB:9C:F1:7D:EC:E6:AD:DB:08:EE:FD:9B:EE:84:2C:1E:2B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0j7nPF97Oat2wju_ZvuhCweK2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/c1b3c8-0693-49c4-8132-905407eb0f53/1/T1Dlx4OKk-IXpmvytrFtwuSR2VE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/c1b3c8-0693-49c4-8132-905407eb0f53/1/_0j7nPF97Oat2wju_ZvuhCweK2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:a7:01:63:78:98:dd:96:16:9e:c3:35:e1:5d:78:8f:df:75:
         c6:ac:4c:bf:5e:89:d6:cc:c2:1e:37:6d:ad:d5:15:de:17:9f:
         47:b8:e6:50:a6:4b:aa:85:16:ae:f3:c9:72:31:a4:8c:2e:94:
         11:08:ce:7e:cd:3a:0b:f7:12:14:b1:4d:ea:c6:f0:ce:be:ef:
         32:51:31:39:ca:af:5c:d3:16:45:99:c4:83:34:5a:4c:7c:e9:
         65:93:12:e9:f3:c6:09:32:0b:f5:ef:e5:d8:8a:f9:87:05:06:
         ae:a5:e1:71:39:7c:db:e5:47:2e:9a:40:5b:42:a2:e6:04:2f:
         6b:88:fe:5d:1e:b2:72:b7:93:73:1e:3f:65:10:47:57:82:30:
         c4:00:8e:fd:04:ac:34:bb:86:d9:e5:df:ad:84:14:13:3c:2c:
         60:07:a4:23:7f:fd:9f:01:d6:98:3a:fc:5d:e7:26:31:b4:fd:
         95:fc:d3:2e:dd:fe:f3:ec:0e:b6:39:33:bc:0d:33:30:a7:5c:
         7c:34:13:dd:80:50:fc:09:4d:13:74:57:71:31:ec:a6:80:f1:
         12:c8:c9:e4:c4:53:0a:96:4d:a8:d0:b3:89:28:86:90:0a:6f:
         fc:b8:9d:eb:08:73:e7:a5:b4:9d:f2:93:45:fb:e1:87:ac:d4:
         7f:c9:21:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtpev6g2XV9AbjdjqFHgLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNDhmYjljZjE3ZGVjZTZhZGRiMDhlZWZkOWJlZTg0MmMx
ZTJiNjAwHhcNMjQwMTAxMDYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjUwZTVjNzgzOGE5M2UyMTdhNjZiZjJiNmIxNmRjMmU0OTFkOTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgExn6cTZcrxaQIYhPdMvdTACIigH
WxivVC8BHo9DtD0Bgrgfos06W2QqK2w5hdK3s9gMk+KQdYtC/OdJPyA0HOxXdLZ4
13eFpnpngKbir3SettpVhDDA0wHEZy08bBIbCowACcX5C/tHGhmPBKM4uDd4tWEk
to0q9sO3nRpsf/j4vulxns9hZ+GRyKiqIvIaQ1hpnikulLGOsnVLV0DiTHF68R9O
4eJa3sN7JNGdvCetpz4ScgDLKd8HwmiqsAB1Flv1wUCBIy46bgx/P/uiygXmhvAD
dv26fRYgHTfoL/R3dHyiuLcVKR2Fr13pMf99n2zx67V6YfVQ5Gesz7NSCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE9Q5ceDipPiF6Zr8raxbcLkkdlRMB8GA1UdIwQY
MBaAFP9I+5zxfezmrdsI7v2b7oQsHitgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzBqN25QRjk3T2F0MndqdV9adnVoQ3dlSzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9jMWIzYzgtMDY5My00OWM0LTgxMzIt
OTA1NDA3ZWIwZjUzLzEvVDFEbHg0T0trLUlYcG12eXRyRnR3dVNSMlZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9jMWIzYzgtMDY5My00OWM0LTgxMzItOTA1NDA3ZWIwZjUz
LzEvXzBqN25QRjk3T2F0MndqdV9adnVoQ3dlSzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSqLMA0G
CSqGSIb3DQEBCwUAA4IBAQCqpwFjeJjdlhaewzXhXXiP33XGrEy/XonWzMIeN22t
1RXeF59HuOZQpkuqhRau88lyMaSMLpQRCM5+zToL9xIUsU3qxvDOvu8yUTE5yq9c
0xZFmcSDNFpMfOllkxLp88YJMgv17+XYivmHBQaupeFxOXzb5UcumkBbQqLmBC9r
iP5dHrJyt5NzHj9lEEdXgjDEAI79BKw0u4bZ5d+thBQTPCxgB6Qjf/2fAdaYOvxd
5yYxtP2V/NMu3f7z7A62OTO8DTMwp1x8NBPdgFD8CU0TdFdxMeymgPESyMnkxFMK
lk2o0LOJKIaQCm/8uJ3rCHPnpbSd8pNF++GHrNR/ySEA
-----END CERTIFICATE-----