Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/1e1ac6-fcd6-4ae8-ad77-51e4bba6bf5b/1/q1k1rviOntydexcr74ykhyEQbnU.roa
File:                     q1k1rviOntydexcr74ykhyEQbnU.roa (raw, json)
Hash identifier:          UurGEm9d2V6NSZDu2GXyPNHE7UH8MhVxNVpPoljZNjI=
Subject key identifier:   AB:59:35:AE:F8:8E:9E:DC:9D:7B:17:2B:EF:8C:A4:87:21:10:6E:75
Certificate issuer:       /CN=4f2f3bc99a79503e09757477e8ef643e11886c8b
Certificate serial:       018CC871150E1EF281026E046773D570B3E0
Authority key identifier: 4F:2F:3B:C9:9A:79:50:3E:09:75:74:77:E8:EF:64:3E:11:88:6C:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ty87yZp5UD4JdXR36O9kPhGIbIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/1e1ac6-fcd6-4ae8-ad77-51e4bba6bf5b/1/q1k1rviOntydexcr74ykhyEQbnU.roa
Signing time:             Tue 02 Jan 2024 04:31:43 +0000
ROA not before:           Tue 02 Jan 2024 04:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207741
IP address blocks:        193.192.0.0/24 maxlen: 24
                          212.102.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/1e1ac6-fcd6-4ae8-ad77-51e4bba6bf5b/1/Ty87yZp5UD4JdXR36O9kPhGIbIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/1e1ac6-fcd6-4ae8-ad77-51e4bba6bf5b/1/Ty87yZp5UD4JdXR36O9kPhGIbIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ty87yZp5UD4JdXR36O9kPhGIbIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:15:0e:1e:f2:81:02:6e:04:67:73:d5:70:b3:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f2f3bc99a79503e09757477e8ef643e11886c8b
        Validity
            Not Before: Jan  2 04:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab5935aef88e9edc9d7b172bef8ca48721106e75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:76:c9:73:4a:eb:8d:35:92:9d:e4:dc:02:bf:
                    a3:b1:16:ef:f1:c7:c3:c3:4e:42:36:a9:d3:41:93:
                    cb:6b:1d:46:d7:00:83:05:04:0e:2e:37:4a:7f:28:
                    1c:fd:22:40:ca:ae:06:0f:e5:4a:96:90:3e:ae:82:
                    f1:6f:2c:4f:12:c3:22:a4:0a:dc:d2:39:d9:5d:78:
                    29:a8:09:0d:86:24:8a:56:2b:c1:4c:bf:a2:ad:a5:
                    bf:31:4e:2d:0f:5a:e7:81:33:bb:9a:cf:87:de:8c:
                    48:b9:26:d8:51:76:74:87:38:ac:2b:4e:f4:2e:3f:
                    2a:0b:f6:44:57:d6:6f:ee:41:c0:3b:c2:40:dc:16:
                    9f:4c:d1:84:6b:9c:75:61:c1:48:3f:ca:c7:22:df:
                    20:07:0d:a8:44:ab:8d:36:38:6d:af:8d:f9:9c:86:
                    0b:bd:13:15:f1:b1:05:38:2d:3e:a7:de:2e:dd:4d:
                    a5:83:8f:cd:45:fe:15:af:e8:8c:83:50:d2:3b:27:
                    94:30:5f:30:c5:83:54:6f:66:4b:4c:ab:40:90:d2:
                    83:b8:b1:a2:91:85:31:41:02:fc:32:d3:bc:8e:c1:
                    80:10:f4:03:06:ce:65:31:26:d5:f9:6a:2e:12:7e:
                    bb:d5:62:c3:d5:49:f3:f9:df:62:43:cb:c0:30:ee:
                    a7:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:59:35:AE:F8:8E:9E:DC:9D:7B:17:2B:EF:8C:A4:87:21:10:6E:75
            X509v3 Authority Key Identifier:
                keyid:4F:2F:3B:C9:9A:79:50:3E:09:75:74:77:E8:EF:64:3E:11:88:6C:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ty87yZp5UD4JdXR36O9kPhGIbIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/1e1ac6-fcd6-4ae8-ad77-51e4bba6bf5b/1/q1k1rviOntydexcr74ykhyEQbnU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/1e1ac6-fcd6-4ae8-ad77-51e4bba6bf5b/1/Ty87yZp5UD4JdXR36O9kPhGIbIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.192.0.0/24
                  212.102.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:89:b2:7e:9b:b9:8b:f4:17:ea:8e:31:99:40:b4:69:f1:5c:
         29:73:39:3f:64:ad:3a:10:e2:85:85:6f:6d:17:b6:77:89:1b:
         7e:e3:b7:6d:47:19:b2:bf:3f:f4:bc:b6:0d:f8:d0:ba:cd:0a:
         e2:db:ec:8b:ec:2f:4e:31:bc:58:d5:71:70:99:0c:a8:4d:63:
         32:a8:d0:47:ae:32:4e:19:56:6f:c6:bd:96:2c:87:08:92:22:
         cb:2d:f1:2f:f6:b8:4d:d7:43:8a:10:c3:9a:e7:ad:f2:1b:38:
         7b:cf:44:62:6f:14:b7:67:a5:a0:9c:52:76:bd:be:2e:5d:72:
         f8:11:45:15:e7:4c:fb:56:43:0c:bb:e7:93:a8:2e:21:57:e5:
         3b:fb:3b:dd:74:8e:f8:72:e0:ca:ff:46:bc:bb:96:15:cf:6a:
         97:8d:03:4b:2c:0f:8e:6c:e6:e7:f8:8a:e8:d1:ae:c2:4f:f9:
         b6:0b:ea:5e:58:e5:66:44:31:dd:17:79:23:23:f6:ac:5f:9e:
         32:35:fe:61:b6:59:45:18:72:62:41:30:93:85:ee:56:c1:f4:
         5b:fb:b7:51:34:85:9d:20:bb:4c:75:04:8b:ab:f2:9c:74:30:
         20:99:67:a9:d4:51:df:25:26:9d:7d:15:69:ea:a3:13:b6:c0:
         5a:03:4a:13
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIcRUOHvKBAm4EZ3PVcLPgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMmYzYmM5OWE3OTUwM2UwOTc1NzQ3N2U4ZWY2NDNlMTE4
ODZjOGIwHhcNMjQwMTAyMDQzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjU5MzVhZWY4OGU5ZWRjOWQ3YjE3MmJlZjhjYTQ4NzIxMTA2ZTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3bJc0rrjTWSneTcAr+jsRbv8cfD
w05CNqnTQZPLax1G1wCDBQQOLjdKfygc/SJAyq4GD+VKlpA+roLxbyxPEsMipArc
0jnZXXgpqAkNhiSKVivBTL+iraW/MU4tD1rngTO7ms+H3oxIuSbYUXZ0hzisK070
Lj8qC/ZEV9Zv7kHAO8JA3BafTNGEa5x1YcFIP8rHIt8gBw2oRKuNNjhtr435nIYL
vRMV8bEFOC0+p94u3U2lg4/NRf4Vr+iMg1DSOyeUMF8wxYNUb2ZLTKtAkNKDuLGi
kYUxQQL8MtO8jsGAEPQDBs5lMSbV+WouEn671WLD1Unz+d9iQ8vAMO6nFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKtZNa74jp7cnXsXK++MpIchEG51MB8GA1UdIwQY
MBaAFE8vO8maeVA+CXV0d+jvZD4RiGyLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHk4N3lacDVVRDRKZFhSMzZPOWtQaEdJYklzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy8xZTFhYzYtZmNkNi00YWU4LWFkNzct
NTFlNGJiYTZiZjViLzEvcTFrMXJ2aU9udHlkZXhjcjc0eWtoeUVRYm5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy8xZTFhYzYtZmNkNi00YWU4LWFkNzctNTFlNGJiYTZiZjVi
LzEvVHk4N3lacDVVRDRKZFhSMzZPOWtQaEdJYklzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwcAAAwQA
1GZ1MA0GCSqGSIb3DQEBCwUAA4IBAQDSibJ+m7mL9BfqjjGZQLRp8Vwpczk/ZK06
EOKFhW9tF7Z3iRt+47dtRxmyvz/0vLYN+NC6zQri2+yL7C9OMbxY1XFwmQyoTWMy
qNBHrjJOGVZvxr2WLIcIkiLLLfEv9rhN10OKEMOa563yGzh7z0RibxS3Z6WgnFJ2
vb4uXXL4EUUV50z7VkMMu+eTqC4hV+U7+zvddI74cuDK/0a8u5YVz2qXjQNLLA+O
bObn+Iro0a7CT/m2C+peWOVmRDHdF3kjI/asX54yNf5htllFGHJiQTCThe5WwfRb
+7dRNIWdILtMdQSLq/KcdDAgmWep1FHfJSadfRVp6qMTtsBaA0oT
-----END CERTIFICATE-----