Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/OhTT53wuLcFTwIrc0j9lXaa6yTc.roa
File:                     OhTT53wuLcFTwIrc0j9lXaa6yTc.roa (raw, json)
Hash identifier:          kmsud4V05HXBR8CPyg9lsAJH3hgRknXObHXEBzlV/Lg=
Subject key identifier:   3A:14:D3:E7:7C:2E:2D:C1:53:C0:8A:DC:D2:3F:65:5D:A6:BA:C9:37
Certificate issuer:       /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial:       018CC802D060193A2C712099BEF717D2D117
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/OhTT53wuLcFTwIrc0j9lXaa6yTc.roa
Signing time:             Tue 02 Jan 2024 02:31:16 +0000
ROA not before:           Tue 02 Jan 2024 02:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210713
IP address blocks:        93.115.44.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:d0:60:19:3a:2c:71:20:99:be:f7:17:d2:d1:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
        Validity
            Not Before: Jan  2 02:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a14d3e77c2e2dc153c08adcd23f655da6bac937
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:38:53:1d:ba:c3:cd:9f:b1:a3:ff:06:91:ef:
                    24:cb:a4:d0:ca:d9:c7:ef:82:20:6e:e2:18:b8:69:
                    2c:a1:38:40:aa:06:c7:28:5d:ee:93:c6:a2:75:6e:
                    dc:d7:b7:99:49:10:a2:9d:c4:db:a0:26:47:b7:83:
                    04:11:46:45:93:af:a9:48:45:87:09:38:66:ab:8b:
                    ce:25:8f:eb:4d:34:a0:7c:7f:9b:73:f6:cf:5d:9c:
                    14:d8:f6:72:a8:b7:50:dd:9d:f6:1a:3e:00:17:ed:
                    fe:c4:d3:80:30:e5:93:84:2a:c0:56:96:2e:cc:10:
                    b7:83:6c:35:b5:2b:c3:44:9c:20:27:32:02:05:31:
                    1a:13:73:58:f8:f0:a6:6d:a1:d7:ff:99:f6:25:30:
                    ac:92:9e:db:7f:3c:b0:70:93:9c:3c:5a:5b:92:21:
                    ab:7a:b2:da:89:2d:03:f5:fa:13:59:e9:d4:dd:81:
                    31:8d:f6:cb:d5:43:d2:25:f8:59:1b:8d:92:64:60:
                    68:d5:d5:45:d7:29:85:f7:6d:14:cb:cb:8a:1c:a5:
                    f7:37:18:0b:73:3b:d1:7a:33:9c:21:82:c1:b0:0f:
                    11:6d:5c:f0:18:d8:00:d8:0f:ef:09:65:a5:17:64:
                    5b:f0:d8:b0:9e:69:6b:ca:5c:cd:15:59:e1:5c:9a:
                    74:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:14:D3:E7:7C:2E:2D:C1:53:C0:8A:DC:D2:3F:65:5D:A6:BA:C9:37
            X509v3 Authority Key Identifier:
                keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/OhTT53wuLcFTwIrc0j9lXaa6yTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.115.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a1:7b:35:12:33:25:ca:09:fc:c0:e6:32:0d:fa:d5:5a:d0:ed:
         2a:0b:70:cc:15:59:1c:5c:79:44:6b:f0:5b:c4:f5:e8:17:88:
         9f:ad:71:91:65:1e:4e:8c:5b:1b:b3:0a:04:1b:95:95:91:e7:
         0a:fe:00:6d:ff:eb:f3:f5:07:28:8e:99:0b:5f:97:7c:94:b1:
         26:b7:92:9f:b6:35:51:d4:71:a5:82:ee:e5:6e:b3:b0:54:a0:
         7f:ce:e2:2f:c1:f3:3c:cd:e8:43:bd:2e:23:2f:0c:68:f6:9c:
         c5:7a:39:0c:bf:99:3b:a1:aa:32:ae:7b:b2:5e:26:28:71:a8:
         91:9e:11:9d:8a:ce:ed:bc:d3:5c:25:e8:36:cc:77:ad:ac:42:
         e2:3f:85:32:d1:fd:71:19:ed:c0:18:a2:82:07:85:5a:25:11:
         ee:44:3f:01:28:cd:c3:6f:01:eb:13:2e:e3:85:18:ca:cb:6a:
         5e:f0:df:7f:fa:42:4e:40:32:9b:fd:3b:6c:41:08:88:ee:36:
         08:83:02:50:f4:63:14:0a:63:9a:dd:f7:c6:da:84:fa:08:eb:
         2e:63:c8:d3:bf:59:9c:7f:68:ba:f4:b4:55:f6:29:36:21:92:
         09:69:16:36:49:e4:d1:96:8d:eb:7d:40:82:ce:f6:fc:bc:bb:
         51:49:7a:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAtBgGToscSCZvvcX0tEXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjQwMTAyMDIzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTE0ZDNlNzdjMmUyZGMxNTNjMDhhZGNkMjNmNjU1ZGE2YmFjOTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzhTHbrDzZ+xo/8Gke8ky6TQytnH
74IgbuIYuGksoThAqgbHKF3uk8aidW7c17eZSRCincTboCZHt4MEEUZFk6+pSEWH
CThmq4vOJY/rTTSgfH+bc/bPXZwU2PZyqLdQ3Z32Gj4AF+3+xNOAMOWThCrAVpYu
zBC3g2w1tSvDRJwgJzICBTEaE3NY+PCmbaHX/5n2JTCskp7bfzywcJOcPFpbkiGr
erLaiS0D9foTWenU3YExjfbL1UPSJfhZG42SZGBo1dVF1ymF920Uy8uKHKX3NxgL
czvRejOcIYLBsA8RbVzwGNgA2A/vCWWlF2Rb8NiwnmlrylzNFVnhXJp0fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDoU0+d8Li3BU8CK3NI/ZV2musk3MB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvT2hUVDUzd3VMY0ZUd0lyYzBqOWxYYWE2eVRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXXMsMA0G
CSqGSIb3DQEBCwUAA4IBAQChezUSMyXKCfzA5jIN+tVa0O0qC3DMFVkcXHlEa/Bb
xPXoF4ifrXGRZR5OjFsbswoEG5WVkecK/gBt/+vz9QcojpkLX5d8lLEmt5KftjVR
1HGlgu7lbrOwVKB/zuIvwfM8zehDvS4jLwxo9pzFejkMv5k7oaoyrnuyXiYocaiR
nhGdis7tvNNcJeg2zHetrELiP4Uy0f1xGe3AGKKCB4VaJRHuRD8BKM3DbwHrEy7j
hRjKy2pe8N9/+kJOQDKb/TtsQQiI7jYIgwJQ9GMUCmOa3ffG2oT6COsuY8jTv1mc
f2i69LRV9ik2IZIJaRY2SeTRlo3rfUCCzvb8vLtRSXqH
-----END CERTIFICATE-----