Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/cbd362-7694-4183-915d-8f4f291b23b6/1/A4B3Gat5Sjdw-5ubYlh54nFg6xk.roa
File:                     A4B3Gat5Sjdw-5ubYlh54nFg6xk.roa (raw, json)
Hash identifier:          U0LdAT8PUSrBxmChams4mwdfBaxu7hlnT0blRbjhyxc=
Subject key identifier:   03:80:77:19:AB:79:4A:37:70:FB:9B:9B:62:58:79:E2:71:60:EB:19
Certificate issuer:       /CN=3f296fe945a23180753f67f7748e6f299d2e672a
Certificate serial:       018CC6B912401DCE6093BEEB4D21D3A33506
Authority key identifier: 3F:29:6F:E9:45:A2:31:80:75:3F:67:F7:74:8E:6F:29:9D:2E:67:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pylv6UWiMYB1P2f3dI5vKZ0uZyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/cbd362-7694-4183-915d-8f4f291b23b6/1/A4B3Gat5Sjdw-5ubYlh54nFg6xk.roa
Signing time:             Mon 01 Jan 2024 20:31:06 +0000
ROA not before:           Mon 01 Jan 2024 20:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12213
IP address blocks:        193.19.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/cbd362-7694-4183-915d-8f4f291b23b6/1/Pylv6UWiMYB1P2f3dI5vKZ0uZyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/cbd362-7694-4183-915d-8f4f291b23b6/1/Pylv6UWiMYB1P2f3dI5vKZ0uZyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pylv6UWiMYB1P2f3dI5vKZ0uZyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:12:40:1d:ce:60:93:be:eb:4d:21:d3:a3:35:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f296fe945a23180753f67f7748e6f299d2e672a
        Validity
            Not Before: Jan  1 20:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03807719ab794a3770fb9b9b625879e27160eb19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:7e:1d:a8:24:2d:d2:e2:63:04:6c:49:65:ed:
                    13:dd:b2:53:5f:80:cb:e3:b9:d3:22:48:81:a7:e0:
                    22:eb:00:98:c1:d1:3c:2c:f2:2c:32:99:8b:2b:d9:
                    56:75:9b:0b:8e:0c:57:22:ce:94:b4:8c:4c:4e:6a:
                    50:bf:6d:1d:f2:43:73:5d:ae:35:90:42:80:54:42:
                    24:9a:bf:72:c8:fc:c1:83:0a:ac:6d:dd:d0:30:7d:
                    0d:88:26:e0:6c:82:ea:de:44:fa:9a:8f:d6:fd:0c:
                    fc:4e:c1:e8:b0:a8:4c:f0:33:c6:19:92:32:f4:86:
                    75:ce:44:29:29:91:6a:ec:7e:7a:14:95:5d:a7:16:
                    c6:d8:0f:c9:4c:1f:5a:83:84:f7:8b:ee:51:ac:b0:
                    42:77:7b:e5:db:51:c0:ce:d1:b2:1c:d6:ed:3b:d1:
                    54:02:87:79:df:f3:00:02:ed:3a:5d:8b:cc:f0:8b:
                    00:d2:67:9a:5f:e0:8a:50:53:ad:b6:48:77:28:e5:
                    59:f3:d3:a5:eb:5b:00:c3:c4:45:c9:f7:75:cb:1a:
                    66:df:ed:c7:4a:da:65:df:79:71:f1:65:de:88:21:
                    46:7a:08:43:7b:60:bf:24:c8:59:f1:3e:7f:12:99:
                    c2:d8:c2:00:be:1d:56:f2:ad:0b:9f:57:12:f8:a1:
                    5d:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:80:77:19:AB:79:4A:37:70:FB:9B:9B:62:58:79:E2:71:60:EB:19
            X509v3 Authority Key Identifier:
                keyid:3F:29:6F:E9:45:A2:31:80:75:3F:67:F7:74:8E:6F:29:9D:2E:67:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pylv6UWiMYB1P2f3dI5vKZ0uZyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/cbd362-7694-4183-915d-8f4f291b23b6/1/A4B3Gat5Sjdw-5ubYlh54nFg6xk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/cbd362-7694-4183-915d-8f4f291b23b6/1/Pylv6UWiMYB1P2f3dI5vKZ0uZyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.19.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:81:5a:8b:76:8d:30:6b:98:66:f6:0a:3a:50:d7:7b:c6:f0:
         f9:09:c8:fb:a8:86:5f:7f:3f:11:10:18:62:26:da:01:0f:d6:
         57:98:12:76:e5:35:4a:1d:4e:ed:1c:a2:39:e4:5c:32:7b:07:
         ac:4e:a6:03:29:d2:85:84:31:7f:c4:08:34:a9:00:75:84:94:
         a9:68:51:ad:4d:2a:be:c2:7e:af:38:c9:69:e0:03:2c:67:48:
         24:0f:64:55:ec:bc:14:d4:1f:53:c5:83:93:1d:78:57:76:44:
         5c:99:58:40:d5:29:4b:d2:27:60:3c:3e:57:00:3e:ce:dc:ca:
         b1:5f:e9:fb:8b:67:fb:7d:c0:d9:ba:c5:77:39:4e:b3:6d:7d:
         ae:53:0c:60:fa:2d:6b:c2:58:85:b9:5c:f4:39:a8:33:51:39:
         3f:3d:eb:44:a6:c4:c7:92:60:fb:f1:1c:36:e4:85:5b:47:14:
         bc:83:fa:1e:b0:7b:30:9e:48:54:a3:59:a3:30:5d:ec:e3:f1:
         c5:1d:ab:bc:8e:fd:ae:01:16:bc:4b:5e:8f:69:89:e0:20:c3:
         08:43:57:2b:f6:df:3b:19:9c:32:25:c2:99:e2:63:05:1b:6d:
         9e:5e:c5:dd:96:2b:3e:e7:be:d9:52:90:5e:23:33:45:11:cb:
         64:ca:ac:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuRJAHc5gk77rTSHTozUGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmMjk2ZmU5NDVhMjMxODA3NTNmNjdmNzc0OGU2ZjI5OWQy
ZTY3MmEwHhcNMjQwMTAxMjAzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzgwNzcxOWFiNzk0YTM3NzBmYjliOWI2MjU4NzllMjcxNjBlYjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAln4dqCQt0uJjBGxJZe0T3bJTX4DL
47nTIkiBp+Ai6wCYwdE8LPIsMpmLK9lWdZsLjgxXIs6UtIxMTmpQv20d8kNzXa41
kEKAVEIkmr9yyPzBgwqsbd3QMH0NiCbgbILq3kT6mo/W/Qz8TsHosKhM8DPGGZIy
9IZ1zkQpKZFq7H56FJVdpxbG2A/JTB9ag4T3i+5RrLBCd3vl21HAztGyHNbtO9FU
Aod53/MAAu06XYvM8IsA0meaX+CKUFOttkh3KOVZ89Ol61sAw8RFyfd1yxpm3+3H
Stpl33lx8WXeiCFGeghDe2C/JMhZ8T5/EpnC2MIAvh1W8q0Ln1cS+KFdHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAOAdxmreUo3cPubm2JYeeJxYOsZMB8GA1UdIwQY
MBaAFD8pb+lFojGAdT9n93SObymdLmcqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHlsdjZVV2lNWUIxUDJmM2RJNXZLWjB1WnlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9jYmQzNjItNzY5NC00MTgzLTkxNWQt
OGY0ZjI5MWIyM2I2LzEvQTRCM0dhdDVTamR3LTV1YllsaDU0bkZnNnhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9jYmQzNjItNzY5NC00MTgzLTkxNWQtOGY0ZjI5MWIyM2I2
LzEvUHlsdjZVV2lNWUIxUDJmM2RJNXZLWjB1WnlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRO8MA0G
CSqGSIb3DQEBCwUAA4IBAQB+gVqLdo0wa5hm9go6UNd7xvD5Ccj7qIZffz8REBhi
JtoBD9ZXmBJ25TVKHU7tHKI55FwyewesTqYDKdKFhDF/xAg0qQB1hJSpaFGtTSq+
wn6vOMlp4AMsZ0gkD2RV7LwU1B9TxYOTHXhXdkRcmVhA1SlL0idgPD5XAD7O3Mqx
X+n7i2f7fcDZusV3OU6zbX2uUwxg+i1rwliFuVz0OagzUTk/PetEpsTHkmD78Rw2
5IVbRxS8g/oesHswnkhUo1mjMF3s4/HFHau8jv2uARa8S16PaYngIMMIQ1cr9t87
GZwyJcKZ4mMFG22eXsXdlis+577ZUpBeIzNFEctkyqwb
-----END CERTIFICATE-----