Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/0600a4-1464-4a7c-af56-18e86f0b1d81/1/4PyS4WIRVFLxok03WKDrb_8jml4.roa
File:                     4PyS4WIRVFLxok03WKDrb_8jml4.roa (raw, json)
Hash identifier:          22uwIlBBCefPXuqDfDq5A+Q3dj0w9o2d7LHrIVL16JA=
Subject key identifier:   E0:FC:92:E1:62:11:54:52:F1:A2:4D:37:58:A0:EB:6F:FF:23:9A:5E
Certificate issuer:       /CN=7ee053cb9cb4f41c1e4773e7f16e84bb57522033
Certificate serial:       019091F2EA5A2C7A647F61D44D8BC0A1F43A
Authority key identifier: 7E:E0:53:CB:9C:B4:F4:1C:1E:47:73:E7:F1:6E:84:BB:57:52:20:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fuBTy5y09BweR3Pn8W6Eu1dSIDM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/0600a4-1464-4a7c-af56-18e86f0b1d81/1/4PyS4WIRVFLxok03WKDrb_8jml4.roa
Signing time:             Mon 08 Jul 2024 10:45:34 +0000
ROA not before:           Mon 08 Jul 2024 10:45:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42337
IP address blocks:        193.228.168.0/24 maxlen: 24
                          193.228.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/0600a4-1464-4a7c-af56-18e86f0b1d81/1/fuBTy5y09BweR3Pn8W6Eu1dSIDM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/0600a4-1464-4a7c-af56-18e86f0b1d81/1/fuBTy5y09BweR3Pn8W6Eu1dSIDM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fuBTy5y09BweR3Pn8W6Eu1dSIDM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:91:f2:ea:5a:2c:7a:64:7f:61:d4:4d:8b:c0:a1:f4:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ee053cb9cb4f41c1e4773e7f16e84bb57522033
        Validity
            Not Before: Jul  8 10:45:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0fc92e162115452f1a24d3758a0eb6fff239a5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ce:43:06:b7:1d:ce:e4:12:7a:18:ae:f1:df:
                    9c:f0:c3:40:08:41:d4:a9:f2:ca:e0:31:0e:ce:23:
                    50:c5:b8:e4:b2:9e:0f:a9:fd:04:1a:00:03:e7:86:
                    cf:f3:14:f4:86:f5:5f:af:06:56:09:72:5c:a5:8d:
                    d4:a2:66:5e:af:c2:34:82:37:8e:16:d3:10:90:4b:
                    56:64:60:17:a8:2b:ed:88:77:6b:2a:e6:01:5b:ef:
                    a7:0f:76:84:82:69:98:cc:81:e2:8b:d2:98:af:11:
                    75:95:de:f9:4c:62:45:b2:56:88:25:66:29:87:ce:
                    f8:ba:af:7c:d9:78:c3:ba:40:49:c7:2f:d2:db:93:
                    b7:9f:eb:b6:3c:19:c3:ea:0e:56:f5:ca:fd:45:01:
                    12:97:82:f8:ff:3e:3d:80:7c:1a:38:e5:a0:7f:fa:
                    2f:b6:ab:8b:a3:97:2e:14:d0:5e:b4:d4:c4:51:d3:
                    20:17:1f:5a:26:e9:f2:f4:80:61:eb:35:8c:61:82:
                    b8:c8:50:b6:28:11:e5:25:fa:96:61:8c:66:ea:22:
                    31:3c:e8:1b:d3:49:89:e8:aa:64:fc:41:86:5f:db:
                    ae:d1:9f:ad:99:ad:0f:4b:a0:89:0e:f0:ef:8d:34:
                    a1:5c:8c:90:68:50:f6:26:33:6a:c5:ef:83:bb:3a:
                    71:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:FC:92:E1:62:11:54:52:F1:A2:4D:37:58:A0:EB:6F:FF:23:9A:5E
            X509v3 Authority Key Identifier:
                keyid:7E:E0:53:CB:9C:B4:F4:1C:1E:47:73:E7:F1:6E:84:BB:57:52:20:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fuBTy5y09BweR3Pn8W6Eu1dSIDM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0600a4-1464-4a7c-af56-18e86f0b1d81/1/4PyS4WIRVFLxok03WKDrb_8jml4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0600a4-1464-4a7c-af56-18e86f0b1d81/1/fuBTy5y09BweR3Pn8W6Eu1dSIDM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.228.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:92:09:a8:cd:53:95:1a:25:73:7b:df:d4:1a:87:c8:d1:ca:
         4e:fa:6e:0b:c4:ed:0e:1d:f2:58:5e:1d:19:e2:a0:9c:98:1b:
         1e:c8:1b:5b:e1:03:53:70:ad:77:3c:cd:95:fb:29:2a:74:fb:
         c1:e4:17:41:de:52:21:f1:71:2a:9c:3a:37:11:23:68:bc:9d:
         41:b9:08:37:0b:99:f6:83:ca:4f:28:a1:c4:7c:e5:97:31:f5:
         95:c1:9b:c7:9a:b6:ab:67:af:bd:5f:f2:6d:cf:e2:9a:0a:c2:
         1e:14:06:9a:af:86:65:1e:13:f1:78:66:9d:eb:2f:d4:2b:50:
         7b:2e:23:15:ca:81:96:01:9c:e0:ea:c0:6f:ba:25:8d:be:31:
         7b:ad:cb:59:49:72:bc:e7:98:56:e3:c4:2c:c9:43:71:04:71:
         69:e0:45:a6:eb:2d:a8:92:f8:f0:44:b0:73:3b:d4:f2:d5:b9:
         5a:95:13:bd:c7:e5:13:d0:ae:b6:15:7d:c2:12:65:12:1e:71:
         df:fc:8c:18:33:45:84:d0:67:b5:6c:c9:e8:27:b2:fa:c6:03:
         ea:17:94:57:b6:d7:b6:aa:29:bf:3d:a6:29:6c:34:b9:0c:36:
         3a:a2:37:6e:f3:3e:c2:88:51:5e:ca:a2:3a:a5:7c:00:56:30:
         96:cd:24:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCR8upaLHpkf2HUTYvAofQ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlZTA1M2NiOWNiNGY0MWMxZTQ3NzNlN2YxNmU4NGJiNTc1
MjIwMzMwHhcNMjQwNzA4MTA0NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGZjOTJlMTYyMTE1NDUyZjFhMjRkMzc1OGEwZWI2ZmZmMjM5YTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyc5DBrcdzuQSehiu8d+c8MNACEHU
qfLK4DEOziNQxbjksp4Pqf0EGgAD54bP8xT0hvVfrwZWCXJcpY3UomZer8I0gjeO
FtMQkEtWZGAXqCvtiHdrKuYBW++nD3aEgmmYzIHii9KYrxF1ld75TGJFslaIJWYp
h874uq982XjDukBJxy/S25O3n+u2PBnD6g5W9cr9RQESl4L4/z49gHwaOOWgf/ov
tquLo5cuFNBetNTEUdMgFx9aJuny9IBh6zWMYYK4yFC2KBHlJfqWYYxm6iIxPOgb
00mJ6Kpk/EGGX9uu0Z+tma0PS6CJDvDvjTShXIyQaFD2JjNqxe+DuzpxpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOD8kuFiEVRS8aJNN1ig62//I5peMB8GA1UdIwQY
MBaAFH7gU8uctPQcHkdz5/FuhLtXUiAzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnVCVHk1eTA5QndlUjNQbjhXNkV1MWRTSURNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8wNjAwYTQtMTQ2NC00YTdjLWFmNTYt
MThlODZmMGIxZDgxLzEvNFB5UzRXSVJWRkx4b2swM1dLRHJiXzhqbWw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8wNjAwYTQtMTQ2NC00YTdjLWFmNTYtMThlODZmMGIxZDgx
LzEvZnVCVHk1eTA5QndlUjNQbjhXNkV1MWRTSURNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBweSoMA0G
CSqGSIb3DQEBCwUAA4IBAQB7kgmozVOVGiVze9/UGofI0cpO+m4LxO0OHfJYXh0Z
4qCcmBseyBtb4QNTcK13PM2V+ykqdPvB5BdB3lIh8XEqnDo3ESNovJ1BuQg3C5n2
g8pPKKHEfOWXMfWVwZvHmrarZ6+9X/Jtz+KaCsIeFAaar4ZlHhPxeGad6y/UK1B7
LiMVyoGWAZzg6sBvuiWNvjF7rctZSXK855hW48QsyUNxBHFp4EWm6y2okvjwRLBz
O9Ty1blalRO9x+UT0K62FX3CEmUSHnHf/IwYM0WE0Ge1bMnoJ7L6xgPqF5RXtte2
qim/PaYpbDS5DDY6ojdu8z7CiFFeyqI6pXwAVjCWzSRS
-----END CERTIFICATE-----