Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/xrYUunEL7TKE3rZxoFYKq2q9HRA.roa
File:                     xrYUunEL7TKE3rZxoFYKq2q9HRA.roa (raw, json)
Hash identifier:          X2PcQNQxPun5LKCq1N2+oQA+y7bXPVTWSJgLimTcYME=
Subject key identifier:   C6:B6:14:BA:71:0B:ED:32:84:DE:B6:71:A0:56:0A:AB:6A:BD:1D:10
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFA650AD2CD9D936DBB4235657833D
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/xrYUunEL7TKE3rZxoFYKq2q9HRA.roa
Signing time:             Tue 02 Jan 2024 06:32:29 +0000
ROA not before:           Tue 02 Jan 2024 06:32:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202402
IP address blocks:        193.34.234.0/24 maxlen: 24
                          185.233.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a6:50:ad:2c:d9:d9:36:db:b4:23:56:57:83:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6b614ba710bed3284deb671a0560aab6abd1d10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:7d:2c:1d:df:06:4b:eb:63:ff:cd:e6:5f:15:
                    e0:71:42:4c:04:e3:c5:df:f7:f7:a6:44:0f:18:11:
                    29:ca:26:b4:17:6e:64:f2:af:93:70:4c:25:e7:03:
                    8a:91:ca:5c:0f:d9:d9:0d:f7:1b:da:ac:79:bf:84:
                    44:ca:db:aa:5e:0b:e6:bc:b8:32:e4:e7:f4:99:a8:
                    b4:71:d8:75:49:72:55:0f:2e:09:25:5a:9f:cf:05:
                    97:68:de:68:a9:94:12:f9:a7:8d:e9:7a:6e:21:4d:
                    4d:46:0f:b8:e4:9c:c6:a7:6a:3c:3a:5b:9a:a8:47:
                    c2:11:9b:bf:8c:a2:c4:d3:3b:61:3e:d3:28:d5:c4:
                    c1:e2:1d:10:ae:3a:29:83:02:c7:86:f4:ed:0f:c7:
                    ac:82:4d:e7:ca:67:04:db:29:f6:cb:06:aa:03:ed:
                    65:00:95:35:4e:7f:5e:07:1a:49:af:3e:71:c4:e2:
                    cf:d1:6a:9e:37:f9:6e:5c:ad:33:5a:55:4d:7b:14:
                    4d:69:c4:52:2c:33:b8:22:f1:9f:f0:12:a8:6c:6a:
                    44:d9:c4:24:33:42:f4:91:10:b7:2a:93:fe:54:3d:
                    1f:43:c2:a5:8f:ca:32:dd:bf:da:fc:61:64:99:54:
                    5a:63:9a:03:20:28:91:7f:21:b9:80:c1:e4:91:e4:
                    09:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:B6:14:BA:71:0B:ED:32:84:DE:B6:71:A0:56:0A:AB:6A:BD:1D:10
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/xrYUunEL7TKE3rZxoFYKq2q9HRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.233.201.0/24
                  193.34.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:97:7a:b2:4b:e2:b7:f0:3f:08:96:89:fc:b6:f1:87:30:97:
         16:36:7e:d6:8f:d4:fc:a1:19:fd:4e:a9:48:eb:63:18:88:6d:
         60:9e:53:c2:4f:67:bf:c2:fd:3e:f9:d1:45:38:c9:6d:f6:f4:
         b8:b2:cf:7a:e0:92:c8:77:0f:8c:f0:4d:d6:1f:9e:6e:ce:e5:
         c2:d3:e1:e7:e0:70:e8:e4:b6:7b:0f:57:cc:44:63:9c:45:19:
         f9:65:ff:32:40:47:84:5e:75:ef:af:18:f9:29:61:df:42:2c:
         17:07:08:fa:f8:fd:e7:4f:4d:90:41:88:8e:6a:4b:33:e8:94:
         1e:b4:c5:53:00:33:5a:71:6f:e6:bf:a5:e3:fa:10:6c:e0:0e:
         d1:89:81:9f:6b:98:ba:49:d9:73:7d:b6:0f:12:2b:72:39:c7:
         bc:1d:95:09:30:4b:23:b5:bf:93:1e:47:10:13:df:2a:6a:71:
         8e:c2:e1:da:82:77:f9:9c:3c:c9:5d:60:62:bf:62:52:66:68:
         70:f0:7b:ee:6e:be:38:ce:f5:39:a0:26:7c:7f:15:08:7c:85:
         d6:e5:e3:7a:1e:60:82:6e:a4:e9:29:18:49:80:78:58:fd:1b:
         c4:6e:3c:7f:1e:df:9b:8b:c0:db:c1:72:73:6d:ff:68:fa:62:
         90:4a:40:19
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI36ZQrSzZ2TbbtCNWV4M9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmI2MTRiYTcxMGJlZDMyODRkZWI2NzFhMDU2MGFhYjZhYmQxZDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApH0sHd8GS+tj/83mXxXgcUJMBOPF
3/f3pkQPGBEpyia0F25k8q+TcEwl5wOKkcpcD9nZDfcb2qx5v4REytuqXgvmvLgy
5Of0mai0cdh1SXJVDy4JJVqfzwWXaN5oqZQS+aeN6XpuIU1NRg+45JzGp2o8Olua
qEfCEZu/jKLE0zthPtMo1cTB4h0QrjopgwLHhvTtD8esgk3nymcE2yn2ywaqA+1l
AJU1Tn9eBxpJrz5xxOLP0WqeN/luXK0zWlVNexRNacRSLDO4IvGf8BKobGpE2cQk
M0L0kRC3KpP+VD0fQ8Klj8oy3b/a/GFkmVRaY5oDICiRfyG5gMHkkeQJ9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMa2FLpxC+0yhN62caBWCqtqvR0QMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEveHJZVXVuRUw3VEtFM3JaeG9GWUtxMnE5SFJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuenJAwQA
wSLqMA0GCSqGSIb3DQEBCwUAA4IBAQB5l3qyS+K38D8Ilon8tvGHMJcWNn7Wj9T8
oRn9TqlI62MYiG1gnlPCT2e/wv0++dFFOMlt9vS4ss964JLIdw+M8E3WH55uzuXC
0+Hn4HDo5LZ7D1fMRGOcRRn5Zf8yQEeEXnXvrxj5KWHfQiwXBwj6+P3nT02QQYiO
aksz6JQetMVTADNacW/mv6Xj+hBs4A7RiYGfa5i6SdlzfbYPEityOce8HZUJMEsj
tb+THkcQE98qanGOwuHagnf5nDzJXWBiv2JSZmhw8Hvubr44zvU5oCZ8fxUIfIXW
5eN6HmCCbqTpKRhJgHhY/RvEbjx/Ht+bi8DbwXJzbf9o+mKQSkAZ
-----END CERTIFICATE-----