Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/e5b520-8d4c-4cd8-a54c-681c4a5d5b74/1/x9IyvQLKwtEJaeBfvt25tHIdYOo.roa
File:                     x9IyvQLKwtEJaeBfvt25tHIdYOo.roa (raw, json)
Hash identifier:          U4ny3oKyBP/HD1BOBb8wwP0GN8ZgJ42y+xITveZBNqc=
Subject key identifier:   C7:D2:32:BD:02:CA:C2:D1:09:69:E0:5F:BE:DD:B9:B4:72:1D:60:EA
Certificate issuer:       /CN=e8b6e8499ffe31e1f6d6780d03017e83473f2d3c
Certificate serial:       0192F6042BDDF146D84A5C9746C242F51AC0
Authority key identifier: E8:B6:E8:49:9F:FE:31:E1:F6:D6:78:0D:03:01:7E:83:47:3F:2D:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6LboSZ_-MeH21ngNAwF-g0c_LTw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/e5b520-8d4c-4cd8-a54c-681c4a5d5b74/1/x9IyvQLKwtEJaeBfvt25tHIdYOo.roa
Signing time:             Mon 04 Nov 2024 07:12:01 +0000
ROA not before:           Mon 04 Nov 2024 07:12:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15924
IP address blocks:        193.42.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/e5b520-8d4c-4cd8-a54c-681c4a5d5b74/1/6LboSZ_-MeH21ngNAwF-g0c_LTw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/e5b520-8d4c-4cd8-a54c-681c4a5d5b74/1/6LboSZ_-MeH21ngNAwF-g0c_LTw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6LboSZ_-MeH21ngNAwF-g0c_LTw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f6:04:2b:dd:f1:46:d8:4a:5c:97:46:c2:42:f5:1a:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8b6e8499ffe31e1f6d6780d03017e83473f2d3c
        Validity
            Not Before: Nov  4 07:12:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7d232bd02cac2d10969e05fbeddb9b4721d60ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:50:ee:b0:1b:c1:fa:db:1d:5d:bb:c6:d6:53:
                    e8:e9:e1:fc:8b:64:a8:96:c0:9f:c7:d0:4c:4d:0c:
                    70:bf:e7:55:dc:1d:db:20:44:81:cc:a4:85:c5:a2:
                    19:bb:c9:83:53:d4:c4:2a:23:2e:c1:d6:00:e1:dd:
                    61:ec:4d:2c:41:3d:c7:d1:ea:f3:7a:f4:68:45:77:
                    1a:67:6e:64:ce:bf:dd:5d:55:88:6a:b7:1d:e9:52:
                    19:57:da:67:80:fa:9e:63:0c:59:c6:95:62:aa:51:
                    6b:9f:78:8c:6f:0d:b0:8c:1a:3f:ff:67:27:4f:2b:
                    bb:01:db:f2:a3:e4:97:b8:98:f3:69:9f:86:b6:46:
                    ba:74:89:9f:6b:b9:8e:a1:d1:1e:fb:32:95:7a:e6:
                    63:2b:34:77:25:1c:b3:d2:b8:71:7e:2c:6d:9e:f9:
                    25:8e:ee:a7:db:dd:fe:cc:1d:61:64:70:8d:87:18:
                    e2:fd:fb:60:07:a5:13:1b:59:18:7f:43:90:cf:72:
                    be:1a:35:a6:6d:ce:68:70:93:84:a2:b7:c6:34:73:
                    40:cf:f3:39:a1:bc:47:de:94:3c:67:83:66:73:3c:
                    8e:9c:da:f0:f0:71:f7:a0:96:ee:d7:cf:e9:5c:cf:
                    24:ee:de:9b:48:0e:91:ae:24:9c:c3:d6:7d:9d:2a:
                    b1:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:D2:32:BD:02:CA:C2:D1:09:69:E0:5F:BE:DD:B9:B4:72:1D:60:EA
            X509v3 Authority Key Identifier:
                keyid:E8:B6:E8:49:9F:FE:31:E1:F6:D6:78:0D:03:01:7E:83:47:3F:2D:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6LboSZ_-MeH21ngNAwF-g0c_LTw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/e5b520-8d4c-4cd8-a54c-681c4a5d5b74/1/x9IyvQLKwtEJaeBfvt25tHIdYOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/e5b520-8d4c-4cd8-a54c-681c4a5d5b74/1/6LboSZ_-MeH21ngNAwF-g0c_LTw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:6a:2c:04:1c:c2:94:82:f5:91:90:e6:e0:e8:ad:01:c9:51:
         0c:e0:51:01:9d:63:61:1d:2f:3c:e4:23:7e:e2:7b:04:d9:95:
         f5:9b:8d:e0:e6:0f:14:e6:26:98:40:f1:6d:b4:ce:31:5c:6d:
         e0:3c:0b:2e:06:04:ee:16:b2:c6:a1:e4:e0:45:c1:e0:45:9f:
         67:0c:d5:30:8b:03:aa:11:80:6e:48:ff:89:25:f8:2e:2a:36:
         ff:b8:72:38:a9:5f:4b:aa:94:92:00:94:8a:86:9a:31:20:bd:
         ef:90:4f:04:ad:47:68:23:ce:57:ba:91:b7:20:ff:e1:cf:e0:
         d8:31:d0:9e:1f:9a:ad:5c:6c:c6:ce:e4:e0:03:29:f2:24:99:
         41:c4:20:85:60:f0:1e:bc:cf:e1:33:3d:d3:3e:39:3b:eb:dd:
         53:06:8f:3b:07:12:53:af:41:93:06:b9:38:22:70:65:95:59:
         24:69:73:5d:0b:30:7a:55:49:44:1d:38:99:8d:f5:15:c6:29:
         6c:c2:15:13:27:7e:4c:18:01:5c:cf:aa:e0:74:96:0c:59:cb:
         03:5b:dd:61:be:90:86:ca:f2:98:8f:40:0d:11:5b:e9:8f:89:
         74:40:e1:77:ea:ea:2b:af:fe:c9:2b:0b:22:0f:a5:c1:5b:18:
         f6:26:c9:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZL2BCvd8UbYSlyXRsJC9RrAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YjZlODQ5OWZmZTMxZTFmNmQ2NzgwZDAzMDE3ZTgzNDcz
ZjJkM2MwHhcNMjQxMTA0MDcxMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2QyMzJiZDAyY2FjMmQxMDk2OWUwNWZiZWRkYjliNDcyMWQ2MGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVDusBvB+tsdXbvG1lPo6eH8i2So
lsCfx9BMTQxwv+dV3B3bIESBzKSFxaIZu8mDU9TEKiMuwdYA4d1h7E0sQT3H0erz
evRoRXcaZ25kzr/dXVWIarcd6VIZV9pngPqeYwxZxpViqlFrn3iMbw2wjBo//2cn
Tyu7Advyo+SXuJjzaZ+Gtka6dImfa7mOodEe+zKVeuZjKzR3JRyz0rhxfixtnvkl
ju6n293+zB1hZHCNhxji/ftgB6UTG1kYf0OQz3K+GjWmbc5ocJOEorfGNHNAz/M5
obxH3pQ8Z4NmczyOnNrw8HH3oJbu18/pXM8k7t6bSA6RriScw9Z9nSqx4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMfSMr0CysLRCWngX77dubRyHWDqMB8GA1UdIwQY
MBaAFOi26Emf/jHh9tZ4DQMBfoNHPy08MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkxib1NaXy1NZUgyMW5nTkF3Ri1nMGNfTFR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9lNWI1MjAtOGQ0Yy00Y2Q4LWE1NGMt
NjgxYzRhNWQ1Yjc0LzEveDlJeXZRTEt3dEVKYWVCZnZ0MjV0SElkWU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9lNWI1MjAtOGQ0Yy00Y2Q4LWE1NGMtNjgxYzRhNWQ1Yjc0
LzEvNkxib1NaXy1NZUgyMW5nTkF3Ri1nMGNfTFR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSpmMA0G
CSqGSIb3DQEBCwUAA4IBAQBZaiwEHMKUgvWRkObg6K0ByVEM4FEBnWNhHS885CN+
4nsE2ZX1m43g5g8U5iaYQPFttM4xXG3gPAsuBgTuFrLGoeTgRcHgRZ9nDNUwiwOq
EYBuSP+JJfguKjb/uHI4qV9LqpSSAJSKhpoxIL3vkE8ErUdoI85XupG3IP/hz+DY
MdCeH5qtXGzGzuTgAynyJJlBxCCFYPAevM/hMz3TPjk7691TBo87BxJTr0GTBrk4
InBllVkkaXNdCzB6VUlEHTiZjfUVxilswhUTJ35MGAFcz6rgdJYMWcsDW91hvpCG
yvKYj0ANEVvpj4l0QOF36uorr/7JKwsiD6XBWxj2Jsm4
-----END CERTIFICATE-----