Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/nEE13nYwxpzIA2sgJ0TKaWeqsVk.roa
File:                     nEE13nYwxpzIA2sgJ0TKaWeqsVk.roa (raw, json)
Hash identifier:          JajVpCrLvg5FU38iGoGAapfPKg6KV35OElOLmlW4UXY=
Subject key identifier:   9C:41:35:DE:76:30:C6:9C:C8:03:6B:20:27:44:CA:69:67:AA:B1:59
Certificate issuer:       /CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
Certificate serial:       01933006298AF6BF8DCA3B7B8F3D0A310B3B
Authority key identifier: 38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/nEE13nYwxpzIA2sgJ0TKaWeqsVk.roa
Signing time:             Fri 15 Nov 2024 13:32:10 +0000
ROA not before:           Fri 15 Nov 2024 13:32:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211447
IP address blocks:        193.200.194.0/24 maxlen: 24
                          2a0a:d6c0:194::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:30:06:29:8a:f6:bf:8d:ca:3b:7b:8f:3d:0a:31:0b:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
        Validity
            Not Before: Nov 15 13:32:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c4135de7630c69cc8036b202744ca6967aab159
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:aa:0c:5c:fe:61:2f:4b:d8:6f:d2:93:25:b3:
                    44:0d:dc:a2:c0:29:ae:a0:7f:2e:84:5e:9a:2e:56:
                    d5:a8:f7:60:56:a4:59:f8:23:a9:c3:5f:77:83:e1:
                    8f:62:59:a9:f0:03:83:e2:3a:62:57:f9:8d:af:b4:
                    7a:c8:ac:2a:47:46:d8:25:38:d3:70:8b:76:7c:36:
                    fe:10:54:75:6b:73:2d:94:ed:a5:45:ef:bb:f5:96:
                    11:e4:e3:2e:3f:42:18:5b:36:20:2e:d5:23:94:c9:
                    0f:11:6b:3b:d7:be:23:8a:94:95:f8:84:e6:61:a2:
                    14:bd:79:3a:cf:4e:53:8e:8c:34:6b:9a:9e:5a:97:
                    8d:cc:39:33:53:64:cf:1f:46:e2:19:b1:90:d7:db:
                    8d:9c:59:1e:c0:6a:77:f5:fd:8d:1f:8d:3e:e7:67:
                    05:85:11:a7:19:96:44:d1:b6:61:f4:54:b5:3a:a2:
                    39:59:bf:8d:19:fa:4a:7e:60:ff:69:ed:3f:11:b8:
                    15:bc:a5:1f:09:5e:a7:0d:1a:0c:6f:b4:83:ec:b9:
                    1f:d4:93:2b:50:cb:dd:82:04:36:a7:d0:c8:b1:40:
                    48:21:95:97:e2:dd:c6:71:fe:ca:6c:c0:30:c0:01:
                    58:59:87:db:63:75:eb:24:58:b1:74:97:4b:3b:a4:
                    15:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:41:35:DE:76:30:C6:9C:C8:03:6B:20:27:44:CA:69:67:AA:B1:59
            X509v3 Authority Key Identifier:
                keyid:38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/nEE13nYwxpzIA2sgJ0TKaWeqsVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.194.0/24
                IPv6:
                  2a0a:d6c0:194::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:25:e7:7f:61:e2:86:60:77:8b:29:19:43:dd:84:77:04:ab:
         69:dd:3e:42:be:b5:76:8b:3e:7e:a4:71:d1:2f:f1:e2:87:65:
         b0:b6:a2:82:64:50:51:a4:49:68:bb:38:05:05:57:d3:98:d6:
         46:29:52:a8:39:59:7a:48:04:5b:ed:7c:db:15:2e:a4:8c:95:
         49:31:22:f2:7c:d7:39:93:23:cf:ef:aa:7c:47:ce:a4:87:de:
         ac:0a:59:40:7b:c0:8e:2a:7a:77:40:78:e9:49:df:07:a9:4a:
         96:40:fb:0b:d6:13:d2:01:89:d1:bd:23:f7:fe:a4:70:ea:3f:
         bd:e4:2e:38:b1:10:37:dc:fc:9e:97:8a:39:c8:9e:7e:ef:ee:
         35:10:9f:16:41:37:13:0f:56:3e:a9:2a:a3:e1:df:12:35:93:
         fa:83:2d:6e:79:dc:8f:5e:4f:3e:73:8d:fa:6f:f3:57:b6:c1:
         00:d5:c7:3b:d3:78:ee:c0:0e:2b:43:08:a3:0e:9a:4c:6a:79:
         63:d4:15:fa:4e:63:9a:7f:3b:2a:94:fe:fa:92:65:f0:94:b8:
         60:1b:19:69:ef:62:b8:b0:06:b5:9e:7d:02:af:11:14:b7:ff:
         52:bd:65:90:df:cd:89:8a:6d:18:3d:1f:2e:63:87:90:52:ba:
         fc:55:f8:d2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZMwBimK9r+Nyjt7jz0KMQs7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4N2Q2ZGY3ZWI3NTQyZTAzMzNhZWVkZDE0YWRmZjhmNTFm
OGNiZDgwHhcNMjQxMTE1MTMzMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzQxMzVkZTc2MzBjNjljYzgwMzZiMjAyNzQ0Y2E2OTY3YWFiMTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaoMXP5hL0vYb9KTJbNEDdyiwCmu
oH8uhF6aLlbVqPdgVqRZ+COpw193g+GPYlmp8AOD4jpiV/mNr7R6yKwqR0bYJTjT
cIt2fDb+EFR1a3MtlO2lRe+79ZYR5OMuP0IYWzYgLtUjlMkPEWs7174jipSV+ITm
YaIUvXk6z05Tjow0a5qeWpeNzDkzU2TPH0biGbGQ19uNnFkewGp39f2NH40+52cF
hRGnGZZE0bZh9FS1OqI5Wb+NGfpKfmD/ae0/EbgVvKUfCV6nDRoMb7SD7Lkf1JMr
UMvdggQ2p9DIsUBIIZWX4t3Gcf7KbMAwwAFYWYfbY3XrJFixdJdLO6QVwwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJxBNd52MMacyANrICdEymlnqrFZMB8GA1UdIwQY
MBaAFDh9bffrdULgMzru3RSt/49R+MvYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2Mt
NjA5YTQ4YjJiMTRkLzEvbkVFMTNuWXd4cHpJQTJzZ0owVEthV2Vxc1ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2MtNjA5YTQ4YjJiMTRk
LzEvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwcjCMA8E
AgACMAkDBwAqCtbAAZQwDQYJKoZIhvcNAQELBQADggEBACIl539h4oZgd4spGUPd
hHcEq2ndPkK+tXaLPn6kcdEv8eKHZbC2ooJkUFGkSWi7OAUFV9OY1kYpUqg5WXpI
BFvtfNsVLqSMlUkxIvJ81zmTI8/vqnxHzqSH3qwKWUB7wI4qendAeOlJ3wepSpZA
+wvWE9IBidG9I/f+pHDqP73kLjixEDfc/J6XijnInn7v7jUQnxZBNxMPVj6pKqPh
3xI1k/qDLW553I9eTz5zjfpv81e2wQDVxzvTeO7ADitDCKMOmkxqeWPUFfpOY5p/
OyqU/vqSZfCUuGAbGWnvYriwBrWefQKvERS3/1K9ZZDfzYmKbRg9Hy5jh5BSuvxV
+NI=
-----END CERTIFICATE-----