Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/1abe8a-45a2-4156-98d7-6806e3d4ce4f/1/a4vHoYhrnppx-RRSbaDhU9a3Xlg.roa
File:                     a4vHoYhrnppx-RRSbaDhU9a3Xlg.roa (raw, json)
Hash identifier:          Gx6DgUJQ+Q9B3BRrvlbCYauakJUPUwBONlfH4lMfXuE=
Subject key identifier:   6B:8B:C7:A1:88:6B:9E:9A:71:F9:14:52:6D:A0:E1:53:D6:B7:5E:58
Certificate issuer:       /CN=0b4cfabe47e9285f65f1f2d686baaf15b8b41773
Certificate serial:       018CC9BC3A819165F663D412D3039E6C15B9
Authority key identifier: 0B:4C:FA:BE:47:E9:28:5F:65:F1:F2:D6:86:BA:AF:15:B8:B4:17:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C0z6vkfpKF9l8fLWhrqvFbi0F3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/1abe8a-45a2-4156-98d7-6806e3d4ce4f/1/a4vHoYhrnppx-RRSbaDhU9a3Xlg.roa
Signing time:             Tue 02 Jan 2024 10:33:25 +0000
ROA not before:           Tue 02 Jan 2024 10:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44919
IP address blocks:        188.92.144.0/21 maxlen: 24
                          193.46.73.0/24 maxlen: 24
                          2a02:d58::/29 maxlen: 35

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/1abe8a-45a2-4156-98d7-6806e3d4ce4f/1/C0z6vkfpKF9l8fLWhrqvFbi0F3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/1abe8a-45a2-4156-98d7-6806e3d4ce4f/1/C0z6vkfpKF9l8fLWhrqvFbi0F3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C0z6vkfpKF9l8fLWhrqvFbi0F3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:3a:81:91:65:f6:63:d4:12:d3:03:9e:6c:15:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4cfabe47e9285f65f1f2d686baaf15b8b41773
        Validity
            Not Before: Jan  2 10:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b8bc7a1886b9e9a71f914526da0e153d6b75e58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0f:56:9b:58:60:23:dc:c1:cb:a8:8e:86:ca:
                    f1:31:50:31:58:1c:d8:c1:63:7c:61:41:5f:7a:72:
                    71:9f:0e:dc:84:c7:76:a9:2e:49:c1:5a:00:2c:b1:
                    98:a0:55:69:8c:e1:53:79:e6:a6:a6:93:5e:27:b6:
                    ec:73:2c:35:8c:43:1f:2e:cc:32:c5:84:fc:9b:3e:
                    f3:9f:e0:60:ba:49:22:6e:45:df:26:b1:7f:56:d7:
                    db:92:46:67:64:27:50:d2:81:e2:a3:df:f5:12:72:
                    44:c6:d7:a1:3d:2d:8d:21:23:11:c1:22:ae:02:b4:
                    9f:33:a9:e5:63:15:b5:36:26:1a:16:dd:b0:fb:64:
                    80:61:25:4f:cf:09:de:ae:57:83:3e:c1:ff:83:15:
                    c1:f5:f0:17:db:a4:5e:82:0c:9a:ba:f4:e4:a1:22:
                    87:f4:00:93:d7:ab:c8:a0:45:5b:42:ab:89:20:ea:
                    9f:0f:94:02:4f:e8:dc:43:6a:56:c8:2e:d6:5c:dd:
                    92:9c:54:f4:80:ae:fe:64:0e:c0:6e:80:1d:45:6c:
                    e0:a6:25:76:da:1a:5f:90:59:af:38:48:17:20:c6:
                    14:0e:75:08:73:70:fe:6e:45:6a:14:67:5f:67:23:
                    3c:fa:2a:15:a7:9d:ba:ae:97:64:3a:35:b5:d8:a7:
                    63:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:8B:C7:A1:88:6B:9E:9A:71:F9:14:52:6D:A0:E1:53:D6:B7:5E:58
            X509v3 Authority Key Identifier:
                keyid:0B:4C:FA:BE:47:E9:28:5F:65:F1:F2:D6:86:BA:AF:15:B8:B4:17:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C0z6vkfpKF9l8fLWhrqvFbi0F3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/1abe8a-45a2-4156-98d7-6806e3d4ce4f/1/a4vHoYhrnppx-RRSbaDhU9a3Xlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/1abe8a-45a2-4156-98d7-6806e3d4ce4f/1/C0z6vkfpKF9l8fLWhrqvFbi0F3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.92.144.0/21
                  193.46.73.0/24
                IPv6:
                  2a02:d58::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:bb:13:aa:de:30:06:42:3f:4d:34:c8:0e:5a:30:f3:f9:f2:
         c2:68:c8:79:14:80:bc:df:04:15:85:85:0d:06:aa:a6:f9:a6:
         ce:6d:83:47:d0:81:fe:06:b6:f1:52:eb:fb:be:69:a8:fc:26:
         58:08:35:9a:33:9b:81:c0:cc:22:5b:4c:e7:fa:fa:d2:46:d6:
         5a:e1:73:3f:46:7f:f0:e1:a6:3c:6c:5d:72:a5:5c:07:45:b1:
         bb:23:e3:00:5f:f8:48:bf:f5:8d:d2:49:c7:f8:41:cb:6e:d8:
         60:af:1d:f4:43:f3:33:10:66:62:44:e3:c0:f9:11:59:21:1b:
         08:c0:03:fc:da:0e:f4:28:76:19:09:51:d9:ba:cd:c4:f0:94:
         37:f4:ee:87:b5:f1:cc:4a:d2:bf:7a:ec:eb:e5:6d:e8:c4:f5:
         aa:f8:4b:c2:50:c5:b9:74:87:6d:18:11:d3:dd:f6:af:7b:06:
         03:0c:91:84:8e:ec:2b:ab:1b:dd:21:7e:fc:d1:90:a0:52:f3:
         e4:25:47:46:b6:3c:c0:ee:49:e1:5d:32:a6:a5:f8:9f:f5:8f:
         3c:6f:61:33:67:d0:b3:22:b2:66:c9:c7:e0:d0:b6:53:9d:e2:
         c6:e7:1a:f3:6e:04:c0:83:6c:dd:57:73:27:b1:43:65:dd:42:
         57:ee:ca:39
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJvDqBkWX2Y9QS0wOebBW5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGNmYWJlNDdlOTI4NWY2NWYxZjJkNjg2YmFhZjE1Yjhi
NDE3NzMwHhcNMjQwMTAyMTAzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjhiYzdhMTg4NmI5ZTlhNzFmOTE0NTI2ZGEwZTE1M2Q2Yjc1ZTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArA9Wm1hgI9zBy6iOhsrxMVAxWBzY
wWN8YUFfenJxnw7chMd2qS5JwVoALLGYoFVpjOFTeeamppNeJ7bscyw1jEMfLswy
xYT8mz7zn+BgukkibkXfJrF/VtfbkkZnZCdQ0oHio9/1EnJExtehPS2NISMRwSKu
ArSfM6nlYxW1NiYaFt2w+2SAYSVPzwnerleDPsH/gxXB9fAX26ReggyauvTkoSKH
9ACT16vIoEVbQquJIOqfD5QCT+jcQ2pWyC7WXN2SnFT0gK7+ZA7AboAdRWzgpiV2
2hpfkFmvOEgXIMYUDnUIc3D+bkVqFGdfZyM8+ioVp526rpdkOjW12KdjeQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGuLx6GIa56acfkUUm2g4VPWt15YMB8GA1UdIwQY
MBaAFAtM+r5H6ShfZfHy1oa6rxW4tBdzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzB6NnZrZnBLRjlsOGZMV2hycXZGYmkwRjNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8xYWJlOGEtNDVhMi00MTU2LTk4ZDct
NjgwNmUzZDRjZTRmLzEvYTR2SG9ZaHJucHB4LVJSU2JhRGhVOWEzWGxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8xYWJlOGEtNDVhMi00MTU2LTk4ZDctNjgwNmUzZDRjZTRm
LzEvQzB6NnZrZnBLRjlsOGZMV2hycXZGYmkwRjNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDvFyQAwQA
wS5JMA0EAgACMAcDBQMqAg1YMA0GCSqGSIb3DQEBCwUAA4IBAQBwuxOq3jAGQj9N
NMgOWjDz+fLCaMh5FIC83wQVhYUNBqqm+abObYNH0IH+BrbxUuv7vmmo/CZYCDWa
M5uBwMwiW0zn+vrSRtZa4XM/Rn/w4aY8bF1ypVwHRbG7I+MAX/hIv/WN0knH+EHL
bthgrx30Q/MzEGZiROPA+RFZIRsIwAP82g70KHYZCVHZus3E8JQ39O6HtfHMStK/
euzr5W3oxPWq+EvCUMW5dIdtGBHT3favewYDDJGEjuwrqxvdIX780ZCgUvPkJUdG
tjzA7knhXTKmpfif9Y88b2EzZ9CzIrJmycfg0LZTneLG5xrzbgTAg2zdV3MnsUNl
3UJX7so5
-----END CERTIFICATE-----