Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/j106dbcJ5FUnCLmLyXKDo7RYGoY.roa
File:                     j106dbcJ5FUnCLmLyXKDo7RYGoY.roa (raw, json)
Hash identifier:          6Njpt4jOG58M8tlQE3JuHHRtM1eh8KdNEVIe+bES66c=
Subject key identifier:   8F:5D:3A:75:B7:09:E4:55:27:08:B9:8B:C9:72:83:A3:B4:58:1A:86
Certificate issuer:       /CN=18886007da1730b0770d8604db73d12fd264f3f9
Certificate serial:       018CC6B78E92D3F41703FEDE4B5305501208
Authority key identifier: 18:88:60:07:DA:17:30:B0:77:0D:86:04:DB:73:D1:2F:D2:64:F3:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GIhgB9oXMLB3DYYE23PRL9Jk8_k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/j106dbcJ5FUnCLmLyXKDo7RYGoY.roa
Signing time:             Mon 01 Jan 2024 20:29:27 +0000
ROA not before:           Mon 01 Jan 2024 20:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57494
IP address blocks:        213.171.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/GIhgB9oXMLB3DYYE23PRL9Jk8_k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/GIhgB9oXMLB3DYYE23PRL9Jk8_k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GIhgB9oXMLB3DYYE23PRL9Jk8_k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:8e:92:d3:f4:17:03:fe:de:4b:53:05:50:12:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18886007da1730b0770d8604db73d12fd264f3f9
        Validity
            Not Before: Jan  1 20:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f5d3a75b709e4552708b98bc97283a3b4581a86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:1a:87:a5:57:d8:a5:fc:24:f5:80:c6:a9:7d:
                    04:8e:1e:c9:52:1c:7b:37:46:60:d7:6c:c6:eb:21:
                    15:83:4a:ce:6a:d5:69:27:26:a6:07:c1:ee:33:84:
                    cc:74:83:47:4a:e6:d5:f6:68:8a:82:fa:fa:69:f2:
                    c8:ae:43:4d:58:a8:e2:f1:6e:be:54:ef:8d:c3:db:
                    7b:02:86:4a:7c:bd:3f:a9:86:d2:46:43:0c:8f:32:
                    35:03:ec:9c:20:d1:34:88:20:25:de:04:c5:1d:df:
                    c7:01:ac:41:85:7d:14:41:57:03:0a:be:09:9f:ee:
                    03:5e:be:28:ec:72:d4:3a:01:10:89:0b:62:4e:ae:
                    56:42:a7:04:fe:7b:2c:95:62:d4:fa:97:29:73:6f:
                    0c:37:87:0f:0f:b0:e2:58:b9:1c:82:f3:8f:27:03:
                    69:eb:19:91:76:6a:2c:83:c5:74:ac:c9:f3:95:dc:
                    b3:b4:87:90:96:2d:3d:5a:32:5f:3f:33:45:95:68:
                    7e:9e:ef:30:10:9a:83:f6:00:be:df:8b:18:a0:2f:
                    2e:c3:6e:7e:c2:ae:65:0b:b2:c6:ff:9b:cd:00:eb:
                    7c:58:ca:8d:26:f3:db:3e:2e:47:31:24:ff:9b:59:
                    c8:eb:a3:ce:01:8a:54:ea:0c:01:26:43:30:c2:a5:
                    a1:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:5D:3A:75:B7:09:E4:55:27:08:B9:8B:C9:72:83:A3:B4:58:1A:86
            X509v3 Authority Key Identifier:
                keyid:18:88:60:07:DA:17:30:B0:77:0D:86:04:DB:73:D1:2F:D2:64:F3:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GIhgB9oXMLB3DYYE23PRL9Jk8_k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/j106dbcJ5FUnCLmLyXKDo7RYGoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/GIhgB9oXMLB3DYYE23PRL9Jk8_k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.171.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:7b:1c:a9:1e:69:af:45:39:1b:0c:94:31:7f:a4:0f:1a:8e:
         35:6d:ae:2e:08:41:fd:47:7c:90:f0:06:a9:04:62:23:59:4e:
         33:d0:18:c4:c3:01:9e:72:e9:11:61:12:b7:db:e1:35:d5:df:
         0a:3d:bd:60:1f:c2:07:59:39:04:ee:d6:d9:c9:f8:a4:7a:df:
         29:68:3f:67:8a:7d:e2:56:0f:01:c6:d9:1c:57:f4:2c:89:0c:
         97:12:c3:25:34:48:90:bc:dd:ca:f9:76:35:ac:c8:09:41:e2:
         2a:34:97:f1:38:f2:bd:2b:3a:90:29:2f:7b:21:cb:00:b4:84:
         1e:fd:63:6b:3d:13:f7:27:6d:0d:e1:0b:40:5c:cd:7e:f9:c4:
         33:ec:bf:13:26:f1:d7:86:3c:f4:81:cb:fd:6b:1a:69:f7:d8:
         f6:bd:af:16:d8:28:51:e8:8f:e3:c5:78:56:4b:c5:f3:c4:9e:
         12:be:6a:2b:12:11:46:eb:5d:12:95:d6:d9:a9:53:65:0d:1c:
         c0:d0:fd:c0:a3:77:4e:b2:e1:89:0a:21:c6:59:bc:5f:74:f8:
         52:30:18:b0:55:7f:21:2c:22:62:ac:82:8d:3b:df:4c:17:99:
         4e:22:f1:d0:ca:8f:a6:c2:34:ab:18:ed:f2:f3:ca:0d:51:c8:
         51:2a:4f:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt46S0/QXA/7eS1MFUBIIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4ODg2MDA3ZGExNzMwYjA3NzBkODYwNGRiNzNkMTJmZDI2
NGYzZjkwHhcNMjQwMTAxMjAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjVkM2E3NWI3MDllNDU1MjcwOGI5OGJjOTcyODNhM2I0NTgxYTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxqHpVfYpfwk9YDGqX0Ejh7JUhx7
N0Zg12zG6yEVg0rOatVpJyamB8HuM4TMdINHSubV9miKgvr6afLIrkNNWKji8W6+
VO+Nw9t7AoZKfL0/qYbSRkMMjzI1A+ycINE0iCAl3gTFHd/HAaxBhX0UQVcDCr4J
n+4DXr4o7HLUOgEQiQtiTq5WQqcE/nsslWLU+pcpc28MN4cPD7DiWLkcgvOPJwNp
6xmRdmosg8V0rMnzldyztIeQli09WjJfPzNFlWh+nu8wEJqD9gC+34sYoC8uw25+
wq5lC7LG/5vNAOt8WMqNJvPbPi5HMST/m1nI66POAYpU6gwBJkMwwqWhOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI9dOnW3CeRVJwi5i8lyg6O0WBqGMB8GA1UdIwQY
MBaAFBiIYAfaFzCwdw2GBNtz0S/SZPP5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0loZ0I5b1hNTEIzRFlZRTIzUFJMOUprOF9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8yOTMzMjgtOTI0NS00MDNiLThhNGEt
MTY5YzgzNmJkNmIwLzEvajEwNmRiY0o1RlVuQ0xtTHlYS0RvN1JZR29ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8yOTMzMjgtOTI0NS00MDNiLThhNGEtMTY5YzgzNmJkNmIw
LzEvR0loZ0I5b1hNTEIzRFlZRTIzUFJMOUprOF9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1asPMA0G
CSqGSIb3DQEBCwUAA4IBAQCDexypHmmvRTkbDJQxf6QPGo41ba4uCEH9R3yQ8Aap
BGIjWU4z0BjEwwGecukRYRK32+E11d8KPb1gH8IHWTkE7tbZyfiket8paD9nin3i
Vg8BxtkcV/QsiQyXEsMlNEiQvN3K+XY1rMgJQeIqNJfxOPK9KzqQKS97IcsAtIQe
/WNrPRP3J20N4QtAXM1++cQz7L8TJvHXhjz0gcv9axpp99j2va8W2ChR6I/jxXhW
S8XzxJ4SvmorEhFG610SldbZqVNlDRzA0P3Ao3dOsuGJCiHGWbxfdPhSMBiwVX8h
LCJirIKNO99MF5lOIvHQyo+mwjSrGO3y88oNUchRKk82
-----END CERTIFICATE-----