Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/dd6943-6fce-4309-8713-854182cb06a6/1/0RH9Sp7h33kMTopCAnRDleQiydg.roa
File:                     0RH9Sp7h33kMTopCAnRDleQiydg.roa (raw, json)
Hash identifier:          /zV1c8wvEN0FCr1CTcPoLQD2j4WVuBmny16h06ah0cs=
Subject key identifier:   D1:11:FD:4A:9E:E1:DF:79:0C:4E:8A:42:02:74:43:95:E4:22:C9:D8
Certificate issuer:       /CN=7976d7d0bbcc08516523d5df24e6882b72ca5693
Certificate serial:       018DD003B855D483E9F216B82157D366F782
Authority key identifier: 79:76:D7:D0:BB:CC:08:51:65:23:D5:DF:24:E6:88:2B:72:CA:56:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXbX0LvMCFFlI9XfJOaIK3LKVpM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/dd6943-6fce-4309-8713-854182cb06a6/1/0RH9Sp7h33kMTopCAnRDleQiydg.roa
Signing time:             Thu 22 Feb 2024 08:52:01 +0000
ROA not before:           Thu 22 Feb 2024 08:52:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        93.93.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/dd6943-6fce-4309-8713-854182cb06a6/1/eXbX0LvMCFFlI9XfJOaIK3LKVpM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/dd6943-6fce-4309-8713-854182cb06a6/1/eXbX0LvMCFFlI9XfJOaIK3LKVpM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eXbX0LvMCFFlI9XfJOaIK3LKVpM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d0:03:b8:55:d4:83:e9:f2:16:b8:21:57:d3:66:f7:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7976d7d0bbcc08516523d5df24e6882b72ca5693
        Validity
            Not Before: Feb 22 08:52:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d111fd4a9ee1df790c4e8a4202744395e422c9d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:fa:0b:e8:de:f9:f1:55:52:7c:1c:36:9e:a3:
                    9b:7d:21:5d:df:97:9d:9c:e6:bc:d5:e3:38:e0:5f:
                    a9:06:5a:f2:73:59:e4:bc:45:0a:e2:a2:fc:e6:e9:
                    8d:c2:9f:2c:27:8f:9a:64:98:ab:bb:d1:b1:41:46:
                    75:14:82:49:9a:99:e1:c8:31:00:6c:21:32:b2:4f:
                    f0:19:db:87:5c:52:6c:5f:84:19:13:e3:6f:08:8d:
                    1d:83:67:b3:98:b5:f4:99:82:22:57:fc:05:ff:cd:
                    6a:33:b5:80:f8:a2:d6:35:c5:9a:03:3f:69:9c:2f:
                    e1:1f:15:5a:0e:ac:c2:55:a2:e4:75:03:46:d3:06:
                    9f:ee:3d:c5:ae:9f:ca:d8:c5:4c:6e:57:73:80:1d:
                    04:13:f6:67:6a:bc:6b:a7:4e:1f:ee:2e:86:01:40:
                    2b:bd:1f:1e:fb:ca:5f:53:0b:19:57:f3:a9:9c:5e:
                    e1:f3:b8:0e:b4:a8:ab:8b:06:0e:2d:76:99:3f:ba:
                    de:18:7a:43:9a:74:f8:c8:2f:32:9f:5c:9b:2d:8d:
                    71:c2:9a:ef:70:6d:8c:05:14:7b:76:3a:3b:17:c7:
                    13:9b:95:12:b0:64:13:a5:f5:41:ab:1c:fd:d6:8d:
                    9e:33:8f:67:11:87:aa:2e:96:6c:be:62:ff:7c:d9:
                    9a:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:11:FD:4A:9E:E1:DF:79:0C:4E:8A:42:02:74:43:95:E4:22:C9:D8
            X509v3 Authority Key Identifier:
                keyid:79:76:D7:D0:BB:CC:08:51:65:23:D5:DF:24:E6:88:2B:72:CA:56:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXbX0LvMCFFlI9XfJOaIK3LKVpM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/dd6943-6fce-4309-8713-854182cb06a6/1/0RH9Sp7h33kMTopCAnRDleQiydg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/dd6943-6fce-4309-8713-854182cb06a6/1/eXbX0LvMCFFlI9XfJOaIK3LKVpM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.93.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:03:08:9a:9a:dc:ff:14:7f:0a:44:ef:1c:5f:4a:7f:62:67:
         42:6f:54:8c:7d:5f:6b:9c:fb:24:66:4a:2f:fa:db:37:b2:eb:
         61:7f:2d:eb:cc:d7:d6:15:be:8e:f6:ef:9e:bd:cf:0c:6d:d2:
         8e:7e:c5:f5:cd:49:38:b3:a6:a8:72:dd:50:21:fc:dc:2d:54:
         37:cb:1e:52:f8:cd:30:8b:c9:e3:e0:f3:ec:c2:07:c3:5c:70:
         7a:97:ec:a6:b9:21:30:99:b5:fb:5c:5c:31:ea:ae:b9:84:78:
         9d:c6:e4:c6:5d:24:ad:98:9f:30:70:7f:fb:5a:ef:e9:0f:92:
         9e:1a:6f:45:f2:4e:90:1a:42:33:26:01:9b:89:4f:f6:0f:44:
         4f:f2:e4:71:ee:04:58:48:67:5c:d1:f8:14:ac:ae:c6:bb:35:
         e1:ee:45:10:1e:a9:92:56:d4:8e:b6:69:0c:87:9d:ad:e8:2c:
         96:50:4b:13:76:2f:da:8e:5c:5d:6d:d6:14:7e:d5:19:89:6b:
         22:83:c7:02:bf:bb:d1:45:fb:02:2b:7c:0c:c7:69:fa:81:5f:
         0e:a0:4b:c7:64:84:13:36:92:dc:58:6e:7a:79:3c:63:fa:e4:
         b0:43:40:4f:b1:fc:b8:82:21:78:ea:9f:95:19:40:d9:d4:b1:
         8d:48:a7:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3QA7hV1IPp8ha4IVfTZveCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NzZkN2QwYmJjYzA4NTE2NTIzZDVkZjI0ZTY4ODJiNzJj
YTU2OTMwHhcNMjQwMjIyMDg1MjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTExZmQ0YTllZTFkZjc5MGM0ZThhNDIwMjc0NDM5NWU0MjJjOWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfoL6N758VVSfBw2nqObfSFd35ed
nOa81eM44F+pBlryc1nkvEUK4qL85umNwp8sJ4+aZJiru9GxQUZ1FIJJmpnhyDEA
bCEysk/wGduHXFJsX4QZE+NvCI0dg2ezmLX0mYIiV/wF/81qM7WA+KLWNcWaAz9p
nC/hHxVaDqzCVaLkdQNG0waf7j3Frp/K2MVMbldzgB0EE/Znarxrp04f7i6GAUAr
vR8e+8pfUwsZV/OpnF7h87gOtKiriwYOLXaZP7reGHpDmnT4yC8yn1ybLY1xwprv
cG2MBRR7djo7F8cTm5USsGQTpfVBqxz91o2eM49nEYeqLpZsvmL/fNmaqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNER/Uqe4d95DE6KQgJ0Q5XkIsnYMB8GA1UdIwQY
MBaAFHl219C7zAhRZSPV3yTmiCtyylaTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhiWDBMdk1DRkZsSTlYZkpPYUlLM0xLVnBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9kZDY5NDMtNmZjZS00MzA5LTg3MTMt
ODU0MTgyY2IwNmE2LzEvMFJIOVNwN2gzM2tNVG9wQ0FuUkRsZVFpeWRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9kZDY5NDMtNmZjZS00MzA5LTg3MTMtODU0MTgyY2IwNmE2
LzEvZVhiWDBMdk1DRkZsSTlYZkpPYUlLM0xLVnBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXV1QMA0G
CSqGSIb3DQEBCwUAA4IBAQCMAwiamtz/FH8KRO8cX0p/YmdCb1SMfV9rnPskZkov
+ts3suthfy3rzNfWFb6O9u+evc8MbdKOfsX1zUk4s6aoct1QIfzcLVQ3yx5S+M0w
i8nj4PPswgfDXHB6l+ymuSEwmbX7XFwx6q65hHidxuTGXSStmJ8wcH/7Wu/pD5Ke
Gm9F8k6QGkIzJgGbiU/2D0RP8uRx7gRYSGdc0fgUrK7GuzXh7kUQHqmSVtSOtmkM
h52t6CyWUEsTdi/ajlxdbdYUftUZiWsig8cCv7vRRfsCK3wMx2n6gV8OoEvHZIQT
NpLcWG56eTxj+uSwQ0BPsfy4giF46p+VGUDZ1LGNSKfH
-----END CERTIFICATE-----