Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6f5128-7cba-49c5-9b25-99c1b0cfc3a8/1/dwK-SxvkJGZ2nFxv4i6GAuor6IA.roa
File:                     dwK-SxvkJGZ2nFxv4i6GAuor6IA.roa (raw, json)
Hash identifier:          O9gzT13x/IS7RqAb21EBJqZ9kplhgF8uwB6sON7WtBU=
Subject key identifier:   77:02:BE:4B:1B:E4:24:66:76:9C:5C:6F:E2:2E:86:02:EA:2B:E8:80
Certificate issuer:       /CN=ea583d61f2e57a6b16ea4b1a9ca27bb250d748ef
Certificate serial:       018CC5DC11C00F914B224A0A61264CD5A810
Authority key identifier: EA:58:3D:61:F2:E5:7A:6B:16:EA:4B:1A:9C:A2:7B:B2:50:D7:48:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6lg9YfLlemsW6ksanKJ7slDXSO8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6f5128-7cba-49c5-9b25-99c1b0cfc3a8/1/dwK-SxvkJGZ2nFxv4i6GAuor6IA.roa
Signing time:             Mon 01 Jan 2024 16:29:43 +0000
ROA not before:           Mon 01 Jan 2024 16:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8495
IP address blocks:        193.25.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6f5128-7cba-49c5-9b25-99c1b0cfc3a8/1/6lg9YfLlemsW6ksanKJ7slDXSO8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6f5128-7cba-49c5-9b25-99c1b0cfc3a8/1/6lg9YfLlemsW6ksanKJ7slDXSO8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6lg9YfLlemsW6ksanKJ7slDXSO8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:11:c0:0f:91:4b:22:4a:0a:61:26:4c:d5:a8:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea583d61f2e57a6b16ea4b1a9ca27bb250d748ef
        Validity
            Not Before: Jan  1 16:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7702be4b1be42466769c5c6fe22e8602ea2be880
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:bd:7c:0f:ce:e6:a0:b2:e2:91:08:24:aa:f5:
                    dd:46:0a:05:86:39:bc:2d:bc:3f:14:a4:9a:2c:64:
                    b3:1f:20:61:50:e6:a7:48:9f:e8:7e:0d:b9:92:ca:
                    44:df:94:e9:7a:cd:20:c4:5a:62:0d:76:d4:2b:92:
                    cd:2b:a2:5e:b8:e6:cb:46:9b:e2:09:57:5e:b0:9f:
                    3e:a8:4f:96:25:3e:88:a7:d9:73:e2:1a:c6:f1:a9:
                    a2:e4:f2:1b:ff:4f:43:79:61:ca:c5:df:bc:08:f3:
                    50:a2:58:59:3f:54:a9:ad:0c:1e:2c:48:44:c1:f1:
                    47:7d:b3:f2:c5:7a:63:7e:c1:b0:2b:e1:fc:3e:80:
                    b2:5c:49:62:33:1d:a5:37:c8:8b:77:aa:ad:90:19:
                    62:85:d2:c0:23:e5:09:6c:2d:42:1b:f3:c1:d8:1d:
                    5b:4d:6b:2f:42:0b:65:32:a1:2f:4d:b6:28:ec:ed:
                    b2:93:b0:ac:61:a5:6b:aa:6c:b2:72:92:b5:e3:88:
                    fc:10:63:94:b3:c5:8c:03:d8:06:96:bb:f9:af:a8:
                    10:f0:3c:39:d9:6a:cd:2f:97:cf:1a:12:a2:59:43:
                    26:1d:09:30:ee:10:90:c6:cb:d2:86:7b:98:31:90:
                    e3:28:f1:53:a4:4b:04:07:13:e0:b5:10:42:6a:4e:
                    97:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:02:BE:4B:1B:E4:24:66:76:9C:5C:6F:E2:2E:86:02:EA:2B:E8:80
            X509v3 Authority Key Identifier:
                keyid:EA:58:3D:61:F2:E5:7A:6B:16:EA:4B:1A:9C:A2:7B:B2:50:D7:48:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6lg9YfLlemsW6ksanKJ7slDXSO8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6f5128-7cba-49c5-9b25-99c1b0cfc3a8/1/dwK-SxvkJGZ2nFxv4i6GAuor6IA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6f5128-7cba-49c5-9b25-99c1b0cfc3a8/1/6lg9YfLlemsW6ksanKJ7slDXSO8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:51:06:0c:ce:2b:16:aa:d1:59:46:09:e8:17:26:98:76:3d:
         ee:f4:fc:9b:f7:61:ed:36:13:39:ec:fc:34:c3:85:31:08:3d:
         b7:27:c0:bb:9c:d4:b7:e8:17:b5:95:66:30:88:41:4d:23:05:
         01:58:5a:db:2b:e4:7d:e2:52:8d:29:a0:f7:b5:dc:0b:3e:be:
         ea:fd:d8:41:78:b1:8f:2a:76:a7:ab:1c:07:af:31:0d:f2:25:
         1d:20:fe:fd:94:bd:8b:6c:d0:9e:d8:4c:ca:15:cf:8c:ef:ee:
         ee:ba:cf:73:5f:1a:68:97:16:d1:09:ab:d4:64:14:f6:b2:9c:
         fc:eb:ac:6c:2d:1a:64:25:8b:ea:a9:70:90:b6:e6:1e:8e:28:
         cc:85:25:3d:e8:8e:53:b1:4e:01:3d:ba:62:49:33:b3:19:91:
         40:d7:e4:06:85:02:ab:26:4f:84:38:e5:e6:9a:71:67:8d:e1:
         20:fb:9f:4c:44:8a:d7:2d:54:e6:25:7a:a6:ab:af:a1:23:19:
         34:5b:13:31:00:a7:73:6f:25:71:14:f2:14:ce:2d:12:af:be:
         19:1e:f5:ec:ce:b3:8a:b1:25:37:d9:77:3a:2a:7e:1f:8b:37:
         c8:86:8d:6b:a1:dd:53:b8:1c:17:19:1e:69:5f:bd:0f:ce:82:
         4e:58:e0:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3BHAD5FLIkoKYSZM1agQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhNTgzZDYxZjJlNTdhNmIxNmVhNGIxYTljYTI3YmIyNTBk
NzQ4ZWYwHhcNMjQwMTAxMTYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzAyYmU0YjFiZTQyNDY2NzY5YzVjNmZlMjJlODYwMmVhMmJlODgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw718D87moLLikQgkqvXdRgoFhjm8
Lbw/FKSaLGSzHyBhUOanSJ/ofg25kspE35Tpes0gxFpiDXbUK5LNK6JeuObLRpvi
CVdesJ8+qE+WJT6Ip9lz4hrG8ami5PIb/09DeWHKxd+8CPNQolhZP1SprQweLEhE
wfFHfbPyxXpjfsGwK+H8PoCyXEliMx2lN8iLd6qtkBlihdLAI+UJbC1CG/PB2B1b
TWsvQgtlMqEvTbYo7O2yk7CsYaVrqmyycpK144j8EGOUs8WMA9gGlrv5r6gQ8Dw5
2WrNL5fPGhKiWUMmHQkw7hCQxsvShnuYMZDjKPFTpEsEBxPgtRBCak6XVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHcCvksb5CRmdpxcb+IuhgLqK+iAMB8GA1UdIwQY
MBaAFOpYPWHy5XprFupLGpyie7JQ10jvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmxnOVlmTGxlbXNXNmtzYW5LSjdzbERYU084LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82ZjUxMjgtN2NiYS00OWM1LTliMjUt
OTljMWIwY2ZjM2E4LzEvZHdLLVN4dmtKR1oybkZ4djRpNkdBdW9yNklBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82ZjUxMjgtN2NiYS00OWM1LTliMjUtOTljMWIwY2ZjM2E4
LzEvNmxnOVlmTGxlbXNXNmtzYW5LSjdzbERYU084LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRmsMA0G
CSqGSIb3DQEBCwUAA4IBAQDJUQYMzisWqtFZRgnoFyaYdj3u9Pyb92HtNhM57Pw0
w4UxCD23J8C7nNS36Be1lWYwiEFNIwUBWFrbK+R94lKNKaD3tdwLPr7q/dhBeLGP
KnanqxwHrzEN8iUdIP79lL2LbNCe2EzKFc+M7+7uus9zXxpolxbRCavUZBT2spz8
66xsLRpkJYvqqXCQtuYejijMhSU96I5TsU4BPbpiSTOzGZFA1+QGhQKrJk+EOOXm
mnFnjeEg+59MRIrXLVTmJXqmq6+hIxk0WxMxAKdzbyVxFPIUzi0Sr74ZHvXszrOK
sSU32Xc6Kn4fizfIho1rod1TuBwXGR5pX70PzoJOWODh
-----END CERTIFICATE-----