Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/0b8f11-a011-4764-bcf3-6dbba2b1dca7/1/QmW0aeTEGIMxnVuzdGEZuSXQ8Go.roa
File:                     QmW0aeTEGIMxnVuzdGEZuSXQ8Go.roa (raw, json)
Hash identifier:          lUQGxypGFWdSU/160RtFyIGX0wZrLqc7bUaKRg9Gv2U=
Subject key identifier:   42:65:B4:69:E4:C4:18:83:31:9D:5B:B3:74:61:19:B9:25:D0:F0:6A
Certificate issuer:       /CN=ee0581767af4579e44da977b1082d94b3c7b9298
Certificate serial:       018CC34918FB9DE39AF61BF07E8FEC0FD904
Authority key identifier: EE:05:81:76:7A:F4:57:9E:44:DA:97:7B:10:82:D9:4B:3C:7B:92:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7gWBdnr0V55E2pd7EILZSzx7kpg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/0b8f11-a011-4764-bcf3-6dbba2b1dca7/1/QmW0aeTEGIMxnVuzdGEZuSXQ8Go.roa
Signing time:             Mon 01 Jan 2024 04:29:56 +0000
ROA not before:           Mon 01 Jan 2024 04:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6453
IP address blocks:        193.105.119.0/24 maxlen: 24
                          195.85.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/0b8f11-a011-4764-bcf3-6dbba2b1dca7/1/7gWBdnr0V55E2pd7EILZSzx7kpg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/0b8f11-a011-4764-bcf3-6dbba2b1dca7/1/7gWBdnr0V55E2pd7EILZSzx7kpg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7gWBdnr0V55E2pd7EILZSzx7kpg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:18:fb:9d:e3:9a:f6:1b:f0:7e:8f:ec:0f:d9:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee0581767af4579e44da977b1082d94b3c7b9298
        Validity
            Not Before: Jan  1 04:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4265b469e4c41883319d5bb3746119b925d0f06a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:4c:f3:e5:61:12:a7:95:b4:80:05:e4:4a:7d:
                    59:d1:55:20:84:80:7c:d3:36:c7:50:e4:e5:a1:7e:
                    48:47:49:4a:bf:a4:1a:d7:3c:46:40:06:48:e4:7e:
                    83:fa:e0:ac:22:2f:2a:51:53:c4:a0:fe:73:f9:2c:
                    4d:6e:ec:7f:b1:3e:4e:67:c3:75:32:8c:88:fd:d4:
                    f7:ff:2a:2b:83:f3:9f:70:d0:b0:db:d1:25:21:8d:
                    fe:33:85:4b:e9:b6:80:57:a4:89:c5:e1:5f:c1:b2:
                    f8:05:ab:f4:5b:42:b9:bd:a1:1f:41:0c:9b:12:6f:
                    f2:f3:a1:2a:aa:37:35:6f:84:f0:18:02:19:ca:c6:
                    a3:19:4b:17:51:3f:22:7e:b0:ff:5b:54:a5:63:74:
                    c4:46:fe:eb:89:b7:93:ea:55:db:57:07:cf:9a:13:
                    62:20:50:7d:1b:7e:12:aa:24:eb:68:81:ae:c1:84:
                    15:c7:84:d8:72:14:04:b1:bf:46:cb:f0:e5:9a:1f:
                    88:5f:5a:a8:cd:91:6c:e7:6a:a3:b6:71:70:19:51:
                    54:fb:67:e8:d0:48:3b:b4:17:39:e9:c4:0c:b1:0f:
                    23:ae:ed:a3:d7:7f:31:0b:7d:88:d6:62:87:7f:5f:
                    e1:1b:ed:4a:f4:1e:ab:58:46:54:80:90:fe:83:89:
                    e3:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:65:B4:69:E4:C4:18:83:31:9D:5B:B3:74:61:19:B9:25:D0:F0:6A
            X509v3 Authority Key Identifier:
                keyid:EE:05:81:76:7A:F4:57:9E:44:DA:97:7B:10:82:D9:4B:3C:7B:92:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7gWBdnr0V55E2pd7EILZSzx7kpg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/0b8f11-a011-4764-bcf3-6dbba2b1dca7/1/QmW0aeTEGIMxnVuzdGEZuSXQ8Go.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/0b8f11-a011-4764-bcf3-6dbba2b1dca7/1/7gWBdnr0V55E2pd7EILZSzx7kpg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.119.0/24
                  195.85.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:11:85:e3:9f:6c:b5:f7:8f:11:ce:01:bd:31:93:38:42:52:
         94:ca:9d:d9:99:9f:88:e4:4c:7b:b1:cb:fa:1a:e4:35:fe:83:
         1c:9a:8d:6b:6e:8c:be:b4:7e:9b:8a:04:c9:cb:ed:45:ad:7c:
         de:a6:52:d0:5f:36:35:4a:63:a9:a9:03:cd:e2:5a:2f:dd:5f:
         70:f0:eb:c5:1e:5d:9d:ba:21:de:e9:4c:bb:3c:31:d6:04:22:
         b2:36:77:ad:77:ea:d8:7f:b2:cb:0e:00:20:8e:78:19:b0:62:
         d5:fd:72:cf:53:3a:3c:5b:34:2d:25:15:34:81:03:2b:42:22:
         64:b4:ca:e8:c2:e7:f7:0b:02:93:bf:08:df:fe:8a:65:25:09:
         54:39:d8:96:96:cb:61:17:a7:e7:eb:40:2b:52:b6:72:28:a7:
         f5:15:b7:ad:79:9a:b5:9a:79:94:55:68:b2:3b:ec:e2:4f:58:
         43:ea:53:a0:57:7e:c0:02:f6:6b:fa:23:b7:5b:78:a9:64:12:
         a9:52:66:8d:8f:4c:79:f9:c8:23:fc:f0:57:72:03:c0:bc:fc:
         f2:7e:47:c4:bc:f8:59:f2:59:a9:95:75:a6:1a:09:2f:b6:f8:
         8c:41:38:de:0a:09:d8:28:5f:ca:54:84:28:92:42:4d:08:3d:
         aa:ee:77:5b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSRj7neOa9hvwfo/sD9kEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMDU4MTc2N2FmNDU3OWU0NGRhOTc3YjEwODJkOTRiM2M3
YjkyOTgwHhcNMjQwMTAxMDQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjY1YjQ2OWU0YzQxODgzMzE5ZDViYjM3NDYxMTliOTI1ZDBmMDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikzz5WESp5W0gAXkSn1Z0VUghIB8
0zbHUOTloX5IR0lKv6Qa1zxGQAZI5H6D+uCsIi8qUVPEoP5z+SxNbux/sT5OZ8N1
MoyI/dT3/yorg/OfcNCw29ElIY3+M4VL6baAV6SJxeFfwbL4Bav0W0K5vaEfQQyb
Em/y86Eqqjc1b4TwGAIZysajGUsXUT8ifrD/W1SlY3TERv7ribeT6lXbVwfPmhNi
IFB9G34SqiTraIGuwYQVx4TYchQEsb9Gy/Dlmh+IX1qozZFs52qjtnFwGVFU+2fo
0Eg7tBc56cQMsQ8jru2j138xC32I1mKHf1/hG+1K9B6rWEZUgJD+g4njdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEJltGnkxBiDMZ1bs3RhGbkl0PBqMB8GA1UdIwQY
MBaAFO4FgXZ69FeeRNqXexCC2Us8e5KYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2dXQmRucjBWNTVFMnBkN0VJTFpTeng3a3BnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi8wYjhmMTEtYTAxMS00NzY0LWJjZjMt
NmRiYmEyYjFkY2E3LzEvUW1XMGFlVEVHSU14blZ1emRHRVp1U1hROEdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi8wYjhmMTEtYTAxMS00NzY0LWJjZjMtNmRiYmEyYjFkY2E3
LzEvN2dXQmRucjBWNTVFMnBkN0VJTFpTeng3a3BnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwWl3AwQA
w1XgMA0GCSqGSIb3DQEBCwUAA4IBAQCdEYXjn2y1948RzgG9MZM4QlKUyp3ZmZ+I
5Ex7scv6GuQ1/oMcmo1rboy+tH6bigTJy+1FrXzeplLQXzY1SmOpqQPN4lov3V9w
8OvFHl2duiHe6Uy7PDHWBCKyNnetd+rYf7LLDgAgjngZsGLV/XLPUzo8WzQtJRU0
gQMrQiJktMrowuf3CwKTvwjf/oplJQlUOdiWlsthF6fn60ArUrZyKKf1FbeteZq1
mnmUVWiyO+ziT1hD6lOgV37AAvZr+iO3W3ipZBKpUmaNj0x5+cgj/PBXcgPAvPzy
fkfEvPhZ8lmplXWmGgkvtviMQTjeCgnYKF/KVIQokkJNCD2q7ndb
-----END CERTIFICATE-----