Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/1m9lSKQi5sZkFUz4gAun_VkEDms.roa
File:                     1m9lSKQi5sZkFUz4gAun_VkEDms.roa (raw, json)
Hash identifier:          uzN+qnJhSShPdwZY1y+RyJgaDrsYAX9wZackEJrFMvc=
Subject key identifier:   D6:6F:65:48:A4:22:E6:C6:64:15:4C:F8:80:0B:A7:FD:59:04:0E:6B
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8027C464AD350EBD704E13E61767B5C
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/1m9lSKQi5sZkFUz4gAun_VkEDms.roa
Signing time:             Tue 02 Jan 2024 02:30:55 +0000
ROA not before:           Tue 02 Jan 2024 02:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48266
IP address blocks:        194.147.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:7c:46:4a:d3:50:eb:d7:04:e1:3e:61:76:7b:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d66f6548a422e6c664154cf8800ba7fd59040e6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:3a:bf:50:ec:5a:cb:e5:1a:fd:e7:c4:71:d1:
                    33:e8:00:8c:84:ad:9a:2d:fd:0d:e3:0c:a8:da:1d:
                    31:f0:ed:2f:e3:41:ee:d5:6b:d6:a3:97:fc:6c:a5:
                    e7:0b:79:76:0e:60:7a:04:63:66:82:20:6d:c2:0c:
                    bf:4a:8c:af:25:8c:d6:8c:2e:8f:df:ff:71:53:c8:
                    5f:12:79:fd:d4:f2:cf:fb:a6:3f:e4:3c:77:1e:83:
                    42:ed:99:20:1c:45:e9:d4:1d:30:64:6b:5e:9b:cc:
                    b4:57:d7:5d:72:ad:3d:e6:a4:ed:fe:00:96:4c:cc:
                    24:82:f5:26:e1:79:a0:ee:6e:f2:22:de:cc:df:6d:
                    81:4e:27:4e:a0:6f:14:27:39:dc:09:8c:83:94:39:
                    94:8e:69:81:0c:c2:b0:72:b3:42:f0:2a:d1:77:ee:
                    34:1a:01:1e:0f:ea:67:b3:bd:49:8b:45:b7:ab:be:
                    0f:09:94:ce:d4:ad:cb:f1:47:e2:38:2c:e0:3e:c2:
                    22:dd:89:3a:1a:bd:f1:97:c9:fa:bb:64:54:b6:61:
                    64:8f:e2:94:80:ee:2c:3d:f7:53:2c:31:5a:aa:c7:
                    a0:e9:f8:70:7b:ea:34:a1:52:cd:67:5e:ad:fd:e7:
                    21:e2:e5:b3:17:e1:df:a5:57:64:c6:0a:e4:38:3c:
                    11:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:6F:65:48:A4:22:E6:C6:64:15:4C:F8:80:0B:A7:FD:59:04:0E:6B
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/1m9lSKQi5sZkFUz4gAun_VkEDms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:50:9d:38:00:97:c3:a8:20:2f:ae:23:b7:10:1c:c4:32:4e:
         b5:96:e7:7c:71:af:aa:f2:02:0e:4a:ac:68:7f:7b:ed:7f:a1:
         15:12:4d:75:b3:7e:da:e2:68:c3:27:ac:83:15:89:45:62:57:
         11:c9:c9:0d:48:20:96:08:d6:62:77:37:32:91:3f:4c:28:7c:
         3e:95:a1:d6:90:99:e0:41:60:84:24:0c:94:cf:92:a8:24:0b:
         33:38:9f:b1:2e:08:72:3c:ee:60:33:f2:57:43:6e:75:fc:24:
         f5:81:e4:99:c4:83:50:97:cf:56:99:c1:ff:11:54:9f:67:69:
         e7:36:86:c7:48:65:c1:6d:ca:f0:f5:24:66:08:d0:b5:27:a9:
         bc:5f:50:33:72:bb:42:56:5a:2d:70:62:bd:a4:01:6b:59:82:
         d4:00:96:3e:c1:30:be:d0:a7:5c:2c:52:1f:ac:98:b6:ff:15:
         bd:3f:50:ab:cb:75:59:e7:e9:87:e4:44:0d:96:e2:fd:4e:64:
         1a:f5:11:83:37:79:8a:ce:37:ff:85:11:cc:11:14:d7:fd:94:
         fb:37:b5:17:8f:3b:b1:5b:c1:67:68:93:02:9d:b5:94:c6:9d:
         7b:c7:4e:41:27:c4:d4:a5:70:8f:ff:36:88:c3:35:ba:9a:f2:
         ae:9b:48:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAnxGStNQ69cE4T5hdntcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjZmNjU0OGE0MjJlNmM2NjQxNTRjZjg4MDBiYTdmZDU5MDQwZTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjq/UOxay+Ua/efEcdEz6ACMhK2a
Lf0N4wyo2h0x8O0v40Hu1WvWo5f8bKXnC3l2DmB6BGNmgiBtwgy/SoyvJYzWjC6P
3/9xU8hfEnn91PLP+6Y/5Dx3HoNC7ZkgHEXp1B0wZGtem8y0V9ddcq095qTt/gCW
TMwkgvUm4Xmg7m7yIt7M322BTidOoG8UJzncCYyDlDmUjmmBDMKwcrNC8CrRd+40
GgEeD+pns71Ji0W3q74PCZTO1K3L8UfiOCzgPsIi3Yk6Gr3xl8n6u2RUtmFkj+KU
gO4sPfdTLDFaqseg6fhwe+o0oVLNZ16t/ech4uWzF+HfpVdkxgrkODwRFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNZvZUikIubGZBVM+IALp/1ZBA5rMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvMW05bFNLUWk1c1prRlV6NGdBdW5fVmtFRG1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpMQMA0G
CSqGSIb3DQEBCwUAA4IBAQAYUJ04AJfDqCAvriO3EBzEMk61lud8ca+q8gIOSqxo
f3vtf6EVEk11s37a4mjDJ6yDFYlFYlcRyckNSCCWCNZidzcykT9MKHw+laHWkJng
QWCEJAyUz5KoJAszOJ+xLghyPO5gM/JXQ251/CT1geSZxINQl89WmcH/EVSfZ2nn
NobHSGXBbcrw9SRmCNC1J6m8X1AzcrtCVlotcGK9pAFrWYLUAJY+wTC+0KdcLFIf
rJi2/xW9P1Cry3VZ5+mH5EQNluL9TmQa9RGDN3mKzjf/hRHMERTX/ZT7N7UXjzux
W8FnaJMCnbWUxp17x05BJ8TUpXCP/zaIwzW6mvKum0gO
-----END CERTIFICATE-----