Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/pNqGR6Ut3_3LPTuYzKgrEMxV89M.roa
File:                     pNqGR6Ut3_3LPTuYzKgrEMxV89M.roa (raw, json)
Hash identifier:          eMV0sJX2ohaH5KPvrytDSV1+3D9MZDHXasGiUOrTJJs=
Subject key identifier:   A4:DA:86:47:A5:2D:DF:FD:CB:3D:3B:98:CC:A8:2B:10:CC:55:F3:D3
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8027AE591F12729A2951E73B72798A8
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/pNqGR6Ut3_3LPTuYzKgrEMxV89M.roa
Signing time:             Tue 02 Jan 2024 02:30:54 +0000
ROA not before:           Tue 02 Jan 2024 02:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42947
IP address blocks:        194.41.124.0/23 maxlen: 23
                          194.41.126.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:7a:e5:91:f1:27:29:a2:95:1e:73:b7:27:98:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4da8647a52ddffdcb3d3b98cca82b10cc55f3d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:97:bd:ca:dd:49:29:ba:90:b2:38:03:68:53:
                    9a:80:d2:22:4f:f4:44:48:b6:26:10:de:13:85:e3:
                    e9:62:11:cb:1f:ba:5e:8f:d0:ab:00:c0:d0:d1:06:
                    e5:4a:6b:98:2a:8f:1f:3b:70:3f:46:cb:2a:3a:f1:
                    98:44:68:a2:17:08:c9:ec:25:6e:54:b9:f9:86:1f:
                    12:4a:f9:f1:0b:4e:28:84:1c:91:f0:23:84:fd:51:
                    94:31:79:f0:7a:09:b2:e6:04:39:ee:c8:ba:c6:62:
                    25:21:93:02:77:d2:a2:6d:e4:3e:74:5d:4e:fe:ae:
                    23:0b:8d:54:19:61:9b:74:07:64:d7:78:0e:2e:75:
                    aa:1d:d6:35:21:84:32:cb:d2:d1:0d:c1:eb:cc:6f:
                    88:4b:6a:fc:42:48:02:76:a2:56:66:48:c6:f9:1b:
                    12:97:c6:4c:84:fd:6a:57:03:ee:b9:99:fc:8b:f8:
                    bf:51:f0:b3:a3:a2:1e:5d:85:9c:3b:cc:4e:92:30:
                    22:75:ad:f5:8b:2d:7c:bc:f6:9e:ca:d9:67:45:c5:
                    d4:3b:30:a7:a9:4f:d7:67:90:36:eb:0c:a1:a3:9d:
                    6f:36:7b:ef:79:56:f9:6a:d9:a6:05:27:e4:63:f2:
                    0c:ff:8b:01:96:4f:0a:6c:8b:32:54:59:80:77:1a:
                    cb:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:DA:86:47:A5:2D:DF:FD:CB:3D:3B:98:CC:A8:2B:10:CC:55:F3:D3
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/pNqGR6Ut3_3LPTuYzKgrEMxV89M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.41.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:25:4a:a1:a1:b0:50:b8:46:7e:7a:dc:36:68:7a:ef:9c:7e:
         03:9d:c0:20:04:ba:75:6d:f0:84:56:30:4b:5d:a2:41:4f:13:
         4b:92:13:92:e7:74:55:1d:e2:3b:86:db:47:d6:bb:42:8f:68:
         74:aa:5e:24:94:51:c2:a8:ea:52:2b:91:21:23:4f:a7:bd:15:
         6f:9f:25:ec:44:01:15:d5:f1:6f:03:de:6e:f8:26:46:f2:eb:
         1d:f0:5e:e1:0a:ee:52:35:45:33:f7:84:59:06:b3:44:f8:d2:
         fb:2b:38:f7:0b:20:7b:85:45:9e:4d:a1:35:7f:dd:dd:4e:a5:
         3c:57:7c:5c:8a:64:d4:05:59:6e:9c:d1:f3:52:05:8d:3e:b6:
         90:a4:6d:01:2f:14:a3:2f:b6:85:cb:ed:4a:9d:ad:81:6c:08:
         78:b1:1c:5a:d5:6e:8d:af:25:cc:62:54:0a:cd:23:db:ee:ed:
         0c:54:eb:fc:40:e2:f0:ad:53:96:d2:58:f6:95:e7:82:5b:7b:
         f4:03:12:21:a0:f1:21:95:d7:63:52:8d:22:93:04:95:aa:4b:
         20:91:23:1e:1a:39:d5:8f:b2:3b:c3:a2:04:df:7b:3e:9f:da:
         41:4c:f5:f6:94:36:54:18:31:30:b2:11:9f:03:ae:eb:f4:69:
         1e:49:8a:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAnrlkfEnKaKVHnO3J5ioMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGRhODY0N2E1MmRkZmZkY2IzZDNiOThjY2E4MmIxMGNjNTVmM2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pe9yt1JKbqQsjgDaFOagNIiT/RE
SLYmEN4ThePpYhHLH7pej9CrAMDQ0QblSmuYKo8fO3A/RssqOvGYRGiiFwjJ7CVu
VLn5hh8SSvnxC04ohByR8COE/VGUMXnwegmy5gQ57si6xmIlIZMCd9KibeQ+dF1O
/q4jC41UGWGbdAdk13gOLnWqHdY1IYQyy9LRDcHrzG+IS2r8QkgCdqJWZkjG+RsS
l8ZMhP1qVwPuuZn8i/i/UfCzo6IeXYWcO8xOkjAida31iy18vPaeytlnRcXUOzCn
qU/XZ5A26wyho51vNnvveVb5atmmBSfkY/IM/4sBlk8KbIsyVFmAdxrLDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKTahkelLd/9yz07mMyoKxDMVfPTMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvcE5xR1I2VXQzXzNMUFR1WXpLZ3JFTXhWODlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwil8MA0G
CSqGSIb3DQEBCwUAA4IBAQAVJUqhobBQuEZ+etw2aHrvnH4DncAgBLp1bfCEVjBL
XaJBTxNLkhOS53RVHeI7httH1rtCj2h0ql4klFHCqOpSK5EhI0+nvRVvnyXsRAEV
1fFvA95u+CZG8usd8F7hCu5SNUUz94RZBrNE+NL7Kzj3CyB7hUWeTaE1f93dTqU8
V3xcimTUBVlunNHzUgWNPraQpG0BLxSjL7aFy+1Kna2BbAh4sRxa1W6NryXMYlQK
zSPb7u0MVOv8QOLwrVOW0lj2leeCW3v0AxIhoPEhlddjUo0ikwSVqksgkSMeGjnV
j7I7w6IE33s+n9pBTPX2lDZUGDEwshGfA67r9GkeSYon
-----END CERTIFICATE-----