Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/835a82-8bbe-40b2-b2d4-0481c66c2b5a/1/Y91ulWuXtJm5BTyLAiHs9bFsazc.roa
File:                     Y91ulWuXtJm5BTyLAiHs9bFsazc.roa (raw, json)
Hash identifier:          JirD4mDgCtWn+SgfuolNupFVSSgKEECmiXHGlpATMpk=
Subject key identifier:   63:DD:6E:95:6B:97:B4:99:B9:05:3C:8B:02:21:EC:F5:B1:6C:6B:37
Certificate issuer:       /CN=c1cd870d60a1a6c42067158aeebcc0e3fd6dd81f
Certificate serial:       0192B86E4676CFE98BF2218B3633C11E3448
Authority key identifier: C1:CD:87:0D:60:A1:A6:C4:20:67:15:8A:EE:BC:C0:E3:FD:6D:D8:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wc2HDWChpsQgZxWK7rzA4_1t2B8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/835a82-8bbe-40b2-b2d4-0481c66c2b5a/1/Y91ulWuXtJm5BTyLAiHs9bFsazc.roa
Signing time:             Wed 23 Oct 2024 08:11:27 +0000
ROA not before:           Wed 23 Oct 2024 08:11:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2116
IP address blocks:        193.161.16.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/835a82-8bbe-40b2-b2d4-0481c66c2b5a/1/wc2HDWChpsQgZxWK7rzA4_1t2B8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/835a82-8bbe-40b2-b2d4-0481c66c2b5a/1/wc2HDWChpsQgZxWK7rzA4_1t2B8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wc2HDWChpsQgZxWK7rzA4_1t2B8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b8:6e:46:76:cf:e9:8b:f2:21:8b:36:33:c1:1e:34:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1cd870d60a1a6c42067158aeebcc0e3fd6dd81f
        Validity
            Not Before: Oct 23 08:11:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63dd6e956b97b499b9053c8b0221ecf5b16c6b37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:cf:e5:a7:55:be:60:9b:3c:47:44:b1:58:72:
                    40:a8:2b:57:42:b8:3d:7b:e6:60:a8:a6:e9:9a:95:
                    60:1d:f1:b0:49:a6:01:60:5a:b2:d9:e8:bc:09:8a:
                    bc:ba:2e:3c:35:5f:f1:a2:94:3f:d7:45:97:b1:f3:
                    5b:0d:6e:48:42:2b:c4:69:ba:3f:c4:06:a0:30:ef:
                    83:04:11:f2:e1:04:cc:c9:eb:6b:60:d1:62:fd:f9:
                    3b:86:fd:aa:fe:a5:1e:5a:e0:61:81:f5:0a:e5:03:
                    be:e2:d3:e5:da:22:8d:c3:15:27:6c:31:e9:2e:c3:
                    e9:06:52:90:9c:fe:55:1d:14:21:2a:68:88:93:e1:
                    7a:35:01:ed:73:00:82:f0:67:2a:e7:a8:4c:74:12:
                    83:a8:a6:13:cc:38:06:c4:78:a6:ba:85:8d:24:39:
                    7b:6d:24:fe:c6:82:81:a1:6b:16:a0:a8:56:d9:b3:
                    e1:68:11:e2:12:a1:6c:f3:2d:40:5b:7a:cc:a4:8a:
                    23:42:3e:1d:7b:84:aa:7d:9f:87:74:a2:22:e7:b8:
                    97:5b:ea:31:5f:27:56:f9:82:b6:06:20:84:88:51:
                    75:ef:aa:b3:58:73:70:19:12:6a:2d:40:e3:c0:41:
                    d2:13:9c:6e:c2:b5:a2:7f:b6:a3:62:e4:cd:3c:98:
                    46:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:DD:6E:95:6B:97:B4:99:B9:05:3C:8B:02:21:EC:F5:B1:6C:6B:37
            X509v3 Authority Key Identifier:
                keyid:C1:CD:87:0D:60:A1:A6:C4:20:67:15:8A:EE:BC:C0:E3:FD:6D:D8:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wc2HDWChpsQgZxWK7rzA4_1t2B8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/835a82-8bbe-40b2-b2d4-0481c66c2b5a/1/Y91ulWuXtJm5BTyLAiHs9bFsazc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/835a82-8bbe-40b2-b2d4-0481c66c2b5a/1/wc2HDWChpsQgZxWK7rzA4_1t2B8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.161.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         32:56:72:dc:eb:3d:9b:3f:f4:33:ca:b0:40:d0:1a:bb:91:ec:
         66:a6:bf:96:63:73:34:7a:1e:01:da:4d:70:7a:dd:60:19:8e:
         fb:67:72:67:fb:56:7f:ba:df:1d:5f:19:7d:57:73:8d:8f:7b:
         7e:14:cb:cc:3c:56:3f:41:6a:f6:2b:9d:39:e7:04:de:b7:24:
         45:d5:45:cb:3e:39:03:1f:59:68:1b:d0:4b:23:c6:86:dc:f9:
         a4:22:4a:ab:56:03:1d:2d:c8:05:00:12:7f:31:85:aa:73:68:
         95:6f:8e:43:12:4c:0f:60:d7:13:09:0b:08:da:2f:81:f4:f6:
         7d:20:34:07:d8:64:78:00:f0:79:fd:4b:b5:ab:81:73:45:29:
         75:d7:4c:fe:01:d8:dc:68:59:2d:bd:cd:ee:88:df:0a:de:10:
         76:d9:fb:08:64:dd:d4:7b:65:50:c0:4b:80:69:65:b4:a8:26:
         ad:c6:d0:b1:57:99:56:89:64:20:87:e7:c9:2e:b9:9d:31:58:
         56:88:8a:18:7c:a7:d0:24:b7:c0:1a:77:26:b5:7b:6f:09:cd:
         75:dc:04:b8:08:d6:61:c6:00:7f:ef:ca:1d:69:07:4c:c3:9a:
         0c:4c:15:98:52:4d:21:97:2d:a9:06:de:27:8c:d7:90:7b:9e:
         ef:67:f9:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK4bkZ2z+mL8iGLNjPBHjRIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxY2Q4NzBkNjBhMWE2YzQyMDY3MTU4YWVlYmNjMGUzZmQ2
ZGQ4MWYwHhcNMjQxMDIzMDgxMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2RkNmU5NTZiOTdiNDk5YjkwNTNjOGIwMjIxZWNmNWIxNmM2YjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0M/lp1W+YJs8R0SxWHJAqCtXQrg9
e+ZgqKbpmpVgHfGwSaYBYFqy2ei8CYq8ui48NV/xopQ/10WXsfNbDW5IQivEabo/
xAagMO+DBBHy4QTMyetrYNFi/fk7hv2q/qUeWuBhgfUK5QO+4tPl2iKNwxUnbDHp
LsPpBlKQnP5VHRQhKmiIk+F6NQHtcwCC8Gcq56hMdBKDqKYTzDgGxHimuoWNJDl7
bST+xoKBoWsWoKhW2bPhaBHiEqFs8y1AW3rMpIojQj4de4SqfZ+HdKIi57iXW+ox
XydW+YK2BiCEiFF176qzWHNwGRJqLUDjwEHSE5xuwrWif7ajYuTNPJhG6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPdbpVrl7SZuQU8iwIh7PWxbGs3MB8GA1UdIwQY
MBaAFMHNhw1goabEIGcViu68wOP9bdgfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2MySERXQ2hwc1FnWnhXSzdyekE0XzF0MkI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy84MzVhODItOGJiZS00MGIyLWIyZDQt
MDQ4MWM2NmMyYjVhLzEvWTkxdWxXdVh0Sm01QlR5TEFpSHM5YkZzYXpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy84MzVhODItOGJiZS00MGIyLWIyZDQtMDQ4MWM2NmMyYjVh
LzEvd2MySERXQ2hwc1FnWnhXSzdyekE0XzF0MkI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwaEQMA0G
CSqGSIb3DQEBCwUAA4IBAQAyVnLc6z2bP/QzyrBA0Bq7kexmpr+WY3M0eh4B2k1w
et1gGY77Z3Jn+1Z/ut8dXxl9V3ONj3t+FMvMPFY/QWr2K5055wTetyRF1UXLPjkD
H1loG9BLI8aG3PmkIkqrVgMdLcgFABJ/MYWqc2iVb45DEkwPYNcTCQsI2i+B9PZ9
IDQH2GR4APB5/Uu1q4FzRSl110z+AdjcaFktvc3uiN8K3hB22fsIZN3Ue2VQwEuA
aWW0qCatxtCxV5lWiWQgh+fJLrmdMVhWiIoYfKfQJLfAGncmtXtvCc113AS4CNZh
xgB/78odaQdMw5oMTBWYUk0hly2pBt4njNeQe57vZ/n2
-----END CERTIFICATE-----