Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/zKARK4esSWbyD0T0nOx_wHt3NKo.roa
File:                     zKARK4esSWbyD0T0nOx_wHt3NKo.roa (raw, json)
Hash identifier:          UE6tly2nStiz2YpoRCTMN/D3VkjihyGx97eOpWujAdc=
Subject key identifier:   CC:A0:11:2B:87:AC:49:66:F2:0F:44:F4:9C:EC:7F:C0:7B:77:34:AA
Certificate issuer:       /CN=38f9c54f19193e06548163f895c3a46b9f8bfbb5
Certificate serial:       018CC49363F44A00D8A55D287BFD96A7CEA2
Authority key identifier: 38:F9:C5:4F:19:19:3E:06:54:81:63:F8:95:C3:A4:6B:9F:8B:FB:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OPnFTxkZPgZUgWP4lcOka5-L-7U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/zKARK4esSWbyD0T0nOx_wHt3NKo.roa
Signing time:             Mon 01 Jan 2024 10:30:42 +0000
ROA not before:           Mon 01 Jan 2024 10:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5408
IP address blocks:        193.218.96.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/OPnFTxkZPgZUgWP4lcOka5-L-7U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/OPnFTxkZPgZUgWP4lcOka5-L-7U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OPnFTxkZPgZUgWP4lcOka5-L-7U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:63:f4:4a:00:d8:a5:5d:28:7b:fd:96:a7:ce:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38f9c54f19193e06548163f895c3a46b9f8bfbb5
        Validity
            Not Before: Jan  1 10:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cca0112b87ac4966f20f44f49cec7fc07b7734aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:6d:a5:0a:1d:09:9f:7e:54:05:de:a5:6a:9c:
                    c7:96:63:5a:4d:d7:08:99:54:0e:78:d5:20:0f:7b:
                    e6:07:93:dd:37:13:01:78:fb:05:90:0f:39:8d:0d:
                    bf:ca:f9:4c:72:f8:05:c0:35:4b:cf:1b:65:8d:32:
                    6a:2f:c3:d3:08:75:2c:30:9e:f8:35:2a:e7:28:17:
                    05:aa:cd:a6:58:ba:1f:6d:73:e7:28:51:a5:f2:44:
                    d9:6b:ea:69:4e:5b:b3:fc:ce:cc:d1:a6:3b:b7:c0:
                    db:13:a2:47:49:aa:24:3f:39:9a:f9:38:7d:84:73:
                    0a:8a:99:9f:52:1b:b5:ba:d6:1c:c9:de:e3:7f:ef:
                    6f:d8:17:e1:7d:24:17:25:7e:6e:72:84:50:ae:d9:
                    83:2b:56:25:4f:6e:2a:fd:d7:f6:79:03:a5:52:d6:
                    f6:0b:72:e3:9f:b0:32:be:6f:ed:e8:9e:a5:3c:87:
                    92:99:23:73:f8:1c:4d:2d:87:62:26:cb:a0:fb:9f:
                    fe:7c:ee:35:75:81:d2:e3:9a:d2:ea:0f:5c:2b:2f:
                    00:5a:08:92:38:b3:30:a9:f8:d1:64:36:d0:0f:e9:
                    51:6d:7b:d3:40:53:6b:26:36:39:48:07:c8:bc:4e:
                    6e:18:88:27:ff:9f:ec:a1:24:1f:e2:cf:12:ac:4a:
                    9d:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:A0:11:2B:87:AC:49:66:F2:0F:44:F4:9C:EC:7F:C0:7B:77:34:AA
            X509v3 Authority Key Identifier:
                keyid:38:F9:C5:4F:19:19:3E:06:54:81:63:F8:95:C3:A4:6B:9F:8B:FB:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OPnFTxkZPgZUgWP4lcOka5-L-7U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/zKARK4esSWbyD0T0nOx_wHt3NKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/OPnFTxkZPgZUgWP4lcOka5-L-7U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.218.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a0:ee:02:da:0b:9f:35:61:50:c4:66:79:82:99:4b:8e:7b:cd:
         f0:20:d5:0c:c5:1d:ea:d0:6b:97:b3:56:73:4f:6b:52:ab:d8:
         c4:5c:d7:37:f5:d6:21:8b:fa:bc:04:a2:0c:47:2b:5b:03:56:
         89:07:e3:d5:42:ae:73:24:3d:8b:a6:45:98:61:1e:23:c4:b7:
         67:57:e1:69:29:08:42:0f:86:6a:83:2b:9f:14:20:25:fe:8e:
         18:0f:8b:26:cf:c8:18:ca:6d:67:01:48:e0:c1:f4:d3:bb:ab:
         19:8a:8d:60:9d:18:6e:a1:24:9e:e2:99:74:f8:30:ff:ae:9f:
         e5:24:57:26:e5:ba:e4:da:69:f1:90:a0:5d:3b:c4:7e:6f:20:
         14:a9:85:ea:34:6b:7a:b4:0e:93:4c:9b:72:40:64:ac:3c:e4:
         cf:22:b9:0a:70:5c:b2:dc:35:0b:13:5b:07:24:e1:f2:4c:5e:
         7d:a9:d5:be:f0:2c:2e:06:c5:ec:92:fe:1e:7a:c2:31:52:b3:
         19:9e:9a:b4:07:0d:f3:dc:88:c7:36:ae:de:f0:b1:0b:b1:fb:
         21:03:b5:96:a6:8a:7e:8e:06:49:a1:70:e6:4d:87:14:42:be:
         e9:d8:5e:1f:bc:9f:3f:73:4b:34:d5:c3:29:9d:0c:3c:fd:f7:
         99:13:19:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk2P0SgDYpV0oe/2Wp86iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4ZjljNTRmMTkxOTNlMDY1NDgxNjNmODk1YzNhNDZiOWY4
YmZiYjUwHhcNMjQwMTAxMTAzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2EwMTEyYjg3YWM0OTY2ZjIwZjQ0ZjQ5Y2VjN2ZjMDdiNzczNGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoG2lCh0Jn35UBd6lapzHlmNaTdcI
mVQOeNUgD3vmB5PdNxMBePsFkA85jQ2/yvlMcvgFwDVLzxtljTJqL8PTCHUsMJ74
NSrnKBcFqs2mWLofbXPnKFGl8kTZa+ppTluz/M7M0aY7t8DbE6JHSaokPzma+Th9
hHMKipmfUhu1utYcyd7jf+9v2BfhfSQXJX5ucoRQrtmDK1YlT24q/df2eQOlUtb2
C3Ljn7Ayvm/t6J6lPIeSmSNz+BxNLYdiJsug+5/+fO41dYHS45rS6g9cKy8AWgiS
OLMwqfjRZDbQD+lRbXvTQFNrJjY5SAfIvE5uGIgn/5/soSQf4s8SrEqdlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMygESuHrElm8g9E9Jzsf8B7dzSqMB8GA1UdIwQY
MBaAFDj5xU8ZGT4GVIFj+JXDpGufi/u1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1BuRlR4a1pQZ1pVZ1dQNGxjT2thNS1MLTdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9mMGI2YmEtODY3NS00OTFjLTg1OTMt
NzI0OTQ5YjQ2MGU5LzEvektBUks0ZXNTV2J5RDBUMG5PeF93SHQzTktvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9mMGI2YmEtODY3NS00OTFjLTg1OTMtNzI0OTQ5YjQ2MGU5
LzEvT1BuRlR4a1pQZ1pVZ1dQNGxjT2thNS1MLTdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwdpgMA0G
CSqGSIb3DQEBCwUAA4IBAQCg7gLaC581YVDEZnmCmUuOe83wINUMxR3q0GuXs1Zz
T2tSq9jEXNc39dYhi/q8BKIMRytbA1aJB+PVQq5zJD2LpkWYYR4jxLdnV+FpKQhC
D4ZqgyufFCAl/o4YD4smz8gYym1nAUjgwfTTu6sZio1gnRhuoSSe4pl0+DD/rp/l
JFcm5brk2mnxkKBdO8R+byAUqYXqNGt6tA6TTJtyQGSsPOTPIrkKcFyy3DULE1sH
JOHyTF59qdW+8CwuBsXskv4eesIxUrMZnpq0Bw3z3IjHNq7e8LELsfshA7WWpop+
jgZJoXDmTYcUQr7p2F4fvJ8/c0s01cMpnQw8/feZExmU
-----END CERTIFICATE-----