Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/69331c-aea2-4237-8400-6221403db58b/1/rzL5GDiJdNOm_48OFwInY03YG-o.roa
File:                     rzL5GDiJdNOm_48OFwInY03YG-o.roa (raw, json)
Hash identifier:          TdoKqMM+gOyuw0Lel2vhf46zaccqXp+qiDi+WWxNnTk=
Subject key identifier:   AF:32:F9:18:38:89:74:D3:A6:FF:8F:0E:17:02:27:63:4D:D8:1B:EA
Certificate issuer:       /CN=b6674bf8e457e2957eee4f51f8b7b44c57db9a2a
Certificate serial:       018CC424675A720C46CA5EC81558A6CCB418
Authority key identifier: B6:67:4B:F8:E4:57:E2:95:7E:EE:4F:51:F8:B7:B4:4C:57:DB:9A:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tmdL-ORX4pV-7k9R-Le0TFfbmio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/69331c-aea2-4237-8400-6221403db58b/1/rzL5GDiJdNOm_48OFwInY03YG-o.roa
Signing time:             Mon 01 Jan 2024 08:29:29 +0000
ROA not before:           Mon 01 Jan 2024 08:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16104
IP address blocks:        193.41.89.0/24 maxlen: 24
                          2001:67c:1684::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/69331c-aea2-4237-8400-6221403db58b/1/tmdL-ORX4pV-7k9R-Le0TFfbmio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/69331c-aea2-4237-8400-6221403db58b/1/tmdL-ORX4pV-7k9R-Le0TFfbmio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tmdL-ORX4pV-7k9R-Le0TFfbmio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 22:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:67:5a:72:0c:46:ca:5e:c8:15:58:a6:cc:b4:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6674bf8e457e2957eee4f51f8b7b44c57db9a2a
        Validity
            Not Before: Jan  1 08:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af32f918388974d3a6ff8f0e170227634dd81bea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:c0:b9:bf:ff:45:b4:d2:31:a0:d3:e8:3f:57:
                    25:e5:02:d2:1d:d6:00:0c:5f:85:8e:5f:3a:e9:17:
                    f4:d6:be:ff:e2:76:a7:b2:39:b8:e0:16:b7:aa:2e:
                    3b:df:04:9d:df:65:85:3a:58:2b:62:6a:2b:9f:0d:
                    8b:e1:79:83:13:5a:84:4f:ef:73:e0:df:93:0f:ff:
                    68:2c:4c:36:77:8c:bc:fd:f3:fd:fc:1f:c5:cc:c8:
                    e8:85:ac:3d:c6:51:af:98:a3:01:ad:cb:80:b7:c9:
                    61:3b:9b:9c:70:66:84:7c:f3:61:e1:51:2e:07:2d:
                    68:3b:98:63:82:db:c2:77:81:13:9d:62:f3:aa:28:
                    a7:59:d3:4b:c2:2a:4f:08:7f:7e:92:ab:22:a9:31:
                    86:aa:fc:2a:ab:48:c6:66:d6:1b:5f:88:53:fe:59:
                    8a:49:2e:d6:8b:1c:ad:4e:db:bf:95:69:90:03:ca:
                    17:46:a7:a2:c4:07:55:63:28:aa:22:5b:ed:ef:8c:
                    17:4e:90:4f:8e:11:ee:92:45:68:0e:2d:97:50:f5:
                    74:be:26:0b:26:ae:36:86:9a:ac:43:0a:41:cc:b1:
                    16:3f:6b:7c:1e:74:75:5a:f0:fc:e1:b5:42:bc:f6:
                    87:63:43:ec:e7:d5:3b:8b:86:7b:4f:e4:fa:43:ef:
                    8e:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:32:F9:18:38:89:74:D3:A6:FF:8F:0E:17:02:27:63:4D:D8:1B:EA
            X509v3 Authority Key Identifier:
                keyid:B6:67:4B:F8:E4:57:E2:95:7E:EE:4F:51:F8:B7:B4:4C:57:DB:9A:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tmdL-ORX4pV-7k9R-Le0TFfbmio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/69331c-aea2-4237-8400-6221403db58b/1/rzL5GDiJdNOm_48OFwInY03YG-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/69331c-aea2-4237-8400-6221403db58b/1/tmdL-ORX4pV-7k9R-Le0TFfbmio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.89.0/24
                IPv6:
                  2001:67c:1684::/48

    Signature Algorithm: sha256WithRSAEncryption
         e3:ac:d7:ab:c5:d4:6d:a5:eb:80:7a:d9:32:89:04:e6:b9:23:
         f7:4f:b9:13:50:e5:43:b1:e9:e3:74:67:62:b0:38:f8:2e:27:
         02:06:db:ef:b1:0a:2a:f7:7a:be:e9:a3:cf:c4:e4:35:1b:9e:
         3a:81:81:ad:41:0f:a8:67:3c:5a:4e:06:52:00:6c:78:5b:0a:
         97:e9:ad:1c:ed:5d:5f:c0:97:e5:6a:5f:6b:4a:b8:41:02:27:
         93:0c:d3:ce:09:c6:42:f0:9d:05:1d:67:e0:3d:5a:03:a1:7b:
         21:90:f6:76:cc:a6:b8:c5:63:ea:56:b2:67:f2:7a:a1:7a:bb:
         1a:0e:95:41:e2:f0:73:fd:14:af:f9:4b:53:67:41:bd:9f:e6:
         18:f9:29:f9:17:bd:a6:36:b7:47:8e:19:a9:d1:91:15:1a:16:
         16:29:48:7c:c5:81:0d:d3:9b:6e:56:c6:4f:a3:ca:9c:27:49:
         c6:07:37:51:29:81:23:a1:c2:1c:9b:03:43:ad:d7:cd:13:79:
         4c:4a:07:d8:52:ec:d8:45:1f:fd:52:de:8e:d6:2b:cb:40:7a:
         ec:64:85:a5:ec:01:2e:4c:dd:f8:1c:5f:23:81:aa:12:cd:ff:
         c5:eb:82:1c:7a:39:73:00:9c:ca:49:69:d1:a6:4b:04:8c:61:
         82:b9:7e:a8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJGdacgxGyl7IFVimzLQYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2Njc0YmY4ZTQ1N2UyOTU3ZWVlNGY1MWY4YjdiNDRjNTdk
YjlhMmEwHhcNMjQwMTAxMDgyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjMyZjkxODM4ODk3NGQzYTZmZjhmMGUxNzAyMjc2MzRkZDgxYmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcC5v/9FtNIxoNPoP1cl5QLSHdYA
DF+Fjl866Rf01r7/4nansjm44Ba3qi473wSd32WFOlgrYmornw2L4XmDE1qET+9z
4N+TD/9oLEw2d4y8/fP9/B/FzMjohaw9xlGvmKMBrcuAt8lhO5uccGaEfPNh4VEu
By1oO5hjgtvCd4ETnWLzqiinWdNLwipPCH9+kqsiqTGGqvwqq0jGZtYbX4hT/lmK
SS7WixytTtu/lWmQA8oXRqeixAdVYyiqIlvt74wXTpBPjhHukkVoDi2XUPV0viYL
Jq42hpqsQwpBzLEWP2t8HnR1WvD84bVCvPaHY0Ps59U7i4Z7T+T6Q++OfQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK8y+Rg4iXTTpv+PDhcCJ2NN2BvqMB8GA1UdIwQY
MBaAFLZnS/jkV+KVfu5PUfi3tExX25oqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdG1kTC1PUlg0cFYtN2s5Ui1MZTBURmZibWlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi82OTMzMWMtYWVhMi00MjM3LTg0MDAt
NjIyMTQwM2RiNThiLzEvcnpMNUdEaUpkTk9tXzQ4T0Z3SW5ZMDNZRy1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi82OTMzMWMtYWVhMi00MjM3LTg0MDAtNjIyMTQwM2RiNThi
LzEvdG1kTC1PUlg0cFYtN2s5Ui1MZTBURmZibWlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwSlZMA8E
AgACMAkDBwAgAQZ8FoQwDQYJKoZIhvcNAQELBQADggEBAOOs16vF1G2l64B62TKJ
BOa5I/dPuRNQ5UOx6eN0Z2KwOPguJwIG2++xCir3er7po8/E5DUbnjqBga1BD6hn
PFpOBlIAbHhbCpfprRztXV/Al+VqX2tKuEECJ5MM084JxkLwnQUdZ+A9WgOheyGQ
9nbMprjFY+pWsmfyeqF6uxoOlUHi8HP9FK/5S1NnQb2f5hj5KfkXvaY2t0eOGanR
kRUaFhYpSHzFgQ3Tm25Wxk+jypwnScYHN1EpgSOhwhybA0Ot180TeUxKB9hS7NhF
H/1S3o7WK8tAeuxkhaXsAS5M3fgcXyOBqhLN/8Xrghx6OXMAnMpJadGmSwSMYYK5
fqg=
-----END CERTIFICATE-----