Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/0df28d-924d-4b4e-94b8-824ffc6942f4/1/TUjcnEO8sHjDGTWkyBL6P-fnKWU.roa
File:                     TUjcnEO8sHjDGTWkyBL6P-fnKWU.roa (raw, json)
Hash identifier:          rj3zFAt4PVghqM9OOrq0UBYHYdAmPvYnoAuYNr6HExk=
Subject key identifier:   4D:48:DC:9C:43:BC:B0:78:C3:19:35:A4:C8:12:FA:3F:E7:E7:29:65
Certificate issuer:       /CN=d689cb71891c6d94bd9e6f14f16e7e37c2c728bf
Certificate serial:       0192D9C8533D748FD1243138F8FD8BCE2750
Authority key identifier: D6:89:CB:71:89:1C:6D:94:BD:9E:6F:14:F1:6E:7E:37:C2:C7:28:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1onLcYkcbZS9nm8U8W5-N8LHKL8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/0df28d-924d-4b4e-94b8-824ffc6942f4/1/TUjcnEO8sHjDGTWkyBL6P-fnKWU.roa
Signing time:             Tue 29 Oct 2024 19:37:17 +0000
ROA not before:           Tue 29 Oct 2024 19:37:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215546
IP address blocks:        193.243.183.0/26 maxlen: 26

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/0df28d-924d-4b4e-94b8-824ffc6942f4/1/1onLcYkcbZS9nm8U8W5-N8LHKL8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/0df28d-924d-4b4e-94b8-824ffc6942f4/1/1onLcYkcbZS9nm8U8W5-N8LHKL8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1onLcYkcbZS9nm8U8W5-N8LHKL8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d9:c8:53:3d:74:8f:d1:24:31:38:f8:fd:8b:ce:27:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d689cb71891c6d94bd9e6f14f16e7e37c2c728bf
        Validity
            Not Before: Oct 29 19:37:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d48dc9c43bcb078c31935a4c812fa3fe7e72965
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:90:80:97:c4:9e:45:37:21:09:6b:48:d1:2d:
                    58:b7:9c:7c:8e:31:b6:e1:84:29:2a:94:74:fa:6d:
                    c6:e8:8d:df:95:e2:12:ea:a6:4d:9f:b0:8f:93:f1:
                    d0:3f:49:75:8c:62:d4:ae:e7:4d:03:3b:c7:4e:21:
                    a6:b8:2c:d7:11:bc:09:2c:ba:d8:2a:08:d9:0f:48:
                    8b:d5:de:30:d6:07:bd:70:5f:1b:d4:f5:6f:c5:67:
                    62:f6:c7:5e:1c:b5:9f:a7:b3:bf:07:c2:e2:90:e0:
                    82:b4:e1:fb:cb:91:da:2f:bc:53:f1:52:99:99:3e:
                    f7:7e:c8:49:d4:40:cd:76:2b:ba:65:f0:4e:27:de:
                    85:50:d2:01:44:20:f7:7a:6c:b3:a1:7d:f9:b4:eb:
                    6b:26:fc:84:66:a7:fc:6c:f1:0c:e1:2f:c3:0b:53:
                    6f:3f:9f:4f:26:6e:e3:ba:d2:0c:ae:25:e5:e4:2c:
                    3d:1c:48:ec:f4:4d:57:9b:d3:50:5e:1e:fa:9d:46:
                    4b:0b:44:65:f9:63:8e:80:28:1d:9a:cc:d8:47:7c:
                    53:3a:db:f3:cb:c7:a3:de:e9:1e:66:df:3b:69:b6:
                    f5:1b:54:90:72:a5:41:dc:ad:89:fd:40:75:2f:51:
                    68:8b:00:9e:ed:dc:ca:c6:9e:c7:bc:74:b8:81:dd:
                    9e:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:48:DC:9C:43:BC:B0:78:C3:19:35:A4:C8:12:FA:3F:E7:E7:29:65
            X509v3 Authority Key Identifier:
                keyid:D6:89:CB:71:89:1C:6D:94:BD:9E:6F:14:F1:6E:7E:37:C2:C7:28:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1onLcYkcbZS9nm8U8W5-N8LHKL8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/0df28d-924d-4b4e-94b8-824ffc6942f4/1/TUjcnEO8sHjDGTWkyBL6P-fnKWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/0df28d-924d-4b4e-94b8-824ffc6942f4/1/1onLcYkcbZS9nm8U8W5-N8LHKL8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.243.183.0/26

    Signature Algorithm: sha256WithRSAEncryption
         2a:b9:3d:30:dc:16:26:bf:06:fe:f5:e5:96:c6:e1:0f:72:ed:
         56:1b:8b:94:d6:4e:18:46:70:c6:f6:78:8d:76:35:64:17:8c:
         03:c8:18:61:68:4a:d4:e9:31:f2:bc:c0:90:fd:3b:b4:e5:a9:
         cc:9b:90:04:42:b3:13:a6:c9:7e:5a:cb:d3:b0:07:66:5b:62:
         78:eb:bc:1f:1d:90:dc:e5:82:96:d5:41:6b:f9:97:5c:23:55:
         55:1e:c3:ab:ae:e2:f4:44:3a:f2:93:42:0b:6f:41:d3:07:27:
         d2:15:85:6b:dd:80:c3:71:53:c5:b4:ee:a2:1f:ac:47:7a:1d:
         04:c1:ac:ed:26:48:a6:d7:35:9b:da:14:0d:f3:65:80:d3:5f:
         0d:31:ef:64:3f:54:2c:ea:09:7c:a9:84:bb:1d:84:a0:ae:56:
         5a:f9:8e:9f:f0:4e:4b:38:63:39:ee:ea:ea:99:1b:4e:7d:9d:
         29:cb:da:7a:71:05:6c:c9:1a:3b:97:91:a5:d5:d0:00:e6:42:
         50:fb:39:c6:7e:a1:44:16:fb:9e:b8:8b:3f:0c:90:10:5d:cd:
         24:89:89:04:60:ee:24:23:ea:f8:be:16:f1:3b:04:40:75:c4:
         31:6a:4d:39:c2:04:80:1e:37:7c:9b:14:1e:50:a2:fb:63:b8:
         36:a3:e5:57
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZLZyFM9dI/RJDE4+P2LzidQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ODljYjcxODkxYzZkOTRiZDllNmYxNGYxNmU3ZTM3YzJj
NzI4YmYwHhcNMjQxMDI5MTkzNzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDQ4ZGM5YzQzYmNiMDc4YzMxOTM1YTRjODEyZmEzZmU3ZTcyOTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpCAl8SeRTchCWtI0S1Yt5x8jjG2
4YQpKpR0+m3G6I3fleIS6qZNn7CPk/HQP0l1jGLUrudNAzvHTiGmuCzXEbwJLLrY
KgjZD0iL1d4w1ge9cF8b1PVvxWdi9sdeHLWfp7O/B8LikOCCtOH7y5HaL7xT8VKZ
mT73fshJ1EDNdiu6ZfBOJ96FUNIBRCD3emyzoX35tOtrJvyEZqf8bPEM4S/DC1Nv
P59PJm7jutIMriXl5Cw9HEjs9E1Xm9NQXh76nUZLC0Rl+WOOgCgdmszYR3xTOtvz
y8ej3ukeZt87abb1G1SQcqVB3K2J/UB1L1FoiwCe7dzKxp7HvHS4gd2eEQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFE1I3JxDvLB4wxk1pMgS+j/n5yllMB8GA1UdIwQY
MBaAFNaJy3GJHG2UvZ5vFPFufjfCxyi/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW9uTGNZa2NiWlM5bm04VThXNS1OOExIS0w4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8wZGYyOGQtOTI0ZC00YjRlLTk0Yjgt
ODI0ZmZjNjk0MmY0LzEvVFVqY25FTzhzSGpER1RXa3lCTDZQLWZuS1dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8wZGYyOGQtOTI0ZC00YjRlLTk0YjgtODI0ZmZjNjk0MmY0
LzEvMW9uTGNZa2NiWlM5bm04VThXNS1OOExIS0w4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUGwfO3ADAN
BgkqhkiG9w0BAQsFAAOCAQEAKrk9MNwWJr8G/vXllsbhD3LtVhuLlNZOGEZwxvZ4
jXY1ZBeMA8gYYWhK1Okx8rzAkP07tOWpzJuQBEKzE6bJflrL07AHZltieOu8Hx2Q
3OWCltVBa/mXXCNVVR7Dq67i9EQ68pNCC29B0wcn0hWFa92Aw3FTxbTuoh+sR3od
BMGs7SZIptc1m9oUDfNlgNNfDTHvZD9ULOoJfKmEux2EoK5WWvmOn/BOSzhjOe7q
6pkbTn2dKcvaenEFbMkaO5eRpdXQAOZCUPs5xn6hRBb7nriLPwyQEF3NJImJBGDu
JCPq+L4W8TsEQHXEMWpNOcIEgB43fJsUHlCi+2O4NqPlVw==
-----END CERTIFICATE-----