Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/aMiCNfiPmF6ZFVYMwdYte9pLayk.roa
File:                     aMiCNfiPmF6ZFVYMwdYte9pLayk.roa (raw, json)
Hash identifier:          Q+7uqOduff60hvY71b+DXj4ut6FD9hG7bx9VPhQCaTM=
Subject key identifier:   68:C8:82:35:F8:8F:98:5E:99:15:56:0C:C1:D6:2D:7B:DA:4B:6B:29
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC802EBF08991E0D4D8431037E6FAE361
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/aMiCNfiPmF6ZFVYMwdYte9pLayk.roa
Signing time:             Tue 02 Jan 2024 02:31:23 +0000
ROA not before:           Tue 02 Jan 2024 02:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42675
IP address blocks:        193.182.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 20:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:eb:f0:89:91:e0:d4:d8:43:10:37:e6:fa:e3:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68c88235f88f985e9915560cc1d62d7bda4b6b29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:65:ea:19:ca:77:9a:3c:bb:26:ce:ea:fa:6e:
                    40:a9:35:20:f9:9e:9f:59:e3:8f:56:5e:5d:90:94:
                    ae:15:1a:63:55:1e:17:a7:03:9a:db:3f:3b:32:7e:
                    26:46:9d:6b:9a:40:7c:2e:8a:e1:fa:a6:9e:b9:80:
                    7e:b9:af:5b:97:96:9c:99:a0:19:96:36:2c:c9:a0:
                    ba:6e:e1:3f:77:50:ad:56:c4:53:d0:bf:32:79:b4:
                    87:90:fb:6a:67:48:cb:3a:30:c1:fe:db:2d:d3:94:
                    2e:a4:29:ce:ed:30:e2:cb:f7:5b:43:76:ba:4e:64:
                    e3:b4:61:a5:9b:79:77:1b:8a:ee:9b:11:1d:3d:07:
                    e3:fc:f7:9f:f0:3d:78:8e:e8:0c:f7:f5:f8:9f:09:
                    c1:6f:7f:89:0e:d1:b2:f0:3e:d9:b8:67:33:a5:ad:
                    65:b5:9a:f7:45:cc:19:5b:53:b0:38:e8:66:dd:bc:
                    f8:ad:0c:32:ef:c3:be:c6:54:b5:d0:0c:4e:e6:84:
                    f2:02:f8:1b:4f:aa:f2:53:9e:48:b8:89:70:07:24:
                    21:5d:b9:1b:aa:8d:0f:1b:b5:62:77:55:e9:9f:c9:
                    ee:68:51:b1:02:13:4b:94:a4:a1:44:38:e3:12:79:
                    21:78:02:12:46:54:5b:f9:61:ef:d7:a7:d4:f9:d9:
                    db:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:C8:82:35:F8:8F:98:5E:99:15:56:0C:C1:D6:2D:7B:DA:4B:6B:29
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/aMiCNfiPmF6ZFVYMwdYte9pLayk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.182.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:62:26:a7:aa:1e:ef:b5:8d:c9:94:f6:db:dc:5c:b5:7e:95:
         02:f3:5a:d2:99:a9:63:1c:f8:e7:91:b6:f4:a4:ba:ae:69:82:
         2e:d3:51:32:4e:fe:db:89:d5:02:e7:68:d3:a4:da:3a:80:d9:
         e7:c4:1d:1b:9b:1e:cc:6d:02:45:99:d3:24:fb:ab:e5:77:85:
         f5:1c:ca:82:ce:c5:af:f1:19:aa:64:77:e8:be:db:0d:18:65:
         f5:bc:7c:64:76:cb:95:2f:14:7d:a6:55:11:34:bd:3b:47:75:
         59:1f:eb:30:1b:06:87:fb:ea:f4:11:91:11:25:4f:81:75:0f:
         89:95:31:8e:16:f3:7f:51:85:15:87:26:81:92:b3:76:7b:a1:
         2a:ba:67:59:9e:4f:94:ab:59:38:91:70:3c:54:79:f4:ee:ea:
         f1:8f:5a:64:55:5d:db:79:62:23:3a:d0:a9:7d:83:3f:e0:48:
         89:d0:e3:39:20:88:0c:11:37:c3:02:a6:26:92:52:0a:d2:60:
         e3:d0:44:99:63:bd:dc:79:58:0d:24:8b:3e:52:16:cb:41:37:
         f1:3f:d5:9d:45:dc:5f:5c:c5:86:05:d1:05:ec:20:18:5e:5c:
         01:5c:fa:ce:88:c1:58:62:dd:da:2c:a3:39:f7:cd:d2:16:43:
         23:80:df:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAuvwiZHg1NhDEDfm+uNhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGM4ODIzNWY4OGY5ODVlOTkxNTU2MGNjMWQ2MmQ3YmRhNGI2YjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg2XqGcp3mjy7Js7q+m5AqTUg+Z6f
WeOPVl5dkJSuFRpjVR4XpwOa2z87Mn4mRp1rmkB8Lorh+qaeuYB+ua9bl5acmaAZ
ljYsyaC6buE/d1CtVsRT0L8yebSHkPtqZ0jLOjDB/tst05QupCnO7TDiy/dbQ3a6
TmTjtGGlm3l3G4rumxEdPQfj/Pef8D14jugM9/X4nwnBb3+JDtGy8D7ZuGczpa1l
tZr3RcwZW1OwOOhm3bz4rQwy78O+xlS10AxO5oTyAvgbT6ryU55IuIlwByQhXbkb
qo0PG7Vid1Xpn8nuaFGxAhNLlKShRDjjEnkheAISRlRb+WHv16fU+dnbiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjIgjX4j5hemRVWDMHWLXvaS2spMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvYU1pQ05maVBtRjZaRlZZTXdkWXRlOXBMYXlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbZvMA0G
CSqGSIb3DQEBCwUAA4IBAQBLYianqh7vtY3JlPbb3Fy1fpUC81rSmaljHPjnkbb0
pLquaYIu01EyTv7bidUC52jTpNo6gNnnxB0bmx7MbQJFmdMk+6vld4X1HMqCzsWv
8RmqZHfovtsNGGX1vHxkdsuVLxR9plURNL07R3VZH+swGwaH++r0EZERJU+BdQ+J
lTGOFvN/UYUVhyaBkrN2e6EqumdZnk+Uq1k4kXA8VHn07urxj1pkVV3beWIjOtCp
fYM/4EiJ0OM5IIgMETfDAqYmklIK0mDj0ESZY73ceVgNJIs+UhbLQTfxP9WdRdxf
XMWGBdEF7CAYXlwBXPrOiMFYYt3aLKM5983SFkMjgN/C
-----END CERTIFICATE-----