Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/34223a-e77e-4544-a207-fa1725034491/1/xdpG7Z8Z4cXrUvwKqabRNqa0SpQ.roa
File:                     xdpG7Z8Z4cXrUvwKqabRNqa0SpQ.roa (raw, json)
Hash identifier:          lbz+jpgJuErN2bX7rna4j7BD171ibND2jUna+ZsesL8=
Subject key identifier:   C5:DA:46:ED:9F:19:E1:C5:EB:52:FC:0A:A9:A6:D1:36:A6:B4:4A:94
Certificate issuer:       /CN=9d31c233cbd266db02620b9deb90d08e41692e67
Certificate serial:       018CC86EFAB0B52D8E9D1A617EAB48E690A1
Authority key identifier: 9D:31:C2:33:CB:D2:66:DB:02:62:0B:9D:EB:90:D0:8E:41:69:2E:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nTHCM8vSZtsCYgud65DQjkFpLmc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/34223a-e77e-4544-a207-fa1725034491/1/xdpG7Z8Z4cXrUvwKqabRNqa0SpQ.roa
Signing time:             Tue 02 Jan 2024 04:29:25 +0000
ROA not before:           Tue 02 Jan 2024 04:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        194.124.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/34223a-e77e-4544-a207-fa1725034491/1/nTHCM8vSZtsCYgud65DQjkFpLmc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/34223a-e77e-4544-a207-fa1725034491/1/nTHCM8vSZtsCYgud65DQjkFpLmc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nTHCM8vSZtsCYgud65DQjkFpLmc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:fa:b0:b5:2d:8e:9d:1a:61:7e:ab:48:e6:90:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d31c233cbd266db02620b9deb90d08e41692e67
        Validity
            Not Before: Jan  2 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5da46ed9f19e1c5eb52fc0aa9a6d136a6b44a94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:1d:37:4a:41:c9:c0:bc:e7:65:6d:89:bd:b1:
                    7f:a2:e7:6b:3b:b7:17:81:94:88:3c:59:1e:cd:59:
                    89:b8:95:41:f8:c0:ff:dd:a3:59:7e:ca:de:d8:ae:
                    bb:ee:90:5e:cb:06:71:a3:64:07:56:3a:ae:75:79:
                    fe:c7:0b:e4:07:d0:9e:55:bd:2e:68:95:78:8e:d3:
                    25:6b:78:04:84:a6:be:49:1f:5a:65:d4:e3:af:47:
                    9a:f3:08:6d:bb:97:46:97:5b:c2:e4:b1:84:3b:12:
                    48:25:17:f4:df:bd:41:e7:f1:43:82:ed:9f:13:2e:
                    3a:e4:6e:9a:9b:ce:44:b0:02:b8:48:14:37:ca:0f:
                    74:f5:42:e2:c4:39:60:1f:e5:e5:9f:aa:0f:b5:98:
                    3e:62:65:8a:c2:f2:55:36:70:f4:e4:28:c1:5b:e6:
                    14:20:88:51:de:43:42:39:d6:ad:b3:ae:ad:38:7e:
                    40:6d:8a:30:18:1f:d7:8d:18:92:40:71:4d:0f:be:
                    ce:3a:40:1a:8e:ff:cc:df:3c:82:19:6a:b6:70:5d:
                    82:96:68:00:db:0c:59:ac:a4:f2:c6:52:21:1c:ac:
                    1b:27:63:bb:95:dc:3b:08:92:9e:87:7a:d7:a1:a9:
                    7e:0c:ca:38:0d:1c:d5:70:1c:9e:fc:40:12:23:90:
                    f3:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:DA:46:ED:9F:19:E1:C5:EB:52:FC:0A:A9:A6:D1:36:A6:B4:4A:94
            X509v3 Authority Key Identifier:
                keyid:9D:31:C2:33:CB:D2:66:DB:02:62:0B:9D:EB:90:D0:8E:41:69:2E:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nTHCM8vSZtsCYgud65DQjkFpLmc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/34223a-e77e-4544-a207-fa1725034491/1/xdpG7Z8Z4cXrUvwKqabRNqa0SpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/34223a-e77e-4544-a207-fa1725034491/1/nTHCM8vSZtsCYgud65DQjkFpLmc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.124.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:2b:f4:5f:34:47:b6:12:07:04:bf:1c:3d:aa:6f:ff:4c:c0:
         65:f9:74:ee:08:7f:e7:f5:33:d5:d4:51:c2:c2:33:76:ef:66:
         de:a7:78:29:0b:64:98:a6:da:15:f0:19:8c:5e:c1:29:6e:bf:
         bb:0f:eb:ea:08:54:0b:d4:7a:7e:d6:d7:57:6a:24:2a:fb:16:
         d5:67:e0:85:1a:cd:bb:0e:04:a6:9b:db:69:88:28:f0:b7:cd:
         4d:ca:9b:84:21:48:60:73:5d:55:28:74:69:f0:57:23:b9:dc:
         fc:1f:8d:b1:a0:dd:09:4a:9f:69:fb:9b:3a:64:40:cb:91:98:
         2c:cd:c1:7e:84:84:da:a2:9a:76:8f:15:95:a8:70:f9:0b:6e:
         1a:57:d1:c9:00:dc:b7:7a:1a:a0:ae:29:ca:56:94:08:d9:8f:
         63:31:5f:90:92:8e:13:78:4e:d6:a6:9a:6a:00:4d:b6:2b:00:
         9e:32:26:bf:19:4a:21:39:39:dc:b5:fc:1e:da:37:c6:cb:f2:
         01:4a:26:85:99:77:16:ce:d6:84:7a:87:bb:90:0b:79:3e:c1:
         3f:28:7b:ba:d6:c0:d3:59:c7:26:9d:14:5e:f0:df:47:1e:44:
         a9:83:b3:02:61:7f:2f:b0:54:8d:0d:40:72:4d:b5:da:71:4f:
         d2:b2:36:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbvqwtS2OnRphfqtI5pChMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMzFjMjMzY2JkMjY2ZGIwMjYyMGI5ZGViOTBkMDhlNDE2
OTJlNjcwHhcNMjQwMTAyMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWRhNDZlZDlmMTllMWM1ZWI1MmZjMGFhOWE2ZDEzNmE2YjQ0YTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmR03SkHJwLznZW2JvbF/oudrO7cX
gZSIPFkezVmJuJVB+MD/3aNZfsre2K677pBeywZxo2QHVjqudXn+xwvkB9CeVb0u
aJV4jtMla3gEhKa+SR9aZdTjr0ea8whtu5dGl1vC5LGEOxJIJRf0371B5/FDgu2f
Ey465G6am85EsAK4SBQ3yg909ULixDlgH+Xln6oPtZg+YmWKwvJVNnD05CjBW+YU
IIhR3kNCOdats66tOH5AbYowGB/XjRiSQHFND77OOkAajv/M3zyCGWq2cF2ClmgA
2wxZrKTyxlIhHKwbJ2O7ldw7CJKeh3rXoal+DMo4DRzVcBye/EASI5DzdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXaRu2fGeHF61L8Cqmm0TamtEqUMB8GA1UdIwQY
MBaAFJ0xwjPL0mbbAmILneuQ0I5BaS5nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblRIQ004dlNadHNDWWd1ZDY1RFFqa0ZwTG1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zNDIyM2EtZTc3ZS00NTQ0LWEyMDct
ZmExNzI1MDM0NDkxLzEveGRwRzdaOFo0Y1hyVXZ3S3FhYlJOcWEwU3BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zNDIyM2EtZTc3ZS00NTQ0LWEyMDctZmExNzI1MDM0NDkx
LzEvblRIQ004dlNadHNDWWd1ZDY1RFFqa0ZwTG1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnzzMA0G
CSqGSIb3DQEBCwUAA4IBAQAgK/RfNEe2EgcEvxw9qm//TMBl+XTuCH/n9TPV1FHC
wjN272bep3gpC2SYptoV8BmMXsEpbr+7D+vqCFQL1Hp+1tdXaiQq+xbVZ+CFGs27
DgSmm9tpiCjwt81NypuEIUhgc11VKHRp8Fcjudz8H42xoN0JSp9p+5s6ZEDLkZgs
zcF+hITaopp2jxWVqHD5C24aV9HJANy3ehqgrinKVpQI2Y9jMV+Qko4TeE7Wpppq
AE22KwCeMia/GUohOTnctfwe2jfGy/IBSiaFmXcWztaEeoe7kAt5PsE/KHu61sDT
WccmnRRe8N9HHkSpg7MCYX8vsFSNDUByTbXacU/Ssjat
-----END CERTIFICATE-----