Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/abcc07-9a60-49f6-a1ef-8d52902ac830/1/OxWRPdc6GCLXUwXDqlTo8WGPpG8.roa
File:                     OxWRPdc6GCLXUwXDqlTo8WGPpG8.roa (raw, json)
Hash identifier:          uZrENEy71G/VZRnU8LAUltjIkoSSRNygnY7yWjewXg4=
Subject key identifier:   3B:15:91:3D:D7:3A:18:22:D7:53:05:C3:AA:54:E8:F1:61:8F:A4:6F
Certificate issuer:       /CN=f3ba90c71eb4cb0169c94843e5c72fd777501906
Certificate serial:       018CC72583E2C45E5FEEE4C7DA6FC92CCDAB
Authority key identifier: F3:BA:90:C7:1E:B4:CB:01:69:C9:48:43:E5:C7:2F:D7:77:50:19:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/87qQxx60ywFpyUhD5ccv13dQGQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/abcc07-9a60-49f6-a1ef-8d52902ac830/1/OxWRPdc6GCLXUwXDqlTo8WGPpG8.roa
Signing time:             Mon 01 Jan 2024 22:29:33 +0000
ROA not before:           Mon 01 Jan 2024 22:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21437
IP address blocks:        193.104.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/abcc07-9a60-49f6-a1ef-8d52902ac830/1/87qQxx60ywFpyUhD5ccv13dQGQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/abcc07-9a60-49f6-a1ef-8d52902ac830/1/87qQxx60ywFpyUhD5ccv13dQGQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/87qQxx60ywFpyUhD5ccv13dQGQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:83:e2:c4:5e:5f:ee:e4:c7:da:6f:c9:2c:cd:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3ba90c71eb4cb0169c94843e5c72fd777501906
        Validity
            Not Before: Jan  1 22:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b15913dd73a1822d75305c3aa54e8f1618fa46f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d5:3d:3c:0c:42:1a:56:31:46:27:70:63:a6:
                    6d:99:98:3e:60:d8:be:ef:0e:14:1d:4a:c9:ce:f4:
                    6b:fa:2e:ef:b9:4e:5e:47:e4:82:52:a3:c9:7a:40:
                    fa:01:80:57:b0:8b:2b:c0:72:36:19:08:a5:51:29:
                    3c:c4:59:e8:fe:10:ae:7c:4c:47:87:b7:07:6f:21:
                    e8:a4:d6:48:24:ff:5e:5e:96:ad:06:cc:1a:64:3f:
                    bf:e4:34:62:ab:df:a8:b0:56:be:c9:c1:cf:50:2e:
                    91:cc:37:34:48:f6:18:31:eb:c7:12:69:5c:da:a3:
                    c3:a1:fa:41:f5:fc:b6:8e:b2:6a:f8:25:84:69:94:
                    c0:f2:1b:2f:e8:5f:6e:d3:4c:e0:77:f1:f4:1c:fc:
                    37:9a:05:65:04:9c:87:31:a4:27:d4:48:11:b6:6b:
                    20:0c:85:44:12:eb:5b:24:03:cb:9f:92:dd:58:7e:
                    dc:50:cd:f7:be:2e:fc:72:05:62:11:f9:35:9d:9a:
                    a9:84:f8:e9:04:15:6d:87:d0:23:b7:15:67:87:0c:
                    73:1a:c0:73:dd:d5:c4:35:89:55:ec:fb:a7:df:bb:
                    7b:ff:f5:52:78:5e:37:88:ca:c5:ab:3a:16:40:f8:
                    2b:8b:eb:7a:19:cc:81:b5:9e:1d:73:ed:2a:31:a3:
                    14:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:15:91:3D:D7:3A:18:22:D7:53:05:C3:AA:54:E8:F1:61:8F:A4:6F
            X509v3 Authority Key Identifier:
                keyid:F3:BA:90:C7:1E:B4:CB:01:69:C9:48:43:E5:C7:2F:D7:77:50:19:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/87qQxx60ywFpyUhD5ccv13dQGQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/abcc07-9a60-49f6-a1ef-8d52902ac830/1/OxWRPdc6GCLXUwXDqlTo8WGPpG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/abcc07-9a60-49f6-a1ef-8d52902ac830/1/87qQxx60ywFpyUhD5ccv13dQGQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:cd:33:2c:da:be:c3:aa:ab:6f:bb:b3:a8:cc:3c:65:d9:ab:
         50:d1:16:ff:e6:23:d5:a1:b6:ff:5c:ff:87:38:bf:69:71:15:
         67:ce:5d:3f:db:fc:a7:30:c2:99:bc:11:a8:c6:4f:95:77:09:
         76:d8:df:31:6b:c5:f4:dc:b7:da:3f:ce:09:f8:a1:7f:fa:b5:
         f4:94:24:48:84:ce:09:0c:3e:92:e7:f3:71:77:af:7e:af:59:
         94:7d:e2:e8:d4:e1:ed:68:0c:51:a5:f7:fa:d1:73:62:22:83:
         d6:fa:11:ea:61:3b:c2:a2:60:3c:49:ea:db:f1:bc:81:81:5a:
         b0:c2:45:08:a0:bd:79:fd:a3:57:c0:00:b6:4c:63:a8:48:2c:
         88:cf:56:9b:a3:d2:57:e7:69:bf:53:c0:e6:b9:42:bc:3c:6b:
         e7:48:79:ef:64:5a:46:db:a4:90:d2:45:ae:e6:05:60:c5:d2:
         3d:86:15:89:41:0a:aa:dd:b1:15:5e:c4:4e:52:10:be:3f:4d:
         b2:83:c1:c0:b8:b2:3d:e4:a3:9a:d2:72:36:61:87:35:62:6f:
         dd:97:58:e3:76:d4:b7:1e:6e:1a:b0:98:22:9a:fd:a6:eb:57:
         bb:b0:27:d2:52:18:a8:92:66:59:8d:c1:a3:ef:5e:d8:91:0a:
         a8:11:82:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJYPixF5f7uTH2m/JLM2rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYmE5MGM3MWViNGNiMDE2OWM5NDg0M2U1YzcyZmQ3Nzc1
MDE5MDYwHhcNMjQwMTAxMjIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjE1OTEzZGQ3M2ExODIyZDc1MzA1YzNhYTU0ZThmMTYxOGZhNDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodU9PAxCGlYxRidwY6ZtmZg+YNi+
7w4UHUrJzvRr+i7vuU5eR+SCUqPJekD6AYBXsIsrwHI2GQilUSk8xFno/hCufExH
h7cHbyHopNZIJP9eXpatBswaZD+/5DRiq9+osFa+ycHPUC6RzDc0SPYYMevHEmlc
2qPDofpB9fy2jrJq+CWEaZTA8hsv6F9u00zgd/H0HPw3mgVlBJyHMaQn1EgRtmsg
DIVEEutbJAPLn5LdWH7cUM33vi78cgViEfk1nZqphPjpBBVth9AjtxVnhwxzGsBz
3dXENYlV7Pun37t7//VSeF43iMrFqzoWQPgri+t6GcyBtZ4dc+0qMaMU9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDsVkT3XOhgi11MFw6pU6PFhj6RvMB8GA1UdIwQY
MBaAFPO6kMcetMsBaclIQ+XHL9d3UBkGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODdxUXh4NjB5d0ZweVVoRDVjY3YxM2RRR1FZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9hYmNjMDctOWE2MC00OWY2LWExZWYt
OGQ1MjkwMmFjODMwLzEvT3hXUlBkYzZHQ0xYVXdYRHFsVG84V0dQcEc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9hYmNjMDctOWE2MC00OWY2LWExZWYtOGQ1MjkwMmFjODMw
LzEvODdxUXh4NjB5d0ZweVVoRDVjY3YxM2RRR1FZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWiFMA0G
CSqGSIb3DQEBCwUAA4IBAQCXzTMs2r7Dqqtvu7OozDxl2atQ0Rb/5iPVobb/XP+H
OL9pcRVnzl0/2/ynMMKZvBGoxk+Vdwl22N8xa8X03LfaP84J+KF/+rX0lCRIhM4J
DD6S5/Nxd69+r1mUfeLo1OHtaAxRpff60XNiIoPW+hHqYTvComA8Serb8byBgVqw
wkUIoL15/aNXwAC2TGOoSCyIz1abo9JX52m/U8DmuUK8PGvnSHnvZFpG26SQ0kWu
5gVgxdI9hhWJQQqq3bEVXsROUhC+P02yg8HAuLI95KOa0nI2YYc1Ym/dl1jjdtS3
Hm4asJgimv2m61e7sCfSUhiokmZZjcGj717YkQqoEYJX
-----END CERTIFICATE-----