Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/75d4fd-90f5-4baa-a35c-87a6333d6e64/1/nZ1SvT_jUlaURN34CnUHQ-nL8lE.roa
File:                     nZ1SvT_jUlaURN34CnUHQ-nL8lE.roa (raw, json)
Hash identifier:          0MAy+vvAFurzejcZBYUILlpV0CAVFgVEQ2BLAIT3XDU=
Subject key identifier:   9D:9D:52:BD:3F:E3:52:56:94:44:DD:F8:0A:75:07:43:E9:CB:F2:51
Certificate issuer:       /CN=bbe6fe14b8755d9ff7466fa97c4a55f735183249
Certificate serial:       01916F2E5399236197A81D68F393C35AACF8
Authority key identifier: BB:E6:FE:14:B8:75:5D:9F:F7:46:6F:A9:7C:4A:55:F7:35:18:32:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u-b-FLh1XZ_3Rm-pfEpV9zUYMkk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/75d4fd-90f5-4baa-a35c-87a6333d6e64/1/nZ1SvT_jUlaURN34CnUHQ-nL8lE.roa
Signing time:             Tue 20 Aug 2024 09:46:32 +0000
ROA not before:           Tue 20 Aug 2024 09:46:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210617
IP address blocks:        193.36.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/75d4fd-90f5-4baa-a35c-87a6333d6e64/1/u-b-FLh1XZ_3Rm-pfEpV9zUYMkk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/75d4fd-90f5-4baa-a35c-87a6333d6e64/1/u-b-FLh1XZ_3Rm-pfEpV9zUYMkk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u-b-FLh1XZ_3Rm-pfEpV9zUYMkk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6f:2e:53:99:23:61:97:a8:1d:68:f3:93:c3:5a:ac:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbe6fe14b8755d9ff7466fa97c4a55f735183249
        Validity
            Not Before: Aug 20 09:46:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d9d52bd3fe352569444ddf80a750743e9cbf251
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:69:d8:dc:ad:be:d0:94:46:ef:a8:f7:f7:47:
                    c0:9a:af:8d:36:e1:6c:dc:e3:a0:b5:0e:48:aa:b9:
                    c3:52:d3:7f:1e:23:c1:0c:36:cc:8e:ec:f8:ea:74:
                    ef:e6:5e:a4:af:9b:2f:f1:c7:71:60:c9:16:d7:a5:
                    1c:c1:4e:de:7c:4b:69:10:2c:3f:c0:25:53:e8:89:
                    ae:74:da:1f:83:d5:2d:10:de:cb:50:26:5c:ff:37:
                    62:d6:39:6a:89:f3:75:99:34:59:e1:66:e7:00:37:
                    16:8d:4b:12:34:4b:34:30:12:14:79:46:3c:b3:6d:
                    43:e6:e7:f7:ac:0e:33:67:c3:b3:43:ad:d2:fb:4d:
                    b2:5b:ce:7d:06:b3:3c:7a:c9:ba:2d:99:f2:4f:2c:
                    35:55:0b:74:50:46:76:5d:e0:11:f8:16:26:0a:f1:
                    cb:01:8e:03:f0:eb:8c:ff:42:fd:76:30:0e:36:3a:
                    a8:99:ee:83:f5:10:a4:15:b7:ee:a4:2f:7a:73:93:
                    4f:a1:53:da:1d:48:80:0c:e7:4c:7a:15:0d:97:f5:
                    eb:38:b8:5a:73:45:85:89:ab:bb:69:32:c1:5e:b9:
                    da:77:89:eb:5c:c7:99:a5:b0:63:07:a7:d0:bc:0e:
                    90:ef:12:03:e9:51:f7:0a:a7:e5:d7:a5:f1:ca:94:
                    40:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:9D:52:BD:3F:E3:52:56:94:44:DD:F8:0A:75:07:43:E9:CB:F2:51
            X509v3 Authority Key Identifier:
                keyid:BB:E6:FE:14:B8:75:5D:9F:F7:46:6F:A9:7C:4A:55:F7:35:18:32:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u-b-FLh1XZ_3Rm-pfEpV9zUYMkk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/75d4fd-90f5-4baa-a35c-87a6333d6e64/1/nZ1SvT_jUlaURN34CnUHQ-nL8lE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/75d4fd-90f5-4baa-a35c-87a6333d6e64/1/u-b-FLh1XZ_3Rm-pfEpV9zUYMkk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:4f:0c:b6:22:0b:29:8b:32:bd:47:dc:bd:9c:d5:6a:b4:5e:
         14:c3:c9:2f:a1:2f:b4:0f:b7:d1:81:9e:c8:31:f9:d2:dc:7f:
         c7:a9:b0:0b:9f:46:9e:35:2d:c9:63:64:9e:6d:78:e4:1c:01:
         d0:b9:ba:2e:da:1b:80:57:32:21:c0:52:c1:e8:b5:f3:0d:f1:
         bc:57:1a:79:3a:e5:b7:26:d9:6a:7c:69:ec:f2:bb:0d:9a:fa:
         61:c7:ed:62:16:51:10:9f:fc:4a:63:c1:a8:f8:9b:fe:69:dc:
         9c:5a:f3:0f:1a:96:dc:b2:87:1c:36:55:5f:e1:41:07:7a:52:
         00:c9:db:0f:a8:d5:d5:2c:93:9e:14:e1:cd:0e:01:a5:78:4e:
         b6:52:c0:17:23:4f:9e:72:1a:0e:a2:35:51:5b:d5:40:d3:db:
         85:ca:cc:bd:5f:e6:14:00:ad:4c:7a:6d:38:de:9e:91:8d:36:
         0e:bd:7a:62:62:d0:79:bc:36:1b:e4:ab:40:91:92:33:37:8e:
         63:f9:d3:79:12:ee:86:25:82:89:cf:f0:85:b0:20:36:1c:6b:
         3f:f7:b3:ea:f7:c1:e8:b0:33:a5:57:00:92:6f:68:f0:77:cd:
         fe:03:47:b9:16:41:65:0f:84:0f:9b:c7:31:23:5a:3c:95:ec:
         00:94:f5:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFvLlOZI2GXqB1o85PDWqz4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZTZmZTE0Yjg3NTVkOWZmNzQ2NmZhOTdjNGE1NWY3MzUx
ODMyNDkwHhcNMjQwODIwMDk0NjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDlkNTJiZDNmZTM1MjU2OTQ0NGRkZjgwYTc1MDc0M2U5Y2JmMjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmnY3K2+0JRG76j390fAmq+NNuFs
3OOgtQ5IqrnDUtN/HiPBDDbMjuz46nTv5l6kr5sv8cdxYMkW16UcwU7efEtpECw/
wCVT6ImudNofg9UtEN7LUCZc/zdi1jlqifN1mTRZ4WbnADcWjUsSNEs0MBIUeUY8
s21D5uf3rA4zZ8OzQ63S+02yW859BrM8esm6LZnyTyw1VQt0UEZ2XeAR+BYmCvHL
AY4D8OuM/0L9djAONjqome6D9RCkFbfupC96c5NPoVPaHUiADOdMehUNl/XrOLha
c0WFiau7aTLBXrnad4nrXMeZpbBjB6fQvA6Q7xID6VH3Cqfl16XxypRAWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ2dUr0/41JWlETd+Ap1B0Ppy/JRMB8GA1UdIwQY
MBaAFLvm/hS4dV2f90ZvqXxKVfc1GDJJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdS1iLUZMaDFYWl8zUm0tcGZFcFY5elVZTWtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC83NWQ0ZmQtOTBmNS00YmFhLWEzNWMt
ODdhNjMzM2Q2ZTY0LzEvbloxU3ZUX2pVbGFVUk4zNENuVUhRLW5MOGxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC83NWQ0ZmQtOTBmNS00YmFhLWEzNWMtODdhNjMzM2Q2ZTY0
LzEvdS1iLUZMaDFYWl8zUm0tcGZFcFY5elVZTWtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSRrMA0G
CSqGSIb3DQEBCwUAA4IBAQAkTwy2IgspizK9R9y9nNVqtF4Uw8kvoS+0D7fRgZ7I
MfnS3H/HqbALn0aeNS3JY2SebXjkHAHQubou2huAVzIhwFLB6LXzDfG8Vxp5OuW3
JtlqfGns8rsNmvphx+1iFlEQn/xKY8Go+Jv+adycWvMPGpbcsoccNlVf4UEHelIA
ydsPqNXVLJOeFOHNDgGleE62UsAXI0+echoOojVRW9VA09uFysy9X+YUAK1Mem04
3p6RjTYOvXpiYtB5vDYb5KtAkZIzN45j+dN5Eu6GJYKJz/CFsCA2HGs/97Pq98Ho
sDOlVwCSb2jwd83+A0e5FkFlD4QPm8cxI1o8lewAlPVG
-----END CERTIFICATE-----