Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/dchSgC9N77wDIDJ22rN5PdF61h4.roa
File:                     dchSgC9N77wDIDJ22rN5PdF61h4.roa (raw, json)
Hash identifier:          ag0g8U8mJMRSz+eV7XQ9g9r994kTFbuxjH2wJfD7H5o=
Subject key identifier:   75:C8:52:80:2F:4D:EF:BC:03:20:32:76:DA:B3:79:3D:D1:7A:D6:1E
Certificate issuer:       /CN=4986c73994d02d91fc97d916e9809a6d981e6b17
Certificate serial:       0192FC238DA1FD2FA4DC0B2328CA0068C04E
Authority key identifier: 49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/dchSgC9N77wDIDJ22rN5PdF61h4.roa
Signing time:             Tue 05 Nov 2024 11:44:01 +0000
ROA not before:           Tue 05 Nov 2024 11:44:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        193.135.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:fc:23:8d:a1:fd:2f:a4:dc:0b:23:28:ca:00:68:c0:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4986c73994d02d91fc97d916e9809a6d981e6b17
        Validity
            Not Before: Nov  5 11:44:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75c852802f4defbc03203276dab3793dd17ad61e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:aa:b6:d0:98:cb:1b:6e:42:04:cd:74:bd:9d:
                    69:0d:bc:59:2a:52:4e:7b:4b:8b:9f:0f:70:cf:63:
                    00:e4:73:54:34:8b:8c:8b:f1:97:82:c4:ca:8a:92:
                    33:c7:2e:d9:18:ae:73:f0:94:92:10:c6:9d:17:36:
                    6e:16:20:ef:c2:63:af:98:ce:28:c5:3b:c2:40:b8:
                    ec:cb:2c:7a:e4:3e:00:7d:e3:11:67:3b:88:f2:9c:
                    93:27:e3:26:ad:9f:05:76:78:1b:e1:a7:49:6f:38:
                    12:a0:b3:02:02:86:a1:43:e4:05:d8:28:99:a8:04:
                    1c:90:e3:67:a9:62:c2:c9:66:49:80:02:41:17:ee:
                    34:41:b5:7c:81:7c:e1:15:f1:36:4f:66:1c:ff:4c:
                    8e:7a:80:67:d4:4d:9a:0b:d3:24:3e:7f:2d:b1:c3:
                    dd:a0:18:fa:73:85:7e:3b:ac:ae:3c:4f:4a:83:24:
                    39:8d:4d:cf:12:34:da:ec:a3:95:d2:26:f9:d4:82:
                    b2:40:e1:61:68:7d:ae:f7:f4:ee:b5:c2:40:30:9b:
                    9b:4c:c2:08:36:80:c2:70:e8:82:91:4b:a4:49:1d:
                    bb:d7:26:e3:38:26:f2:c8:1b:be:75:8b:02:93:f6:
                    17:3b:3a:bc:d8:9a:62:54:26:be:aa:0f:1b:7e:73:
                    f6:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:C8:52:80:2F:4D:EF:BC:03:20:32:76:DA:B3:79:3D:D1:7A:D6:1E
            X509v3 Authority Key Identifier:
                keyid:49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/dchSgC9N77wDIDJ22rN5PdF61h4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:1c:6a:02:17:fb:26:98:29:16:ff:75:58:c7:87:f4:e2:43:
         a4:e7:30:a9:4b:4e:cb:3a:c4:a2:eb:7d:33:65:10:ff:eb:db:
         72:c9:d7:13:3b:f1:35:f0:f1:00:37:32:32:cb:42:62:4b:a5:
         9d:28:42:05:33:04:73:e5:8d:80:d9:04:8e:75:65:7d:09:a2:
         6b:7c:56:bb:4f:91:6f:11:a8:d4:de:d8:b2:3c:d9:0d:8a:d5:
         72:f2:01:fb:ab:03:c8:59:a0:88:92:0a:1e:a0:4f:f2:53:fc:
         0c:2a:89:5a:1a:d6:5e:b8:3d:14:fe:ac:0a:64:fc:85:ba:e2:
         47:53:71:94:fb:3f:5f:ec:1e:e1:3b:69:98:6a:bd:a6:83:68:
         eb:dd:81:12:84:7f:fc:8a:3c:6a:0b:c6:60:e4:d5:29:d7:2a:
         e5:9e:b5:09:1a:ac:72:80:43:d3:64:db:0c:20:ea:86:3b:80:
         77:eb:80:a6:6e:0e:e4:16:95:bf:e8:33:87:70:13:ac:c2:b2:
         05:f5:2f:a5:03:c9:13:12:8b:e8:26:6a:af:4e:d8:53:17:29:
         c1:53:a9:79:e2:9d:ef:32:fe:77:1b:46:84:73:fb:97:74:1d:
         d3:ef:80:d7:8c:94:cb:dc:0a:34:a5:81:94:b5:28:b5:4c:24:
         17:e7:b5:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZL8I42h/S+k3AsjKMoAaMBOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ODZjNzM5OTRkMDJkOTFmYzk3ZDkxNmU5ODA5YTZkOTgx
ZTZiMTcwHhcNMjQxMTA1MTE0NDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWM4NTI4MDJmNGRlZmJjMDMyMDMyNzZkYWIzNzkzZGQxN2FkNjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraq20JjLG25CBM10vZ1pDbxZKlJO
e0uLnw9wz2MA5HNUNIuMi/GXgsTKipIzxy7ZGK5z8JSSEMadFzZuFiDvwmOvmM4o
xTvCQLjsyyx65D4AfeMRZzuI8pyTJ+MmrZ8Fdngb4adJbzgSoLMCAoahQ+QF2CiZ
qAQckONnqWLCyWZJgAJBF+40QbV8gXzhFfE2T2Yc/0yOeoBn1E2aC9MkPn8tscPd
oBj6c4V+O6yuPE9KgyQ5jU3PEjTa7KOV0ib51IKyQOFhaH2u9/TutcJAMJubTMII
NoDCcOiCkUukSR271ybjOCbyyBu+dYsCk/YXOzq82JpiVCa+qg8bfnP2QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHXIUoAvTe+8AyAydtqzeT3RetYeMB8GA1UdIwQY
MBaAFEmGxzmU0C2R/JfZFumAmm2YHmsXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzIt
OWU4OTVkMGVmOGQyLzEvZGNoU2dDOU43N3dESURKMjJyTjVQZEY2MWg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzItOWU4OTVkMGVmOGQy
LzEvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYedMA0G
CSqGSIb3DQEBCwUAA4IBAQBMHGoCF/smmCkW/3VYx4f04kOk5zCpS07LOsSi630z
ZRD/69tyydcTO/E18PEANzIyy0JiS6WdKEIFMwRz5Y2A2QSOdWV9CaJrfFa7T5Fv
EajU3tiyPNkNitVy8gH7qwPIWaCIkgoeoE/yU/wMKolaGtZeuD0U/qwKZPyFuuJH
U3GU+z9f7B7hO2mYar2mg2jr3YEShH/8ijxqC8Zg5NUp1yrlnrUJGqxygEPTZNsM
IOqGO4B364Cmbg7kFpW/6DOHcBOswrIF9S+lA8kTEovoJmqvTthTFynBU6l54p3v
Mv53G0aEc/uXdB3T74DXjJTL3Ao0pYGUtSi1TCQX57Vd
-----END CERTIFICATE-----