Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/dbe446-9da3-4854-b5d3-25a38a246fa2/1/_gQtSu9myrDwWXsROGbU7zG5kFA.roa
File:                     _gQtSu9myrDwWXsROGbU7zG5kFA.roa (raw, json)
Hash identifier:          1axahIgEWgCocRTiQjBjKcie+/DqHaADqocZKU5l85c=
Subject key identifier:   FE:04:2D:4A:EF:66:CA:B0:F0:59:7B:11:38:66:D4:EF:31:B9:90:50
Certificate issuer:       /CN=8b42c752a9b0983128b3d295e45ea16b33ee7df9
Certificate serial:       018CC94CDE91F5DEF139E2F6B56607A604C2
Authority key identifier: 8B:42:C7:52:A9:B0:98:31:28:B3:D2:95:E4:5E:A1:6B:33:EE:7D:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i0LHUqmwmDEos9KV5F6hazPuffk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/dbe446-9da3-4854-b5d3-25a38a246fa2/1/_gQtSu9myrDwWXsROGbU7zG5kFA.roa
Signing time:             Tue 02 Jan 2024 08:31:47 +0000
ROA not before:           Tue 02 Jan 2024 08:31:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41295
IP address blocks:        194.24.178.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/dbe446-9da3-4854-b5d3-25a38a246fa2/1/i0LHUqmwmDEos9KV5F6hazPuffk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/dbe446-9da3-4854-b5d3-25a38a246fa2/1/i0LHUqmwmDEos9KV5F6hazPuffk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i0LHUqmwmDEos9KV5F6hazPuffk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:de:91:f5:de:f1:39:e2:f6:b5:66:07:a6:04:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b42c752a9b0983128b3d295e45ea16b33ee7df9
        Validity
            Not Before: Jan  2 08:31:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe042d4aef66cab0f0597b113866d4ef31b99050
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:69:71:9f:87:9c:ec:51:07:ff:43:3a:3b:1a:
                    5b:74:6e:81:06:bf:be:88:af:0c:7f:31:23:e9:40:
                    25:c8:b3:0f:4f:f3:96:1d:8d:7e:67:d3:9e:a4:c2:
                    67:09:64:9e:dc:1a:aa:75:be:8e:55:fa:24:82:d9:
                    64:b9:e2:b4:9b:a2:57:43:a1:59:ba:ea:46:73:36:
                    fe:fd:35:50:48:e5:46:62:78:a1:8d:7d:0a:6a:11:
                    5f:dd:d2:3c:b3:dd:fe:c7:b2:1f:1e:d3:b1:4e:f4:
                    fd:4c:9a:67:48:a8:cd:8d:3d:cc:f6:bb:fd:09:83:
                    60:ec:6d:44:1f:40:39:74:44:97:b7:a8:71:8a:a2:
                    be:b6:34:45:c5:9a:2b:77:6a:66:f5:85:ed:84:7e:
                    9b:89:78:d7:15:45:fb:43:e2:0e:d2:5b:94:c4:a4:
                    07:6a:bb:6a:fc:bb:00:01:72:ae:f0:27:61:46:bb:
                    e4:2e:32:2a:52:4a:99:ab:b7:2f:f9:4e:d1:5a:2e:
                    97:b9:a3:c2:db:b9:99:ba:d7:a7:6c:f9:af:b2:3e:
                    89:84:2d:54:9c:3b:fb:b3:b4:d1:56:14:c7:06:96:
                    8c:42:ef:f4:24:52:d5:d8:70:c6:41:f0:e9:6d:67:
                    4f:cf:bb:b5:3f:ab:42:a5:1d:bf:f8:9d:29:a8:95:
                    6d:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:04:2D:4A:EF:66:CA:B0:F0:59:7B:11:38:66:D4:EF:31:B9:90:50
            X509v3 Authority Key Identifier:
                keyid:8B:42:C7:52:A9:B0:98:31:28:B3:D2:95:E4:5E:A1:6B:33:EE:7D:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i0LHUqmwmDEos9KV5F6hazPuffk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/dbe446-9da3-4854-b5d3-25a38a246fa2/1/_gQtSu9myrDwWXsROGbU7zG5kFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/dbe446-9da3-4854-b5d3-25a38a246fa2/1/i0LHUqmwmDEos9KV5F6hazPuffk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.24.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1a:73:8f:97:ee:47:05:f3:d5:03:81:9a:c4:8c:a4:98:61:f7:
         19:69:93:0e:0f:fd:68:73:0c:fe:ce:6f:97:1a:1e:08:40:ee:
         7b:e9:97:5a:11:0f:d1:04:81:7f:16:72:7d:ba:14:9e:5e:d7:
         d4:6d:b3:93:b0:a2:d6:22:3d:01:e7:92:49:71:27:76:5f:ff:
         0f:c7:94:3a:6a:47:90:5b:0f:55:c9:f8:86:0a:6c:f7:28:fd:
         8a:b5:3a:e0:5e:eb:6d:71:72:bf:17:4b:a2:4d:09:e6:73:bd:
         2c:4d:5d:54:16:c3:51:a8:3e:d2:63:ed:25:88:31:ee:3a:76:
         d2:59:2c:34:59:e2:22:29:bb:c9:d4:7b:16:96:ac:56:88:93:
         e7:cd:02:2b:93:11:d7:1d:6d:01:b6:90:bf:e6:57:18:2e:af:
         81:b6:e1:67:5f:2a:73:d7:48:2b:48:3e:85:f6:63:5e:cc:18:
         08:e1:c7:ba:a0:7e:01:cb:ea:e5:20:20:c9:44:18:aa:84:52:
         f6:01:64:d0:63:d1:d6:07:23:5b:cd:aa:b9:b7:32:ac:39:44:
         0d:02:09:c2:e1:91:2a:40:26:23:04:da:2d:ef:b5:ab:14:a5:
         8f:a9:76:3e:9e:ca:a6:46:f2:86:d2:d0:8b:81:45:7c:20:f6:
         97:19:0b:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTN6R9d7xOeL2tWYHpgTCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNDJjNzUyYTliMDk4MzEyOGIzZDI5NWU0NWVhMTZiMzNl
ZTdkZjkwHhcNMjQwMTAyMDgzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTA0MmQ0YWVmNjZjYWIwZjA1OTdiMTEzODY2ZDRlZjMxYjk5MDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmlxn4ec7FEH/0M6OxpbdG6BBr++
iK8MfzEj6UAlyLMPT/OWHY1+Z9OepMJnCWSe3Bqqdb6OVfokgtlkueK0m6JXQ6FZ
uupGczb+/TVQSOVGYnihjX0KahFf3dI8s93+x7IfHtOxTvT9TJpnSKjNjT3M9rv9
CYNg7G1EH0A5dESXt6hxiqK+tjRFxZord2pm9YXthH6biXjXFUX7Q+IO0luUxKQH
artq/LsAAXKu8CdhRrvkLjIqUkqZq7cv+U7RWi6XuaPC27mZutenbPmvsj6JhC1U
nDv7s7TRVhTHBpaMQu/0JFLV2HDGQfDpbWdPz7u1P6tCpR2/+J0pqJVtvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP4ELUrvZsqw8Fl7EThm1O8xuZBQMB8GA1UdIwQY
MBaAFItCx1KpsJgxKLPSleReoWsz7n35MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTBMSFVxbXdtREVvczlLVjVGNmhhelB1ZmZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9kYmU0NDYtOWRhMy00ODU0LWI1ZDMt
MjVhMzhhMjQ2ZmEyLzEvX2dRdFN1OW15ckR3V1hzUk9HYlU3ekc1a0ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9kYmU0NDYtOWRhMy00ODU0LWI1ZDMtMjVhMzhhMjQ2ZmEy
LzEvaTBMSFVxbXdtREVvczlLVjVGNmhhelB1ZmZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwhiyMA0G
CSqGSIb3DQEBCwUAA4IBAQAac4+X7kcF89UDgZrEjKSYYfcZaZMOD/1ocwz+zm+X
Gh4IQO576ZdaEQ/RBIF/FnJ9uhSeXtfUbbOTsKLWIj0B55JJcSd2X/8Px5Q6akeQ
Ww9VyfiGCmz3KP2KtTrgXuttcXK/F0uiTQnmc70sTV1UFsNRqD7SY+0liDHuOnbS
WSw0WeIiKbvJ1HsWlqxWiJPnzQIrkxHXHW0BtpC/5lcYLq+BtuFnXypz10grSD6F
9mNezBgI4ce6oH4By+rlICDJRBiqhFL2AWTQY9HWByNbzaq5tzKsOUQNAgnC4ZEq
QCYjBNot77WrFKWPqXY+nsqmRvKG0tCLgUV8IPaXGQsd
-----END CERTIFICATE-----