Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/389ed2-1b82-45c9-a70a-025a0e6f05ae/1/IL_UJGrVr_qRkl5DVc7-OFpwcK8.roa
File:                     IL_UJGrVr_qRkl5DVc7-OFpwcK8.roa (raw, json)
Hash identifier:          C+u76zbGr0+G+xToik/e08NSKTfmktnn2WTGbwdPOvc=
Subject key identifier:   20:BF:D4:24:6A:D5:AF:FA:91:92:5E:43:55:CE:FE:38:5A:70:70:AF
Certificate issuer:       /CN=a1628e39f471addc75e71a391b82dd925c7f081d
Certificate serial:       018CC2DAF17604CA06BD987D654E5EF08E57
Authority key identifier: A1:62:8E:39:F4:71:AD:DC:75:E7:1A:39:1B:82:DD:92:5C:7F:08:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oWKOOfRxrdx15xo5G4Ldklx_CB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/389ed2-1b82-45c9-a70a-025a0e6f05ae/1/IL_UJGrVr_qRkl5DVc7-OFpwcK8.roa
Signing time:             Mon 01 Jan 2024 02:29:37 +0000
ROA not before:           Mon 01 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        193.239.244.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/389ed2-1b82-45c9-a70a-025a0e6f05ae/1/oWKOOfRxrdx15xo5G4Ldklx_CB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/389ed2-1b82-45c9-a70a-025a0e6f05ae/1/oWKOOfRxrdx15xo5G4Ldklx_CB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oWKOOfRxrdx15xo5G4Ldklx_CB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f1:76:04:ca:06:bd:98:7d:65:4e:5e:f0:8e:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1628e39f471addc75e71a391b82dd925c7f081d
        Validity
            Not Before: Jan  1 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20bfd4246ad5affa91925e4355cefe385a7070af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:97:d2:c9:ee:a1:82:ce:3f:68:0a:60:fc:9f:
                    00:25:d0:22:68:01:94:82:d7:bc:a9:b6:fa:38:13:
                    a1:f1:3b:3d:91:a7:db:85:59:66:97:7a:64:53:48:
                    a3:b8:be:75:fa:09:ab:0b:73:48:46:af:e7:10:a6:
                    02:d5:6f:18:ea:4d:83:b8:75:8a:6a:64:50:a0:a8:
                    0a:e3:c2:d5:94:48:e5:8f:e2:6e:f0:19:a8:b1:3b:
                    0a:a5:70:ae:5c:98:ca:92:6d:fe:1b:ef:a3:92:ab:
                    64:73:c1:fb:01:0f:5e:ff:35:94:76:e8:ab:0e:86:
                    33:9d:5a:be:b7:23:ac:e3:e8:71:e7:23:e3:c0:ca:
                    73:8a:16:73:eb:90:37:01:62:1d:2a:2f:10:63:78:
                    1a:b9:fc:52:41:f7:4c:5d:88:39:8f:54:65:65:19:
                    87:a1:42:a9:72:53:40:af:90:6c:69:f3:fe:cb:a7:
                    aa:c1:3c:b9:ac:a8:0a:51:9a:dc:9e:57:20:a3:08:
                    8c:64:f6:b0:30:51:df:fa:83:de:9d:1a:5a:ae:fd:
                    2e:a1:4f:e8:4d:61:fd:a4:ed:98:d3:8e:4a:9b:33:
                    61:74:cf:e5:6c:53:4b:12:08:14:ef:b3:c3:c3:e4:
                    b9:85:8b:cb:0e:41:d6:c0:af:19:da:7d:51:f1:67:
                    77:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:BF:D4:24:6A:D5:AF:FA:91:92:5E:43:55:CE:FE:38:5A:70:70:AF
            X509v3 Authority Key Identifier:
                keyid:A1:62:8E:39:F4:71:AD:DC:75:E7:1A:39:1B:82:DD:92:5C:7F:08:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oWKOOfRxrdx15xo5G4Ldklx_CB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/389ed2-1b82-45c9-a70a-025a0e6f05ae/1/IL_UJGrVr_qRkl5DVc7-OFpwcK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/389ed2-1b82-45c9-a70a-025a0e6f05ae/1/oWKOOfRxrdx15xo5G4Ldklx_CB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:b1:12:43:6a:7f:d7:23:65:6c:1d:a7:07:8f:45:1a:25:9d:
         7a:3d:0b:4c:97:5e:36:89:01:f2:ce:c3:52:3f:be:5b:bd:83:
         c8:fe:5d:86:fa:cd:93:8e:f5:c4:48:26:87:21:7d:4f:58:32:
         5d:c3:b8:ff:04:c1:13:c2:ca:d5:1b:0b:fb:a7:26:ac:9e:65:
         6c:68:f0:d7:50:bb:fd:b3:6e:da:fa:ac:0e:1f:a0:8a:3f:c7:
         7c:1e:48:d8:b6:0b:6f:60:40:8d:bb:76:52:76:b7:e4:a2:80:
         95:e8:02:64:53:ed:80:55:82:0e:04:a7:51:68:b8:a4:22:11:
         bb:ee:0f:7c:1f:c3:ce:dc:fe:ce:a7:b5:b7:a4:c2:d1:35:11:
         a6:e8:ca:f6:a3:fd:82:32:7d:fc:18:48:83:12:45:b9:bf:95:
         0e:b5:4d:10:75:6b:71:5b:18:4f:fc:62:62:88:5b:10:04:dd:
         50:5c:b9:8e:7a:17:8c:d4:9a:38:43:4f:b0:31:92:41:c6:cd:
         3b:45:1e:68:0c:6b:8e:f8:3f:ee:34:9a:04:aa:4c:d0:94:7f:
         90:f1:4c:be:d2:12:0d:01:ce:55:90:c6:55:92:ab:1b:75:2b:
         e1:89:88:54:05:19:61:de:11:0c:53:e0:73:26:c0:c2:00:09:
         b1:4f:e5:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2vF2BMoGvZh9ZU5e8I5XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNjI4ZTM5ZjQ3MWFkZGM3NWU3MWEzOTFiODJkZDkyNWM3
ZjA4MWQwHhcNMjQwMTAxMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGJmZDQyNDZhZDVhZmZhOTE5MjVlNDM1NWNlZmUzODVhNzA3MGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJfSye6hgs4/aApg/J8AJdAiaAGU
gte8qbb6OBOh8Ts9kafbhVlml3pkU0ijuL51+gmrC3NIRq/nEKYC1W8Y6k2DuHWK
amRQoKgK48LVlEjlj+Ju8BmosTsKpXCuXJjKkm3+G++jkqtkc8H7AQ9e/zWUduir
DoYznVq+tyOs4+hx5yPjwMpzihZz65A3AWIdKi8QY3gaufxSQfdMXYg5j1RlZRmH
oUKpclNAr5BsafP+y6eqwTy5rKgKUZrcnlcgowiMZPawMFHf+oPenRparv0uoU/o
TWH9pO2Y045KmzNhdM/lbFNLEggU77PDw+S5hYvLDkHWwK8Z2n1R8Wd3AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCC/1CRq1a/6kZJeQ1XO/jhacHCvMB8GA1UdIwQY
MBaAFKFijjn0ca3cdecaORuC3ZJcfwgdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1dLT09mUnhyZHgxNXhvNUc0TGRrbHhfQ0IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8zODllZDItMWI4Mi00NWM5LWE3MGEt
MDI1YTBlNmYwNWFlLzEvSUxfVUpHclZyX3FSa2w1RFZjNy1PRnB3Y0s4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8zODllZDItMWI4Mi00NWM5LWE3MGEtMDI1YTBlNmYwNWFl
LzEvb1dLT09mUnhyZHgxNXhvNUc0TGRrbHhfQ0IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwe/0MA0G
CSqGSIb3DQEBCwUAA4IBAQAWsRJDan/XI2VsHacHj0UaJZ16PQtMl142iQHyzsNS
P75bvYPI/l2G+s2TjvXESCaHIX1PWDJdw7j/BMETwsrVGwv7pyasnmVsaPDXULv9
s27a+qwOH6CKP8d8HkjYtgtvYECNu3ZSdrfkooCV6AJkU+2AVYIOBKdRaLikIhG7
7g98H8PO3P7Op7W3pMLRNRGm6Mr2o/2CMn38GEiDEkW5v5UOtU0QdWtxWxhP/GJi
iFsQBN1QXLmOeheM1Jo4Q0+wMZJBxs07RR5oDGuO+D/uNJoEqkzQlH+Q8Uy+0hIN
Ac5VkMZVkqsbdSvhiYhUBRlh3hEMU+BzJsDCAAmxT+XD
-----END CERTIFICATE-----