Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/455b26-6aa1-435f-bd45-9ce31c273108/1/cXI7N0kj5nhPczH5fQHQpeOun08.roa
File:                     cXI7N0kj5nhPczH5fQHQpeOun08.roa (raw, json)
Hash identifier:          Gm+zq4tN9i3/pBocyv+7AkwM6XBuQD4KcZDxu9NTLUE=
Subject key identifier:   71:72:3B:37:49:23:E6:78:4F:73:31:F9:7D:01:D0:A5:E3:AE:9F:4F
Certificate issuer:       /CN=b6b249a2c562c5edbdb75058e26bd770123e95ae
Certificate serial:       018CCA2A70461FD3C83FAD83FA3F7AEA5327
Authority key identifier: B6:B2:49:A2:C5:62:C5:ED:BD:B7:50:58:E2:6B:D7:70:12:3E:95:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/trJJosVixe29t1BY4mvXcBI-la4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/455b26-6aa1-435f-bd45-9ce31c273108/1/cXI7N0kj5nhPczH5fQHQpeOun08.roa
Signing time:             Tue 02 Jan 2024 12:33:48 +0000
ROA not before:           Tue 02 Jan 2024 12:33:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        193.33.182.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/455b26-6aa1-435f-bd45-9ce31c273108/1/trJJosVixe29t1BY4mvXcBI-la4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/455b26-6aa1-435f-bd45-9ce31c273108/1/trJJosVixe29t1BY4mvXcBI-la4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/trJJosVixe29t1BY4mvXcBI-la4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:02:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:70:46:1f:d3:c8:3f:ad:83:fa:3f:7a:ea:53:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6b249a2c562c5edbdb75058e26bd770123e95ae
        Validity
            Not Before: Jan  2 12:33:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71723b374923e6784f7331f97d01d0a5e3ae9f4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:73:c0:ca:12:88:82:a5:57:9e:37:fd:d8:f4:
                    64:11:52:67:7a:71:84:f0:17:75:4e:80:a8:7c:de:
                    b4:1f:4c:37:0f:52:3f:40:75:26:d5:f0:47:5a:d2:
                    bc:fe:60:f8:26:cf:a4:c6:6d:04:08:ce:f8:6a:4d:
                    81:f6:b4:32:a3:6a:2d:0c:b9:d0:eb:a6:7b:f2:44:
                    6f:64:96:9e:82:93:95:83:a9:16:8e:6c:4a:f5:3b:
                    6d:82:52:56:4a:80:d3:84:d3:c9:17:a9:18:eb:a6:
                    68:15:f4:4e:83:b2:a5:75:3b:99:77:eb:1c:07:34:
                    8e:99:04:a5:5a:1c:9c:aa:0d:3b:c2:fe:a8:df:a4:
                    1a:14:db:28:a6:c0:a7:e7:e0:47:51:14:5f:ef:6d:
                    ea:7e:e5:29:67:40:1f:fb:bf:4a:c1:99:9a:8a:65:
                    b6:d7:57:8f:67:9d:f4:4a:a1:2a:4b:b0:dd:f9:30:
                    82:a6:73:07:1d:22:75:6b:2b:35:ac:c5:0d:6d:67:
                    e2:59:ce:fa:f9:10:0e:bb:c8:5e:e4:b6:40:f1:d2:
                    d8:0d:ef:57:f1:b5:93:0f:70:80:89:2e:d2:a4:81:
                    33:43:63:87:c7:5c:40:77:ab:44:c3:d5:4a:63:cd:
                    b1:3d:6a:18:90:3d:a8:60:b4:94:14:30:d5:cf:e4:
                    27:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:72:3B:37:49:23:E6:78:4F:73:31:F9:7D:01:D0:A5:E3:AE:9F:4F
            X509v3 Authority Key Identifier:
                keyid:B6:B2:49:A2:C5:62:C5:ED:BD:B7:50:58:E2:6B:D7:70:12:3E:95:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/trJJosVixe29t1BY4mvXcBI-la4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/455b26-6aa1-435f-bd45-9ce31c273108/1/cXI7N0kj5nhPczH5fQHQpeOun08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/455b26-6aa1-435f-bd45-9ce31c273108/1/trJJosVixe29t1BY4mvXcBI-la4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:c6:03:c5:bc:57:1d:24:a8:88:6a:73:93:d6:9d:25:59:9e:
         01:3b:11:be:d7:8f:ef:36:86:50:2c:75:28:c9:86:c3:21:05:
         30:8c:a1:fb:ed:51:e0:67:81:d1:2d:b4:4f:34:09:2a:a5:95:
         44:1c:bc:38:9f:09:00:42:f4:1c:cd:73:8a:51:5d:6e:9e:e4:
         1a:82:7d:60:56:75:cf:d0:67:f0:fa:21:75:54:f6:eb:eb:95:
         51:b6:ad:cb:7c:c6:5d:84:d9:5e:61:b7:6f:5e:c0:1d:07:1b:
         78:bf:24:8c:0d:6a:91:7d:4b:83:1e:50:fa:0f:4e:d5:e4:ef:
         2f:51:0b:79:86:e7:c7:8a:10:98:64:64:0b:a3:05:a5:8e:88:
         e7:83:25:bc:5f:2f:7b:6f:07:20:99:d4:8f:06:de:1a:e6:eb:
         b8:29:41:be:fb:45:80:fd:01:7f:23:f6:22:e4:6b:76:f7:aa:
         d7:b6:71:fa:b9:d7:79:5c:6a:c7:4c:9a:3d:74:3e:68:98:56:
         e5:a0:f3:39:35:12:97:43:dc:4c:db:3f:b2:c9:25:00:e1:44:
         2a:3a:59:e6:9b:71:66:9f:5c:0f:4d:71:1a:68:fd:43:e8:57:
         6f:b3:2d:c3:2e:55:8b:a3:06:9d:14:95:1f:4f:e0:fb:64:84:
         8c:87:48:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKnBGH9PIP62D+j966lMnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2YjI0OWEyYzU2MmM1ZWRiZGI3NTA1OGUyNmJkNzcwMTIz
ZTk1YWUwHhcNMjQwMTAyMTIzMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTcyM2IzNzQ5MjNlNjc4NGY3MzMxZjk3ZDAxZDBhNWUzYWU5ZjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXPAyhKIgqVXnjf92PRkEVJnenGE
8Bd1ToCofN60H0w3D1I/QHUm1fBHWtK8/mD4Js+kxm0ECM74ak2B9rQyo2otDLnQ
66Z78kRvZJaegpOVg6kWjmxK9TttglJWSoDThNPJF6kY66ZoFfROg7KldTuZd+sc
BzSOmQSlWhycqg07wv6o36QaFNsopsCn5+BHURRf723qfuUpZ0Af+79KwZmaimW2
11ePZ530SqEqS7Dd+TCCpnMHHSJ1ays1rMUNbWfiWc76+RAOu8he5LZA8dLYDe9X
8bWTD3CAiS7SpIEzQ2OHx1xAd6tEw9VKY82xPWoYkD2oYLSUFDDVz+QnbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFyOzdJI+Z4T3Mx+X0B0KXjrp9PMB8GA1UdIwQY
MBaAFLaySaLFYsXtvbdQWOJr13ASPpWuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHJKSm9zVml4ZTI5dDFCWTRtdlhjQkktbGE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC80NTViMjYtNmFhMS00MzVmLWJkNDUt
OWNlMzFjMjczMTA4LzEvY1hJN04wa2o1bmhQY3pINWZRSFFwZU91bjA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC80NTViMjYtNmFhMS00MzVmLWJkNDUtOWNlMzFjMjczMTA4
LzEvdHJKSm9zVml4ZTI5dDFCWTRtdlhjQkktbGE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSG2MA0G
CSqGSIb3DQEBCwUAA4IBAQAixgPFvFcdJKiIanOT1p0lWZ4BOxG+14/vNoZQLHUo
yYbDIQUwjKH77VHgZ4HRLbRPNAkqpZVEHLw4nwkAQvQczXOKUV1unuQagn1gVnXP
0Gfw+iF1VPbr65VRtq3LfMZdhNleYbdvXsAdBxt4vySMDWqRfUuDHlD6D07V5O8v
UQt5hufHihCYZGQLowWljojngyW8Xy97bwcgmdSPBt4a5uu4KUG++0WA/QF/I/Yi
5Gt296rXtnH6udd5XGrHTJo9dD5omFbloPM5NRKXQ9xM2z+yySUA4UQqOlnmm3Fm
n1wPTXEaaP1D6Fdvsy3DLlWLowadFJUfT+D7ZISMh0jX
-----END CERTIFICATE-----