Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/97fb36-ea9b-43f4-aad5-06f7290dc44a/1/a9TCEibu_xG03bDR86QjG3m9Hfo.roa
File:                     a9TCEibu_xG03bDR86QjG3m9Hfo.roa (raw, json)
Hash identifier:          23dKojigYJOGcirtTpMO1twBsjeyMrHdylRzUb3fu+s=
Subject key identifier:   6B:D4:C2:12:26:EE:FF:11:B4:DD:B0:D1:F3:A4:23:1B:79:BD:1D:FA
Certificate issuer:       /CN=4acef45fbb0f26930aeb833cf79fc41e22ca9235
Certificate serial:       018CC348C938C6DB0B9F57449A1410016453
Authority key identifier: 4A:CE:F4:5F:BB:0F:26:93:0A:EB:83:3C:F7:9F:C4:1E:22:CA:92:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ss70X7sPJpMK64M895_EHiLKkjU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/97fb36-ea9b-43f4-aad5-06f7290dc44a/1/a9TCEibu_xG03bDR86QjG3m9Hfo.roa
Signing time:             Mon 01 Jan 2024 04:29:36 +0000
ROA not before:           Mon 01 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43754
IP address blocks:        193.111.234.0/24 maxlen: 24
                          193.134.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/97fb36-ea9b-43f4-aad5-06f7290dc44a/1/Ss70X7sPJpMK64M895_EHiLKkjU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/97fb36-ea9b-43f4-aad5-06f7290dc44a/1/Ss70X7sPJpMK64M895_EHiLKkjU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ss70X7sPJpMK64M895_EHiLKkjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c9:38:c6:db:0b:9f:57:44:9a:14:10:01:64:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4acef45fbb0f26930aeb833cf79fc41e22ca9235
        Validity
            Not Before: Jan  1 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6bd4c21226eeff11b4ddb0d1f3a4231b79bd1dfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b9:f5:09:06:db:54:44:0b:f8:e4:8e:5a:6b:
                    19:aa:e1:10:ee:1e:cc:fc:d0:eb:b1:b7:82:76:38:
                    a5:dd:71:7b:d0:76:39:26:ed:5e:33:86:2c:14:63:
                    97:b9:1d:5b:3c:f5:ff:2d:18:29:42:3e:03:10:d1:
                    d2:68:62:44:2a:73:2c:13:e0:15:87:78:12:4a:b6:
                    7b:fa:61:20:f8:70:2d:f0:65:7e:fd:5a:4e:62:2f:
                    40:d7:4d:d0:3d:d9:fe:dc:4e:f5:fa:ad:5c:49:6c:
                    4e:b1:46:9c:b0:39:1b:11:67:b9:0c:6b:fb:44:65:
                    9a:27:ee:d0:6e:84:02:f9:b5:cb:8f:3f:08:bd:99:
                    f4:10:57:28:71:f6:2a:c6:68:55:25:e2:16:ce:3e:
                    33:72:3b:2d:a6:07:f3:e7:ab:92:6d:f7:a0:3e:37:
                    fc:d9:1c:6b:6c:2c:b0:a2:90:05:df:e1:56:1e:cb:
                    86:06:fb:5b:cc:87:3c:02:cd:03:05:68:9e:c8:a5:
                    62:7c:a0:72:32:57:3c:9b:79:3a:e2:cb:80:72:0b:
                    d9:24:df:20:ab:f2:52:72:02:7e:56:f0:06:94:37:
                    31:e1:da:6e:6c:28:c7:3c:c4:27:5e:14:da:30:ec:
                    2f:32:6e:02:1c:db:1a:df:9b:3e:1e:e9:79:b0:ba:
                    6c:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:D4:C2:12:26:EE:FF:11:B4:DD:B0:D1:F3:A4:23:1B:79:BD:1D:FA
            X509v3 Authority Key Identifier:
                keyid:4A:CE:F4:5F:BB:0F:26:93:0A:EB:83:3C:F7:9F:C4:1E:22:CA:92:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ss70X7sPJpMK64M895_EHiLKkjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/97fb36-ea9b-43f4-aad5-06f7290dc44a/1/a9TCEibu_xG03bDR86QjG3m9Hfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/97fb36-ea9b-43f4-aad5-06f7290dc44a/1/Ss70X7sPJpMK64M895_EHiLKkjU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.234.0/24
                  193.134.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:1e:e3:f2:c7:fa:da:72:04:2a:3c:5f:98:ed:0b:bb:8d:f7:
         ff:97:13:b8:ac:3f:51:89:56:7d:fe:a7:31:e7:90:bd:d1:e4:
         41:d1:6d:3e:cf:94:c4:5c:8e:9e:5b:76:1b:96:63:db:8d:24:
         4c:c6:d7:48:43:19:89:5d:fc:0b:4e:df:32:5e:0c:18:ce:a6:
         ef:b2:b1:e4:3e:29:56:55:f8:e7:0d:de:02:04:2b:e9:2a:a9:
         5d:ea:89:d9:d9:e5:15:7b:98:ea:72:5b:b2:3d:d5:62:ba:e9:
         88:71:18:f6:fb:13:8e:f8:65:4d:25:67:46:97:5b:7b:96:59:
         42:19:72:3b:11:40:43:f8:e5:91:06:ea:de:c7:22:67:52:4f:
         e5:1d:4d:ac:2c:ba:7e:33:e0:a4:c3:ec:12:3b:f2:02:0d:c8:
         f6:16:27:a8:47:d1:57:49:48:d5:0b:8b:f4:60:1b:bb:6a:14:
         ee:fb:28:5b:d2:70:a4:45:c2:d6:10:72:cf:45:fd:88:a1:4b:
         d6:a8:73:a1:b0:32:f4:de:f5:70:8d:34:c8:52:70:9f:52:13:
         6d:48:cd:10:8e:02:13:36:07:bb:27:34:65:06:76:0b:00:e1:
         28:cf:9c:b3:27:74:09:4c:43:ed:96:d8:6f:ed:46:19:f1:0a:
         fd:5d:e8:1c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSMk4xtsLn1dEmhQQAWRTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhY2VmNDVmYmIwZjI2OTMwYWViODMzY2Y3OWZjNDFlMjJj
YTkyMzUwHhcNMjQwMTAxMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmQ0YzIxMjI2ZWVmZjExYjRkZGIwZDFmM2E0MjMxYjc5YmQxZGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07n1CQbbVEQL+OSOWmsZquEQ7h7M
/NDrsbeCdjil3XF70HY5Ju1eM4YsFGOXuR1bPPX/LRgpQj4DENHSaGJEKnMsE+AV
h3gSSrZ7+mEg+HAt8GV+/VpOYi9A103QPdn+3E71+q1cSWxOsUacsDkbEWe5DGv7
RGWaJ+7QboQC+bXLjz8IvZn0EFcocfYqxmhVJeIWzj4zcjstpgfz56uSbfegPjf8
2RxrbCywopAF3+FWHsuGBvtbzIc8As0DBWieyKVifKByMlc8m3k64suAcgvZJN8g
q/JScgJ+VvAGlDcx4dpubCjHPMQnXhTaMOwvMm4CHNsa35s+Hul5sLpsVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGvUwhIm7v8RtN2w0fOkIxt5vR36MB8GA1UdIwQY
MBaAFErO9F+7DyaTCuuDPPefxB4iypI1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3M3MFg3c1BKcE1LNjRNODk1X0VIaUxLa2pVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi85N2ZiMzYtZWE5Yi00M2Y0LWFhZDUt
MDZmNzI5MGRjNDRhLzEvYTlUQ0VpYnVfeEcwM2JEUjg2UWpHM205SGZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi85N2ZiMzYtZWE5Yi00M2Y0LWFhZDUtMDZmNzI5MGRjNDRh
LzEvU3M3MFg3c1BKcE1LNjRNODk1X0VIaUxLa2pVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwW/qAwQA
wYZkMA0GCSqGSIb3DQEBCwUAA4IBAQBrHuPyx/racgQqPF+Y7Qu7jff/lxO4rD9R
iVZ9/qcx55C90eRB0W0+z5TEXI6eW3YblmPbjSRMxtdIQxmJXfwLTt8yXgwYzqbv
srHkPilWVfjnDd4CBCvpKqld6onZ2eUVe5jqcluyPdViuumIcRj2+xOO+GVNJWdG
l1t7lllCGXI7EUBD+OWRBurexyJnUk/lHU2sLLp+M+Ckw+wSO/ICDcj2FieoR9FX
SUjVC4v0YBu7ahTu+yhb0nCkRcLWEHLPRf2IoUvWqHOhsDL03vVwjTTIUnCfUhNt
SM0QjgITNge7JzRlBnYLAOEoz5yzJ3QJTEPtlthv7UYZ8Qr9Xegc
-----END CERTIFICATE-----