Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/51065b-904f-4ce3-8fe5-8ea2d14a642e/1/0Ej2q3Sj-9HQTia-YOfZUBi4bI4.roa
File:                     0Ej2q3Sj-9HQTia-YOfZUBi4bI4.roa (raw, json)
Hash identifier:          Dmdea0pHkYNxRmB1+c1ZvPaBxKjrPsIzM+ZxkYBiyys=
Subject key identifier:   D0:48:F6:AB:74:A3:FB:D1:D0:4E:26:BE:60:E7:D9:50:18:B8:6C:8E
Certificate issuer:       /CN=2452de9370c20ef1ba4d7fe1bb018f3f6dfdc9ce
Certificate serial:       018CC94D85973E910D10DB9BD24660132C48
Authority key identifier: 24:52:DE:93:70:C2:0E:F1:BA:4D:7F:E1:BB:01:8F:3F:6D:FD:C9:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFLek3DCDvG6TX_huwGPP239yc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/51065b-904f-4ce3-8fe5-8ea2d14a642e/1/0Ej2q3Sj-9HQTia-YOfZUBi4bI4.roa
Signing time:             Tue 02 Jan 2024 08:32:30 +0000
ROA not before:           Tue 02 Jan 2024 08:32:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39930
IP address blocks:        195.95.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/51065b-904f-4ce3-8fe5-8ea2d14a642e/1/JFLek3DCDvG6TX_huwGPP239yc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/51065b-904f-4ce3-8fe5-8ea2d14a642e/1/JFLek3DCDvG6TX_huwGPP239yc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFLek3DCDvG6TX_huwGPP239yc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 08:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:85:97:3e:91:0d:10:db:9b:d2:46:60:13:2c:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2452de9370c20ef1ba4d7fe1bb018f3f6dfdc9ce
        Validity
            Not Before: Jan  2 08:32:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d048f6ab74a3fbd1d04e26be60e7d95018b86c8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ec:ce:86:f1:8c:61:32:99:b6:c2:e5:e7:de:
                    42:6d:c7:1a:a7:90:54:62:9e:77:19:0b:22:f5:a2:
                    e9:25:54:cf:2c:07:e6:71:e2:36:e0:d8:67:af:9f:
                    98:9d:2a:6b:87:11:75:5c:89:4c:d9:8f:50:48:a8:
                    45:f7:5d:c3:c4:dd:2c:79:7d:0f:40:f4:85:b7:72:
                    02:47:bb:51:78:f1:a8:fe:76:9c:14:5a:0a:ae:19:
                    f7:70:42:a2:2e:78:da:69:65:9a:78:c5:90:a3:78:
                    f3:c3:e8:a1:7f:25:7d:c0:67:9d:5b:d8:56:cb:f3:
                    07:fa:3b:cc:39:95:59:d3:40:e2:7c:bb:1f:4d:fe:
                    e5:24:9d:68:fd:a8:1e:bc:3e:3b:40:3a:52:6f:6c:
                    88:76:77:83:3a:a1:1f:62:43:ee:94:f7:ec:af:7d:
                    c4:cb:2c:81:6e:16:30:fb:33:96:94:66:09:76:bc:
                    9f:57:15:65:29:d5:1c:3a:34:a8:cf:7f:0f:40:22:
                    cd:c4:da:6d:16:e9:5b:bb:c2:9f:97:ed:c8:f3:b0:
                    31:69:57:00:a8:ac:32:af:f0:e9:4f:9d:2f:bc:5d:
                    83:aa:c1:5e:d8:cd:59:55:c3:01:67:ff:f5:9b:3d:
                    39:87:35:42:ea:ab:b4:ce:ae:d9:36:13:6e:56:6b:
                    ae:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:48:F6:AB:74:A3:FB:D1:D0:4E:26:BE:60:E7:D9:50:18:B8:6C:8E
            X509v3 Authority Key Identifier:
                keyid:24:52:DE:93:70:C2:0E:F1:BA:4D:7F:E1:BB:01:8F:3F:6D:FD:C9:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFLek3DCDvG6TX_huwGPP239yc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/51065b-904f-4ce3-8fe5-8ea2d14a642e/1/0Ej2q3Sj-9HQTia-YOfZUBi4bI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/51065b-904f-4ce3-8fe5-8ea2d14a642e/1/JFLek3DCDvG6TX_huwGPP239yc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:1d:f2:72:53:13:2e:7a:92:90:a0:0e:57:42:cc:89:26:2e:
         56:de:48:f5:d5:41:d2:de:57:f5:b2:f6:43:bd:02:e6:d4:e5:
         ff:7c:79:f4:54:60:38:e3:33:b3:8a:3b:77:38:9b:72:96:e0:
         79:ab:8c:0f:29:b0:b2:03:2b:71:8c:cd:2a:f7:1b:66:45:60:
         95:9b:36:1d:a6:87:fc:12:b9:32:b4:68:35:18:f5:bf:f5:50:
         7a:34:f3:1e:98:81:55:39:06:92:68:33:1c:71:c6:f3:f3:7b:
         8d:53:67:be:60:80:c6:92:6c:59:70:9f:ed:20:f8:4e:76:f2:
         94:73:76:0d:5b:7c:c6:6f:18:84:7a:1e:f6:6f:42:17:bf:e2:
         9d:99:b0:92:be:ff:cc:cf:9d:ff:5a:62:fc:72:82:d4:0d:2d:
         07:44:85:d3:50:3e:12:5c:40:fe:45:35:8a:9f:03:ba:2b:72:
         a1:2a:44:ea:b8:61:3a:8b:f4:25:6c:f6:8d:b7:b1:47:9d:c8:
         39:40:ee:39:30:4e:59:44:d8:f4:51:34:bd:19:ab:7c:52:1d:
         9e:b3:0d:ae:b8:d7:ac:b0:da:69:99:67:fd:f4:8a:21:e1:e4:
         a7:cf:9e:30:80:c4:5a:89:2e:a0:20:86:79:da:18:7b:ce:64:
         9c:1e:5c:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTYWXPpENENub0kZgEyxIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTJkZTkzNzBjMjBlZjFiYTRkN2ZlMWJiMDE4ZjNmNmRm
ZGM5Y2UwHhcNMjQwMTAyMDgzMjMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDQ4ZjZhYjc0YTNmYmQxZDA0ZTI2YmU2MGU3ZDk1MDE4Yjg2YzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkezOhvGMYTKZtsLl595Cbccap5BU
Yp53GQsi9aLpJVTPLAfmceI24Nhnr5+YnSprhxF1XIlM2Y9QSKhF913DxN0seX0P
QPSFt3ICR7tRePGo/nacFFoKrhn3cEKiLnjaaWWaeMWQo3jzw+ihfyV9wGedW9hW
y/MH+jvMOZVZ00DifLsfTf7lJJ1o/agevD47QDpSb2yIdneDOqEfYkPulPfsr33E
yyyBbhYw+zOWlGYJdryfVxVlKdUcOjSoz38PQCLNxNptFulbu8Kfl+3I87AxaVcA
qKwyr/DpT50vvF2DqsFe2M1ZVcMBZ//1mz05hzVC6qu0zq7ZNhNuVmuuXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBI9qt0o/vR0E4mvmDn2VAYuGyOMB8GA1UdIwQY
MBaAFCRS3pNwwg7xuk1/4bsBjz9t/cnOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZMZWszRENEdkc2VFhfaHV3R1BQMjM5eWM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi81MTA2NWItOTA0Zi00Y2UzLThmZTUt
OGVhMmQxNGE2NDJlLzEvMEVqMnEzU2otOUhRVGlhLVlPZlpVQmk0Ykk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi81MTA2NWItOTA0Zi00Y2UzLThmZTUtOGVhMmQxNGE2NDJl
LzEvSkZMZWszRENEdkc2VFhfaHV3R1BQMjM5eWM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1+RMA0G
CSqGSIb3DQEBCwUAA4IBAQBGHfJyUxMuepKQoA5XQsyJJi5W3kj11UHS3lf1svZD
vQLm1OX/fHn0VGA44zOzijt3OJtyluB5q4wPKbCyAytxjM0q9xtmRWCVmzYdpof8
ErkytGg1GPW/9VB6NPMemIFVOQaSaDMcccbz83uNU2e+YIDGkmxZcJ/tIPhOdvKU
c3YNW3zGbxiEeh72b0IXv+KdmbCSvv/Mz53/WmL8coLUDS0HRIXTUD4SXED+RTWK
nwO6K3KhKkTquGE6i/QlbPaNt7FHncg5QO45ME5ZRNj0UTS9Gat8Uh2esw2uuNes
sNppmWf99Ioh4eSnz54wgMRaiS6gIIZ52hh7zmScHly8
-----END CERTIFICATE-----