Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/375a67-8c4e-4a46-99cc-65078a7f65b8/1/3UxBplNs8MXqUHHv7dv4iSve0Vo.roa
File:                     3UxBplNs8MXqUHHv7dv4iSve0Vo.roa (raw, json)
Hash identifier:          GWG+MAq8Rb8ruJRFirFFYQeXWCQFB7QSRQ4dk8XLhaM=
Subject key identifier:   DD:4C:41:A6:53:6C:F0:C5:EA:50:71:EF:ED:DB:F8:89:2B:DE:D1:5A
Certificate issuer:       /CN=065a470dbab9c1c334f0f85f417cd1aa425e9f13
Certificate serial:       018FF85F52946BB2B3E30867D6A76C76BBF7
Authority key identifier: 06:5A:47:0D:BA:B9:C1:C3:34:F0:F8:5F:41:7C:D1:AA:42:5E:9F:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BlpHDbq5wcM08PhfQXzRqkJenxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/375a67-8c4e-4a46-99cc-65078a7f65b8/1/3UxBplNs8MXqUHHv7dv4iSve0Vo.roa
Signing time:             Sat 08 Jun 2024 15:02:27 +0000
ROA not before:           Sat 08 Jun 2024 15:02:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214781
IP address blocks:        195.66.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/375a67-8c4e-4a46-99cc-65078a7f65b8/1/BlpHDbq5wcM08PhfQXzRqkJenxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/375a67-8c4e-4a46-99cc-65078a7f65b8/1/BlpHDbq5wcM08PhfQXzRqkJenxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BlpHDbq5wcM08PhfQXzRqkJenxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f8:5f:52:94:6b:b2:b3:e3:08:67:d6:a7:6c:76:bb:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=065a470dbab9c1c334f0f85f417cd1aa425e9f13
        Validity
            Not Before: Jun  8 15:02:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd4c41a6536cf0c5ea5071efeddbf8892bded15a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:aa:c7:29:43:b7:ee:fd:89:8b:0f:68:bf:ff:
                    3b:cc:41:d3:27:58:17:c0:fd:19:e2:75:12:28:7b:
                    a9:8f:3a:73:a4:e2:07:77:7d:6e:45:67:27:f4:fc:
                    2d:c8:8c:d1:ab:de:06:db:18:a3:c6:b6:5d:67:b7:
                    87:80:7b:47:4b:63:18:81:0a:d2:87:04:84:bb:c1:
                    3d:4d:0e:aa:ff:80:77:ac:40:1b:7b:c4:2f:fb:bb:
                    8d:11:b3:ef:6f:86:df:21:a5:49:ee:76:bd:e4:f8:
                    01:6b:76:62:f3:4f:a4:1b:07:90:ee:0a:c9:b2:c7:
                    83:e4:d3:0f:62:15:c1:ed:88:20:67:40:fc:20:80:
                    40:a0:36:02:31:1d:6e:bc:9c:a5:75:25:b4:93:21:
                    6c:f7:10:a8:8a:55:05:13:51:38:ca:61:f9:70:ed:
                    ba:70:5f:86:70:bd:65:fc:59:da:a2:17:b9:4d:e6:
                    72:67:83:b8:67:81:a4:c8:ad:cf:f5:20:fa:ee:3c:
                    5b:be:89:57:e9:39:aa:59:9f:94:46:77:3d:1d:73:
                    06:45:05:d4:88:9b:72:cb:0f:50:7f:57:f3:6e:9f:
                    9a:61:e7:19:67:c5:13:ea:e9:67:a7:76:ff:cd:31:
                    1e:44:72:cb:40:f7:5d:e3:32:c9:f8:1e:b6:22:e1:
                    2e:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:4C:41:A6:53:6C:F0:C5:EA:50:71:EF:ED:DB:F8:89:2B:DE:D1:5A
            X509v3 Authority Key Identifier:
                keyid:06:5A:47:0D:BA:B9:C1:C3:34:F0:F8:5F:41:7C:D1:AA:42:5E:9F:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BlpHDbq5wcM08PhfQXzRqkJenxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/375a67-8c4e-4a46-99cc-65078a7f65b8/1/3UxBplNs8MXqUHHv7dv4iSve0Vo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/375a67-8c4e-4a46-99cc-65078a7f65b8/1/BlpHDbq5wcM08PhfQXzRqkJenxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:c6:5a:f6:c3:f4:79:80:bf:07:23:d7:c6:5a:5d:f4:a6:2c:
         51:cf:b7:87:50:03:75:eb:d4:91:15:4e:d9:14:c3:56:00:c3:
         f7:8f:33:9c:28:bc:59:0b:66:30:43:44:9e:bc:60:4e:14:14:
         05:f0:0e:56:7c:95:59:7a:94:07:00:39:7e:65:e8:c3:ed:e4:
         67:28:a7:a4:99:c4:b4:30:ab:3e:40:e5:da:15:70:a9:b6:b9:
         46:4e:55:28:d0:9f:f6:cc:83:ad:e5:9d:a9:85:29:67:e0:aa:
         62:96:59:75:1b:c8:e3:04:f6:58:4f:a1:00:42:9d:e9:44:ee:
         63:18:47:dd:d5:4a:ee:9e:1d:75:c6:9d:ca:fe:14:84:17:59:
         0a:af:9f:c3:7b:52:b1:5c:4d:7f:25:aa:91:47:29:d1:2a:24:
         51:70:33:93:1e:c5:ee:f3:8a:f3:62:1a:85:f6:f3:79:1b:01:
         2a:7e:60:36:07:e0:12:f9:9a:03:b3:43:fe:f4:fe:6e:9d:12:
         32:63:cb:45:f8:7b:a2:e3:47:c2:88:60:6b:da:d6:1d:8c:5d:
         64:a4:11:b9:72:3a:3a:81:98:1b:da:56:4a:43:e2:39:4f:d8:
         c7:38:ef:84:75:78:de:61:4b:91:37:50:93:6f:27:cb:a2:94:
         52:7e:3e:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/4X1KUa7Kz4whn1qdsdrv3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NWE0NzBkYmFiOWMxYzMzNGYwZjg1ZjQxN2NkMWFhNDI1
ZTlmMTMwHhcNMjQwNjA4MTUwMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDRjNDFhNjUzNmNmMGM1ZWE1MDcxZWZlZGRiZjg4OTJiZGVkMTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6rHKUO37v2Jiw9ov/87zEHTJ1gX
wP0Z4nUSKHupjzpzpOIHd31uRWcn9PwtyIzRq94G2xijxrZdZ7eHgHtHS2MYgQrS
hwSEu8E9TQ6q/4B3rEAbe8Qv+7uNEbPvb4bfIaVJ7na95PgBa3Zi80+kGweQ7grJ
sseD5NMPYhXB7YggZ0D8IIBAoDYCMR1uvJyldSW0kyFs9xCoilUFE1E4ymH5cO26
cF+GcL1l/Fnaohe5TeZyZ4O4Z4GkyK3P9SD67jxbvolX6TmqWZ+URnc9HXMGRQXU
iJtyyw9Qf1fzbp+aYecZZ8UT6ulnp3b/zTEeRHLLQPdd4zLJ+B62IuEugQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1MQaZTbPDF6lBx7+3b+Ikr3tFaMB8GA1UdIwQY
MBaAFAZaRw26ucHDNPD4X0F80apCXp8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmxwSERicTV3Y00wOFBoZlFYelJxa0plbnhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8zNzVhNjctOGM0ZS00YTQ2LTk5Y2Mt
NjUwNzhhN2Y2NWI4LzEvM1V4QnBsTnM4TVhxVUhIdjdkdjRpU3ZlMFZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8zNzVhNjctOGM0ZS00YTQ2LTk5Y2MtNjUwNzhhN2Y2NWI4
LzEvQmxwSERicTV3Y00wOFBoZlFYelJxa0plbnhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0JlMA0G
CSqGSIb3DQEBCwUAA4IBAQCjxlr2w/R5gL8HI9fGWl30pixRz7eHUAN169SRFU7Z
FMNWAMP3jzOcKLxZC2YwQ0SevGBOFBQF8A5WfJVZepQHADl+ZejD7eRnKKekmcS0
MKs+QOXaFXCptrlGTlUo0J/2zIOt5Z2phSln4Kpilll1G8jjBPZYT6EAQp3pRO5j
GEfd1Urunh11xp3K/hSEF1kKr5/De1KxXE1/JaqRRynRKiRRcDOTHsXu84rzYhqF
9vN5GwEqfmA2B+AS+ZoDs0P+9P5unRIyY8tF+Hui40fCiGBr2tYdjF1kpBG5cjo6
gZgb2lZKQ+I5T9jHOO+EdXjeYUuRN1CTbyfLopRSfj73
-----END CERTIFICATE-----