Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/DMmG1zUGl5DD4RlJaHAmItlQTOY.roa
File:                     DMmG1zUGl5DD4RlJaHAmItlQTOY.roa (raw, json)
Hash identifier:          L7ohdKT7YBaHaovtvW0WXuAuDX78S+XAHrzXfrMb0Ig=
Subject key identifier:   0C:C9:86:D7:35:06:97:90:C3:E1:19:49:68:70:26:22:D9:50:4C:E6
Certificate issuer:       /CN=272ed090acf7c829a22bbfbe2b0e998cd20ad826
Certificate serial:       018CC8DE696FB60E582777284430F185263C
Authority key identifier: 27:2E:D0:90:AC:F7:C8:29:A2:2B:BF:BE:2B:0E:99:8C:D2:0A:D8:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jy7QkKz3yCmiK7--Kw6ZjNIK2CY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/DMmG1zUGl5DD4RlJaHAmItlQTOY.roa
Signing time:             Tue 02 Jan 2024 06:31:08 +0000
ROA not before:           Tue 02 Jan 2024 06:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59441
IP address blocks:        95.81.84.0/23 maxlen: 24
                          95.81.92.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/Jy7QkKz3yCmiK7--Kw6ZjNIK2CY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/Jy7QkKz3yCmiK7--Kw6ZjNIK2CY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jy7QkKz3yCmiK7--Kw6ZjNIK2CY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:69:6f:b6:0e:58:27:77:28:44:30:f1:85:26:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=272ed090acf7c829a22bbfbe2b0e998cd20ad826
        Validity
            Not Before: Jan  2 06:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cc986d735069790c3e1194968702622d9504ce6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:0e:a2:cd:c9:ad:1f:1e:e8:01:52:ba:36:6e:
                    e5:c6:02:7b:86:e2:5f:79:e6:b9:0d:a8:21:f4:de:
                    71:9c:50:29:02:1f:28:03:77:c3:42:14:b1:3d:e1:
                    a1:c0:80:b1:60:ce:37:97:68:30:e3:53:2a:48:a6:
                    fe:c7:7c:bc:6e:89:4e:bb:f0:e2:c1:97:98:cd:a6:
                    23:ce:63:89:59:ab:f5:2e:7d:ce:3e:40:8f:74:e2:
                    42:24:d6:c9:98:45:88:2e:6d:eb:e8:56:a1:9a:08:
                    ba:a9:51:41:c2:24:72:01:cd:06:06:11:30:84:8d:
                    9e:a3:c5:ea:73:61:f0:9c:bc:70:49:d8:ee:63:1e:
                    1c:a9:3f:46:97:30:e8:8e:c9:be:d5:92:63:78:5b:
                    9f:b1:1c:13:7e:31:9c:84:30:23:fc:1c:3e:28:e3:
                    44:bf:ea:e1:e2:d6:a4:2b:8b:75:1f:61:98:f0:85:
                    24:af:ea:fc:79:84:7a:32:18:02:ff:38:03:18:d9:
                    65:e9:2c:d0:89:e6:0d:46:d1:79:af:39:33:8c:aa:
                    81:c0:43:36:0b:12:e5:42:6d:77:10:8d:d5:41:a0:
                    b1:8b:f2:ef:ae:56:b1:b0:98:53:00:45:3e:b4:99:
                    9c:7b:cb:43:b9:a1:1d:9a:c4:c0:43:1b:f5:23:38:
                    7d:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:C9:86:D7:35:06:97:90:C3:E1:19:49:68:70:26:22:D9:50:4C:E6
            X509v3 Authority Key Identifier:
                keyid:27:2E:D0:90:AC:F7:C8:29:A2:2B:BF:BE:2B:0E:99:8C:D2:0A:D8:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jy7QkKz3yCmiK7--Kw6ZjNIK2CY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/DMmG1zUGl5DD4RlJaHAmItlQTOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/a15f96-ec18-4644-89b3-acc22bb4dced/1/Jy7QkKz3yCmiK7--Kw6ZjNIK2CY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.81.84.0/23
                  95.81.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:8f:a7:80:2d:30:41:ba:3f:7b:19:90:a0:73:c5:bb:f9:6d:
         b0:ae:35:a4:db:5c:16:d9:df:a7:e8:cd:ba:22:ca:42:e9:cd:
         27:19:cb:4f:fe:1d:f5:49:23:dd:93:c7:4e:81:0d:0e:8a:0e:
         59:ef:64:26:02:f2:f5:76:34:f0:f0:ae:55:67:6f:b5:31:65:
         1a:dd:9c:dd:57:f7:7e:a6:58:ec:d1:6c:f3:63:cd:f6:5c:fa:
         e1:e2:6f:c0:ce:28:7d:46:99:89:79:82:6f:71:90:9a:dc:2f:
         81:64:3c:1e:8b:d3:ca:dc:e9:83:1f:f5:2c:f5:6c:f1:ed:01:
         25:c1:5d:10:a4:c7:9a:93:d8:ed:fc:a8:a5:c9:93:bc:e5:1f:
         8c:45:6a:0d:f9:13:2c:7e:dd:91:fb:49:a0:7b:44:9e:15:3f:
         f3:4c:16:d8:05:f4:03:43:08:d4:24:f1:43:37:79:44:50:79:
         65:38:5c:24:93:d1:5f:37:03:fb:be:07:be:47:c4:de:86:a9:
         82:e0:5c:23:05:81:5e:8a:5f:91:a4:52:44:71:a3:b5:60:ed:
         8c:61:61:20:f0:36:29:8f:66:bf:81:4d:55:a2:78:10:87:fc:
         c6:b8:fa:6b:e3:0b:98:a9:3e:e4:c2:71:b3:2f:81:a0:ca:81:
         df:a1:57:94
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3mlvtg5YJ3coRDDxhSY8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MmVkMDkwYWNmN2M4MjlhMjJiYmZiZTJiMGU5OThjZDIw
YWQ4MjYwHhcNMjQwMTAyMDYzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2M5ODZkNzM1MDY5NzkwYzNlMTE5NDk2ODcwMjYyMmQ5NTA0Y2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApw6izcmtHx7oAVK6Nm7lxgJ7huJf
eea5Dagh9N5xnFApAh8oA3fDQhSxPeGhwICxYM43l2gw41MqSKb+x3y8bolOu/Di
wZeYzaYjzmOJWav1Ln3OPkCPdOJCJNbJmEWILm3r6Fahmgi6qVFBwiRyAc0GBhEw
hI2eo8Xqc2HwnLxwSdjuYx4cqT9GlzDojsm+1ZJjeFufsRwTfjGchDAj/Bw+KONE
v+rh4takK4t1H2GY8IUkr+r8eYR6MhgC/zgDGNll6SzQieYNRtF5rzkzjKqBwEM2
CxLlQm13EI3VQaCxi/LvrlaxsJhTAEU+tJmce8tDuaEdmsTAQxv1Izh9BwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAzJhtc1BpeQw+EZSWhwJiLZUEzmMB8GA1UdIwQY
MBaAFCcu0JCs98gpoiu/visOmYzSCtgmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnk3UWtLejN5Q21pSzctLUt3NlpqTklLMkNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9hMTVmOTYtZWMxOC00NjQ0LTg5YjMt
YWNjMjJiYjRkY2VkLzEvRE1tRzF6VUdsNURENFJsSmFIQW1JdGxRVE9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9hMTVmOTYtZWMxOC00NjQ0LTg5YjMtYWNjMjJiYjRkY2Vk
LzEvSnk3UWtLejN5Q21pSzctLUt3NlpqTklLMkNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBX1FUAwQB
X1FcMA0GCSqGSIb3DQEBCwUAA4IBAQBrj6eALTBBuj97GZCgc8W7+W2wrjWk21wW
2d+n6M26IspC6c0nGctP/h31SSPdk8dOgQ0Oig5Z72QmAvL1djTw8K5VZ2+1MWUa
3ZzdV/d+pljs0WzzY832XPrh4m/Azih9RpmJeYJvcZCa3C+BZDwei9PK3OmDH/Us
9Wzx7QElwV0QpMeak9jt/KilyZO85R+MRWoN+RMsft2R+0mge0SeFT/zTBbYBfQD
QwjUJPFDN3lEUHllOFwkk9FfNwP7vge+R8TehqmC4FwjBYFeil+RpFJEcaO1YO2M
YWEg8DYpj2a/gU1VongQh/zGuPpr4wuYqT7kwnGzL4GgyoHfoVeU
-----END CERTIFICATE-----