Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/rT0S07sUuh3FTk3l9w_9QxVxnT4.roa
File:                     rT0S07sUuh3FTk3l9w_9QxVxnT4.roa (raw, json)
Hash identifier:          NVrojadN7eFjH8x0CRwe/41x0R7JvroHU158O1ALjpA=
Subject key identifier:   AD:3D:12:D3:BB:14:BA:1D:C5:4E:4D:E5:F7:0F:FD:43:15:71:9D:3E
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019174D85E852AA5F6D2F60A8DD9C7E5A711
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/rT0S07sUuh3FTk3l9w_9QxVxnT4.roa
Signing time:             Wed 21 Aug 2024 12:10:22 +0000
ROA not before:           Wed 21 Aug 2024 12:10:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204104
IP address blocks:        195.96.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:74:d8:5e:85:2a:a5:f6:d2:f6:0a:8d:d9:c7:e5:a7:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Aug 21 12:10:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad3d12d3bb14ba1dc54e4de5f70ffd4315719d3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ea:bf:50:cc:0a:3a:2c:8b:fa:ea:bc:b1:75:
                    7f:2c:cd:9e:d1:dd:ae:94:53:04:34:36:b4:3f:de:
                    10:1c:fb:28:09:4b:2d:e3:b9:2c:49:b5:c0:b8:aa:
                    da:24:06:cd:6a:e7:07:52:e7:5f:82:4b:7a:59:4a:
                    78:33:a6:f5:71:73:36:10:72:fc:1b:ae:f5:fe:dc:
                    36:7c:b0:d9:45:1a:13:fd:64:98:76:4e:07:5a:1c:
                    aa:e6:dd:9a:02:35:09:f5:71:fd:16:ec:f7:bd:e1:
                    ad:91:6b:6a:48:05:6e:2d:dd:3b:a9:39:cb:19:74:
                    6e:ed:90:6c:af:9d:a7:d6:6b:cd:fb:fd:b4:34:8a:
                    0f:54:31:e3:6f:e2:57:10:9f:2d:46:51:8a:97:e0:
                    0c:9e:27:f2:77:23:e9:76:d0:ab:a7:b7:7e:1b:8d:
                    5b:34:f1:ff:20:ae:8a:11:ee:2f:94:83:61:eb:b4:
                    c6:18:57:51:50:3c:15:7d:4f:57:4a:b0:16:20:c1:
                    71:ea:25:31:e3:ad:f9:a4:5f:ae:07:8e:c9:22:24:
                    65:fb:f0:cc:41:38:5b:68:ff:3a:66:ec:e9:89:a6:
                    6e:92:d8:a9:03:4b:70:17:07:b3:ea:6d:f3:d9:17:
                    00:3c:f8:f4:2e:9c:06:ee:9d:fe:2d:fa:84:50:40:
                    e4:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:3D:12:D3:BB:14:BA:1D:C5:4E:4D:E5:F7:0F:FD:43:15:71:9D:3E
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/rT0S07sUuh3FTk3l9w_9QxVxnT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:4f:54:a7:b1:9a:a2:49:e8:49:ad:94:91:3f:4e:be:98:f9:
         72:c7:ff:45:eb:fd:c6:9f:64:64:6a:a2:0f:29:0e:dd:7d:a8:
         7d:89:95:5a:a2:46:5b:d5:22:ab:05:c3:6b:62:4d:04:f4:f0:
         b8:79:ca:72:aa:8f:06:f2:81:b9:a9:f7:12:61:94:c9:32:97:
         1a:b7:6f:48:4a:7c:55:c6:e8:40:1a:db:b2:cd:57:ff:b6:68:
         b2:6a:41:bf:3f:6e:14:8c:4a:15:40:44:32:94:86:be:fd:e7:
         d1:05:cf:17:e7:de:17:a2:0c:b0:d3:dc:19:cb:7b:39:a2:23:
         45:6b:f1:e2:9d:3c:e9:8f:6c:e9:0b:ee:76:e6:34:96:5f:d2:
         2e:95:13:dc:89:98:f1:f7:14:3f:52:62:1a:a0:fd:57:4f:bc:
         a3:3e:ea:84:ec:71:1f:40:b0:01:99:ad:69:75:ae:cc:b1:b2:
         38:04:f1:5a:e8:e8:6b:b0:de:c9:75:2a:42:e4:6d:49:b5:88:
         6c:ba:b8:fd:4a:c8:7d:f7:2f:04:2a:dd:6c:cf:bc:3a:99:d4:
         a9:07:06:31:9a:6a:72:c2:46:fb:67:de:be:90:ca:56:60:bb:
         52:41:06:b2:a1:29:0f:1a:7f:c8:b7:c6:9a:33:9f:c3:4b:07:
         5c:6b:57:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF02F6FKqX20vYKjdnH5acRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwODIxMTIxMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDNkMTJkM2JiMTRiYTFkYzU0ZTRkZTVmNzBmZmQ0MzE1NzE5ZDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjuq/UMwKOiyL+uq8sXV/LM2e0d2u
lFMENDa0P94QHPsoCUst47ksSbXAuKraJAbNaucHUudfgkt6WUp4M6b1cXM2EHL8
G671/tw2fLDZRRoT/WSYdk4HWhyq5t2aAjUJ9XH9Fuz3veGtkWtqSAVuLd07qTnL
GXRu7ZBsr52n1mvN+/20NIoPVDHjb+JXEJ8tRlGKl+AMnifydyPpdtCrp7d+G41b
NPH/IK6KEe4vlINh67TGGFdRUDwVfU9XSrAWIMFx6iUx4635pF+uB47JIiRl+/DM
QThbaP86ZuzpiaZuktipA0twFwez6m3z2RcAPPj0LpwG7p3+LfqEUEDkfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK09EtO7FLodxU5N5fcP/UMVcZ0+MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvclQwUzA3c1V1aDNGVGszbDl3XzlReFZ4blQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw2CHMA0G
CSqGSIb3DQEBCwUAA4IBAQA8T1SnsZqiSehJrZSRP06+mPlyx/9F6/3Gn2RkaqIP
KQ7dfah9iZVaokZb1SKrBcNrYk0E9PC4ecpyqo8G8oG5qfcSYZTJMpcat29ISnxV
xuhAGtuyzVf/tmiyakG/P24UjEoVQEQylIa+/efRBc8X594Xogyw09wZy3s5oiNF
a/HinTzpj2zpC+525jSWX9IulRPciZjx9xQ/UmIaoP1XT7yjPuqE7HEfQLABma1p
da7MsbI4BPFa6OhrsN7JdSpC5G1JtYhsurj9Ssh99y8EKt1sz7w6mdSpBwYxmmpy
wkb7Z96+kMpWYLtSQQayoSkPGn/It8aaM5/DSwdca1fr
-----END CERTIFICATE-----