Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/9ba940-0078-4fd0-afde-537a2b0b4dda/1/Y6lH-sAOY9XRQ9gnqxIFd_Fm-wI.roa
File:                     Y6lH-sAOY9XRQ9gnqxIFd_Fm-wI.roa (raw, json)
Hash identifier:          x4oVwdvIa2HUpXlBLQA6wSeCoAhrNf6krmwMsC4SMp8=
Subject key identifier:   63:A9:47:FA:C0:0E:63:D5:D1:43:D8:27:AB:12:05:77:F1:66:FB:02
Certificate issuer:       /CN=e1e8f41f6b02b93f85d1a7b48b48cfa322f088f8
Certificate serial:       018CC80152B18DB7556F148B03B474B539B8
Authority key identifier: E1:E8:F4:1F:6B:02:B9:3F:85:D1:A7:B4:8B:48:CF:A3:22:F0:88:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4ej0H2sCuT-F0ae0i0jPoyLwiPg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/9ba940-0078-4fd0-afde-537a2b0b4dda/1/Y6lH-sAOY9XRQ9gnqxIFd_Fm-wI.roa
Signing time:             Tue 02 Jan 2024 02:29:39 +0000
ROA not before:           Tue 02 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5483
IP address blocks:        195.90.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/9ba940-0078-4fd0-afde-537a2b0b4dda/1/4ej0H2sCuT-F0ae0i0jPoyLwiPg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/9ba940-0078-4fd0-afde-537a2b0b4dda/1/4ej0H2sCuT-F0ae0i0jPoyLwiPg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4ej0H2sCuT-F0ae0i0jPoyLwiPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 01:02:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:52:b1:8d:b7:55:6f:14:8b:03:b4:74:b5:39:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1e8f41f6b02b93f85d1a7b48b48cfa322f088f8
        Validity
            Not Before: Jan  2 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63a947fac00e63d5d143d827ab120577f166fb02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:fb:25:5c:f6:b7:ca:32:62:a4:64:af:d5:e0:
                    1e:56:6e:e9:7f:df:55:7c:b7:95:72:a2:8f:60:8b:
                    6f:62:b3:d4:c8:af:31:58:41:18:cd:c1:44:27:84:
                    20:94:71:d2:f4:68:58:13:da:b1:9a:0c:0d:3f:f4:
                    f9:7f:9a:85:d2:86:e6:08:f8:c9:53:7b:4a:4d:2a:
                    49:3f:d3:ec:7f:97:73:4d:72:c3:0c:ca:d0:6a:d4:
                    c0:46:4e:12:ec:e0:6e:29:c2:1b:69:c8:b4:a7:31:
                    c5:15:d9:da:74:cc:2d:08:45:62:20:0d:bc:52:e3:
                    62:e5:ca:2c:ad:31:f1:c4:3a:23:ee:82:6f:81:b5:
                    e8:d7:99:a0:69:52:1d:58:b9:34:99:2d:b8:1b:5d:
                    10:4c:90:8c:33:ae:be:d3:eb:bd:db:81:10:fb:e9:
                    b6:63:e3:93:10:f6:11:62:7c:a8:d3:2b:bb:83:78:
                    92:52:65:b7:37:f4:45:d5:57:d7:f4:d3:ef:54:9b:
                    c1:21:c2:0a:38:e4:89:15:37:12:f9:ae:f0:a2:5b:
                    7a:dd:fd:6e:0c:78:3a:dd:a3:9a:30:31:ee:c3:78:
                    3a:98:01:90:1e:fc:f7:5e:d0:fa:e0:73:0c:cb:a2:
                    1b:7e:54:44:fb:19:8c:10:22:e7:79:87:82:4d:46:
                    1c:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:A9:47:FA:C0:0E:63:D5:D1:43:D8:27:AB:12:05:77:F1:66:FB:02
            X509v3 Authority Key Identifier:
                keyid:E1:E8:F4:1F:6B:02:B9:3F:85:D1:A7:B4:8B:48:CF:A3:22:F0:88:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4ej0H2sCuT-F0ae0i0jPoyLwiPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9ba940-0078-4fd0-afde-537a2b0b4dda/1/Y6lH-sAOY9XRQ9gnqxIFd_Fm-wI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9ba940-0078-4fd0-afde-537a2b0b4dda/1/4ej0H2sCuT-F0ae0i0jPoyLwiPg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.90.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:5e:99:0e:49:d7:52:21:fd:6d:e5:6f:ee:cf:d1:43:89:96:
         98:46:f4:57:8e:ca:72:33:b4:07:84:4e:cb:25:7c:56:bb:95:
         3c:5a:1a:4b:2a:0f:8d:b0:fe:ad:e6:c8:7d:50:86:f7:29:ca:
         b0:1c:7e:19:50:37:40:a4:bd:94:af:4c:1c:2c:04:fa:69:15:
         c6:4e:22:de:3b:b8:9c:4d:cf:c7:26:05:b4:b1:82:5b:9b:d3:
         56:ec:20:79:78:49:07:b5:0b:de:4e:25:5c:e9:93:e3:67:fc:
         95:db:31:07:68:29:58:67:2b:e9:20:71:70:bb:22:e8:9f:4a:
         31:12:5c:f8:bb:f4:5e:e5:31:33:71:2b:f5:06:bc:21:23:f7:
         ea:e9:be:69:6a:29:cc:41:9f:d6:e5:26:fb:2e:34:4b:e4:cc:
         7f:77:7e:28:5b:56:c1:dc:b5:72:f8:1f:b9:d0:77:4e:e0:6a:
         95:e8:b8:3c:4b:97:45:57:ed:df:80:d9:18:1d:61:75:00:7c:
         ff:db:4e:ea:14:b6:77:27:9c:e6:e1:f4:c0:f4:e8:60:af:dd:
         b3:36:0e:9e:55:87:71:a1:46:32:3d:2b:26:98:09:24:f1:fd:
         ef:bb:1c:b0:01:76:52:52:52:27:db:55:1e:a7:86:22:49:37:
         92:47:3a:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAVKxjbdVbxSLA7R0tTm4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZThmNDFmNmIwMmI5M2Y4NWQxYTdiNDhiNDhjZmEzMjJm
MDg4ZjgwHhcNMjQwMTAyMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2E5NDdmYWMwMGU2M2Q1ZDE0M2Q4MjdhYjEyMDU3N2YxNjZmYjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvslXPa3yjJipGSv1eAeVm7pf99V
fLeVcqKPYItvYrPUyK8xWEEYzcFEJ4QglHHS9GhYE9qxmgwNP/T5f5qF0obmCPjJ
U3tKTSpJP9Psf5dzTXLDDMrQatTARk4S7OBuKcIbaci0pzHFFdnadMwtCEViIA28
UuNi5cosrTHxxDoj7oJvgbXo15mgaVIdWLk0mS24G10QTJCMM66+0+u924EQ++m2
Y+OTEPYRYnyo0yu7g3iSUmW3N/RF1VfX9NPvVJvBIcIKOOSJFTcS+a7wolt63f1u
DHg63aOaMDHuw3g6mAGQHvz3XtD64HMMy6IbflRE+xmMECLneYeCTUYcDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGOpR/rADmPV0UPYJ6sSBXfxZvsCMB8GA1UdIwQY
MBaAFOHo9B9rArk/hdGntItIz6Mi8Ij4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGVqMEgyc0N1VC1GMGFlMGkwalBveUx3aVBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS85YmE5NDAtMDA3OC00ZmQwLWFmZGUt
NTM3YTJiMGI0ZGRhLzEvWTZsSC1zQU9ZOVhSUTlnbnF4SUZkX0ZtLXdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS85YmE5NDAtMDA3OC00ZmQwLWFmZGUtNTM3YTJiMGI0ZGRh
LzEvNGVqMEgyc0N1VC1GMGFlMGkwalBveUx3aVBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1piMA0G
CSqGSIb3DQEBCwUAA4IBAQA3XpkOSddSIf1t5W/uz9FDiZaYRvRXjspyM7QHhE7L
JXxWu5U8WhpLKg+NsP6t5sh9UIb3KcqwHH4ZUDdApL2Ur0wcLAT6aRXGTiLeO7ic
Tc/HJgW0sYJbm9NW7CB5eEkHtQveTiVc6ZPjZ/yV2zEHaClYZyvpIHFwuyLon0ox
Elz4u/Re5TEzcSv1BrwhI/fq6b5painMQZ/W5Sb7LjRL5Mx/d34oW1bB3LVy+B+5
0HdO4GqV6Lg8S5dFV+3fgNkYHWF1AHz/207qFLZ3J5zm4fTA9Ohgr92zNg6eVYdx
oUYyPSsmmAkk8f3vuxywAXZSUlIn21Uep4YiSTeSRzoG
-----END CERTIFICATE-----