Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/6be5a6-eb0e-44b4-b6a7-af1f36811098/1/955RhmbPcnQ7C_FjWwazUMiSDfc.roa
File:                     955RhmbPcnQ7C_FjWwazUMiSDfc.roa (raw, json)
Hash identifier:          RWRd+AjCeDoWJIZc7pQHiyp5wBJa40gjND+cE5QzPXg=
Subject key identifier:   F7:9E:51:86:66:CF:72:74:3B:0B:F1:63:5B:06:B3:50:C8:92:0D:F7
Certificate issuer:       /CN=464dcfa96399716692d245a804887c09da451f8f
Certificate serial:       018CC3B6FC4F85865380FE21DFD513D61F40
Authority key identifier: 46:4D:CF:A9:63:99:71:66:92:D2:45:A8:04:88:7C:09:DA:45:1F:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rk3PqWOZcWaS0kWoBIh8CdpFH48.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/6be5a6-eb0e-44b4-b6a7-af1f36811098/1/955RhmbPcnQ7C_FjWwazUMiSDfc.roa
Signing time:             Mon 01 Jan 2024 06:29:58 +0000
ROA not before:           Mon 01 Jan 2024 06:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39122
IP address blocks:        185.94.44.0/24 maxlen: 24
                          185.94.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/6be5a6-eb0e-44b4-b6a7-af1f36811098/1/Rk3PqWOZcWaS0kWoBIh8CdpFH48.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/6be5a6-eb0e-44b4-b6a7-af1f36811098/1/Rk3PqWOZcWaS0kWoBIh8CdpFH48.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rk3PqWOZcWaS0kWoBIh8CdpFH48.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:fc:4f:85:86:53:80:fe:21:df:d5:13:d6:1f:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=464dcfa96399716692d245a804887c09da451f8f
        Validity
            Not Before: Jan  1 06:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f79e518666cf72743b0bf1635b06b350c8920df7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:19:2a:ab:8e:85:f5:ef:95:a4:c8:00:b1:7f:
                    02:9b:27:af:12:91:53:0e:21:1a:d9:2f:58:1f:bc:
                    df:a4:49:38:a8:b3:23:69:2c:79:08:80:9f:dc:43:
                    c8:aa:28:17:eb:b5:96:14:66:db:b8:d4:1b:92:d8:
                    a3:a5:76:42:bd:2e:b2:cb:ab:6b:5d:4e:d0:d4:15:
                    0d:73:cc:e9:f2:d3:0b:7c:10:15:68:f7:64:74:17:
                    75:f3:8e:ff:59:09:52:b9:33:ff:b6:f2:87:ca:bd:
                    f3:f8:08:63:08:ee:2a:ab:21:73:2d:60:51:9f:f8:
                    90:17:74:0a:79:aa:e3:4c:a0:3d:93:81:09:f4:5c:
                    aa:f3:bb:ca:28:67:af:40:70:54:dc:a1:6b:98:5b:
                    0c:5e:b4:8a:8b:b5:55:40:27:2b:e8:09:cc:ea:8c:
                    7e:4d:e3:db:5c:99:78:68:fb:d9:a3:f7:fb:2e:59:
                    4e:b8:2f:c5:41:38:64:a3:2d:b2:32:66:bb:91:6f:
                    09:b3:c0:8f:db:38:89:9a:ab:d6:ac:38:13:ff:96:
                    e2:0f:c1:24:11:cb:b3:38:9c:ab:f0:93:b0:9a:95:
                    df:97:ad:af:02:a1:83:3e:6a:12:bb:48:59:86:16:
                    fb:ff:b2:7e:a0:05:96:db:51:9c:76:04:29:46:20:
                    81:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:9E:51:86:66:CF:72:74:3B:0B:F1:63:5B:06:B3:50:C8:92:0D:F7
            X509v3 Authority Key Identifier:
                keyid:46:4D:CF:A9:63:99:71:66:92:D2:45:A8:04:88:7C:09:DA:45:1F:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rk3PqWOZcWaS0kWoBIh8CdpFH48.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6be5a6-eb0e-44b4-b6a7-af1f36811098/1/955RhmbPcnQ7C_FjWwazUMiSDfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6be5a6-eb0e-44b4-b6a7-af1f36811098/1/Rk3PqWOZcWaS0kWoBIh8CdpFH48.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.94.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:13:83:fa:7c:71:b3:e7:b5:dd:e1:05:0a:75:81:a1:88:d9:
         98:77:6d:3d:80:ce:6f:be:ae:68:ac:84:35:6a:3b:8d:cb:0b:
         78:96:dd:d7:ef:a0:00:a1:be:ce:ea:57:92:79:45:1c:02:7a:
         84:a1:e0:84:bd:01:fc:b3:83:62:7e:17:62:47:2e:44:52:b3:
         0e:d3:84:8d:b4:cd:3e:a9:41:a8:b8:8e:bb:ba:12:83:7d:da:
         52:f7:8a:d8:36:b3:ec:a2:90:c1:e4:a5:ec:c8:50:21:6d:28:
         60:de:1f:86:47:e0:af:16:cd:09:21:e5:b1:02:5b:72:70:92:
         f2:ed:2f:db:ed:06:24:34:19:e1:46:4e:57:c9:15:71:39:21:
         15:9f:01:20:10:d2:e2:bc:36:2f:05:53:7e:cf:bb:5c:9f:44:
         22:e6:e7:43:d6:0b:ff:9f:a8:47:8a:9f:cc:9b:8a:a8:86:29:
         cf:71:1c:73:78:67:d7:2d:e2:a8:f7:3c:d0:a7:33:36:50:9c:
         3c:ee:ea:e5:9a:b7:2a:6d:87:6b:4f:e6:d4:0d:e1:d8:7d:c2:
         17:7f:96:97:72:fa:8d:a3:99:d5:f8:75:42:3e:c1:c2:70:7f:
         72:e6:65:f0:c9:92:e4:4c:db:e1:a1:fa:c1:54:38:c0:d1:3e:
         16:78:f6:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvxPhYZTgP4h39UT1h9AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NGRjZmE5NjM5OTcxNjY5MmQyNDVhODA0ODg3YzA5ZGE0
NTFmOGYwHhcNMjQwMTAxMDYyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzllNTE4NjY2Y2Y3Mjc0M2IwYmYxNjM1YjA2YjM1MGM4OTIwZGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRkqq46F9e+VpMgAsX8CmyevEpFT
DiEa2S9YH7zfpEk4qLMjaSx5CICf3EPIqigX67WWFGbbuNQbktijpXZCvS6yy6tr
XU7Q1BUNc8zp8tMLfBAVaPdkdBd1847/WQlSuTP/tvKHyr3z+AhjCO4qqyFzLWBR
n/iQF3QKearjTKA9k4EJ9Fyq87vKKGevQHBU3KFrmFsMXrSKi7VVQCcr6AnM6ox+
TePbXJl4aPvZo/f7LllOuC/FQThkoy2yMma7kW8Js8CP2ziJmqvWrDgT/5biD8Ek
EcuzOJyr8JOwmpXfl62vAqGDPmoSu0hZhhb7/7J+oAWW21GcdgQpRiCBLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPeeUYZmz3J0OwvxY1sGs1DIkg33MB8GA1UdIwQY
MBaAFEZNz6ljmXFmktJFqASIfAnaRR+PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmszUHFXT1pjV2FTMGtXb0JJaDhDZHBGSDQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS82YmU1YTYtZWIwZS00NGI0LWI2YTct
YWYxZjM2ODExMDk4LzEvOTU1UmhtYlBjblE3Q19Gald3YXpVTWlTRGZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS82YmU1YTYtZWIwZS00NGI0LWI2YTctYWYxZjM2ODExMDk4
LzEvUmszUHFXT1pjV2FTMGtXb0JJaDhDZHBGSDQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuV4sMA0G
CSqGSIb3DQEBCwUAA4IBAQBUE4P6fHGz57Xd4QUKdYGhiNmYd209gM5vvq5orIQ1
ajuNywt4lt3X76AAob7O6leSeUUcAnqEoeCEvQH8s4NifhdiRy5EUrMO04SNtM0+
qUGouI67uhKDfdpS94rYNrPsopDB5KXsyFAhbShg3h+GR+CvFs0JIeWxAltycJLy
7S/b7QYkNBnhRk5XyRVxOSEVnwEgENLivDYvBVN+z7tcn0Qi5udD1gv/n6hHip/M
m4qohinPcRxzeGfXLeKo9zzQpzM2UJw87urlmrcqbYdrT+bUDeHYfcIXf5aXcvqN
o5nV+HVCPsHCcH9y5mXwyZLkTNvhofrBVDjA0T4WePbC
-----END CERTIFICATE-----