Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/37f56e-a221-4e00-8e14-79d6f53c7a2e/1/rFl2kXUprEAzPTzJ6546wAFKP-Y.roa
File:                     rFl2kXUprEAzPTzJ6546wAFKP-Y.roa (raw, json)
Hash identifier:          YcP1JWrrEnRwF7OPFb4Q+WQ8kfYhb9VSA4jjeCj5c4E=
Subject key identifier:   AC:59:76:91:75:29:AC:40:33:3D:3C:C9:EB:9E:3A:C0:01:4A:3F:E6
Certificate issuer:       /CN=132e1e484fca8e9528df6ac1483056c88786771d
Certificate serial:       018CC500509784ED56C515AACCC9E08BCD6A
Authority key identifier: 13:2E:1E:48:4F:CA:8E:95:28:DF:6A:C1:48:30:56:C8:87:86:77:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ey4eSE_KjpUo32rBSDBWyIeGdx0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/37f56e-a221-4e00-8e14-79d6f53c7a2e/1/rFl2kXUprEAzPTzJ6546wAFKP-Y.roa
Signing time:             Mon 01 Jan 2024 12:29:41 +0000
ROA not before:           Mon 01 Jan 2024 12:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62153
IP address blocks:        195.85.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/37f56e-a221-4e00-8e14-79d6f53c7a2e/1/Ey4eSE_KjpUo32rBSDBWyIeGdx0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/37f56e-a221-4e00-8e14-79d6f53c7a2e/1/Ey4eSE_KjpUo32rBSDBWyIeGdx0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ey4eSE_KjpUo32rBSDBWyIeGdx0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 18:17:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:50:97:84:ed:56:c5:15:aa:cc:c9:e0:8b:cd:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=132e1e484fca8e9528df6ac1483056c88786771d
        Validity
            Not Before: Jan  1 12:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac5976917529ac40333d3cc9eb9e3ac0014a3fe6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:79:01:73:94:ea:86:8d:91:2a:32:87:de:df:
                    31:a8:05:41:8a:18:47:16:4d:37:fe:a5:89:87:97:
                    64:4c:74:4a:bf:27:e5:b3:9b:1b:a7:79:22:35:67:
                    da:ae:04:33:53:84:8c:e0:0a:2f:7e:bb:20:95:80:
                    c4:d0:a0:d2:d9:94:d9:7b:c4:9a:7d:a8:71:51:30:
                    aa:4c:2e:11:60:02:76:e5:78:d9:8f:46:1b:a0:56:
                    ba:dc:c3:5d:1f:b2:30:78:03:88:8e:2a:dc:4c:fa:
                    12:da:fb:11:0c:d3:d4:3b:2f:b6:65:25:dd:1d:49:
                    a5:33:6c:35:1d:06:34:47:33:9f:0e:ec:be:b3:8a:
                    8e:26:6e:6f:81:ef:d2:c4:2e:b4:9b:ec:14:22:8c:
                    38:45:12:59:a9:c0:42:bd:08:b0:ec:2e:f6:a3:13:
                    60:67:40:c1:3d:33:11:a5:dd:bf:24:31:7a:37:63:
                    9d:38:41:93:4e:72:25:38:9c:45:44:3b:00:35:67:
                    84:3b:85:2a:42:7f:7d:f5:11:29:d8:e7:c7:a2:65:
                    40:9e:d2:5d:08:58:bd:91:ec:e4:af:6a:69:89:a1:
                    23:46:50:f6:fe:93:c0:c8:92:49:aa:1b:3d:7a:14:
                    59:e1:6c:8c:4b:0e:c7:37:7f:46:2b:1c:a6:6a:80:
                    0a:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:59:76:91:75:29:AC:40:33:3D:3C:C9:EB:9E:3A:C0:01:4A:3F:E6
            X509v3 Authority Key Identifier:
                keyid:13:2E:1E:48:4F:CA:8E:95:28:DF:6A:C1:48:30:56:C8:87:86:77:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ey4eSE_KjpUo32rBSDBWyIeGdx0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/37f56e-a221-4e00-8e14-79d6f53c7a2e/1/rFl2kXUprEAzPTzJ6546wAFKP-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/37f56e-a221-4e00-8e14-79d6f53c7a2e/1/Ey4eSE_KjpUo32rBSDBWyIeGdx0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:7a:ff:ee:2e:f2:d3:12:11:96:08:0b:05:5a:05:78:5f:58:
         4f:bd:bd:2c:d7:8f:7c:04:cc:4a:f9:45:04:f1:25:b3:2f:74:
         53:76:05:11:78:83:dd:09:3b:20:de:67:8f:9f:9e:0a:17:31:
         d4:df:8a:17:15:9b:94:a3:1f:0d:4e:a0:44:8e:a6:8e:91:af:
         c1:81:9e:10:8e:27:e5:36:df:c8:85:aa:f2:de:0d:42:11:cc:
         8e:f3:e5:eb:2e:1e:4b:41:43:98:74:6e:8b:c3:e7:c7:2f:84:
         b3:f2:cb:9e:3d:48:a6:c6:1a:c1:e7:a4:58:b0:3c:e9:08:30:
         f6:9a:0f:5f:43:46:10:aa:19:1e:3b:82:f8:95:09:bc:23:3d:
         97:39:00:75:87:c7:9e:1f:b6:60:1a:c1:04:6b:05:06:17:9b:
         c6:99:a5:c8:dc:ac:ac:87:21:98:8d:14:e3:4c:8c:16:aa:51:
         73:55:3f:e3:83:d3:9c:82:30:07:c7:72:e5:8f:f2:1e:38:9d:
         4a:19:8f:d3:f6:0e:eb:67:3b:57:79:9d:5f:fd:b9:6b:6d:e6:
         8d:b8:fa:95:d2:8f:ae:3b:28:f2:0d:d6:ed:a1:0a:51:4b:31:
         bc:54:95:aa:dd:c8:9e:bd:f2:d0:c2:fa:ff:3b:98:d7:d3:65:
         da:34:b5:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAFCXhO1WxRWqzMngi81qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMmUxZTQ4NGZjYThlOTUyOGRmNmFjMTQ4MzA1NmM4ODc4
Njc3MWQwHhcNMjQwMTAxMTIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzU5NzY5MTc1MjlhYzQwMzMzZDNjYzllYjllM2FjMDAxNGEzZmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXkBc5Tqho2RKjKH3t8xqAVBihhH
Fk03/qWJh5dkTHRKvyfls5sbp3kiNWfargQzU4SM4AovfrsglYDE0KDS2ZTZe8Sa
fahxUTCqTC4RYAJ25XjZj0YboFa63MNdH7IweAOIjircTPoS2vsRDNPUOy+2ZSXd
HUmlM2w1HQY0RzOfDuy+s4qOJm5vge/SxC60m+wUIow4RRJZqcBCvQiw7C72oxNg
Z0DBPTMRpd2/JDF6N2OdOEGTTnIlOJxFRDsANWeEO4UqQn999REp2OfHomVAntJd
CFi9kezkr2ppiaEjRlD2/pPAyJJJqhs9ehRZ4WyMSw7HN39GKxymaoAKNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKxZdpF1KaxAMz08yeueOsABSj/mMB8GA1UdIwQY
MBaAFBMuHkhPyo6VKN9qwUgwVsiHhncdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXk0ZVNFX0tqcFVvMzJyQlNEQld5SWVHZHgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC8zN2Y1NmUtYTIyMS00ZTAwLThlMTQt
NzlkNmY1M2M3YTJlLzEvckZsMmtYVXByRUF6UFR6SjY1NDZ3QUZLUC1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC8zN2Y1NmUtYTIyMS00ZTAwLThlMTQtNzlkNmY1M2M3YTJl
LzEvRXk0ZVNFX0tqcFVvMzJyQlNEQld5SWVHZHgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1X5MA0G
CSqGSIb3DQEBCwUAA4IBAQBLev/uLvLTEhGWCAsFWgV4X1hPvb0s1498BMxK+UUE
8SWzL3RTdgUReIPdCTsg3mePn54KFzHU34oXFZuUox8NTqBEjqaOka/BgZ4Qjifl
Nt/Ihary3g1CEcyO8+XrLh5LQUOYdG6Lw+fHL4Sz8suePUimxhrB56RYsDzpCDD2
mg9fQ0YQqhkeO4L4lQm8Iz2XOQB1h8eeH7ZgGsEEawUGF5vGmaXI3KyshyGYjRTj
TIwWqlFzVT/jg9OcgjAHx3Llj/IeOJ1KGY/T9g7rZztXeZ1f/blrbeaNuPqV0o+u
OyjyDdbtoQpRSzG8VJWq3cievfLQwvr/O5jX02XaNLWW
-----END CERTIFICATE-----