Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NU55UuGRc3TpHAv5HbHFCzom2r0.roa
File:                     NU55UuGRc3TpHAv5HbHFCzom2r0.roa (raw, json)
Hash identifier:          sJ+v1vOEGHaTECFNlAyaMQIhFT+3PUhhj7KTsM7jHUY=
Subject key identifier:   35:4E:79:52:E1:91:73:74:E9:1C:0B:F9:1D:B1:C5:0B:3A:26:DA:BD
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCF8F5FB7E4795DE8FC65216908CDC
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NU55UuGRc3TpHAv5HbHFCzom2r0.roa
Signing time:             Tue 02 Jan 2024 06:29:33 +0000
ROA not before:           Tue 02 Jan 2024 06:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197516
IP address blocks:        217.145.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:f8:f5:fb:7e:47:95:de:8f:c6:52:16:90:8c:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=354e7952e1917374e91c0bf91db1c50b3a26dabd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:6a:d5:8d:1b:f4:5f:2d:0b:e1:94:75:d6:24:
                    b6:48:0d:d2:9f:9a:5b:fe:ab:c0:59:00:41:9b:bc:
                    11:1c:44:65:55:24:f5:5b:a1:bc:6a:62:c1:d6:e3:
                    1c:ac:25:0f:16:49:a0:5b:b8:d3:9f:60:c1:7b:63:
                    37:f2:ce:25:49:10:82:c6:22:59:84:60:0d:d5:e6:
                    37:4e:a6:f6:69:d1:62:33:5c:ff:49:72:78:ce:46:
                    33:a2:00:d2:c4:c3:da:c1:43:b2:e0:c0:bb:82:1c:
                    a3:36:95:7f:a8:0c:b7:25:44:5f:40:eb:30:72:b7:
                    a5:0d:e4:b6:ee:67:b1:6e:5e:9a:40:1e:f1:a6:6a:
                    4a:70:90:ce:99:f9:84:15:c2:68:1b:49:f3:8a:7d:
                    56:2e:ff:a5:33:d4:0a:6a:39:6d:5a:cb:5e:22:df:
                    0d:76:ca:52:da:e4:1f:95:ed:d9:c2:f1:87:00:7f:
                    4c:dc:46:b2:e8:d3:f8:b6:98:83:12:28:96:fa:45:
                    c9:66:d6:49:42:bf:14:e6:7b:44:8e:46:90:cc:a5:
                    e7:ff:c8:7f:1e:65:74:0d:1d:1c:73:ba:bf:cf:44:
                    20:08:a1:12:77:55:63:8c:54:48:3c:28:2b:cf:88:
                    cc:f5:67:39:5a:d1:fd:6d:d5:b7:54:01:21:e3:14:
                    88:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:4E:79:52:E1:91:73:74:E9:1C:0B:F9:1D:B1:C5:0B:3A:26:DA:BD
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NU55UuGRc3TpHAv5HbHFCzom2r0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.145.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:ab:36:52:4c:bd:f7:46:eb:8c:5c:2c:15:4b:8a:6f:96:a1:
         58:1c:01:12:0d:72:a1:0b:0b:98:e8:26:ef:6b:a0:3b:bd:3d:
         07:e8:b9:50:b2:6e:02:3d:da:ea:f4:29:89:40:09:83:82:db:
         75:77:9e:a3:c1:36:d1:a7:b6:9c:a8:de:b0:0f:70:f7:ad:af:
         9b:db:dd:b8:66:24:eb:3e:85:6b:d7:4a:ec:52:76:50:2f:fb:
         1f:5e:30:b2:e0:7a:37:27:91:41:c2:52:17:32:f2:2c:f1:f0:
         1e:f8:bb:4f:e8:50:1b:87:50:7d:04:52:ad:33:83:2f:8f:e6:
         37:17:57:ca:0e:a1:1a:72:0e:e3:b3:29:69:06:f7:47:64:94:
         84:73:41:4a:bb:40:0c:2c:53:7b:69:13:e5:d0:1f:92:3c:a0:
         8d:eb:0b:35:73:49:28:73:8d:7e:87:f0:99:6c:c6:76:d7:b9:
         02:05:00:2f:39:08:7f:6e:fa:77:d5:38:cd:c8:5d:f4:02:ea:
         6f:79:4d:a7:fc:7f:02:c1:2f:7e:58:3f:34:6f:28:06:cc:e3:
         51:58:f9:93:06:92:d3:98:67:8d:08:eb:59:a2:2b:49:7a:bd:
         0d:40:17:83:84:1c:5c:c7:30:e8:11:1c:f1:e3:59:4c:67:34:
         ba:c5:45:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3Pj1+35Hld6PxlIWkIzcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTRlNzk1MmUxOTE3Mzc0ZTkxYzBiZjkxZGIxYzUwYjNhMjZkYWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2rVjRv0Xy0L4ZR11iS2SA3Sn5pb
/qvAWQBBm7wRHERlVST1W6G8amLB1uMcrCUPFkmgW7jTn2DBe2M38s4lSRCCxiJZ
hGAN1eY3Tqb2adFiM1z/SXJ4zkYzogDSxMPawUOy4MC7ghyjNpV/qAy3JURfQOsw
crelDeS27mexbl6aQB7xpmpKcJDOmfmEFcJoG0nzin1WLv+lM9QKajltWsteIt8N
dspS2uQfle3ZwvGHAH9M3Eay6NP4tpiDEiiW+kXJZtZJQr8U5ntEjkaQzKXn/8h/
HmV0DR0cc7q/z0QgCKESd1VjjFRIPCgrz4jM9Wc5WtH9bdW3VAEh4xSIywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDVOeVLhkXN06RwL+R2xxQs6Jtq9MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTlU1NVV1R1JjM1RwSEF2NUhiSEZDem9tMnIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZFfMA0G
CSqGSIb3DQEBCwUAA4IBAQA+qzZSTL33RuuMXCwVS4pvlqFYHAESDXKhCwuY6Cbv
a6A7vT0H6LlQsm4CPdrq9CmJQAmDgtt1d56jwTbRp7acqN6wD3D3ra+b2924ZiTr
PoVr10rsUnZQL/sfXjCy4Ho3J5FBwlIXMvIs8fAe+LtP6FAbh1B9BFKtM4Mvj+Y3
F1fKDqEacg7jsylpBvdHZJSEc0FKu0AMLFN7aRPl0B+SPKCN6ws1c0koc41+h/CZ
bMZ217kCBQAvOQh/bvp31TjNyF30AupveU2n/H8CwS9+WD80bygGzONRWPmTBpLT
mGeNCOtZoitJer0NQBeDhBxcxzDoERzx41lMZzS6xUVY
-----END CERTIFICATE-----