Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3950d4-9d72-4ff0-81de-8b91bc61e7c3/1/fAQ3uoX3gLx5Op3T8kWpYtPrpIo.roa
File:                     fAQ3uoX3gLx5Op3T8kWpYtPrpIo.roa (raw, json)
Hash identifier:          6mkywlIAjV5xKHmJK/d1Sc9FbcXLSsrT/P9oLXWjSK8=
Subject key identifier:   7C:04:37:BA:85:F7:80:BC:79:3A:9D:D3:F2:45:A9:62:D3:EB:A4:8A
Certificate issuer:       /CN=411952046770f54e8be1fd7d673132265ad70fa8
Certificate serial:       018CC726C63B0CEB8B37685D7EB2244F0B36
Authority key identifier: 41:19:52:04:67:70:F5:4E:8B:E1:FD:7D:67:31:32:26:5A:D7:0F:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QRlSBGdw9U6L4f19ZzEyJlrXD6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3950d4-9d72-4ff0-81de-8b91bc61e7c3/1/fAQ3uoX3gLx5Op3T8kWpYtPrpIo.roa
Signing time:             Mon 01 Jan 2024 22:30:56 +0000
ROA not before:           Mon 01 Jan 2024 22:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47301
IP address blocks:        195.182.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3950d4-9d72-4ff0-81de-8b91bc61e7c3/1/QRlSBGdw9U6L4f19ZzEyJlrXD6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3950d4-9d72-4ff0-81de-8b91bc61e7c3/1/QRlSBGdw9U6L4f19ZzEyJlrXD6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QRlSBGdw9U6L4f19ZzEyJlrXD6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:c6:3b:0c:eb:8b:37:68:5d:7e:b2:24:4f:0b:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=411952046770f54e8be1fd7d673132265ad70fa8
        Validity
            Not Before: Jan  1 22:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c0437ba85f780bc793a9dd3f245a962d3eba48a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:9d:e7:a6:61:06:cb:4d:c5:cd:87:54:eb:61:
                    6d:69:56:7e:cd:30:f5:64:9e:3b:4c:6f:7f:81:e1:
                    47:67:50:99:27:ca:04:30:4b:2a:45:75:3f:72:9f:
                    31:fc:f4:95:eb:2c:86:77:2c:b3:76:47:29:a4:7e:
                    ce:13:ba:e8:bb:21:b2:2b:e2:3f:6e:dd:69:fb:55:
                    ba:5e:de:0e:31:7a:3e:9a:25:42:0f:c5:c9:59:e7:
                    6c:16:07:6c:7a:12:e2:a7:e6:d6:8b:6e:2b:10:e8:
                    8a:c4:46:20:6c:43:eb:a0:bb:12:9c:81:a8:66:01:
                    70:50:11:77:fe:ac:de:0e:04:f4:5f:75:70:1d:61:
                    f2:77:57:4c:b0:f9:41:15:4b:09:a8:51:73:c0:31:
                    3b:1f:aa:7b:07:6f:e5:64:ae:25:a5:11:0b:e1:da:
                    e1:a5:05:71:c9:7a:f0:d0:15:de:28:dc:75:32:54:
                    05:b6:95:8a:55:18:7f:4a:5c:70:b5:ac:ed:0d:5d:
                    1e:9f:e7:0e:5e:c7:45:73:35:bd:6e:67:39:00:56:
                    24:a8:0b:c8:b9:f3:f1:7b:63:73:00:33:a4:f7:19:
                    b0:a6:e1:bc:f4:03:d3:3e:31:27:a2:3f:cd:50:57:
                    f6:36:f9:f7:70:26:b1:1a:16:40:24:27:b1:79:af:
                    c6:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:04:37:BA:85:F7:80:BC:79:3A:9D:D3:F2:45:A9:62:D3:EB:A4:8A
            X509v3 Authority Key Identifier:
                keyid:41:19:52:04:67:70:F5:4E:8B:E1:FD:7D:67:31:32:26:5A:D7:0F:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QRlSBGdw9U6L4f19ZzEyJlrXD6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3950d4-9d72-4ff0-81de-8b91bc61e7c3/1/fAQ3uoX3gLx5Op3T8kWpYtPrpIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3950d4-9d72-4ff0-81de-8b91bc61e7c3/1/QRlSBGdw9U6L4f19ZzEyJlrXD6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:a4:f2:71:9e:00:e0:59:92:fb:b4:d1:63:21:32:78:d0:15:
         b1:e5:72:d3:5a:be:92:92:8f:d0:f3:4a:e3:31:e9:ba:38:01:
         6f:5f:c6:99:2e:69:9f:a9:26:02:32:19:11:a5:32:b2:05:0e:
         d6:41:f8:20:2b:fd:28:23:12:e9:80:82:f7:fd:19:51:df:47:
         08:ac:d1:63:da:01:40:75:9d:b4:f0:56:39:89:16:cb:3e:ba:
         fa:7f:d8:94:27:f4:c1:88:4d:eb:a4:4f:68:93:27:bb:01:ea:
         21:e8:ac:02:33:cb:0a:78:42:e9:bd:ab:99:ac:a9:14:2d:34:
         57:eb:a8:76:35:d5:c8:29:a4:60:88:dd:21:98:90:fa:9b:f4:
         25:44:1d:04:33:ad:21:4c:f6:3c:64:c3:b9:e1:38:5a:5c:e9:
         4f:87:08:36:8f:d9:8b:18:07:fa:e8:b4:ce:22:e1:be:cb:b3:
         c2:0a:cf:49:01:30:bf:50:0a:ee:63:f7:45:9d:d2:e3:65:fb:
         01:3e:85:4b:eb:20:b6:d6:80:37:b0:af:9a:d6:5e:96:03:c1:
         f6:f5:11:ed:b5:52:7f:d9:5c:eb:3c:5f:70:72:26:35:16:0c:
         26:fa:e2:0d:bd:d6:44:85:18:4c:28:74:f6:57:fb:2f:de:3b:
         8d:0e:f1:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJsY7DOuLN2hdfrIkTws2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMTk1MjA0Njc3MGY1NGU4YmUxZmQ3ZDY3MzEzMjI2NWFk
NzBmYTgwHhcNMjQwMTAxMjIzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzA0MzdiYTg1Zjc4MGJjNzkzYTlkZDNmMjQ1YTk2MmQzZWJhNDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqp3npmEGy03FzYdU62FtaVZ+zTD1
ZJ47TG9/geFHZ1CZJ8oEMEsqRXU/cp8x/PSV6yyGdyyzdkcppH7OE7rouyGyK+I/
bt1p+1W6Xt4OMXo+miVCD8XJWedsFgdsehLip+bWi24rEOiKxEYgbEProLsSnIGo
ZgFwUBF3/qzeDgT0X3VwHWHyd1dMsPlBFUsJqFFzwDE7H6p7B2/lZK4lpREL4drh
pQVxyXrw0BXeKNx1MlQFtpWKVRh/SlxwtaztDV0en+cOXsdFczW9bmc5AFYkqAvI
ufPxe2NzADOk9xmwpuG89APTPjEnoj/NUFf2Nvn3cCaxGhZAJCexea/GwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHwEN7qF94C8eTqd0/JFqWLT66SKMB8GA1UdIwQY
MBaAFEEZUgRncPVOi+H9fWcxMiZa1w+oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVJsU0JHZHc5VTZMNGYxOVp6RXlKbHJYRDZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zOTUwZDQtOWQ3Mi00ZmYwLTgxZGUt
OGI5MWJjNjFlN2MzLzEvZkFRM3VvWDNnTHg1T3AzVDhrV3BZdFBycElvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zOTUwZDQtOWQ3Mi00ZmYwLTgxZGUtOGI5MWJjNjFlN2Mz
LzEvUVJsU0JHZHc5VTZMNGYxOVp6RXlKbHJYRDZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7YiMA0G
CSqGSIb3DQEBCwUAA4IBAQBYpPJxngDgWZL7tNFjITJ40BWx5XLTWr6Sko/Q80rj
Mem6OAFvX8aZLmmfqSYCMhkRpTKyBQ7WQfggK/0oIxLpgIL3/RlR30cIrNFj2gFA
dZ208FY5iRbLPrr6f9iUJ/TBiE3rpE9okye7Aeoh6KwCM8sKeELpvauZrKkULTRX
66h2NdXIKaRgiN0hmJD6m/QlRB0EM60hTPY8ZMO54ThaXOlPhwg2j9mLGAf66LTO
IuG+y7PCCs9JATC/UAruY/dFndLjZfsBPoVL6yC21oA3sK+a1l6WA8H29RHttVJ/
2VzrPF9wciY1Fgwm+uINvdZEhRhMKHT2V/sv3juNDvE7
-----END CERTIFICATE-----