Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/1-fEdk5LuxLO8uyw4s-S-yJmesO8.roa
File:                     1-fEdk5LuxLO8uyw4s-S-yJmesO8.roa (raw, json)
Hash identifier:          POSo1626PJlIIi/+DB6AwNbjVONoSPnavvOHA3L6TE8=
Subject key identifier:   F9:F1:1D:93:92:EE:C4:B3:BC:BB:2C:38:B3:E4:BE:C8:99:9E:B0:EF
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       018CC500BFB326DEC79B1ABAC77B42888389
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/1-fEdk5LuxLO8uyw4s-S-yJmesO8.roa
Signing time:             Mon 01 Jan 2024 12:30:09 +0000
ROA not before:           Mon 01 Jan 2024 12:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196609
IP address blocks:        195.110.14.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:bf:b3:26:de:c7:9b:1a:ba:c7:7b:42:88:83:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jan  1 12:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9f11d9392eec4b3bcbb2c38b3e4bec8999eb0ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e6:56:10:8f:0a:35:0b:fd:12:7b:09:f0:a1:
                    ee:b4:dd:6a:9e:52:68:61:04:77:0a:8c:0e:25:75:
                    5e:53:ba:fc:b8:78:ff:35:52:44:db:1a:35:ae:85:
                    10:85:d5:fb:fb:4a:cf:47:ce:b5:83:d4:7a:0d:42:
                    5f:35:b6:71:fa:d9:e1:eb:9a:8d:5f:0d:7f:07:09:
                    b7:42:d0:88:23:84:59:d4:7d:89:09:a1:a8:30:16:
                    42:39:b0:b5:24:b2:2f:7d:13:0d:b6:29:97:e5:bd:
                    02:a2:cc:2a:f1:d2:20:08:d5:f6:d7:75:40:a5:f8:
                    0e:96:0e:73:67:2b:a0:73:67:49:d4:91:04:80:de:
                    25:06:5e:03:8a:86:e9:52:da:79:b9:f9:45:9b:a6:
                    2a:95:74:6d:53:a5:40:ff:90:f2:f5:e4:7e:8d:8e:
                    2e:88:71:0b:21:07:c2:b6:22:7b:25:70:1f:7a:b8:
                    3c:eb:8f:83:6c:85:22:c7:cf:50:2e:9e:7b:b9:25:
                    ce:dc:c5:2a:d1:04:6a:88:cb:90:1f:9e:7f:1c:e6:
                    f8:cd:84:d5:11:7e:95:ee:ee:0a:c6:f0:69:34:05:
                    11:b7:de:9e:4c:c3:5c:fc:ae:ee:97:21:df:84:8d:
                    49:3d:ac:f1:f7:d2:c0:54:1c:c6:ee:3d:e7:06:76:
                    fd:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:F1:1D:93:92:EE:C4:B3:BC:BB:2C:38:B3:E4:BE:C8:99:9E:B0:EF
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/1-fEdk5LuxLO8uyw4s-S-yJmesO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.110.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:c7:ee:2d:69:df:da:2e:5e:66:b3:b6:1d:33:c8:c0:2a:51:
         6b:22:38:3d:ce:0e:49:37:cd:eb:b7:db:2d:67:ad:5f:27:14:
         6e:c1:52:e3:b3:90:e9:58:0b:7c:35:e0:7c:37:63:37:5a:ac:
         31:1c:f9:42:a1:81:00:dc:dd:1a:68:a2:bf:35:d3:ae:08:96:
         12:13:75:a9:81:e4:da:30:31:a6:44:6f:c5:78:e0:e9:21:bf:
         ce:99:cc:96:ee:ff:fa:54:eb:ec:e3:19:b1:89:41:da:a3:99:
         ca:61:f6:49:95:af:d0:59:30:73:24:ef:1e:e4:e1:8d:b0:be:
         1f:91:06:a0:03:9c:9a:61:09:9c:02:12:fe:a3:a1:13:e5:6c:
         17:aa:0a:66:97:53:7f:bc:9c:d7:26:5f:cc:14:49:14:93:3c:
         d2:6a:d8:5c:1f:c5:82:78:1b:46:e6:cf:db:90:1b:c5:72:23:
         9f:32:f9:1c:11:e1:f5:04:ee:55:e6:87:73:2a:cf:e9:10:bc:
         a1:e7:20:f0:a8:5a:fd:3c:64:17:d8:ed:9a:66:63:23:c4:07:
         4b:f5:cb:05:8d:43:f4:d9:bb:44:eb:bd:4a:1d:86:91:36:4f:
         a1:c9:d4:f9:39:7e:fc:76:60:1c:d7:2f:97:4a:d0:86:fc:f2:
         3e:89:39:17
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFAL+zJt7Hmxq6x3tCiIOJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQwMTAxMTIzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWYxMWQ5MzkyZWVjNGIzYmNiYjJjMzhiM2U0YmVjODk5OWViMGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+ZWEI8KNQv9EnsJ8KHutN1qnlJo
YQR3CowOJXVeU7r8uHj/NVJE2xo1roUQhdX7+0rPR861g9R6DUJfNbZx+tnh65qN
Xw1/Bwm3QtCII4RZ1H2JCaGoMBZCObC1JLIvfRMNtimX5b0Coswq8dIgCNX213VA
pfgOlg5zZyugc2dJ1JEEgN4lBl4DiobpUtp5uflFm6YqlXRtU6VA/5Dy9eR+jY4u
iHELIQfCtiJ7JXAferg864+DbIUix89QLp57uSXO3MUq0QRqiMuQH55/HOb4zYTV
EX6V7u4KxvBpNAURt96eTMNc/K7ulyHfhI1JPazx99LAVBzG7j3nBnb9/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPnxHZOS7sSzvLssOLPkvsiZnrDvMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvMS1mRWRrNUx1eExPOHV5dzRzLVMteUptZXNPOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTAvOTY1ODM3LTUyY2ItNDZiNC1hZWRiLWUxYmQ4OGQzZmQw
Ny8xL1BtQ1hhWWFHNFZWZlVmYklnN3hhV0ZTYkkySS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcNuDjAN
BgkqhkiG9w0BAQsFAAOCAQEANMfuLWnf2i5eZrO2HTPIwCpRayI4Pc4OSTfN67fb
LWetXycUbsFS47OQ6VgLfDXgfDdjN1qsMRz5QqGBANzdGmiivzXTrgiWEhN1qYHk
2jAxpkRvxXjg6SG/zpnMlu7/+lTr7OMZsYlB2qOZymH2SZWv0FkwcyTvHuThjbC+
H5EGoAOcmmEJnAIS/qOhE+VsF6oKZpdTf7yc1yZfzBRJFJM80mrYXB/FgngbRubP
25AbxXIjnzL5HBHh9QTuVeaHcyrP6RC8oecg8Kha/TxkF9jtmmZjI8QHS/XLBY1D
9Nm7ROu9Sh2GkTZPocnU+Tl+/HZgHNcvl0rQhvzyPok5Fw==
-----END CERTIFICATE-----