Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/fNtl_5-JVDib15Lln3MsBqFNBm4.roa
File:                     fNtl_5-JVDib15Lln3MsBqFNBm4.roa (raw, json)
Hash identifier:          zbyKwzuDp3Ljja0bzYKNWekwINUvkOv60lWB5cZMssU=
Subject key identifier:   7C:DB:65:FF:9F:89:54:38:9B:D7:92:E5:9F:73:2C:06:A1:4D:06:6E
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       018CC94DFB2D3973655A4883ABA4F7671B6F
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/fNtl_5-JVDib15Lln3MsBqFNBm4.roa
Signing time:             Tue 02 Jan 2024 08:33:00 +0000
ROA not before:           Tue 02 Jan 2024 08:33:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35275
IP address blocks:        195.187.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:fb:2d:39:73:65:5a:48:83:ab:a4:f7:67:1b:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  2 08:33:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7cdb65ff9f8954389bd792e59f732c06a14d066e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:38:4e:42:11:5e:52:bb:ba:c8:b6:de:5d:92:
                    07:b1:da:a0:c2:7c:55:ff:a5:b8:10:52:00:e2:8b:
                    cf:31:de:1f:ba:fe:de:77:37:6e:8b:ec:54:5c:10:
                    25:ce:bf:9c:39:a3:9c:a4:15:b2:04:56:3d:47:50:
                    1f:df:fc:31:d9:ef:7f:e4:fa:c3:d5:2e:a5:4f:ac:
                    e5:87:bc:be:77:50:23:28:67:92:07:30:f5:ed:68:
                    f6:03:7d:fb:19:fc:a6:6d:dd:63:12:78:2f:8a:cf:
                    93:1f:d3:48:62:b2:2f:5c:6b:6c:e2:24:04:25:67:
                    82:10:66:4f:8c:81:0f:60:dd:11:37:94:20:e0:e7:
                    2e:d2:ad:35:d2:73:14:9d:ad:d8:f2:6e:56:30:25:
                    41:27:8c:ac:15:e8:22:8a:9b:91:7e:f3:2b:70:a1:
                    7d:55:c8:0a:33:b8:df:16:a8:9a:eb:6d:30:91:a0:
                    b9:6c:2f:a4:bc:1f:46:ec:f8:0e:f0:13:55:17:f9:
                    58:79:5a:78:78:35:e9:f7:54:29:00:55:f8:98:72:
                    6c:f9:91:9f:65:46:7b:f7:e2:76:a1:0b:b1:1d:79:
                    f5:7c:df:32:b4:c7:61:1b:12:58:62:3d:42:7d:0a:
                    8c:12:51:b7:5e:a0:48:2f:88:63:13:8c:42:f8:5b:
                    8f:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:DB:65:FF:9F:89:54:38:9B:D7:92:E5:9F:73:2C:06:A1:4D:06:6E
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/fNtl_5-JVDib15Lln3MsBqFNBm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.187.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:76:c2:9a:4d:d3:0f:97:20:1a:ba:61:72:46:c8:f4:37:b7:
         66:f0:de:9d:ab:09:26:20:73:2d:86:e0:7b:04:90:26:3a:fc:
         57:6c:26:9f:65:ef:b8:58:09:db:11:01:b7:c1:e5:9d:f4:8c:
         95:20:a6:70:79:87:62:d1:94:99:22:24:ba:2f:7c:42:51:b6:
         aa:57:85:4c:26:da:5a:ec:47:02:4a:ce:d5:f6:95:73:f2:a3:
         13:52:3e:aa:f5:ad:20:42:59:d0:8a:6d:1e:59:2e:ed:91:bb:
         63:46:9d:31:4f:23:fb:d5:1f:70:15:92:b1:c7:00:0f:a2:c7:
         8e:d6:2c:27:35:36:aa:ca:eb:e1:c9:dd:d3:d3:6d:09:4e:6a:
         f9:89:c4:67:0f:c4:3e:b8:8f:f0:14:f7:ae:da:70:b0:d2:ef:
         48:c2:26:36:1d:33:ca:c0:64:c8:4a:1b:43:2b:99:af:ea:09:
         06:6b:4b:93:75:0a:f0:63:4e:f9:ad:ca:77:ca:dd:92:99:08:
         10:53:72:eb:8a:c5:ae:89:76:98:62:77:bc:34:c9:db:6e:e8:
         04:1c:ae:61:1b:53:b0:a1:dd:94:b8:e5:89:de:99:05:74:c1:
         74:25:7d:0f:37:78:72:f9:f6:22:96:66:5e:67:1d:ea:9f:6d:
         d8:74:a5:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTfstOXNlWkiDq6T3ZxtvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjQwMTAyMDgzMzAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2RiNjVmZjlmODk1NDM4OWJkNzkyZTU5ZjczMmMwNmExNGQwNjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojhOQhFeUru6yLbeXZIHsdqgwnxV
/6W4EFIA4ovPMd4fuv7edzdui+xUXBAlzr+cOaOcpBWyBFY9R1Af3/wx2e9/5PrD
1S6lT6zlh7y+d1AjKGeSBzD17Wj2A337Gfymbd1jEngvis+TH9NIYrIvXGts4iQE
JWeCEGZPjIEPYN0RN5Qg4Ocu0q010nMUna3Y8m5WMCVBJ4ysFegiipuRfvMrcKF9
VcgKM7jfFqia620wkaC5bC+kvB9G7PgO8BNVF/lYeVp4eDXp91QpAFX4mHJs+ZGf
ZUZ79+J2oQuxHXn1fN8ytMdhGxJYYj1CfQqMElG3XqBIL4hjE4xC+FuPbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHzbZf+fiVQ4m9eS5Z9zLAahTQZuMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvZk50bF81LUpWRGliMTVMbG4zTXNCcUZOQm00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7uaMA0G
CSqGSIb3DQEBCwUAA4IBAQCAdsKaTdMPlyAaumFyRsj0N7dm8N6dqwkmIHMthuB7
BJAmOvxXbCafZe+4WAnbEQG3weWd9IyVIKZweYdi0ZSZIiS6L3xCUbaqV4VMJtpa
7EcCSs7V9pVz8qMTUj6q9a0gQlnQim0eWS7tkbtjRp0xTyP71R9wFZKxxwAPoseO
1iwnNTaqyuvhyd3T020JTmr5icRnD8Q+uI/wFPeu2nCw0u9IwiY2HTPKwGTIShtD
K5mv6gkGa0uTdQrwY075rcp3yt2SmQgQU3LrisWuiXaYYne8NMnbbugEHK5hG1Ow
od2UuOWJ3pkFdMF0JX0PN3hy+fYilmZeZx3qn23YdKWa
-----END CERTIFICATE-----