Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/7612b0-3e24-4ce7-a1ca-c1c66078e5ba/1/i-oTAxoPzIuytNlOrdQr3jdYzag.roa
File:                     i-oTAxoPzIuytNlOrdQr3jdYzag.roa (raw, json)
Hash identifier:          SkUbQyXRAHV/SVVyjy4Tq4m8cza+5VJxLckRGHdTQ5M=
Subject key identifier:   8B:EA:13:03:1A:0F:CC:8B:B2:B4:D9:4E:AD:D4:2B:DE:37:58:CD:A8
Certificate issuer:       /CN=4a9db00cb14a34a193f84aca144b2aeb1f3c02c8
Certificate serial:       018CC7941D4892C1C83F7E1FC3C8F8FB82D1
Authority key identifier: 4A:9D:B0:0C:B1:4A:34:A1:93:F8:4A:CA:14:4B:2A:EB:1F:3C:02:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sp2wDLFKNKGT-ErKFEsq6x88Asg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/7612b0-3e24-4ce7-a1ca-c1c66078e5ba/1/i-oTAxoPzIuytNlOrdQr3jdYzag.roa
Signing time:             Tue 02 Jan 2024 00:30:21 +0000
ROA not before:           Tue 02 Jan 2024 00:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35625
IP address blocks:        195.95.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/7612b0-3e24-4ce7-a1ca-c1c66078e5ba/1/Sp2wDLFKNKGT-ErKFEsq6x88Asg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/7612b0-3e24-4ce7-a1ca-c1c66078e5ba/1/Sp2wDLFKNKGT-ErKFEsq6x88Asg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sp2wDLFKNKGT-ErKFEsq6x88Asg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:1d:48:92:c1:c8:3f:7e:1f:c3:c8:f8:fb:82:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a9db00cb14a34a193f84aca144b2aeb1f3c02c8
        Validity
            Not Before: Jan  2 00:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bea13031a0fcc8bb2b4d94eadd42bde3758cda8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:2f:27:90:ec:ef:b5:b0:c3:e8:2c:f0:d5:f7:
                    67:24:5a:0e:09:1e:ad:5b:5b:76:73:39:d5:34:fa:
                    23:89:ad:83:a2:f5:9e:ff:34:97:25:16:5a:6c:c8:
                    55:7e:21:c8:90:fd:05:7e:d9:0c:13:ec:db:87:ad:
                    18:48:b9:b9:03:dc:38:c9:a2:fd:17:b2:6c:2f:16:
                    32:1c:3c:f4:7f:7a:96:2f:a4:e4:72:30:2d:11:0d:
                    b5:31:54:60:7d:cb:a6:03:2e:f1:55:fd:c1:1f:8f:
                    a2:c4:ac:3b:91:9a:d4:58:10:d6:a2:03:16:43:cc:
                    9d:e3:4a:3a:f9:8a:0b:02:30:48:a2:e2:0a:58:e9:
                    69:97:e3:6e:ea:df:b8:c6:d6:b4:18:a9:68:75:ed:
                    48:36:b5:23:8d:41:9e:bd:a9:c4:f8:a4:d5:09:04:
                    d0:6c:50:62:a3:13:5b:99:00:0c:ad:c1:ac:24:93:
                    67:4a:91:b1:01:20:01:3a:25:50:00:3c:b0:c2:84:
                    a0:f6:82:f2:7b:e8:37:2d:fe:bb:b3:d2:9c:e1:31:
                    8f:6f:c4:9c:d0:18:0f:25:8f:0a:5c:77:d8:cf:01:
                    c2:51:e7:94:78:02:71:89:61:cf:19:56:06:5e:17:
                    5e:24:8d:73:ae:3a:b1:96:f9:a2:ca:f3:ba:58:0e:
                    74:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:EA:13:03:1A:0F:CC:8B:B2:B4:D9:4E:AD:D4:2B:DE:37:58:CD:A8
            X509v3 Authority Key Identifier:
                keyid:4A:9D:B0:0C:B1:4A:34:A1:93:F8:4A:CA:14:4B:2A:EB:1F:3C:02:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sp2wDLFKNKGT-ErKFEsq6x88Asg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/7612b0-3e24-4ce7-a1ca-c1c66078e5ba/1/i-oTAxoPzIuytNlOrdQr3jdYzag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/7612b0-3e24-4ce7-a1ca-c1c66078e5ba/1/Sp2wDLFKNKGT-ErKFEsq6x88Asg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:e0:bd:11:11:78:a9:29:d5:4d:df:97:36:0c:fb:97:74:17:
         64:08:fd:90:94:c4:4b:48:1f:13:ee:c7:51:ab:88:3e:e9:71:
         9c:e7:ff:e8:82:32:10:d1:af:4b:2b:15:ba:e0:c0:ba:89:c5:
         cd:79:58:e8:f1:bb:c6:5b:05:da:df:de:b9:c3:aa:70:5f:9e:
         94:6d:88:f6:24:6c:18:25:e2:32:56:8c:9a:52:e0:06:5f:c6:
         78:16:b9:9a:c5:2e:d0:68:cf:ae:04:ff:7d:2c:bb:ed:b9:da:
         f7:5b:59:f9:cd:b9:75:d9:69:4b:83:b5:eb:0d:c5:ca:99:3e:
         3a:80:b3:e2:ec:f1:1b:54:b1:29:40:8e:ba:12:af:72:52:e2:
         75:be:c7:fb:cb:b7:8c:46:34:bc:56:47:7f:f7:15:ba:d4:f6:
         7e:75:18:6a:14:e3:a0:85:2a:a7:87:4f:e9:dd:72:89:73:ce:
         cf:2e:0e:bf:3d:04:14:6c:b6:18:b5:a1:66:de:93:cb:9d:a2:
         29:f1:22:dd:ce:84:3c:49:4b:d1:14:4e:00:39:3d:c1:02:be:
         fb:54:fa:dc:ba:27:f6:6d:4d:24:1f:51:85:4f:50:d3:82:1f:
         bc:c1:38:95:86:a9:33:9f:f3:d1:7f:6f:30:a0:c9:66:7a:1a:
         32:6c:66:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlB1IksHIP34fw8j4+4LRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhOWRiMDBjYjE0YTM0YTE5M2Y4NGFjYTE0NGIyYWViMWYz
YzAyYzgwHhcNMjQwMTAyMDAzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmVhMTMwMzFhMGZjYzhiYjJiNGQ5NGVhZGQ0MmJkZTM3NThjZGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAki8nkOzvtbDD6Czw1fdnJFoOCR6t
W1t2cznVNPojia2DovWe/zSXJRZabMhVfiHIkP0FftkME+zbh60YSLm5A9w4yaL9
F7JsLxYyHDz0f3qWL6TkcjAtEQ21MVRgfcumAy7xVf3BH4+ixKw7kZrUWBDWogMW
Q8yd40o6+YoLAjBIouIKWOlpl+Nu6t+4xta0GKlode1INrUjjUGevanE+KTVCQTQ
bFBioxNbmQAMrcGsJJNnSpGxASABOiVQADywwoSg9oLye+g3Lf67s9Kc4TGPb8Sc
0BgPJY8KXHfYzwHCUeeUeAJxiWHPGVYGXhdeJI1zrjqxlvmiyvO6WA507wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIvqEwMaD8yLsrTZTq3UK943WM2oMB8GA1UdIwQY
MBaAFEqdsAyxSjShk/hKyhRLKusfPALIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3Ayd0RMRktOS0dULUVyS0ZFc3E2eDg4QXNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy83NjEyYjAtM2UyNC00Y2U3LWExY2Et
YzFjNjYwNzhlNWJhLzEvaS1vVEF4b1B6SXV5dE5sT3JkUXIzamRZemFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy83NjEyYjAtM2UyNC00Y2U3LWExY2EtYzFjNjYwNzhlNWJh
LzEvU3Ayd0RMRktOS0dULUVyS0ZFc3E2eDg4QXNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1+oMA0G
CSqGSIb3DQEBCwUAA4IBAQCH4L0REXipKdVN35c2DPuXdBdkCP2QlMRLSB8T7sdR
q4g+6XGc5//ogjIQ0a9LKxW64MC6icXNeVjo8bvGWwXa3965w6pwX56UbYj2JGwY
JeIyVoyaUuAGX8Z4FrmaxS7QaM+uBP99LLvtudr3W1n5zbl12WlLg7XrDcXKmT46
gLPi7PEbVLEpQI66Eq9yUuJ1vsf7y7eMRjS8Vkd/9xW61PZ+dRhqFOOghSqnh0/p
3XKJc87PLg6/PQQUbLYYtaFm3pPLnaIp8SLdzoQ8SUvRFE4AOT3BAr77VPrcuif2
bU0kH1GFT1DTgh+8wTiVhqkzn/PRf28woMlmehoybGay
-----END CERTIFICATE-----