Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/3191ec-ce8f-4576-a940-cc50107ea146/1/kDscGP6Kvv2ErG5ZiDcwGfJJgOo.roa
File:                     kDscGP6Kvv2ErG5ZiDcwGfJJgOo.roa (raw, json)
Hash identifier:          sDpLdqtWZqa+OqK0PcGk2ZySrrYvy+43dMtNOAb22Fs=
Subject key identifier:   90:3B:1C:18:FE:8A:BE:FD:84:AC:6E:59:88:37:30:19:F2:49:80:EA
Certificate issuer:       /CN=86f4129af869f6f5c85a7388808aad0ac0ba9c4f
Certificate serial:       019420D6099EFBB192EC54A31464C6FF239A
Authority key identifier: 86:F4:12:9A:F8:69:F6:F5:C8:5A:73:88:80:8A:AD:0A:C0:BA:9C:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hvQSmvhp9vXIWnOIgIqtCsC6nE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/3191ec-ce8f-4576-a940-cc50107ea146/1/kDscGP6Kvv2ErG5ZiDcwGfJJgOo.roa
Signing time:             Wed 01 Jan 2025 07:48:05 +0000
ROA not before:           Wed 01 Jan 2025 07:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        195.10.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/3191ec-ce8f-4576-a940-cc50107ea146/1/hvQSmvhp9vXIWnOIgIqtCsC6nE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/3191ec-ce8f-4576-a940-cc50107ea146/1/hvQSmvhp9vXIWnOIgIqtCsC6nE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hvQSmvhp9vXIWnOIgIqtCsC6nE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:09:9e:fb:b1:92:ec:54:a3:14:64:c6:ff:23:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86f4129af869f6f5c85a7388808aad0ac0ba9c4f
        Validity
            Not Before: Jan  1 07:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=903b1c18fe8abefd84ac6e5988373019f24980ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:64:db:90:96:84:28:28:85:34:9f:59:c7:8f:
                    91:19:df:04:00:c2:52:1b:38:78:a0:92:2c:c7:26:
                    cf:3e:3b:09:48:d6:7b:a5:df:e8:9a:04:09:3a:fb:
                    8e:2e:23:a1:67:42:0d:53:f9:63:87:89:03:35:78:
                    1c:17:8f:2f:12:a1:0c:c3:11:7f:36:79:7a:40:b3:
                    5a:24:2e:b7:9e:db:32:6c:c0:9f:9e:e6:72:9d:6b:
                    0d:00:92:a8:53:ee:f4:b0:21:c2:92:6b:93:95:6f:
                    58:e6:6c:08:ae:f9:65:c8:33:8a:ed:d9:ec:b4:b0:
                    84:d1:45:ee:e4:e0:39:0c:9c:6a:4d:d6:4f:dd:cb:
                    18:55:33:8a:ab:ea:82:34:c8:d3:e7:94:f7:10:ab:
                    1f:fe:0a:e1:91:4d:e1:74:a2:bb:21:27:3e:d7:29:
                    3f:65:f4:bf:41:b2:19:a2:83:d8:ac:c5:2e:77:46:
                    ad:95:52:eb:3f:49:51:cb:3a:41:0b:02:e8:2b:e9:
                    9e:f2:c0:b7:75:15:07:95:0e:86:cd:e0:41:f1:1b:
                    ec:b3:74:57:41:65:43:31:f9:92:87:cb:a0:3d:67:
                    74:41:30:9b:d5:7c:9d:b8:12:f0:42:e9:10:dd:d8:
                    f9:92:52:fa:25:84:c4:0e:56:51:33:6a:a4:9a:81:
                    c0:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:3B:1C:18:FE:8A:BE:FD:84:AC:6E:59:88:37:30:19:F2:49:80:EA
            X509v3 Authority Key Identifier:
                keyid:86:F4:12:9A:F8:69:F6:F5:C8:5A:73:88:80:8A:AD:0A:C0:BA:9C:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hvQSmvhp9vXIWnOIgIqtCsC6nE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/3191ec-ce8f-4576-a940-cc50107ea146/1/kDscGP6Kvv2ErG5ZiDcwGfJJgOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/3191ec-ce8f-4576-a940-cc50107ea146/1/hvQSmvhp9vXIWnOIgIqtCsC6nE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.10.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:31:e1:80:ea:d2:e3:f6:74:eb:4a:30:08:24:aa:54:5a:4a:
         dc:b2:7c:88:c8:66:e1:63:86:32:62:7b:35:16:c8:7d:29:16:
         28:23:b4:07:de:fe:2e:44:6e:d7:a1:ff:d8:dc:98:c7:61:c0:
         a8:8d:3d:f6:5e:98:85:43:91:db:b5:0a:86:02:73:b7:f0:91:
         09:de:e0:b1:d0:dd:cf:07:8c:51:97:ec:c6:84:d5:e1:f7:28:
         ca:6c:9d:3f:f2:7f:3f:a6:da:ac:98:95:6d:b3:e6:ba:b5:94:
         f6:c4:85:18:77:61:31:28:e6:5a:af:f1:ac:99:42:92:bb:11:
         2c:59:61:d3:23:89:10:36:bc:b0:05:5c:ed:16:c0:18:0e:bf:
         1c:c4:55:85:f9:ad:c2:f8:b2:8f:1e:a6:a6:e1:d6:2b:9b:93:
         e8:66:19:44:98:d6:ce:1d:6a:ad:98:c5:c2:28:0a:d1:31:c2:
         63:30:2f:5c:df:aa:32:1c:9e:14:10:2d:19:27:cf:23:e6:bf:
         f3:55:a5:0f:85:e1:fa:a2:5d:31:c1:eb:1c:8c:03:61:e4:7b:
         cd:67:52:c8:0b:67:39:6d:7b:d7:26:d9:3d:02:2c:b6:93:55:
         f3:7a:10:a0:23:33:cf:0c:7b:da:96:07:35:4a:2f:cc:f3:bf:
         07:1b:5d:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1gme+7GS7FSjFGTG/yOaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZjQxMjlhZjg2OWY2ZjVjODVhNzM4ODgwOGFhZDBhYzBi
YTljNGYwHhcNMjUwMTAxMDc0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDNiMWMxOGZlOGFiZWZkODRhYzZlNTk4ODM3MzAxOWYyNDk4MGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWTbkJaEKCiFNJ9Zx4+RGd8EAMJS
Gzh4oJIsxybPPjsJSNZ7pd/omgQJOvuOLiOhZ0INU/ljh4kDNXgcF48vEqEMwxF/
Nnl6QLNaJC63ntsybMCfnuZynWsNAJKoU+70sCHCkmuTlW9Y5mwIrvllyDOK7dns
tLCE0UXu5OA5DJxqTdZP3csYVTOKq+qCNMjT55T3EKsf/grhkU3hdKK7ISc+1yk/
ZfS/QbIZooPYrMUud0atlVLrP0lRyzpBCwLoK+me8sC3dRUHlQ6GzeBB8Rvss3RX
QWVDMfmSh8ugPWd0QTCb1XyduBLwQukQ3dj5klL6JYTEDlZRM2qkmoHAVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJA7HBj+ir79hKxuWYg3MBnySYDqMB8GA1UdIwQY
MBaAFIb0Epr4afb1yFpziICKrQrAupxPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHZRU212aHA5dlhJV25PSWdJcXRDc0M2bkU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8zMTkxZWMtY2U4Zi00NTc2LWE5NDAt
Y2M1MDEwN2VhMTQ2LzEva0RzY0dQNkt2djJFckc1WmlEY3dHZkpKZ09vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8zMTkxZWMtY2U4Zi00NTc2LWE5NDAtY2M1MDEwN2VhMTQ2
LzEvaHZRU212aHA5dlhJV25PSWdJcXRDc0M2bkU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwrHMA0G
CSqGSIb3DQEBCwUAA4IBAQCIMeGA6tLj9nTrSjAIJKpUWkrcsnyIyGbhY4YyYns1
Fsh9KRYoI7QH3v4uRG7Xof/Y3JjHYcCojT32XpiFQ5HbtQqGAnO38JEJ3uCx0N3P
B4xRl+zGhNXh9yjKbJ0/8n8/ptqsmJVts+a6tZT2xIUYd2ExKOZar/GsmUKSuxEs
WWHTI4kQNrywBVztFsAYDr8cxFWF+a3C+LKPHqam4dYrm5PoZhlEmNbOHWqtmMXC
KArRMcJjMC9c36oyHJ4UEC0ZJ88j5r/zVaUPheH6ol0xwescjANh5HvNZ1LIC2c5
bXvXJtk9Aiy2k1XzehCgIzPPDHvalgc1Si/M878HG12b
-----END CERTIFICATE-----