Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/45a572-b808-40f5-8b25-ddca153a20ab/1/olYC3vt3bTWX5B6Daul0GiCdzRk.roa
File:                     olYC3vt3bTWX5B6Daul0GiCdzRk.roa (raw, json)
Hash identifier:          EU31+YZYAX7zRrR/hWxXMjIPU9jCSCk9p7wSptbJIM8=
Subject key identifier:   A2:56:02:DE:FB:77:6D:35:97:E4:1E:83:6A:E9:74:1A:20:9D:CD:19
Certificate issuer:       /CN=faf647df218e2c6f3fd1cf549d27df4e50cd6db0
Certificate serial:       0194222024953B95875EFAB1413EC589BA14
Authority key identifier: FA:F6:47:DF:21:8E:2C:6F:3F:D1:CF:54:9D:27:DF:4E:50:CD:6D:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-vZH3yGOLG8_0c9UnSffTlDNbbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/45a572-b808-40f5-8b25-ddca153a20ab/1/olYC3vt3bTWX5B6Daul0GiCdzRk.roa
Signing time:             Wed 01 Jan 2025 13:48:39 +0000
ROA not before:           Wed 01 Jan 2025 13:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398485
IP address blocks:        195.5.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/45a572-b808-40f5-8b25-ddca153a20ab/1/1-vZH3yGOLG8_0c9UnSffTlDNbbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/45a572-b808-40f5-8b25-ddca153a20ab/1/1-vZH3yGOLG8_0c9UnSffTlDNbbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-vZH3yGOLG8_0c9UnSffTlDNbbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:24:95:3b:95:87:5e:fa:b1:41:3e:c5:89:ba:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=faf647df218e2c6f3fd1cf549d27df4e50cd6db0
        Validity
            Not Before: Jan  1 13:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a25602defb776d3597e41e836ae9741a209dcd19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:b9:a0:f6:64:6e:cc:c8:6b:8c:38:69:8b:2e:
                    d4:b1:b6:4a:d5:58:06:1d:82:ee:af:91:de:83:5e:
                    40:72:57:8d:ee:d5:97:4e:84:6b:4c:40:53:aa:5c:
                    5c:47:67:04:56:35:5f:5a:fb:c0:2d:4a:ef:4e:64:
                    75:10:10:bf:7c:60:d0:ed:28:67:a2:5b:ab:87:7b:
                    2a:92:02:54:5e:1f:01:7f:73:d0:c9:3d:11:e6:06:
                    34:cb:8f:f6:20:80:d3:cb:65:52:dc:3f:20:e9:b2:
                    cd:66:5f:86:fe:1f:02:56:cc:ed:76:fc:b0:68:81:
                    a7:18:7a:7a:e7:f2:15:28:42:ef:c3:ee:d5:57:0c:
                    31:7a:29:cd:1a:4f:02:f6:9a:5f:11:99:84:c4:1f:
                    66:b6:96:52:16:55:52:50:d4:77:e1:e0:45:75:bf:
                    a0:dd:5d:8c:c8:a0:9c:f1:13:c0:8f:da:e9:f4:02:
                    a1:8c:bb:d6:22:0b:bc:a1:7c:16:e1:3e:00:53:40:
                    a5:bb:a6:c3:56:fb:dc:89:0d:f0:4a:aa:38:e7:a1:
                    58:c9:ce:4f:f3:55:fc:bc:3d:9e:fc:55:46:59:d3:
                    b3:7a:58:12:85:27:50:e4:cf:74:2f:21:47:7b:8c:
                    68:81:08:d3:20:4e:fc:af:50:23:28:16:4d:f4:eb:
                    1e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:56:02:DE:FB:77:6D:35:97:E4:1E:83:6A:E9:74:1A:20:9D:CD:19
            X509v3 Authority Key Identifier:
                keyid:FA:F6:47:DF:21:8E:2C:6F:3F:D1:CF:54:9D:27:DF:4E:50:CD:6D:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-vZH3yGOLG8_0c9UnSffTlDNbbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/45a572-b808-40f5-8b25-ddca153a20ab/1/olYC3vt3bTWX5B6Daul0GiCdzRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/45a572-b808-40f5-8b25-ddca153a20ab/1/1-vZH3yGOLG8_0c9UnSffTlDNbbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.5.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:7e:79:c5:b7:5b:4b:a3:d1:f3:90:b4:ad:32:4e:fe:4c:1e:
         1c:cf:a2:50:32:69:ba:31:1c:b4:c7:e0:27:49:0b:fc:96:e4:
         0b:f1:57:59:5d:a8:05:75:e0:34:44:77:25:e9:1e:89:ad:c0:
         6e:b1:a3:78:75:d7:fa:54:8b:2e:9c:03:40:f5:8a:a5:8f:e2:
         01:96:e8:ed:14:af:6b:e6:89:ca:e5:f7:c2:51:a1:63:3f:76:
         7d:c5:9f:4d:fc:ea:f2:27:d9:d4:12:2f:72:22:26:b4:71:8f:
         93:ac:7a:85:9c:f2:f9:58:c6:f1:25:64:da:9e:30:a6:de:1d:
         2c:c6:66:91:c9:84:46:d9:2d:57:08:32:d6:ad:cc:14:5d:a4:
         e7:42:6a:de:d4:b7:99:52:7b:19:f9:d2:7c:26:73:15:ee:ae:
         3a:0e:e0:22:a8:74:3b:fe:a3:ea:37:39:ba:c2:f9:7d:66:ef:
         85:91:3d:aa:98:2a:e7:37:04:ef:43:95:71:e1:22:05:43:a0:
         45:24:2b:da:3f:a2:e2:9a:99:d6:b6:ce:80:94:52:7f:38:67:
         a4:a3:bf:de:0e:a9:4c:e7:2a:81:67:9c:92:fa:48:57:71:7e:
         12:03:85:d7:7b:0b:5f:56:5e:6e:68:ff:c9:56:81:5d:3a:fd:
         70:d3:5e:e6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQiICSVO5WHXvqxQT7FiboUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZjY0N2RmMjE4ZTJjNmYzZmQxY2Y1NDlkMjdkZjRlNTBj
ZDZkYjAwHhcNMjUwMTAxMTM0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjU2MDJkZWZiNzc2ZDM1OTdlNDFlODM2YWU5NzQxYTIwOWRjZDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Lmg9mRuzMhrjDhpiy7UsbZK1VgG
HYLur5Heg15AcleN7tWXToRrTEBTqlxcR2cEVjVfWvvALUrvTmR1EBC/fGDQ7Shn
olurh3sqkgJUXh8Bf3PQyT0R5gY0y4/2IIDTy2VS3D8g6bLNZl+G/h8CVsztdvyw
aIGnGHp65/IVKELvw+7VVwwxeinNGk8C9ppfEZmExB9mtpZSFlVSUNR34eBFdb+g
3V2MyKCc8RPAj9rp9AKhjLvWIgu8oXwW4T4AU0Clu6bDVvvciQ3wSqo456FYyc5P
81X8vD2e/FVGWdOzelgShSdQ5M90LyFHe4xogQjTIE78r1AjKBZN9Ose2wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKJWAt77d201l+Qeg2rpdBognc0ZMB8GA1UdIwQY
MBaAFPr2R98hjixvP9HPVJ0n305QzW2wMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS12WkgzeUdPTEc4XzBjOVVuU2ZmVGxETmJiQS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTQvNDVhNTcyLWI4MDgtNDBmNS04YjI1
LWRkY2ExNTNhMjBhYi8xL29sWUMzdnQzYlRXWDVCNkRhdWwwR2lDZHpSay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTQvNDVhNTcyLWI4MDgtNDBmNS04YjI1LWRkY2ExNTNhMjBh
Yi8xLzEtdlpIM3lHT0xHOF8wYzlVblNmZlRsRE5iYkEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDBasw
DQYJKoZIhvcNAQELBQADggEBAHl+ecW3W0uj0fOQtK0yTv5MHhzPolAyaboxHLTH
4CdJC/yW5AvxV1ldqAV14DREdyXpHomtwG6xo3h11/pUiy6cA0D1iqWP4gGW6O0U
r2vmicrl98JRoWM/dn3Fn0386vIn2dQSL3IiJrRxj5OseoWc8vlYxvElZNqeMKbe
HSzGZpHJhEbZLVcIMtatzBRdpOdCat7Ut5lSexn50nwmcxXurjoO4CKodDv+o+o3
ObrC+X1m74WRPaqYKuc3BO9DlXHhIgVDoEUkK9o/ouKamda2zoCUUn84Z6Sjv94O
qUznKoFnnJL6SFdxfhIDhdd7C19WXm5o/8lWgV06/XDTXuY=
-----END CERTIFICATE-----