Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/twXQjBlWYOvNDNr-8QGkSzdhCV4.roa
File:                     twXQjBlWYOvNDNr-8QGkSzdhCV4.roa (raw, json)
Hash identifier:          aJbrrAaBlOEVzL74CdtDGTstyJTvSdPbyY+SJcwEbKw=
Subject key identifier:   B7:05:D0:8C:19:56:60:EB:CD:0C:DA:FE:F1:01:A4:4B:37:61:09:5E
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018CC86F411AFB6764777254B8FFB1781FDC
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/twXQjBlWYOvNDNr-8QGkSzdhCV4.roa
Signing time:             Tue 02 Jan 2024 04:29:43 +0000
ROA not before:           Tue 02 Jan 2024 04:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50751
IP address blocks:        195.62.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:41:1a:fb:67:64:77:72:54:b8:ff:b1:78:1f:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  2 04:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b705d08c195660ebcd0cdafef101a44b3761095e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:71:07:0e:ed:8d:3f:a5:64:6c:bf:93:83:cf:
                    dc:10:60:68:23:33:19:9f:64:38:4f:58:a4:88:bd:
                    7f:b1:3a:b9:97:73:43:00:20:34:f3:6d:e3:b5:92:
                    cb:d7:f8:01:da:d2:14:6d:af:2c:b6:0a:44:70:af:
                    40:fc:37:0d:aa:1b:2a:9a:67:f3:25:f6:2f:c3:96:
                    c9:8e:6c:b9:d7:4f:51:56:0f:0b:28:41:12:1a:fe:
                    30:8d:7f:6f:d9:4d:08:7e:3a:8e:34:e4:3b:39:56:
                    24:78:8a:ff:1d:2c:b9:3e:44:f1:28:a1:b8:ae:59:
                    fa:02:1e:8f:3a:66:39:85:33:6b:ec:e4:8d:1c:a6:
                    f0:a8:51:3a:02:90:be:60:d0:2e:09:96:6d:e6:20:
                    7a:6e:cf:b1:f7:f1:2c:ec:1f:7b:24:8c:eb:58:74:
                    fc:aa:bf:a1:6d:05:81:40:90:70:e5:89:e1:6b:96:
                    60:44:04:c3:ed:85:8c:9f:8f:06:a2:4b:77:82:7c:
                    ba:fc:ee:7b:b3:c4:8a:07:a5:25:6e:0b:2d:ab:e8:
                    e2:f1:ab:97:c4:6a:fd:d0:c2:bb:87:4f:af:0a:d4:
                    9c:45:25:14:61:f1:3a:9b:55:59:a1:84:d7:63:4c:
                    22:25:d2:b6:b8:12:ad:57:1d:6a:ea:5d:91:e0:37:
                    fa:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:05:D0:8C:19:56:60:EB:CD:0C:DA:FE:F1:01:A4:4B:37:61:09:5E
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/twXQjBlWYOvNDNr-8QGkSzdhCV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.62.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:24:f7:e8:a0:7d:f5:38:b7:50:c4:87:ab:59:05:7b:dd:c9:
         1a:32:6e:76:15:f9:ea:53:1f:e3:af:57:08:ae:23:8b:28:a0:
         85:13:05:be:fc:4a:43:89:88:92:ad:11:32:82:30:93:27:dc:
         4e:fb:a4:68:38:3b:78:ed:8e:60:0b:7c:6c:c3:11:59:6c:e7:
         20:84:95:b8:16:cf:20:5e:5d:92:ff:99:6b:0a:07:66:02:5f:
         d8:21:9a:a0:ff:67:70:ef:0a:67:73:59:57:4e:8a:a2:93:94:
         27:11:1d:da:6e:f1:4f:aa:b3:e8:fd:7c:7e:bc:06:0a:19:df:
         4e:6b:79:19:d6:d7:f5:e4:20:cc:8c:ce:50:1c:3e:0b:2e:3d:
         41:94:90:b1:3e:f5:0c:13:31:3c:2a:49:4f:fe:25:42:3c:15:
         12:45:15:7c:47:98:d1:d5:1c:a0:26:16:cf:56:fc:57:42:43:
         23:47:a4:82:de:5b:2f:88:b3:56:3f:6d:8d:74:55:18:e7:dd:
         8b:45:03:cc:ff:5c:27:d2:93:d2:a5:cd:7c:4d:f2:85:d1:4e:
         27:6c:88:d8:4a:59:c8:50:da:69:11:a4:db:f6:63:5a:e4:8b:
         74:ae:6d:22:a7:df:8d:80:f4:ed:55:ec:d6:dc:7f:f9:a0:5f:
         74:08:92:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb0Ea+2dkd3JUuP+xeB/cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMTAyMDQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzA1ZDA4YzE5NTY2MGViY2QwY2RhZmVmMTAxYTQ0YjM3NjEwOTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjnEHDu2NP6VkbL+Tg8/cEGBoIzMZ
n2Q4T1ikiL1/sTq5l3NDACA0823jtZLL1/gB2tIUba8stgpEcK9A/DcNqhsqmmfz
JfYvw5bJjmy5109RVg8LKEESGv4wjX9v2U0IfjqONOQ7OVYkeIr/HSy5PkTxKKG4
rln6Ah6POmY5hTNr7OSNHKbwqFE6ApC+YNAuCZZt5iB6bs+x9/Es7B97JIzrWHT8
qr+hbQWBQJBw5Ynha5ZgRATD7YWMn48Gokt3gny6/O57s8SKB6Ulbgstq+ji8auX
xGr90MK7h0+vCtScRSUUYfE6m1VZoYTXY0wiJdK2uBKtVx1q6l2R4Df6HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLcF0IwZVmDrzQza/vEBpEs3YQleMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvdHdYUWpCbFdZT3ZORE5yLThRR2tTemRoQ1Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwz4ZMA0G
CSqGSIb3DQEBCwUAA4IBAQAKJPfooH31OLdQxIerWQV73ckaMm52FfnqUx/jr1cI
riOLKKCFEwW+/EpDiYiSrREygjCTJ9xO+6RoODt47Y5gC3xswxFZbOcghJW4Fs8g
Xl2S/5lrCgdmAl/YIZqg/2dw7wpnc1lXToqik5QnER3abvFPqrPo/Xx+vAYKGd9O
a3kZ1tf15CDMjM5QHD4LLj1BlJCxPvUMEzE8KklP/iVCPBUSRRV8R5jR1RygJhbP
VvxXQkMjR6SC3lsviLNWP22NdFUY592LRQPM/1wn0pPSpc18TfKF0U4nbIjYSlnI
UNppEaTb9mNa5It0rm0ip9+NgPTtVezW3H/5oF90CJJs
-----END CERTIFICATE-----