Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/b597c4-6a32-4008-b2ee-2da625eb7242/1/ndYvy3DpPQEg7agX9yeUPh7aIzM.roa
File:                     ndYvy3DpPQEg7agX9yeUPh7aIzM.roa (raw, json)
Hash identifier:          LLTNwtF/+ug834lVnF3Dld69SMVRk9P76HlsXKqCmGc=
Subject key identifier:   9D:D6:2F:CB:70:E9:3D:01:20:ED:A8:17:F7:27:94:3E:1E:DA:23:33
Certificate issuer:       /CN=0024b1f1359110bff991e9ac6f51469fdcb487af
Certificate serial:       018CC94D4CC942C1883BB6CD7F32251BD02A
Authority key identifier: 00:24:B1:F1:35:91:10:BF:F9:91:E9:AC:6F:51:46:9F:DC:B4:87:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ACSx8TWREL_5kemsb1FGn9y0h68.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/b597c4-6a32-4008-b2ee-2da625eb7242/1/ndYvy3DpPQEg7agX9yeUPh7aIzM.roa
Signing time:             Tue 02 Jan 2024 08:32:15 +0000
ROA not before:           Tue 02 Jan 2024 08:32:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215919
IP address blocks:        195.210.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/b597c4-6a32-4008-b2ee-2da625eb7242/1/ACSx8TWREL_5kemsb1FGn9y0h68.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/b597c4-6a32-4008-b2ee-2da625eb7242/1/ACSx8TWREL_5kemsb1FGn9y0h68.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ACSx8TWREL_5kemsb1FGn9y0h68.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 13:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:4c:c9:42:c1:88:3b:b6:cd:7f:32:25:1b:d0:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0024b1f1359110bff991e9ac6f51469fdcb487af
        Validity
            Not Before: Jan  2 08:32:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9dd62fcb70e93d0120eda817f727943e1eda2333
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:02:46:4b:9b:91:8b:bf:35:5e:d6:d0:7f:f1:
                    f6:34:3a:e4:56:5d:90:77:d1:0d:c4:5a:a5:54:8f:
                    e0:5d:f1:0a:bf:c1:84:d2:16:cf:fe:4e:33:28:7a:
                    c7:09:a7:c0:8c:ae:e2:67:86:15:1c:31:3a:78:92:
                    77:d5:0c:a6:ca:c6:a3:24:9c:17:e1:6b:a1:5b:4a:
                    6a:66:1f:df:de:f8:53:c2:80:64:a7:06:d5:23:39:
                    c7:be:f3:82:5c:74:0a:fc:a3:9a:2e:88:a2:9a:fd:
                    b2:32:16:09:ab:ab:cb:36:71:4a:95:84:a9:71:3c:
                    6e:cc:e6:77:f5:b7:c6:a2:1f:41:4f:37:3b:53:99:
                    4b:a7:4d:cc:de:bb:6b:d8:88:96:74:6a:65:ac:15:
                    09:eb:dd:2c:19:7f:d5:0d:3d:66:8c:b9:9f:67:f3:
                    a0:6c:7a:b4:0f:4f:93:d2:5e:b4:28:bc:82:18:ac:
                    1d:67:82:6a:b0:ee:11:58:10:ae:2f:45:82:3b:7d:
                    fa:57:b5:1d:e0:97:0e:56:28:a5:dd:55:d1:fd:a6:
                    a1:f5:db:d5:c2:af:78:62:94:9b:2f:1b:50:55:80:
                    78:ff:b8:39:9b:f8:d8:9f:bc:7d:31:c7:d3:e4:38:
                    8f:df:2f:11:d3:21:b7:77:00:71:d9:de:91:5a:f3:
                    fa:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:D6:2F:CB:70:E9:3D:01:20:ED:A8:17:F7:27:94:3E:1E:DA:23:33
            X509v3 Authority Key Identifier:
                keyid:00:24:B1:F1:35:91:10:BF:F9:91:E9:AC:6F:51:46:9F:DC:B4:87:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ACSx8TWREL_5kemsb1FGn9y0h68.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/b597c4-6a32-4008-b2ee-2da625eb7242/1/ndYvy3DpPQEg7agX9yeUPh7aIzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/b597c4-6a32-4008-b2ee-2da625eb7242/1/ACSx8TWREL_5kemsb1FGn9y0h68.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.210.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:5e:59:b7:7a:8e:83:20:c7:fb:85:f1:76:7b:6b:2c:ef:24:
         b4:73:84:57:49:3a:d6:9d:ee:8c:0f:29:36:03:8b:fe:3b:78:
         c1:cc:ef:fd:47:02:cd:ef:81:1b:4d:b7:d0:8f:d2:8f:a0:9a:
         f7:a7:08:e8:6e:4a:08:2d:ce:8e:22:3a:b8:30:e0:25:28:4c:
         33:d6:d9:79:7e:56:84:84:ba:5a:69:e7:65:59:8d:84:65:6a:
         4b:bc:e1:c0:98:41:d5:b9:d8:c2:f0:33:ff:d9:6a:63:83:d4:
         b5:ce:a9:c4:e0:d7:2e:81:8b:6b:8d:76:5e:11:66:a7:e9:45:
         4b:a5:3d:4f:cd:7d:e2:22:b2:9a:45:18:ee:42:0e:3a:65:a5:
         a7:aa:0d:4f:04:63:d5:20:d8:3a:5e:36:a5:25:e5:79:13:78:
         75:90:8b:c0:e8:e0:18:07:43:14:99:e4:42:eb:14:3b:e8:eb:
         02:4b:04:38:9b:4c:37:0b:2e:c0:e8:60:4b:37:09:a6:b4:19:
         1b:20:2c:1d:e8:4c:09:9c:ac:aa:40:26:3d:88:33:6a:cd:3e:
         35:1b:9c:5f:4f:6f:e5:42:28:c3:9d:ec:3b:28:40:67:da:d7:
         1c:d1:b8:12:28:cc:f2:ad:05:97:50:94:55:9c:f6:4f:39:f6:
         45:dd:98:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTUzJQsGIO7bNfzIlG9AqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMjRiMWYxMzU5MTEwYmZmOTkxZTlhYzZmNTE0NjlmZGNi
NDg3YWYwHhcNMjQwMTAyMDgzMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGQ2MmZjYjcwZTkzZDAxMjBlZGE4MTdmNzI3OTQzZTFlZGEyMzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgJGS5uRi781XtbQf/H2NDrkVl2Q
d9ENxFqlVI/gXfEKv8GE0hbP/k4zKHrHCafAjK7iZ4YVHDE6eJJ31QymysajJJwX
4WuhW0pqZh/f3vhTwoBkpwbVIznHvvOCXHQK/KOaLoiimv2yMhYJq6vLNnFKlYSp
cTxuzOZ39bfGoh9BTzc7U5lLp03M3rtr2IiWdGplrBUJ690sGX/VDT1mjLmfZ/Og
bHq0D0+T0l60KLyCGKwdZ4JqsO4RWBCuL0WCO336V7Ud4JcOViil3VXR/aah9dvV
wq94YpSbLxtQVYB4/7g5m/jYn7x9McfT5DiP3y8R0yG3dwBx2d6RWvP67wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3WL8tw6T0BIO2oF/cnlD4e2iMzMB8GA1UdIwQY
MBaAFAAksfE1kRC/+ZHprG9RRp/ctIevMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUNTeDhUV1JFTF81a2Vtc2IxRkduOXkwaDY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9iNTk3YzQtNmEzMi00MDA4LWIyZWUt
MmRhNjI1ZWI3MjQyLzEvbmRZdnkzRHBQUUVnN2FnWDl5ZVVQaDdhSXpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9iNTk3YzQtNmEzMi00MDA4LWIyZWUtMmRhNjI1ZWI3MjQy
LzEvQUNTeDhUV1JFTF81a2Vtc2IxRkduOXkwaDY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9IgMA0G
CSqGSIb3DQEBCwUAA4IBAQB/Xlm3eo6DIMf7hfF2e2ss7yS0c4RXSTrWne6MDyk2
A4v+O3jBzO/9RwLN74EbTbfQj9KPoJr3pwjobkoILc6OIjq4MOAlKEwz1tl5flaE
hLpaaedlWY2EZWpLvOHAmEHVudjC8DP/2Wpjg9S1zqnE4NcugYtrjXZeEWan6UVL
pT1PzX3iIrKaRRjuQg46ZaWnqg1PBGPVINg6XjalJeV5E3h1kIvA6OAYB0MUmeRC
6xQ76OsCSwQ4m0w3Cy7A6GBLNwmmtBkbICwd6EwJnKyqQCY9iDNqzT41G5xfT2/l
QijDnew7KEBn2tcc0bgSKMzyrQWXUJRVnPZPOfZF3Zj1
-----END CERTIFICATE-----