Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/dff4d0-1d0a-4951-8b27-7f7394be8ce4/1/3ze7nG6NJbQXoAtsnTSw12VdWwo.roa
File:                     3ze7nG6NJbQXoAtsnTSw12VdWwo.roa (raw, json)
Hash identifier:          LRyzoQAgF5WxWBrfECQmM2BoIUCq6n1Onnn/hluC8Tc=
Subject key identifier:   DF:37:BB:9C:6E:8D:25:B4:17:A0:0B:6C:9D:34:B0:D7:65:5D:5B:0A
Certificate issuer:       /CN=f42d0cad0eaed1a61f478fb0919c7a4322724695
Certificate serial:       018CC8DE19C354BE25A7C069CC7AE83C8325
Authority key identifier: F4:2D:0C:AD:0E:AE:D1:A6:1F:47:8F:B0:91:9C:7A:43:22:72:46:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9C0MrQ6u0aYfR4-wkZx6QyJyRpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/dff4d0-1d0a-4951-8b27-7f7394be8ce4/1/3ze7nG6NJbQXoAtsnTSw12VdWwo.roa
Signing time:             Tue 02 Jan 2024 06:30:47 +0000
ROA not before:           Tue 02 Jan 2024 06:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50379
IP address blocks:        195.191.60.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/dff4d0-1d0a-4951-8b27-7f7394be8ce4/1/9C0MrQ6u0aYfR4-wkZx6QyJyRpU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/dff4d0-1d0a-4951-8b27-7f7394be8ce4/1/9C0MrQ6u0aYfR4-wkZx6QyJyRpU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9C0MrQ6u0aYfR4-wkZx6QyJyRpU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:19:c3:54:be:25:a7:c0:69:cc:7a:e8:3c:83:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f42d0cad0eaed1a61f478fb0919c7a4322724695
        Validity
            Not Before: Jan  2 06:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df37bb9c6e8d25b417a00b6c9d34b0d7655d5b0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:fa:e9:a8:d0:f2:3d:e8:c2:85:4f:39:25:4b:
                    32:cf:7e:e1:32:52:8a:a7:c1:7a:d0:23:ec:24:5b:
                    e0:80:63:1e:8d:8f:87:35:58:47:0a:e5:ce:79:ec:
                    fa:ab:2e:2b:95:0f:2e:ad:0a:a7:1a:04:4d:9d:85:
                    d6:ea:78:9d:3e:1a:75:33:12:a2:89:27:9a:64:5b:
                    9d:40:89:ea:21:ba:ad:36:60:d4:77:91:47:b5:7f:
                    72:11:5a:69:6f:c2:4b:ad:4f:77:dc:db:10:74:a8:
                    54:b8:bf:40:39:16:05:85:08:eb:2d:41:7e:58:74:
                    30:86:3b:5a:30:5c:b6:e0:bf:fc:92:40:e1:92:01:
                    4d:69:3a:89:9d:49:75:d9:ee:33:a1:d0:8b:bb:ca:
                    e7:5a:98:e3:33:96:0a:be:35:4e:40:d5:96:fe:62:
                    00:8b:29:78:1f:f8:96:84:f3:fd:81:e9:ed:86:6f:
                    0f:6d:f8:df:d3:19:d3:3b:71:40:20:ac:c9:8d:96:
                    3b:bc:81:76:15:46:4f:fb:3e:4b:f2:5e:36:24:5b:
                    78:95:7d:d0:b2:ab:43:f9:90:48:ae:eb:7d:bb:44:
                    95:be:3c:91:3a:9d:04:45:3a:0f:76:d4:51:3a:71:
                    20:f0:72:f5:cd:47:54:48:92:05:53:9a:80:6f:16:
                    39:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:37:BB:9C:6E:8D:25:B4:17:A0:0B:6C:9D:34:B0:D7:65:5D:5B:0A
            X509v3 Authority Key Identifier:
                keyid:F4:2D:0C:AD:0E:AE:D1:A6:1F:47:8F:B0:91:9C:7A:43:22:72:46:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9C0MrQ6u0aYfR4-wkZx6QyJyRpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/dff4d0-1d0a-4951-8b27-7f7394be8ce4/1/3ze7nG6NJbQXoAtsnTSw12VdWwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/dff4d0-1d0a-4951-8b27-7f7394be8ce4/1/9C0MrQ6u0aYfR4-wkZx6QyJyRpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:57:ad:d1:62:87:a3:20:5b:b5:1e:c9:9f:01:49:d2:ec:1f:
         2a:11:37:5f:2c:41:3a:e3:8b:4f:8d:9d:b1:11:3e:b4:70:b0:
         cc:35:93:01:a1:05:fc:8c:6a:5c:e8:0d:42:65:1c:89:cd:9c:
         ec:fd:89:93:08:b8:e1:b1:31:fb:d8:53:c7:3d:64:d3:a0:6a:
         0a:db:11:36:c0:de:56:96:c7:e5:4d:9e:3f:f3:51:35:a8:e4:
         b9:4e:3a:af:9f:57:3b:1c:23:0b:32:b4:06:ee:d1:94:a4:1f:
         b1:1c:5d:a8:98:b2:50:37:08:1a:20:70:b7:66:aa:c2:e0:c8:
         92:89:e7:b2:0b:48:85:ac:0f:c8:f2:aa:8c:c1:89:4e:9f:18:
         94:a8:2a:98:08:a2:fb:a2:41:e8:5f:27:83:ae:97:e6:e9:d6:
         de:7a:e9:dd:a5:4c:8c:e0:4f:b9:c8:94:d4:8e:db:e1:87:17:
         c6:b6:c3:50:88:e8:24:6b:14:d3:6b:07:13:6d:60:49:55:6b:
         5a:c5:47:b0:c0:5f:7d:23:70:1d:00:3d:9a:0f:69:cd:43:91:
         c1:5a:b1:3d:ea:30:2d:1f:20:75:a3:5e:71:d1:a6:6d:73:86:
         13:d0:75:50:01:d5:41:66:07:e4:74:e9:fd:b2:63:a8:46:9a:
         93:ff:66:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3hnDVL4lp8BpzHroPIMlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0MmQwY2FkMGVhZWQxYTYxZjQ3OGZiMDkxOWM3YTQzMjI3
MjQ2OTUwHhcNMjQwMTAyMDYzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjM3YmI5YzZlOGQyNWI0MTdhMDBiNmM5ZDM0YjBkNzY1NWQ1YjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPrpqNDyPejChU85JUsyz37hMlKK
p8F60CPsJFvggGMejY+HNVhHCuXOeez6qy4rlQ8urQqnGgRNnYXW6nidPhp1MxKi
iSeaZFudQInqIbqtNmDUd5FHtX9yEVppb8JLrU933NsQdKhUuL9AORYFhQjrLUF+
WHQwhjtaMFy24L/8kkDhkgFNaTqJnUl12e4zodCLu8rnWpjjM5YKvjVOQNWW/mIA
iyl4H/iWhPP9genthm8Pbfjf0xnTO3FAIKzJjZY7vIF2FUZP+z5L8l42JFt4lX3Q
sqtD+ZBIrut9u0SVvjyROp0ERToPdtRROnEg8HL1zUdUSJIFU5qAbxY5PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN83u5xujSW0F6ALbJ00sNdlXVsKMB8GA1UdIwQY
MBaAFPQtDK0OrtGmH0ePsJGcekMickaVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUMwTXJRNnUwYVlmUjQtd2taeDZReUp5UnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9kZmY0ZDAtMWQwYS00OTUxLThiMjct
N2Y3Mzk0YmU4Y2U0LzEvM3plN25HNk5KYlFYb0F0c25UU3cxMlZkV3dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9kZmY0ZDAtMWQwYS00OTUxLThiMjctN2Y3Mzk0YmU4Y2U0
LzEvOUMwTXJRNnUwYVlmUjQtd2taeDZReUp5UnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw788MA0G
CSqGSIb3DQEBCwUAA4IBAQAjV63RYoejIFu1HsmfAUnS7B8qETdfLEE644tPjZ2x
ET60cLDMNZMBoQX8jGpc6A1CZRyJzZzs/YmTCLjhsTH72FPHPWTToGoK2xE2wN5W
lsflTZ4/81E1qOS5Tjqvn1c7HCMLMrQG7tGUpB+xHF2omLJQNwgaIHC3ZqrC4MiS
ieeyC0iFrA/I8qqMwYlOnxiUqCqYCKL7okHoXyeDrpfm6dbeeundpUyM4E+5yJTU
jtvhhxfGtsNQiOgkaxTTawcTbWBJVWtaxUewwF99I3AdAD2aD2nNQ5HBWrE96jAt
HyB1o15x0aZtc4YT0HVQAdVBZgfkdOn9smOoRpqT/2YV
-----END CERTIFICATE-----