Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/503603-1a5d-4900-9829-48dea1021a69/1/Orchxvc0MEXRAEUfzb2-AYQNJlo.roa
File:                     Orchxvc0MEXRAEUfzb2-AYQNJlo.roa (raw, json)
Hash identifier:          5zb4XYCUHXbva4EKPaxkl1pzSV5odSRzKsryQa3HZ9E=
Subject key identifier:   3A:B7:21:C6:F7:34:30:45:D1:00:45:1F:CD:BD:BE:01:84:0D:26:5A
Certificate issuer:       /CN=08b0f12f115ad40f2c2b4aad454d2e43611c9a06
Certificate serial:       018CC349123A9C9015BA0BD77F9A7D7C77A8
Authority key identifier: 08:B0:F1:2F:11:5A:D4:0F:2C:2B:4A:AD:45:4D:2E:43:61:1C:9A:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CLDxLxFa1A8sK0qtRU0uQ2EcmgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/503603-1a5d-4900-9829-48dea1021a69/1/Orchxvc0MEXRAEUfzb2-AYQNJlo.roa
Signing time:             Mon 01 Jan 2024 04:29:54 +0000
ROA not before:           Mon 01 Jan 2024 04:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29240
IP address blocks:        195.225.176.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/503603-1a5d-4900-9829-48dea1021a69/1/CLDxLxFa1A8sK0qtRU0uQ2EcmgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/503603-1a5d-4900-9829-48dea1021a69/1/CLDxLxFa1A8sK0qtRU0uQ2EcmgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CLDxLxFa1A8sK0qtRU0uQ2EcmgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:12:3a:9c:90:15:ba:0b:d7:7f:9a:7d:7c:77:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08b0f12f115ad40f2c2b4aad454d2e43611c9a06
        Validity
            Not Before: Jan  1 04:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ab721c6f7343045d100451fcdbdbe01840d265a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:bb:2b:97:2b:1e:ea:7e:79:9c:ce:88:60:a7:
                    ad:66:3c:9d:d6:37:c2:3f:28:35:c8:f9:f8:a3:8c:
                    68:db:44:6d:9f:2f:00:67:1f:6d:89:65:8d:18:a1:
                    fe:9e:d2:aa:7a:20:fa:95:7e:34:aa:16:ef:f2:60:
                    46:bf:71:57:13:ab:6c:32:4c:99:d5:20:cd:90:52:
                    fc:59:f8:0a:f9:e1:3c:c1:31:2a:03:06:a9:65:f0:
                    cc:ce:20:87:f7:92:ae:af:7c:4f:52:cc:90:4e:00:
                    26:03:f3:cd:1b:a9:fc:99:57:74:49:09:e6:04:79:
                    6a:e0:c1:db:7f:ca:22:4c:af:55:19:80:0e:b6:97:
                    7a:ca:e4:14:61:9d:86:81:7e:4f:16:8a:a3:0b:00:
                    30:23:ab:33:5e:fc:0e:b7:2f:92:11:a9:73:f2:25:
                    7f:7e:9c:b8:71:c8:1f:e7:99:6a:7f:a4:65:c9:9a:
                    df:95:c4:d5:d3:4a:c0:f9:37:e5:59:6c:e6:b1:7b:
                    e4:0d:5c:c0:c7:b9:6b:4b:1a:7e:5a:12:6f:46:54:
                    4f:47:6e:71:50:0d:fa:f9:86:09:6b:91:ff:8f:96:
                    f7:c7:cb:76:f6:31:c1:48:fb:f7:64:6b:6a:5a:2b:
                    a8:16:0e:1a:0f:a8:86:60:69:ac:c3:60:95:9b:9b:
                    b6:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:B7:21:C6:F7:34:30:45:D1:00:45:1F:CD:BD:BE:01:84:0D:26:5A
            X509v3 Authority Key Identifier:
                keyid:08:B0:F1:2F:11:5A:D4:0F:2C:2B:4A:AD:45:4D:2E:43:61:1C:9A:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CLDxLxFa1A8sK0qtRU0uQ2EcmgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/503603-1a5d-4900-9829-48dea1021a69/1/Orchxvc0MEXRAEUfzb2-AYQNJlo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/503603-1a5d-4900-9829-48dea1021a69/1/CLDxLxFa1A8sK0qtRU0uQ2EcmgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.225.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:5b:d5:d3:4a:bc:57:fd:da:a9:51:9a:96:6c:68:02:ac:9b:
         60:ed:d4:78:84:88:71:ce:b4:5c:ab:f5:d5:50:1b:ad:6f:d4:
         5e:de:cc:3f:53:5c:2f:d2:08:1f:40:65:85:11:77:7a:5b:43:
         72:e6:6c:96:ef:ba:f1:97:92:4d:90:72:c5:fa:a1:98:91:09:
         57:90:67:81:ab:6e:9a:1b:ec:32:72:76:61:3a:1b:a8:73:80:
         45:c8:86:5c:fb:47:94:d6:cc:c3:5b:20:35:11:43:d6:00:4c:
         7e:6d:7c:5a:e0:57:2d:9c:29:de:31:63:48:f8:ea:05:85:d5:
         61:3b:1a:07:45:f7:84:ad:df:36:7c:fd:33:e7:bf:3c:c4:1f:
         78:e5:dc:22:46:00:e8:d4:b7:d7:ab:01:99:49:a4:9b:74:1a:
         04:49:e5:61:db:4a:2d:61:55:81:d2:29:ba:41:3d:e1:05:b1:
         a6:dd:2e:6a:0f:05:2a:f3:6f:60:8b:46:81:06:f4:3c:4d:71:
         2c:74:6c:73:47:f3:15:ba:3d:f4:f3:3c:a9:f4:54:e9:2c:ed:
         47:86:e0:a7:4b:27:82:e2:38:7c:04:3f:e1:8b:a6:49:1f:01:
         8b:b7:64:b6:50:e6:af:d6:e8:72:83:01:5c:8d:0f:c5:81:3a:
         a9:fd:02:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSRI6nJAVugvXf5p9fHeoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4YjBmMTJmMTE1YWQ0MGYyYzJiNGFhZDQ1NGQyZTQzNjEx
YzlhMDYwHhcNMjQwMTAxMDQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWI3MjFjNmY3MzQzMDQ1ZDEwMDQ1MWZjZGJkYmUwMTg0MGQyNjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7bsrlyse6n55nM6IYKetZjyd1jfC
Pyg1yPn4o4xo20Rtny8AZx9tiWWNGKH+ntKqeiD6lX40qhbv8mBGv3FXE6tsMkyZ
1SDNkFL8WfgK+eE8wTEqAwapZfDMziCH95Kur3xPUsyQTgAmA/PNG6n8mVd0SQnm
BHlq4MHbf8oiTK9VGYAOtpd6yuQUYZ2GgX5PFoqjCwAwI6szXvwOty+SEalz8iV/
fpy4ccgf55lqf6RlyZrflcTV00rA+TflWWzmsXvkDVzAx7lrSxp+WhJvRlRPR25x
UA36+YYJa5H/j5b3x8t29jHBSPv3ZGtqWiuoFg4aD6iGYGmsw2CVm5u2RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDq3Icb3NDBF0QBFH829vgGEDSZaMB8GA1UdIwQY
MBaAFAiw8S8RWtQPLCtKrUVNLkNhHJoGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0xEeEx4RmExQThzSzBxdFJVMHVRMkVjbWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy81MDM2MDMtMWE1ZC00OTAwLTk4Mjkt
NDhkZWExMDIxYTY5LzEvT3JjaHh2YzBNRVhSQUVVZnpiMi1BWVFOSmxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy81MDM2MDMtMWE1ZC00OTAwLTk4MjktNDhkZWExMDIxYTY5
LzEvQ0xEeEx4RmExQThzSzBxdFJVMHVRMkVjbWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw+GwMA0G
CSqGSIb3DQEBCwUAA4IBAQAwW9XTSrxX/dqpUZqWbGgCrJtg7dR4hIhxzrRcq/XV
UButb9Re3sw/U1wv0ggfQGWFEXd6W0Ny5myW77rxl5JNkHLF+qGYkQlXkGeBq26a
G+wycnZhOhuoc4BFyIZc+0eU1szDWyA1EUPWAEx+bXxa4FctnCneMWNI+OoFhdVh
OxoHRfeErd82fP0z5788xB945dwiRgDo1LfXqwGZSaSbdBoESeVh20otYVWB0im6
QT3hBbGm3S5qDwUq829gi0aBBvQ8TXEsdGxzR/MVuj308zyp9FTpLO1HhuCnSyeC
4jh8BD/hi6ZJHwGLt2S2UOav1uhygwFcjQ/FgTqp/QIh
-----END CERTIFICATE-----