Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/pljQjrp_siShEjsSyWp8cgqwW6U.roa
File:                     pljQjrp_siShEjsSyWp8cgqwW6U.roa (raw, json)
Hash identifier:          NF/34mXB59jbas9vtVMmHabhIxVmovVzMtKnM4cPIBo=
Subject key identifier:   A6:58:D0:8E:BA:7F:B2:24:A1:12:3B:12:C9:6A:7C:72:0A:B0:5B:A5
Certificate issuer:       /CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Certificate serial:       018CC50117D90D40B8909C10A76C27E4860D
Authority key identifier: 52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/pljQjrp_siShEjsSyWp8cgqwW6U.roa
Signing time:             Mon 01 Jan 2024 12:30:32 +0000
ROA not before:           Mon 01 Jan 2024 12:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42708
IP address blocks:        195.191.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 22:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:17:d9:0d:40:b8:90:9c:10:a7:6c:27:e4:86:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
        Validity
            Not Before: Jan  1 12:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a658d08eba7fb224a1123b12c96a7c720ab05ba5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:cc:22:f7:55:97:46:0d:18:44:68:f7:0b:06:
                    eb:d6:10:7d:8e:32:62:c2:5e:e5:5a:67:cb:a0:2c:
                    1d:39:d9:f2:5c:bb:2d:5f:c1:4b:e5:d0:27:74:df:
                    d8:e6:0c:cc:8d:ca:6c:91:92:6e:84:64:a0:6e:8a:
                    ff:c7:36:f9:99:3d:9d:e9:bf:d4:cf:ed:e5:91:79:
                    ef:16:20:f5:8c:d4:4f:5e:e2:68:0e:fa:d1:04:bc:
                    0b:df:43:c3:70:96:58:63:cd:23:16:a5:ab:84:43:
                    1e:d2:57:c7:f1:38:1a:66:a3:91:68:f0:01:fa:11:
                    96:0d:61:95:69:31:07:f5:a7:01:16:7f:a2:cd:84:
                    34:46:08:a2:a5:a8:8e:f9:d1:fa:a7:86:bf:17:e3:
                    3c:df:ca:4e:fd:56:d4:81:b2:b8:18:e2:64:a7:fe:
                    b3:b1:17:8d:50:67:4f:ad:f8:c8:93:36:15:63:d4:
                    3d:ca:1d:f7:a0:ad:f2:53:17:34:cf:8b:f7:9f:3a:
                    f6:bb:a3:fa:c0:46:62:95:e4:38:20:03:bc:da:40:
                    03:4d:37:1f:11:c1:d5:b2:fc:5d:9b:c7:cb:81:74:
                    33:96:d5:0c:ff:05:e0:27:33:d8:a6:41:b5:b1:b3:
                    57:fd:b6:76:54:0f:5e:47:91:dd:9c:46:ad:be:1a:
                    bc:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:58:D0:8E:BA:7F:B2:24:A1:12:3B:12:C9:6A:7C:72:0A:B0:5B:A5
            X509v3 Authority Key Identifier:
                keyid:52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/pljQjrp_siShEjsSyWp8cgqwW6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:13:26:56:ad:c2:87:6a:63:ad:d0:89:17:ed:f0:c1:5c:6b:
         40:b5:1b:5c:20:f0:d7:15:3a:9d:c6:a8:ba:72:ed:ac:6d:e0:
         9b:33:86:04:86:ae:33:02:d9:7a:2b:e1:0f:81:12:a3:c2:c5:
         c9:39:dd:32:b5:86:ab:04:1b:73:5f:23:d3:fb:27:a2:7b:e3:
         f4:59:e4:6b:59:ab:9f:67:8c:cd:3a:b9:a8:68:89:08:b3:4f:
         7c:41:79:e5:c3:b4:82:dc:08:33:b9:ee:53:b2:2c:11:07:55:
         c7:2b:e4:ef:bb:b2:f9:c6:91:75:16:45:58:2f:2b:5b:2b:7f:
         1d:8a:32:0f:d2:17:0a:19:c1:8c:60:6c:91:21:8b:b8:c0:9e:
         9b:3b:49:5a:b7:90:f0:9a:b9:c6:37:e1:21:bc:32:09:1c:d0:
         1e:1e:c6:f8:45:5c:4f:09:8f:af:9b:00:4b:60:ca:6e:ae:10:
         53:08:b1:a4:08:56:dc:cf:6b:a6:3f:a4:5f:ae:94:63:38:fd:
         ce:1d:5f:ae:ee:59:2d:5b:3d:8a:6a:eb:a2:bd:1e:31:fe:b3:
         49:a3:87:78:42:3c:4c:22:15:e5:10:dd:8b:58:2b:c8:4c:7e:
         7b:3c:9b:62:cd:a0:b9:b6:f7:f3:68:a5:10:c4:1f:8c:ce:a6:
         df:57:75:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFARfZDUC4kJwQp2wn5IYNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZGM5YzIxOGI1MTBjMDdiYzY2NTliMDlmYmQzMmFmZTY4
YWJmZDIwHhcNMjQwMTAxMTIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjU4ZDA4ZWJhN2ZiMjI0YTExMjNiMTJjOTZhN2M3MjBhYjA1YmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMwi91WXRg0YRGj3Cwbr1hB9jjJi
wl7lWmfLoCwdOdnyXLstX8FL5dAndN/Y5gzMjcpskZJuhGSgbor/xzb5mT2d6b/U
z+3lkXnvFiD1jNRPXuJoDvrRBLwL30PDcJZYY80jFqWrhEMe0lfH8TgaZqORaPAB
+hGWDWGVaTEH9acBFn+izYQ0RgiipaiO+dH6p4a/F+M838pO/VbUgbK4GOJkp/6z
sReNUGdPrfjIkzYVY9Q9yh33oK3yUxc0z4v3nzr2u6P6wEZileQ4IAO82kADTTcf
EcHVsvxdm8fLgXQzltUM/wXgJzPYpkG1sbNX/bZ2VA9eR5HdnEatvhq8jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKZY0I66f7IkoRI7EslqfHIKsFulMB8GA1UdIwQY
MBaAFFLcnCGLUQwHvGZZsJ+9Mq/mir/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYt
NTJmOTdiMjc3ZDFmLzEvcGxqUWpycF9zaVNoRWpzU3lXcDhjZ3F3VzZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYtNTJmOTdiMjc3ZDFm
LzEvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7+RMA0G
CSqGSIb3DQEBCwUAA4IBAQCpEyZWrcKHamOt0IkX7fDBXGtAtRtcIPDXFTqdxqi6
cu2sbeCbM4YEhq4zAtl6K+EPgRKjwsXJOd0ytYarBBtzXyPT+yeie+P0WeRrWauf
Z4zNOrmoaIkIs098QXnlw7SC3Agzue5TsiwRB1XHK+Tvu7L5xpF1FkVYLytbK38d
ijIP0hcKGcGMYGyRIYu4wJ6bO0lat5DwmrnGN+EhvDIJHNAeHsb4RVxPCY+vmwBL
YMpurhBTCLGkCFbcz2umP6RfrpRjOP3OHV+u7lktWz2KauuivR4x/rNJo4d4QjxM
IhXlEN2LWCvITH57PJtizaC5tvfzaKUQxB+MzqbfV3Vo
-----END CERTIFICATE-----