Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/uR5xcSFVdn58FRGfsyjKU_HRV_c.roa
File:                     uR5xcSFVdn58FRGfsyjKU_HRV_c.roa (raw, json)
Hash identifier:          XPLYCprR9tADT692gjLy77Qp63H3y/dk9tYwL1o6M+c=
Subject key identifier:   B9:1E:71:71:21:55:76:7E:7C:15:11:9F:B3:28:CA:53:F1:D1:57:F7
Certificate issuer:       /CN=0969a2a39635b797476f1f1633ae8f27bf33b533
Certificate serial:       018CC3B6DB1D55CF7B722158F9A981A6F953
Authority key identifier: 09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/uR5xcSFVdn58FRGfsyjKU_HRV_c.roa
Signing time:             Mon 01 Jan 2024 06:29:49 +0000
ROA not before:           Mon 01 Jan 2024 06:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212219
IP address blocks:        195.85.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 12:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:db:1d:55:cf:7b:72:21:58:f9:a9:81:a6:f9:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0969a2a39635b797476f1f1633ae8f27bf33b533
        Validity
            Not Before: Jan  1 06:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b91e71712155767e7c15119fb328ca53f1d157f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:b0:cb:88:39:7e:0f:14:05:92:d0:f8:c7:8b:
                    b4:40:d9:93:88:c1:3d:dd:50:5b:ae:12:82:c1:61:
                    23:1c:da:7d:ae:11:52:38:bb:39:fb:c4:b1:dc:20:
                    be:79:ef:85:30:c2:44:99:29:eb:a7:91:1e:30:29:
                    44:ef:1c:cb:f7:ea:6d:5b:8e:8d:07:af:f8:b8:f2:
                    3c:62:1b:3c:b0:68:48:5f:b1:6b:4d:1f:21:c1:df:
                    f2:21:31:54:b1:1f:4b:ef:e7:a3:ee:ed:36:3a:13:
                    63:b1:44:e7:c7:60:8c:49:dd:4a:74:37:50:8b:48:
                    22:03:c4:f4:58:a4:94:0d:59:18:f2:fa:3c:a6:ce:
                    ae:17:07:6a:0d:38:42:9d:5c:e2:b9:32:47:3a:68:
                    73:5a:15:13:7e:68:6b:d4:6a:cb:69:b6:36:05:de:
                    8d:18:f1:27:ec:7d:31:62:5e:4e:db:dd:7e:01:28:
                    4d:78:ba:09:9d:68:f8:3d:df:38:55:6a:25:58:00:
                    86:bd:9a:fa:4b:0c:dd:9b:36:01:67:4d:22:5b:67:
                    89:a3:47:18:bd:85:1c:10:54:bb:a0:19:00:03:c2:
                    79:d7:90:ad:95:08:72:d8:0e:62:10:02:20:f0:fc:
                    a0:03:04:78:0a:f9:b2:c6:f4:3f:96:e5:68:0f:ee:
                    02:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:1E:71:71:21:55:76:7E:7C:15:11:9F:B3:28:CA:53:F1:D1:57:F7
            X509v3 Authority Key Identifier:
                keyid:09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/uR5xcSFVdn58FRGfsyjKU_HRV_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:fc:89:dd:22:58:c7:98:3c:d8:66:c8:8a:72:92:2e:75:5d:
         d5:ab:ee:0c:3b:47:56:ee:08:37:7a:ce:11:52:e3:4e:71:52:
         a6:68:cd:02:ff:d0:dc:e1:b2:ca:a2:ae:4b:56:79:d6:3e:59:
         1d:bd:85:78:8c:7e:92:d0:37:31:b4:7e:51:4c:72:7e:e9:1c:
         6d:b5:e3:1f:2c:b2:47:9f:5b:9c:e4:a9:26:e3:99:f8:17:08:
         d1:3e:50:59:6f:c0:84:15:d1:4a:c9:c9:43:03:f5:d1:71:00:
         34:09:fb:df:26:8a:a0:73:fd:fa:f6:29:3d:28:05:e4:b3:a9:
         d1:cc:f1:8b:f9:f9:c9:0f:3d:85:c0:2d:84:35:db:4d:18:99:
         14:f6:76:92:75:da:d6:5f:47:61:98:d7:0f:77:4f:f3:66:b2:
         04:3a:52:26:d7:f2:34:af:c4:71:6c:38:27:70:c0:5f:dd:e9:
         40:c0:d8:55:7f:cd:4e:48:30:fa:cc:8d:93:9b:0d:a0:f7:d0:
         3f:93:58:99:89:57:bc:a7:82:26:71:6f:3d:e1:7f:e4:c2:0c:
         53:ea:f5:04:b2:84:c0:4d:69:00:0d:ed:b6:4b:45:59:c5:c3:
         c7:dc:af:14:f8:0b:f9:e1:db:2c:6c:8e:e4:2b:67:f9:12:c1:
         95:79:20:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttsdVc97ciFY+amBpvlTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NjlhMmEzOTYzNWI3OTc0NzZmMWYxNjMzYWU4ZjI3YmYz
M2I1MzMwHhcNMjQwMTAxMDYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTFlNzE3MTIxNTU3NjdlN2MxNTExOWZiMzI4Y2E1M2YxZDE1N2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibDLiDl+DxQFktD4x4u0QNmTiME9
3VBbrhKCwWEjHNp9rhFSOLs5+8Sx3CC+ee+FMMJEmSnrp5EeMClE7xzL9+ptW46N
B6/4uPI8Yhs8sGhIX7FrTR8hwd/yITFUsR9L7+ej7u02OhNjsUTnx2CMSd1KdDdQ
i0giA8T0WKSUDVkY8vo8ps6uFwdqDThCnVziuTJHOmhzWhUTfmhr1GrLabY2Bd6N
GPEn7H0xYl5O291+AShNeLoJnWj4Pd84VWolWACGvZr6SwzdmzYBZ00iW2eJo0cY
vYUcEFS7oBkAA8J515CtlQhy2A5iEAIg8PygAwR4CvmyxvQ/luVoD+4CYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLkecXEhVXZ+fBURn7MoylPx0Vf3MB8GA1UdIwQY
MBaAFAlpoqOWNbeXR28fFjOujye/M7UzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUt
NDE0OTA4NzJmYzRlLzEvdVI1eGNTRlZkbjU4RlJHZnN5aktVX0hSVl9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUtNDE0OTA4NzJmYzRl
LzEvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1XPMA0G
CSqGSIb3DQEBCwUAA4IBAQA+/IndIljHmDzYZsiKcpIudV3Vq+4MO0dW7gg3es4R
UuNOcVKmaM0C/9Dc4bLKoq5LVnnWPlkdvYV4jH6S0DcxtH5RTHJ+6RxtteMfLLJH
n1uc5Kkm45n4FwjRPlBZb8CEFdFKyclDA/XRcQA0CfvfJoqgc/369ik9KAXks6nR
zPGL+fnJDz2FwC2ENdtNGJkU9naSddrWX0dhmNcPd0/zZrIEOlIm1/I0r8RxbDgn
cMBf3elAwNhVf81OSDD6zI2Tmw2g99A/k1iZiVe8p4ImcW894X/kwgxT6vUEsoTA
TWkADe22S0VZxcPH3K8U+Av54dssbI7kK2f5EsGVeSDD
-----END CERTIFICATE-----