Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/1S1F4YjSI0Aol_CpEiboIiYaxrw.roa
File:                     1S1F4YjSI0Aol_CpEiboIiYaxrw.roa (raw, json)
Hash identifier:          pzgBxtT1p9IZdhlt38gWxQlJAqkmLjBEUrPQmw/3cbw=
Subject key identifier:   D5:2D:45:E1:88:D2:23:40:28:97:F0:A9:12:26:E8:22:26:1A:C6:BC
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348DC21F75B2B4738711468632265AF
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/1S1F4YjSI0Aol_CpEiboIiYaxrw.roa
Signing time:             Mon 01 Jan 2024 04:29:41 +0000
ROA not before:           Mon 01 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50734
IP address blocks:        194.209.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:dc:21:f7:5b:2b:47:38:71:14:68:63:22:65:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d52d45e188d223402897f0a91226e822261ac6bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a7:87:d8:df:68:d0:ee:1e:8a:1e:03:af:82:
                    b1:07:dc:a4:9e:af:b7:03:b6:4d:d4:f8:a2:f0:0f:
                    b0:70:d2:49:e5:3c:30:e6:74:ca:12:44:4e:e7:41:
                    ef:d3:c6:6d:02:66:86:a0:0e:c2:8c:90:17:2e:2a:
                    c3:08:14:44:84:1d:77:f8:ed:fd:d0:ee:c4:61:36:
                    6c:9c:57:b0:29:67:bd:88:6e:4f:49:b4:a2:f9:a6:
                    b1:23:0e:f5:9f:d5:1c:8d:75:07:e6:5d:2e:d8:a4:
                    d2:a6:2c:7f:a5:7f:ad:e3:f2:54:d5:22:2e:3f:df:
                    b4:a1:9b:51:c8:33:09:b1:a0:8c:f1:15:a3:43:37:
                    58:d9:30:76:ad:f7:c7:03:ca:d3:1f:5c:92:91:d7:
                    20:91:51:1d:93:7d:a4:e8:9e:fe:f6:d2:1d:1b:fc:
                    67:af:d7:ee:20:74:17:04:c8:c5:2e:24:6b:ad:7c:
                    8a:56:86:58:a4:70:a5:5b:23:ef:fa:99:28:85:e1:
                    06:22:10:f1:8e:58:a3:f1:05:06:ec:26:33:95:66:
                    50:57:1f:3b:6c:47:2a:7a:1e:53:53:ce:53:b4:a2:
                    10:98:88:e1:7c:ce:c8:0f:2d:ff:38:36:83:d6:75:
                    71:01:13:c9:db:34:7f:ba:e3:75:e6:a2:90:b5:40:
                    2f:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:2D:45:E1:88:D2:23:40:28:97:F0:A9:12:26:E8:22:26:1A:C6:BC
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/1S1F4YjSI0Aol_CpEiboIiYaxrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:95:ba:12:a4:b3:76:c9:fd:e0:75:c3:c0:10:eb:02:e3:9e:
         57:cd:c4:2c:79:a3:49:69:c6:da:74:12:31:68:28:70:c6:77:
         79:e0:be:05:29:20:be:88:7d:10:6e:bd:bd:d7:8d:4a:9f:3b:
         00:4c:c9:42:7d:df:af:28:ae:b6:6d:7a:fa:59:3e:18:ec:a8:
         ba:e9:93:e3:d0:5e:f3:58:5b:36:27:91:75:7f:28:23:cd:48:
         d6:18:af:a6:6f:aa:a7:a1:61:eb:5e:1e:f3:58:2f:45:5b:5b:
         05:ad:ee:78:48:40:fc:d7:df:f8:c9:0b:5e:2d:d9:dd:52:40:
         98:2d:84:e9:0e:eb:c8:d6:7c:e1:fa:fb:b4:37:f1:f0:43:fe:
         09:d1:91:f6:12:76:d3:34:17:24:ff:23:e8:fb:ab:74:fd:08:
         69:df:8f:e7:c2:7b:12:8f:1d:9b:d6:80:5b:1d:0b:b8:09:b1:
         87:42:bb:71:24:ef:2d:e2:ce:bd:9c:47:fb:0c:25:48:cf:e2:
         87:32:b0:9b:81:2f:df:33:c4:69:d4:62:bd:a3:94:1c:7c:c0:
         2c:11:b9:ca:62:d5:46:dc:60:78:85:a8:e1:18:4a:e4:97:c9:
         8a:d0:49:03:47:1b:9a:cf:c6:67:d6:0f:ef:5e:b7:14:9b:d0:
         67:8c:c7:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSNwh91srRzhxFGhjImWvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTJkNDVlMTg4ZDIyMzQwMjg5N2YwYTkxMjI2ZTgyMjI2MWFjNmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqeH2N9o0O4eih4Dr4KxB9yknq+3
A7ZN1Pii8A+wcNJJ5Tww5nTKEkRO50Hv08ZtAmaGoA7CjJAXLirDCBREhB13+O39
0O7EYTZsnFewKWe9iG5PSbSi+aaxIw71n9UcjXUH5l0u2KTSpix/pX+t4/JU1SIu
P9+0oZtRyDMJsaCM8RWjQzdY2TB2rffHA8rTH1ySkdcgkVEdk32k6J7+9tIdG/xn
r9fuIHQXBMjFLiRrrXyKVoZYpHClWyPv+pkoheEGIhDxjlij8QUG7CYzlWZQVx87
bEcqeh5TU85TtKIQmIjhfM7IDy3/ODaD1nVxARPJ2zR/uuN15qKQtUAv3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUtReGI0iNAKJfwqRIm6CImGsa8MB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvMVMxRjRZalNJMEFvbF9DcEVpYm9JaVlheHJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtFOMA0G
CSqGSIb3DQEBCwUAA4IBAQANlboSpLN2yf3gdcPAEOsC455XzcQseaNJacbadBIx
aChwxnd54L4FKSC+iH0Qbr29141KnzsATMlCfd+vKK62bXr6WT4Y7Ki66ZPj0F7z
WFs2J5F1fygjzUjWGK+mb6qnoWHrXh7zWC9FW1sFre54SED819/4yQteLdndUkCY
LYTpDuvI1nzh+vu0N/HwQ/4J0ZH2EnbTNBck/yPo+6t0/Qhp34/nwnsSjx2b1oBb
HQu4CbGHQrtxJO8t4s69nEf7DCVIz+KHMrCbgS/fM8Rp1GK9o5QcfMAsEbnKYtVG
3GB4hajhGErkl8mK0EkDRxuaz8Zn1g/vXrcUm9BnjMe9
-----END CERTIFICATE-----