Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/Hb4yv6y38Cek8o1Insig8TZYe7s.roa
File:                     Hb4yv6y38Cek8o1Insig8TZYe7s.roa (raw, json)
Hash identifier:          TDSxDNH1oNsDc3XHBFm0bu4yKLzLpHmUSwvzdfPz9tA=
Subject key identifier:   1D:BE:32:BF:AC:B7:F0:27:A4:F2:8D:48:9E:C8:A0:F1:36:58:7B:BB
Certificate issuer:       /CN=1319f052bc9e7284888074390c9d0bc127606692
Certificate serial:       018CC4937516F0E90DAA7F2ED70527520CC0
Authority key identifier: 13:19:F0:52:BC:9E:72:84:88:80:74:39:0C:9D:0B:C1:27:60:66:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/Hb4yv6y38Cek8o1Insig8TZYe7s.roa
Signing time:             Mon 01 Jan 2024 10:30:47 +0000
ROA not before:           Mon 01 Jan 2024 10:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199130
IP address blocks:        195.23.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 21:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:75:16:f0:e9:0d:aa:7f:2e:d7:05:27:52:0c:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1319f052bc9e7284888074390c9d0bc127606692
        Validity
            Not Before: Jan  1 10:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1dbe32bfacb7f027a4f28d489ec8a0f136587bbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:6d:21:9b:4e:5b:bf:51:f7:49:8b:e6:f6:d5:
                    ee:43:a7:82:00:37:d4:6f:07:26:2d:de:56:1e:78:
                    30:9c:96:d6:ba:f7:c6:63:57:43:3b:ff:24:42:47:
                    82:7e:b7:be:8e:1f:da:2c:d5:89:f0:3c:7a:65:6f:
                    85:7b:7a:df:a3:b3:42:3f:53:6c:79:89:d2:0b:cc:
                    ab:b8:a4:f8:f5:85:28:25:84:81:9e:6b:17:02:64:
                    d6:f2:f0:c4:0b:6b:6a:75:97:00:22:aa:36:01:ea:
                    e8:cf:4b:1e:fc:69:b9:58:3c:62:ac:8f:28:30:47:
                    e6:9f:5d:8d:f3:20:d6:9c:1b:21:ca:05:f2:36:69:
                    18:8d:5f:e4:c4:2f:84:7c:f6:ae:d3:f3:08:ed:0c:
                    7b:3b:20:a2:dc:2b:ac:51:6a:8e:aa:6d:67:0f:f2:
                    28:09:7e:bf:bb:66:4b:b9:83:05:a2:ab:f6:58:30:
                    89:97:f4:a9:03:c7:be:e2:11:bc:68:cf:3e:74:dd:
                    b0:8b:8d:37:de:bc:71:1b:bc:3c:0a:c1:88:2a:bd:
                    3d:75:93:c6:08:7e:35:9a:22:ad:4a:bb:37:7c:29:
                    e8:80:cb:dd:a2:71:d2:ac:d9:50:4c:31:3d:f4:d0:
                    6a:6c:64:f5:16:6d:7a:e8:1e:a0:a2:5e:9f:1d:fb:
                    be:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:BE:32:BF:AC:B7:F0:27:A4:F2:8D:48:9E:C8:A0:F1:36:58:7B:BB
            X509v3 Authority Key Identifier:
                keyid:13:19:F0:52:BC:9E:72:84:88:80:74:39:0C:9D:0B:C1:27:60:66:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/Hb4yv6y38Cek8o1Insig8TZYe7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.23.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:56:3d:38:e9:b2:e3:e8:c5:cd:d5:f7:fe:4d:b1:70:b3:10:
         eb:12:aa:8b:02:4e:b4:d4:e5:3d:76:a8:bc:76:47:ff:78:ef:
         91:b1:c8:e1:8d:cb:09:93:c4:89:a5:0e:d8:81:b0:4f:85:66:
         dc:80:ce:8d:c9:78:1a:8a:cd:ae:60:fe:c2:1d:8c:3b:4d:90:
         c7:36:3b:8e:c7:51:f2:1a:68:73:a3:56:f8:7a:a0:56:df:2e:
         36:98:10:d7:fc:75:7a:5c:af:3f:87:cd:67:50:c4:5d:6c:f3:
         32:b4:a9:2b:45:cf:07:04:c0:99:fb:80:18:80:3d:b9:71:d2:
         35:71:dd:2e:e3:42:97:5f:2d:69:9b:3c:cd:bc:b9:dc:ce:5f:
         98:43:e0:8d:98:5b:9b:6d:b7:87:e4:10:36:e4:fa:78:fd:49:
         68:00:e6:bb:d8:ca:1b:ca:c1:01:fd:04:61:2a:e1:2e:8f:2c:
         e7:04:6e:09:ea:45:bc:f9:9b:99:c1:fe:51:dd:5d:dc:8c:bd:
         dd:56:bb:c5:06:5f:70:cc:06:76:a1:08:da:4a:bc:29:20:dc:
         e2:23:2e:ce:b3:32:c3:7f:3d:f1:05:d8:88:b4:27:b2:55:9a:
         96:47:a4:d5:a5:45:94:54:54:0d:01:91:c3:af:3d:60:24:52:
         c4:25:24:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk3UW8OkNqn8u1wUnUgzAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTlmMDUyYmM5ZTcyODQ4ODgwNzQzOTBjOWQwYmMxMjc2
MDY2OTIwHhcNMjQwMTAxMTAzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGJlMzJiZmFjYjdmMDI3YTRmMjhkNDg5ZWM4YTBmMTM2NTg3YmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn20hm05bv1H3SYvm9tXuQ6eCADfU
bwcmLd5WHngwnJbWuvfGY1dDO/8kQkeCfre+jh/aLNWJ8Dx6ZW+Fe3rfo7NCP1Ns
eYnSC8yruKT49YUoJYSBnmsXAmTW8vDEC2tqdZcAIqo2Aeroz0se/Gm5WDxirI8o
MEfmn12N8yDWnBshygXyNmkYjV/kxC+EfPau0/MI7Qx7OyCi3CusUWqOqm1nD/Io
CX6/u2ZLuYMFoqv2WDCJl/SpA8e+4hG8aM8+dN2wi4033rxxG7w8CsGIKr09dZPG
CH41miKtSrs3fCnogMvdonHSrNlQTDE99NBqbGT1Fm166B6gol6fHfu+VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2+Mr+st/AnpPKNSJ7IoPE2WHu7MB8GA1UdIwQY
MBaAFBMZ8FK8nnKEiIB0OQydC8EnYGaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhud1VyeWVjb1NJZ0hRNURKMEx3U2RnWnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kNWJiY2UtNDIyMC00ZWM0LThhZjUt
MmMxYTc3MzBiZDI1LzEvSGI0eXY2eTM4Q2VrOG8xSW5zaWc4VFpZZTdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kNWJiY2UtNDIyMC00ZWM0LThhZjUtMmMxYTc3MzBiZDI1
LzEvRXhud1VyeWVjb1NJZ0hRNURKMEx3U2RnWnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxdiMA0G
CSqGSIb3DQEBCwUAA4IBAQB/Vj046bLj6MXN1ff+TbFwsxDrEqqLAk601OU9dqi8
dkf/eO+RscjhjcsJk8SJpQ7YgbBPhWbcgM6NyXgais2uYP7CHYw7TZDHNjuOx1Hy
Gmhzo1b4eqBW3y42mBDX/HV6XK8/h81nUMRdbPMytKkrRc8HBMCZ+4AYgD25cdI1
cd0u40KXXy1pmzzNvLnczl+YQ+CNmFubbbeH5BA25Pp4/UloAOa72MobysEB/QRh
KuEujyznBG4J6kW8+ZuZwf5R3V3cjL3dVrvFBl9wzAZ2oQjaSrwpINziIy7OszLD
fz3xBdiItCeyVZqWR6TVpUWUVFQNAZHDrz1gJFLEJST2
-----END CERTIFICATE-----