Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/1HOsZLc-xkmKxpZ6SXh3SsGk8ds.roa
File:                     1HOsZLc-xkmKxpZ6SXh3SsGk8ds.roa (raw, json)
Hash identifier:          3n/dkchwhoj66zls5yTH339Uuefx/D8BOWuj/sa9hgM=
Subject key identifier:   D4:73:AC:64:B7:3E:C6:49:8A:C6:96:7A:49:78:77:4A:C1:A4:F1:DB
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       018CC64AD417CF4EB5E894819A2B5FA3F32C
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/1HOsZLc-xkmKxpZ6SXh3SsGk8ds.roa
Signing time:             Mon 01 Jan 2024 18:30:41 +0000
ROA not before:           Mon 01 Jan 2024 18:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35583
IP address blocks:        95.164.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:d4:17:cf:4e:b5:e8:94:81:9a:2b:5f:a3:f3:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  1 18:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d473ac64b73ec6498ac6967a4978774ac1a4f1db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:c0:9d:db:fc:76:3f:c2:d5:7b:9b:21:3f:d3:
                    d6:35:ab:b0:c0:26:57:05:ab:a6:f8:f1:46:b4:c9:
                    28:cc:b0:82:53:2f:e0:bf:e2:9f:0f:3b:32:4c:c1:
                    75:09:b5:52:40:99:19:9c:0a:2a:06:ac:a8:16:81:
                    80:0f:8a:b6:b0:e2:29:98:45:00:ec:11:50:a9:7c:
                    81:1f:4c:3f:f2:8d:64:61:9b:5f:7e:f1:12:03:38:
                    ef:db:04:d7:cf:52:3b:f7:a6:68:e4:42:5d:24:bd:
                    ca:e6:4f:39:d5:dc:e3:45:1b:6b:44:72:ea:0c:c3:
                    d2:51:90:d3:0a:c7:ca:26:df:c6:20:72:a5:e8:8a:
                    69:70:fd:a8:fb:5e:33:fe:e9:56:d9:04:1a:d4:ef:
                    fd:6b:2f:71:a9:37:a5:e7:88:cb:e8:5c:a1:e6:7e:
                    a1:52:71:02:36:26:a1:af:e9:90:fa:22:50:05:84:
                    28:ea:79:1a:e6:ee:17:3f:a5:5f:85:8d:bf:0a:a3:
                    3e:75:64:11:81:6d:39:a3:06:42:0b:9f:87:93:66:
                    e5:5c:96:1e:a1:5f:cf:c7:9a:56:97:ba:5f:e9:b8:
                    28:54:a8:9b:f8:5c:c7:d5:10:d1:4f:c7:2c:36:ef:
                    a5:19:eb:33:8e:64:fb:78:28:b2:5d:ce:f7:cf:0c:
                    a6:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:73:AC:64:B7:3E:C6:49:8A:C6:96:7A:49:78:77:4A:C1:A4:F1:DB
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/1HOsZLc-xkmKxpZ6SXh3SsGk8ds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:33:22:32:48:1d:19:c0:9c:c3:3b:60:ff:d6:c4:53:da:ad:
         5d:fe:46:78:7a:91:0c:85:1b:e6:2f:4a:56:21:21:9a:8e:d4:
         ec:f6:7a:f8:08:df:a1:d5:54:53:50:be:0a:40:7e:dc:35:ee:
         07:b4:33:2b:d3:70:ce:17:f8:1b:05:f7:2b:3e:40:1c:73:ce:
         47:1d:66:aa:a2:76:5b:94:e2:87:cc:8d:51:95:18:cb:51:c9:
         1a:f4:4f:1a:dc:5e:5d:bc:41:6d:a1:f6:23:5b:b8:1d:61:e9:
         3a:cd:df:75:fd:ef:6e:50:03:6e:21:d7:e5:d3:a5:90:3d:3e:
         fe:77:c1:c2:f6:1f:6b:60:60:33:60:e6:a6:46:81:2a:2d:58:
         da:5f:5f:06:58:75:ee:ba:48:46:4f:12:c5:96:76:a8:4e:7a:
         4c:3c:8f:d1:1b:60:bd:0d:1c:89:e1:4c:f5:20:ad:31:97:2d:
         a6:a8:a6:03:26:01:17:b2:7b:a0:88:b9:f9:71:a6:95:69:c0:
         af:42:7e:2e:bd:72:7b:b4:d8:0e:93:49:c5:0a:9b:6e:2f:18:
         b5:dc:2d:b8:a2:3e:b0:da:cc:89:8d:dd:97:1e:88:72:e6:eb:
         48:56:a2:21:f2:ba:4b:7f:28:a3:a3:eb:fa:04:73:13:16:87:
         59:17:bb:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGStQXz0616JSBmitfo/MsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMTAxMTgzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDczYWM2NGI3M2VjNjQ5OGFjNjk2N2E0OTc4Nzc0YWMxYTRmMWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1sCd2/x2P8LVe5shP9PWNauwwCZX
Baum+PFGtMkozLCCUy/gv+KfDzsyTMF1CbVSQJkZnAoqBqyoFoGAD4q2sOIpmEUA
7BFQqXyBH0w/8o1kYZtffvESAzjv2wTXz1I796Zo5EJdJL3K5k851dzjRRtrRHLq
DMPSUZDTCsfKJt/GIHKl6IppcP2o+14z/ulW2QQa1O/9ay9xqTel54jL6Fyh5n6h
UnECNiahr+mQ+iJQBYQo6nka5u4XP6VfhY2/CqM+dWQRgW05owZCC5+Hk2blXJYe
oV/Px5pWl7pf6bgoVKib+FzH1RDRT8csNu+lGeszjmT7eCiyXc73zwymCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNRzrGS3PsZJisaWekl4d0rBpPHbMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvMUhPc1pMYy14a21LeHBaNlNYaDNTc0drOGRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6QwMA0G
CSqGSIb3DQEBCwUAA4IBAQB2MyIySB0ZwJzDO2D/1sRT2q1d/kZ4epEMhRvmL0pW
ISGajtTs9nr4CN+h1VRTUL4KQH7cNe4HtDMr03DOF/gbBfcrPkAcc85HHWaqonZb
lOKHzI1RlRjLUcka9E8a3F5dvEFtofYjW7gdYek6zd91/e9uUANuIdfl06WQPT7+
d8HC9h9rYGAzYOamRoEqLVjaX18GWHXuukhGTxLFlnaoTnpMPI/RG2C9DRyJ4Uz1
IK0xly2mqKYDJgEXsnugiLn5caaVacCvQn4uvXJ7tNgOk0nFCptuLxi13C24oj6w
2syJjd2XHohy5utIVqIh8rpLfyijo+v6BHMTFodZF7uF
-----END CERTIFICATE-----