Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/uAqfaMDJVl3wC5VHg5wGDauZJv0.roa
File:                     uAqfaMDJVl3wC5VHg5wGDauZJv0.roa (raw, json)
Hash identifier:          nbMfLRoWpozukxfVggULpwrotnrbBLPhCNiwMIZ1Ro8=
Subject key identifier:   B8:0A:9F:68:C0:C9:56:5D:F0:0B:95:47:83:9C:06:0D:AB:99:26:FD
Certificate issuer:       /CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
Certificate serial:       018CC87150F34BBABBC7B2BB39AA26FE908D
Authority key identifier: 36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/uAqfaMDJVl3wC5VHg5wGDauZJv0.roa
Signing time:             Tue 02 Jan 2024 04:31:58 +0000
ROA not before:           Tue 02 Jan 2024 04:31:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41717
IP address blocks:        95.181.154.0/24 maxlen: 24
                          95.181.162.0/24 maxlen: 24
                          95.181.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:50:f3:4b:ba:bb:c7:b2:bb:39:aa:26:fe:90:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
        Validity
            Not Before: Jan  2 04:31:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b80a9f68c0c9565df00b9547839c060dab9926fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:82:fb:34:79:c3:34:dd:b3:d4:d3:51:51:8c:
                    2b:09:ae:98:76:cd:72:0f:b4:03:07:3b:3e:f7:4e:
                    33:d1:84:c5:c3:d0:82:3a:7c:c7:77:fe:25:87:0b:
                    a4:de:c1:95:dc:0c:d8:3e:8f:f5:a4:3f:5b:77:63:
                    54:c4:62:95:9d:bb:59:eb:68:94:76:b0:14:6a:9f:
                    0e:b8:f8:cc:79:9a:82:42:90:2a:b3:86:95:b4:07:
                    ab:e5:c6:a0:43:27:51:9b:91:a8:d3:28:7b:1d:a9:
                    df:3d:76:f2:c8:b6:b9:1b:fa:cd:99:1a:68:3e:f6:
                    36:d3:ee:76:89:95:7a:bc:04:ae:3f:b0:be:7d:57:
                    d2:04:98:fd:10:05:15:cb:1b:57:ae:b0:83:e4:1d:
                    52:b6:5d:61:3d:48:cc:60:fa:32:1c:eb:f1:74:1b:
                    92:a7:e4:9d:52:54:b2:ea:62:e8:cc:a2:1a:cb:d0:
                    82:91:eb:83:e8:9a:aa:63:ab:74:0e:27:9c:43:e4:
                    f1:e5:6e:70:16:b6:55:be:41:7e:a7:c0:df:c8:1e:
                    2f:1e:0a:9d:73:83:34:de:b8:0a:f9:1b:ca:1d:79:
                    e6:bd:30:23:ed:02:17:6a:ac:36:52:aa:b5:22:aa:
                    bd:a7:b0:73:63:b8:9a:a3:f6:23:f5:86:6d:d5:7f:
                    dd:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:0A:9F:68:C0:C9:56:5D:F0:0B:95:47:83:9C:06:0D:AB:99:26:FD
            X509v3 Authority Key Identifier:
                keyid:36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/uAqfaMDJVl3wC5VHg5wGDauZJv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.181.154.0/24
                  95.181.162.0/24
                  95.181.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:a7:cc:3d:59:6b:23:13:8f:ef:cf:8a:f4:9f:bb:0e:34:97:
         d6:4f:f7:06:a6:6d:d2:46:29:fb:e8:2e:ab:ab:39:ef:a1:98:
         98:93:82:8f:a3:0c:9b:1c:15:28:b2:60:ef:94:fb:0b:a3:3a:
         d3:fc:9b:fc:aa:e3:ae:2c:db:dd:54:d4:74:c7:95:27:51:26:
         0b:e1:cb:2e:d4:58:08:c6:4a:75:11:b3:e0:33:64:45:a8:58:
         31:cc:a4:a8:9c:12:59:ab:3c:f5:df:c5:16:b6:f8:19:eb:3f:
         14:7e:64:d4:2c:fb:e4:1c:1e:a5:5f:7a:22:78:be:5f:84:c7:
         66:81:64:18:e9:44:c6:c6:93:0d:d4:b3:77:28:bb:25:5e:bd:
         b8:0e:68:de:1a:d6:5f:56:57:58:07:d3:ec:1a:f8:75:e9:36:
         07:9b:f6:a9:14:0f:6f:25:8d:5c:9d:f0:f3:7e:75:c9:40:f8:
         41:5d:c8:98:a6:85:68:7f:c9:d3:3f:3b:20:0c:e7:95:df:61:
         65:70:17:96:0d:4c:67:84:29:7a:e3:9b:00:12:f8:e5:0c:3c:
         b4:b9:f7:3a:51:b7:8e:14:73:1b:e9:cd:05:e3:a8:67:a1:94:
         cf:26:d3:3e:be:67:ad:f8:11:65:95:08:4a:16:a3:e3:06:2f:
         5e:01:fd:37
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIcVDzS7q7x7K7Oaom/pCNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Mzc2OWY4NjQ0YTVhNzE4YWU2MmIwNThkZDFmYjYyY2I1
YTNjMjAwHhcNMjQwMTAyMDQzMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODBhOWY2OGMwYzk1NjVkZjAwYjk1NDc4MzljMDYwZGFiOTkyNmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmIL7NHnDNN2z1NNRUYwrCa6Yds1y
D7QDBzs+904z0YTFw9CCOnzHd/4lhwuk3sGV3AzYPo/1pD9bd2NUxGKVnbtZ62iU
drAUap8OuPjMeZqCQpAqs4aVtAer5cagQydRm5Go0yh7HanfPXbyyLa5G/rNmRpo
PvY20+52iZV6vASuP7C+fVfSBJj9EAUVyxtXrrCD5B1Stl1hPUjMYPoyHOvxdBuS
p+SdUlSy6mLozKIay9CCkeuD6JqqY6t0DiecQ+Tx5W5wFrZVvkF+p8DfyB4vHgqd
c4M03rgK+RvKHXnmvTAj7QIXaqw2Uqq1Iqq9p7BzY7iao/Yj9YZt1X/d5QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLgKn2jAyVZd8AuVR4OcBg2rmSb9MB8GA1UdIwQY
MBaAFDY3afhkSlpxiuYrBY3R+2LLWjwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYt
Mzk5ZmM5NjkzYjIyLzEvdUFxZmFNREpWbDN3QzVWSGc1d0dEYXVaSnYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYtMzk5ZmM5NjkzYjIy
LzEvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAX7WaAwQA
X7WiAwQAX7WnMA0GCSqGSIb3DQEBCwUAA4IBAQAAp8w9WWsjE4/vz4r0n7sONJfW
T/cGpm3SRin76C6rqznvoZiYk4KPowybHBUosmDvlPsLozrT/Jv8quOuLNvdVNR0
x5UnUSYL4csu1FgIxkp1EbPgM2RFqFgxzKSonBJZqzz138UWtvgZ6z8UfmTULPvk
HB6lX3oieL5fhMdmgWQY6UTGxpMN1LN3KLslXr24DmjeGtZfVldYB9PsGvh16TYH
m/apFA9vJY1cnfDzfnXJQPhBXciYpoVof8nTPzsgDOeV32FlcBeWDUxnhCl645sA
EvjlDDy0ufc6UbeOFHMb6c0F46hnoZTPJtM+vmet+BFllQhKFqPjBi9eAf03
-----END CERTIFICATE-----