Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/xZ2Mzu_3c40aDFLd62CdvQWebug.roa
File:                     xZ2Mzu_3c40aDFLd62CdvQWebug.roa (raw, json)
Hash identifier:          xKY3AuHc8X/lxha18soPYIUuGtqbxocRZavr4da/On8=
Subject key identifier:   C5:9D:8C:CE:EF:F7:73:8D:1A:0C:52:DD:EB:60:9D:BD:05:9E:6E:E8
Certificate issuer:       /CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
Certificate serial:       019421B208F9443ABE225499115458A33598
Authority key identifier: 36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/xZ2Mzu_3c40aDFLd62CdvQWebug.roa
Signing time:             Wed 01 Jan 2025 11:48:23 +0000
ROA not before:           Wed 01 Jan 2025 11:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43278
IP address blocks:        95.181.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:08:f9:44:3a:be:22:54:99:11:54:58:a3:35:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
        Validity
            Not Before: Jan  1 11:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c59d8cceeff7738d1a0c52ddeb609dbd059e6ee8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:3f:ef:73:e5:88:f7:a4:40:65:22:86:b9:2a:
                    a9:96:15:e2:23:73:cc:35:18:ae:e0:b2:18:d1:84:
                    ee:82:2d:76:b5:68:ad:13:60:b8:9a:42:75:f3:58:
                    e4:34:51:34:17:69:fa:e9:02:a9:c0:39:8d:f3:02:
                    64:84:0a:bb:b9:54:83:f1:f3:d9:f3:bd:9a:83:60:
                    ff:fe:5d:ce:32:9d:f5:b2:08:fd:67:12:07:27:bf:
                    09:43:c0:b5:d3:09:71:57:36:b8:ac:75:96:75:43:
                    88:5e:4c:83:1b:e4:ef:32:c9:15:f0:a5:60:e4:f1:
                    6a:ec:6b:cc:eb:77:e0:0d:a9:b2:52:4b:35:ef:73:
                    f1:43:fc:21:80:c1:39:a9:b0:41:eb:88:ad:e0:1b:
                    fa:ee:1f:ad:e2:11:7c:6c:ba:80:14:ee:10:ca:46:
                    4c:30:5d:a6:cb:89:bf:76:93:e5:66:11:f8:58:a0:
                    94:bb:76:6d:b6:fb:9a:b2:2f:80:fd:4d:94:bf:c8:
                    a0:64:85:89:68:5c:3b:82:2f:11:b9:e6:f8:44:6e:
                    19:3f:a6:cb:14:6b:d4:f2:de:d5:44:be:9b:07:0b:
                    ac:fd:42:29:db:a7:c3:f4:e1:c3:8b:17:4a:68:31:
                    8a:b3:6e:d6:ae:c7:a7:4d:d0:a6:57:ea:1a:63:a8:
                    78:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:9D:8C:CE:EF:F7:73:8D:1A:0C:52:DD:EB:60:9D:BD:05:9E:6E:E8
            X509v3 Authority Key Identifier:
                keyid:36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/xZ2Mzu_3c40aDFLd62CdvQWebug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.181.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:d8:71:b6:a7:f9:e9:17:46:73:d6:4c:23:07:87:07:fd:3b:
         61:8a:f5:a1:d1:6c:b6:41:43:b7:b6:eb:82:aa:7d:8e:6d:28:
         33:f3:da:20:16:a8:34:5c:e5:5c:af:31:aa:1a:17:ac:51:a0:
         9e:0c:02:92:3e:1a:44:56:e1:84:16:38:2e:7e:ed:f2:54:d2:
         0a:d1:1b:86:50:6b:b8:d6:0c:51:b7:fa:a5:c6:34:8b:e8:d7:
         54:a3:9e:c2:33:38:02:cc:f4:c1:e8:b3:00:6b:1a:59:ac:c4:
         2e:ca:49:e2:27:b2:cb:fc:cb:79:4f:6a:40:8a:c4:71:7c:96:
         79:f9:ef:48:98:9f:a6:bc:76:8e:55:a3:83:81:d9:b3:2a:e3:
         0f:18:7f:6b:02:01:14:34:27:55:c9:9d:5d:15:21:0c:bb:be:
         94:61:4e:f1:d7:8e:23:f8:b6:6e:66:d1:bd:16:bb:7c:e5:88:
         94:15:4b:f9:3e:5d:f3:4a:23:70:0f:16:50:80:47:cc:07:e7:
         df:d5:38:8d:d6:6b:36:7d:47:99:2d:72:08:04:ed:10:ca:e4:
         f3:7c:c6:b0:4d:5a:b6:00:04:2b:f3:70:68:c3:7b:26:6c:4c:
         b4:d2:d0:42:fe:d4:65:44:d6:3e:44:5f:d0:f0:19:fc:66:ad:
         c6:e2:c6:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsgj5RDq+IlSZEVRYozWYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Mzc2OWY4NjQ0YTVhNzE4YWU2MmIwNThkZDFmYjYyY2I1
YTNjMjAwHhcNMjUwMTAxMTE0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTlkOGNjZWVmZjc3MzhkMWEwYzUyZGRlYjYwOWRiZDA1OWU2ZWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwz/vc+WI96RAZSKGuSqplhXiI3PM
NRiu4LIY0YTugi12tWitE2C4mkJ181jkNFE0F2n66QKpwDmN8wJkhAq7uVSD8fPZ
872ag2D//l3OMp31sgj9ZxIHJ78JQ8C10wlxVza4rHWWdUOIXkyDG+TvMskV8KVg
5PFq7GvM63fgDamyUks173PxQ/whgME5qbBB64it4Bv67h+t4hF8bLqAFO4QykZM
MF2my4m/dpPlZhH4WKCUu3Zttvuasi+A/U2Uv8igZIWJaFw7gi8Rueb4RG4ZP6bL
FGvU8t7VRL6bBwus/UIp26fD9OHDixdKaDGKs27WrsenTdCmV+oaY6h4EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWdjM7v93ONGgxS3etgnb0Fnm7oMB8GA1UdIwQY
MBaAFDY3afhkSlpxiuYrBY3R+2LLWjwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYt
Mzk5ZmM5NjkzYjIyLzEveFoyTXp1XzNjNDBhREZMZDYyQ2R2UVdlYnVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYtMzk5ZmM5NjkzYjIy
LzEvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX7WeMA0G
CSqGSIb3DQEBCwUAA4IBAQBl2HG2p/npF0Zz1kwjB4cH/TthivWh0Wy2QUO3tuuC
qn2ObSgz89ogFqg0XOVcrzGqGhesUaCeDAKSPhpEVuGEFjgufu3yVNIK0RuGUGu4
1gxRt/qlxjSL6NdUo57CMzgCzPTB6LMAaxpZrMQuykniJ7LL/Mt5T2pAisRxfJZ5
+e9ImJ+mvHaOVaODgdmzKuMPGH9rAgEUNCdVyZ1dFSEMu76UYU7x144j+LZuZtG9
Frt85YiUFUv5Pl3zSiNwDxZQgEfMB+ff1TiN1ms2fUeZLXIIBO0QyuTzfMawTVq2
AAQr83Bow3smbEy00tBC/tRlRNY+RF/Q8Bn8Zq3G4sZY
-----END CERTIFICATE-----