Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/3b4d8e-06e8-4ea2-927b-a79630b06d93/1/OpGb0KNHgL7BMTzZEZqxZWI76P4.roa
File:                     OpGb0KNHgL7BMTzZEZqxZWI76P4.roa (raw, json)
Hash identifier:          wMeNpJ8/oFp92ngLFWxv8rAa82e7cDOtDDC1sV4DR+k=
Subject key identifier:   3A:91:9B:D0:A3:47:80:BE:C1:31:3C:D9:11:9A:B1:65:62:3B:E8:FE
Certificate issuer:       /CN=3a77508994ca4d2cc189d35f3382a2a8ab57b84b
Certificate serial:       018CC726AF3416722967CDC48BC620E014AF
Authority key identifier: 3A:77:50:89:94:CA:4D:2C:C1:89:D3:5F:33:82:A2:A8:AB:57:B8:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OndQiZTKTSzBidNfM4KiqKtXuEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/3b4d8e-06e8-4ea2-927b-a79630b06d93/1/OpGb0KNHgL7BMTzZEZqxZWI76P4.roa
Signing time:             Mon 01 Jan 2024 22:30:50 +0000
ROA not before:           Mon 01 Jan 2024 22:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48650
IP address blocks:        195.8.40.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/3b4d8e-06e8-4ea2-927b-a79630b06d93/1/OndQiZTKTSzBidNfM4KiqKtXuEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/3b4d8e-06e8-4ea2-927b-a79630b06d93/1/OndQiZTKTSzBidNfM4KiqKtXuEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OndQiZTKTSzBidNfM4KiqKtXuEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:af:34:16:72:29:67:cd:c4:8b:c6:20:e0:14:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a77508994ca4d2cc189d35f3382a2a8ab57b84b
        Validity
            Not Before: Jan  1 22:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a919bd0a34780bec1313cd9119ab165623be8fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:26:f9:2d:e6:93:e4:31:8b:aa:a3:ad:83:ad:
                    56:53:f1:49:5f:33:8e:3d:fc:e1:7c:a8:7f:3e:c0:
                    a6:4b:4a:b6:7b:25:c6:7f:1f:d7:1a:90:a2:c7:27:
                    dd:04:e9:bf:78:00:81:a4:c2:b0:bb:3d:f8:d9:ff:
                    5b:34:a0:eb:d3:36:bf:57:4f:4b:7e:01:15:01:5b:
                    e0:a8:0b:f8:1c:4d:a2:24:1b:a8:38:e5:3b:88:8e:
                    b7:6e:53:84:1d:9b:9f:96:30:65:d9:43:b4:81:38:
                    e1:8d:91:c4:3b:fb:23:88:3a:ff:2f:19:31:ea:b8:
                    86:e6:e3:03:53:fc:9c:e8:7b:52:84:98:78:f1:a7:
                    cb:73:6c:91:3b:0a:b7:2f:41:a0:87:2f:f9:69:a8:
                    9f:7e:fc:b5:d7:a1:4d:c7:b4:97:f8:4f:91:ab:48:
                    44:ca:ae:a8:3f:ce:fb:6e:92:24:82:d7:6d:c8:fb:
                    db:07:d1:df:59:53:c8:b0:b1:5e:bf:96:8f:ed:b2:
                    bd:1f:d9:99:27:fa:72:1b:86:72:ca:06:15:6d:ca:
                    17:db:5b:22:15:82:1e:76:7a:63:d3:0a:3e:b6:5b:
                    d4:7e:be:db:1b:5b:33:9d:73:6a:1d:56:a6:15:1f:
                    ed:f7:8c:80:0e:0b:12:1f:e6:c5:77:9e:cf:70:16:
                    5e:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:91:9B:D0:A3:47:80:BE:C1:31:3C:D9:11:9A:B1:65:62:3B:E8:FE
            X509v3 Authority Key Identifier:
                keyid:3A:77:50:89:94:CA:4D:2C:C1:89:D3:5F:33:82:A2:A8:AB:57:B8:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OndQiZTKTSzBidNfM4KiqKtXuEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/3b4d8e-06e8-4ea2-927b-a79630b06d93/1/OpGb0KNHgL7BMTzZEZqxZWI76P4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/3b4d8e-06e8-4ea2-927b-a79630b06d93/1/OndQiZTKTSzBidNfM4KiqKtXuEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:8d:e6:5d:d4:00:8d:af:d0:d7:76:2a:75:0f:7a:5f:91:1c:
         07:41:99:08:42:d6:0f:fa:8e:3a:b9:46:ed:ea:75:23:44:70:
         00:ae:9a:1e:4f:d8:30:5c:85:0a:98:e5:e0:35:bd:23:c5:e1:
         0a:d0:19:fa:ad:6c:24:06:e8:48:89:b4:11:c8:72:37:bc:7b:
         33:d3:38:db:75:1c:b2:0e:af:d2:b8:ad:97:88:6e:71:17:33:
         a1:fe:3a:39:b0:1d:da:7b:c4:78:75:a1:6e:82:8d:09:c7:cc:
         21:e2:b0:05:b5:e7:9c:5d:59:a9:e5:b3:1b:37:5a:0e:3b:8a:
         ca:e0:02:42:5f:ea:d0:77:e6:a4:58:81:3e:65:f5:22:1d:82:
         76:de:da:14:14:14:45:3b:d9:08:c0:99:31:8b:29:0e:62:cd:
         a9:5f:87:29:74:d5:ff:d3:10:51:97:3f:b0:08:15:52:f5:03:
         aa:3d:4b:d5:dc:1f:03:c3:46:19:12:8a:a6:c5:b1:dd:cf:88:
         5b:d2:35:eb:d5:5e:e1:2f:19:ef:d5:3e:94:05:c4:75:51:b9:
         09:fb:a7:06:7a:2c:e5:bf:e4:51:6a:69:48:f3:1b:a9:dd:3d:
         61:5e:8b:df:8d:08:b9:a4:c5:b5:49:8c:41:26:b4:bb:1b:16:
         fc:ac:7e:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJq80FnIpZ83Ei8Yg4BSvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNzc1MDg5OTRjYTRkMmNjMTg5ZDM1ZjMzODJhMmE4YWI1
N2I4NGIwHhcNMjQwMTAxMjIzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTkxOWJkMGEzNDc4MGJlYzEzMTNjZDkxMTlhYjE2NTYyM2JlOGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCb5LeaT5DGLqqOtg61WU/FJXzOO
PfzhfKh/PsCmS0q2eyXGfx/XGpCixyfdBOm/eACBpMKwuz342f9bNKDr0za/V09L
fgEVAVvgqAv4HE2iJBuoOOU7iI63blOEHZufljBl2UO0gTjhjZHEO/sjiDr/Lxkx
6riG5uMDU/yc6HtShJh48afLc2yROwq3L0Gghy/5aaiffvy116FNx7SX+E+Rq0hE
yq6oP877bpIkgtdtyPvbB9HfWVPIsLFev5aP7bK9H9mZJ/pyG4ZyygYVbcoX21si
FYIednpj0wo+tlvUfr7bG1sznXNqHVamFR/t94yADgsSH+bFd57PcBZeowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDqRm9CjR4C+wTE82RGasWViO+j+MB8GA1UdIwQY
MBaAFDp3UImUyk0swYnTXzOCoqirV7hLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT25kUWlaVEtUU3pCaWROZk00S2lxS3RYdUVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8zYjRkOGUtMDZlOC00ZWEyLTkyN2It
YTc5NjMwYjA2ZDkzLzEvT3BHYjBLTkhnTDdCTVR6WkVacXhaV0k3NlA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8zYjRkOGUtMDZlOC00ZWEyLTkyN2ItYTc5NjMwYjA2ZDkz
LzEvT25kUWlaVEtUU3pCaWROZk00S2lxS3RYdUVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwwgoMA0G
CSqGSIb3DQEBCwUAA4IBAQBEjeZd1ACNr9DXdip1D3pfkRwHQZkIQtYP+o46uUbt
6nUjRHAArpoeT9gwXIUKmOXgNb0jxeEK0Bn6rWwkBuhIibQRyHI3vHsz0zjbdRyy
Dq/SuK2XiG5xFzOh/jo5sB3ae8R4daFugo0Jx8wh4rAFteecXVmp5bMbN1oOO4rK
4AJCX+rQd+akWIE+ZfUiHYJ23toUFBRFO9kIwJkxiykOYs2pX4cpdNX/0xBRlz+w
CBVS9QOqPUvV3B8Dw0YZEoqmxbHdz4hb0jXr1V7hLxnv1T6UBcR1UbkJ+6cGeizl
v+RRamlI8xup3T1hXovfjQi5pMW1SYxBJrS7Gxb8rH7t
-----END CERTIFICATE-----