Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/PQr8huSGKB0evBKB-eF6Y4_vAoY.roa
File:                     PQr8huSGKB0evBKB-eF6Y4_vAoY.roa (raw, json)
Hash identifier:          7uJNcNr/c+hZ+Vn+NTEJI0JHZ/2jhrkxvXAeaUQNqgc=
Subject key identifier:   3D:0A:FC:86:E4:86:28:1D:1E:BC:12:81:F9:E1:7A:63:8F:EF:02:86
Certificate issuer:       /CN=fb987244611b5230536744b6a89f044f32f462ea
Certificate serial:       018CC794215A7B3A062CE6C29AD72ACB4B72
Authority key identifier: FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/PQr8huSGKB0evBKB-eF6Y4_vAoY.roa
Signing time:             Tue 02 Jan 2024 00:30:23 +0000
ROA not before:           Tue 02 Jan 2024 00:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24825
IP address blocks:        195.22.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:21:5a:7b:3a:06:2c:e6:c2:9a:d7:2a:cb:4b:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb987244611b5230536744b6a89f044f32f462ea
        Validity
            Not Before: Jan  2 00:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d0afc86e486281d1ebc1281f9e17a638fef0286
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:32:21:8c:cb:39:5f:55:36:70:30:bd:73:e7:
                    35:67:39:26:f4:59:df:c0:ff:51:2a:42:b0:0a:ef:
                    3e:42:e0:76:0b:3f:54:81:f0:78:45:b4:2d:c1:22:
                    1c:de:3f:e6:ed:65:92:94:d2:a7:02:38:35:ed:30:
                    46:c1:de:75:fc:1e:a7:a2:b2:c6:6a:bf:2b:a7:eb:
                    85:4f:31:f3:41:53:34:db:d6:0d:27:89:6f:02:c1:
                    e1:98:fb:a7:3f:5a:12:c4:61:19:61:98:29:fc:49:
                    70:56:7f:6b:f3:b8:af:e3:1c:e9:54:e2:84:ab:0b:
                    c3:5a:d9:57:67:8d:45:9f:50:c5:3d:83:9b:cc:47:
                    01:86:a7:33:5a:df:10:59:c2:09:98:33:e1:d6:27:
                    87:30:af:23:7b:96:07:ec:e4:8d:7a:cf:a1:32:38:
                    5d:55:c6:08:b5:bf:89:0f:a7:e4:8a:48:38:15:16:
                    f4:dd:bb:f9:ff:61:42:b8:1f:47:04:46:04:13:48:
                    63:e2:26:65:e1:55:90:68:b3:20:24:ba:ca:23:ca:
                    ee:d1:f1:d7:ca:11:c7:25:28:14:b9:82:e0:9f:ee:
                    40:e8:52:de:f8:85:84:b0:9b:e9:c0:99:bb:ce:be:
                    95:5f:47:e1:f6:fd:4c:65:ab:33:18:3c:c9:7d:81:
                    51:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:0A:FC:86:E4:86:28:1D:1E:BC:12:81:F9:E1:7A:63:8F:EF:02:86
            X509v3 Authority Key Identifier:
                keyid:FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/PQr8huSGKB0evBKB-eF6Y4_vAoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.22.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:94:7a:f5:32:14:b2:7b:7b:76:84:43:b5:a3:76:7e:ed:a9:
         14:9e:04:89:fb:26:f7:45:34:dd:74:e2:0c:1d:28:69:ba:5b:
         03:a6:e8:14:61:99:3c:43:7b:e2:06:c4:86:bb:f6:d7:ba:c0:
         2f:b7:0c:a2:96:97:9d:2b:8a:a0:f2:27:41:d9:e2:f7:6e:2f:
         fb:fd:f4:d1:7e:6e:df:53:12:19:70:bf:40:dc:4b:e7:ea:55:
         15:be:e6:61:78:66:75:b6:1c:e6:ea:80:df:fc:f5:e2:89:f0:
         d0:4c:e0:7a:40:e6:72:ad:bc:b6:81:4a:c8:b1:8f:da:a1:ae:
         c8:63:c5:29:5e:3f:bb:c8:39:4d:1d:38:31:73:02:83:36:f3:
         8a:e9:2a:ea:83:ba:0d:6d:26:83:be:a1:2c:d9:b1:f5:b5:b7:
         c6:e0:8f:b3:77:ae:c7:45:d2:4f:72:7e:cd:6c:4d:cf:14:5e:
         03:7e:45:82:4b:5e:8f:e5:07:29:c2:3c:bc:01:d8:4c:f6:e4:
         cb:e2:8f:65:8b:39:04:30:da:b2:04:2a:e0:a9:94:2d:3f:d2:
         b8:28:d9:f0:8e:5c:6e:bf:e0:a1:64:7f:86:5b:9b:b2:9f:c4:
         b0:04:fb:c3:4f:7a:4c:b8:4d:72:4a:96:31:cb:36:7c:9d:a6:
         fe:d3:d4:ff
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlCFaezoGLObCmtcqy0tyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiOTg3MjQ0NjExYjUyMzA1MzY3NDRiNmE4OWYwNDRmMzJm
NDYyZWEwHhcNMjQwMTAyMDAzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDBhZmM4NmU0ODYyODFkMWViYzEyODFmOWUxN2E2MzhmZWYwMjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTIhjMs5X1U2cDC9c+c1Zzkm9Fnf
wP9RKkKwCu8+QuB2Cz9UgfB4RbQtwSIc3j/m7WWSlNKnAjg17TBGwd51/B6norLG
ar8rp+uFTzHzQVM029YNJ4lvAsHhmPunP1oSxGEZYZgp/ElwVn9r87iv4xzpVOKE
qwvDWtlXZ41Fn1DFPYObzEcBhqczWt8QWcIJmDPh1ieHMK8je5YH7OSNes+hMjhd
VcYItb+JD6fkikg4FRb03bv5/2FCuB9HBEYEE0hj4iZl4VWQaLMgJLrKI8ru0fHX
yhHHJSgUuYLgn+5A6FLe+IWEsJvpwJm7zr6VX0fh9v1MZaszGDzJfYFRLwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFD0K/IbkhigdHrwSgfnhemOP7wKGMB8GA1UdIwQY
MBaAFPuYckRhG1IwU2dEtqifBE8y9GLqMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS01aHlSR0ViVWpCVFowUzJxSjhFVHpMMFl1by5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAw
LWJlNTgzMmQ1ZjdhYS8xL1BRcjhodVNHS0IwZXZCS0ItZUY2WTRfdkFvWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAwLWJlNTgzMmQ1Zjdh
YS8xLzEtNWh5UkdFYlVqQlRaMFMycUo4RVR6TDBZdW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDFq0w
DQYJKoZIhvcNAQELBQADggEBAFqUevUyFLJ7e3aEQ7Wjdn7tqRSeBIn7JvdFNN10
4gwdKGm6WwOm6BRhmTxDe+IGxIa79te6wC+3DKKWl50riqDyJ0HZ4vduL/v99NF+
bt9TEhlwv0DcS+fqVRW+5mF4ZnW2HObqgN/89eKJ8NBM4HpA5nKtvLaBSsixj9qh
rshjxSleP7vIOU0dODFzAoM284rpKuqDug1tJoO+oSzZsfW1t8bgj7N3rsdF0k9y
fs1sTc8UXgN+RYJLXo/lBynCPLwB2Ez25Mvij2WLOQQw2rIEKuCplC0/0rgo2fCO
XG6/4KFkf4Zbm7KfxLAE+8NPeky4TXJKljHLNnydpv7T1P8=
-----END CERTIFICATE-----