Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/4a0d1a-0d8d-4d33-9913-ead20b8fefdf/1/9cNkOnvTCog2hgiasaGZdrnPHbM.roa
File:                     9cNkOnvTCog2hgiasaGZdrnPHbM.roa (raw, json)
Hash identifier:          zS/Xw5VN1/8hexWf6gdCNIvqiL7JGNesOL/kTQHZ+ew=
Subject key identifier:   F5:C3:64:3A:7B:D3:0A:88:36:86:08:9A:B1:A1:99:76:B9:CF:1D:B3
Certificate issuer:       /CN=65d3f80ae668b13cfb6258c5b19f86802a74fd12
Certificate serial:       018CC72754563C6DC7E9EC668E0B62441113
Authority key identifier: 65:D3:F8:0A:E6:68:B1:3C:FB:62:58:C5:B1:9F:86:80:2A:74:FD:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZdP4CuZosTz7YljFsZ-GgCp0_RI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/4a0d1a-0d8d-4d33-9913-ead20b8fefdf/1/9cNkOnvTCog2hgiasaGZdrnPHbM.roa
Signing time:             Mon 01 Jan 2024 22:31:32 +0000
ROA not before:           Mon 01 Jan 2024 22:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24904
IP address blocks:        194.38.32.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/4a0d1a-0d8d-4d33-9913-ead20b8fefdf/1/ZdP4CuZosTz7YljFsZ-GgCp0_RI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/4a0d1a-0d8d-4d33-9913-ead20b8fefdf/1/ZdP4CuZosTz7YljFsZ-GgCp0_RI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZdP4CuZosTz7YljFsZ-GgCp0_RI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 10:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:54:56:3c:6d:c7:e9:ec:66:8e:0b:62:44:11:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65d3f80ae668b13cfb6258c5b19f86802a74fd12
        Validity
            Not Before: Jan  1 22:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5c3643a7bd30a883686089ab1a19976b9cf1db3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:8c:74:36:17:ad:fb:5f:af:e0:fb:3d:4d:f5:
                    8c:86:f5:29:43:62:9c:15:81:24:6b:9c:bd:d3:d2:
                    8b:95:d2:69:04:6b:de:89:81:00:e8:9a:27:eb:79:
                    7b:69:43:ad:c5:ca:a8:a0:8e:9f:a7:9f:54:d8:d7:
                    92:28:16:c0:b2:f4:93:c8:8d:79:d4:43:41:b7:b0:
                    a3:3a:c8:15:e5:05:be:34:45:24:b3:d5:b2:57:86:
                    86:62:63:c4:d0:25:09:f2:69:34:8e:ac:f3:53:3b:
                    6b:de:12:77:b6:d1:a8:a5:04:5b:a5:9b:07:64:30:
                    f9:09:95:15:4b:d1:cf:25:78:1c:aa:55:b4:83:b9:
                    f4:a6:dd:b9:02:cf:59:3b:2a:c0:15:ee:40:df:da:
                    e3:22:76:ac:70:a1:d8:37:91:67:70:a9:92:64:8c:
                    dd:aa:e2:d7:7c:e3:c7:b2:76:45:40:c9:7e:f2:ac:
                    bb:5d:c5:02:e0:23:ce:d7:38:59:f7:fd:82:cb:6c:
                    12:a5:d9:b2:69:a4:03:fe:5d:fb:e8:ce:94:98:1f:
                    98:b3:1b:d0:d7:4d:59:04:b3:54:72:70:57:58:c1:
                    7f:90:bc:d2:ef:1c:73:67:6c:f9:81:1f:05:a7:38:
                    db:9d:bf:be:97:cd:13:35:67:fc:84:99:1d:6a:f2:
                    ba:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:C3:64:3A:7B:D3:0A:88:36:86:08:9A:B1:A1:99:76:B9:CF:1D:B3
            X509v3 Authority Key Identifier:
                keyid:65:D3:F8:0A:E6:68:B1:3C:FB:62:58:C5:B1:9F:86:80:2A:74:FD:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZdP4CuZosTz7YljFsZ-GgCp0_RI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/4a0d1a-0d8d-4d33-9913-ead20b8fefdf/1/9cNkOnvTCog2hgiasaGZdrnPHbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/4a0d1a-0d8d-4d33-9913-ead20b8fefdf/1/ZdP4CuZosTz7YljFsZ-GgCp0_RI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.38.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:a2:b8:80:cb:9c:4b:6b:a2:96:b9:46:cc:2d:f3:9f:2b:c2:
         10:fa:36:76:e2:3e:df:6a:9c:31:c9:f9:6e:a4:ed:ec:b6:8a:
         02:d9:f0:db:05:98:48:bb:55:fe:78:64:74:54:25:33:15:5e:
         cd:43:54:50:89:19:e0:01:ee:3b:b9:f9:a6:f2:8b:7d:17:c7:
         38:7f:36:1d:fc:c8:4e:11:82:f0:fd:d8:33:7d:3d:f4:21:6c:
         7a:a5:20:e8:17:80:1e:8e:14:9c:8b:24:39:b1:ba:fe:00:c9:
         14:d5:15:59:1d:8c:23:c4:95:8f:bf:e6:77:50:30:a1:11:bc:
         f4:2e:82:6f:0d:55:8d:dc:e9:88:e0:01:79:05:93:93:f9:a4:
         4b:8e:1f:bf:74:0f:bf:6d:1b:cb:9a:8d:0d:7a:ab:06:cf:96:
         7e:06:95:3d:ee:43:ab:d5:ff:d0:98:26:5f:2f:ca:36:76:03:
         8d:4e:05:51:03:0b:1b:50:2d:95:55:3e:d4:d4:06:fd:c1:19:
         a4:4d:16:98:e1:99:be:13:57:28:96:23:17:a5:97:ed:b7:51:
         d5:5d:cf:6e:ce:d6:97:3c:b0:37:1b:4e:22:85:45:5f:56:a4:
         14:8a:45:92:03:f7:f1:c7:da:4c:7f:bb:4e:3b:7d:95:0f:7f:
         21:7c:72:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1RWPG3H6exmjgtiRBETMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ZDNmODBhZTY2OGIxM2NmYjYyNThjNWIxOWY4NjgwMmE3
NGZkMTIwHhcNMjQwMTAxMjIzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWMzNjQzYTdiZDMwYTg4MzY4NjA4OWFiMWExOTk3NmI5Y2YxZGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIx0Nhet+1+v4Ps9TfWMhvUpQ2Kc
FYEka5y909KLldJpBGveiYEA6Jon63l7aUOtxcqooI6fp59U2NeSKBbAsvSTyI15
1ENBt7CjOsgV5QW+NEUks9WyV4aGYmPE0CUJ8mk0jqzzUztr3hJ3ttGopQRbpZsH
ZDD5CZUVS9HPJXgcqlW0g7n0pt25As9ZOyrAFe5A39rjInascKHYN5FncKmSZIzd
quLXfOPHsnZFQMl+8qy7XcUC4CPO1zhZ9/2Cy2wSpdmyaaQD/l376M6UmB+YsxvQ
101ZBLNUcnBXWMF/kLzS7xxzZ2z5gR8Fpzjbnb++l80TNWf8hJkdavK6rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPXDZDp70wqINoYImrGhmXa5zx2zMB8GA1UdIwQY
MBaAFGXT+ArmaLE8+2JYxbGfhoAqdP0SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmRQNEN1Wm9zVHo3WWxqRnNaLUdnQ3AwX1JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS80YTBkMWEtMGQ4ZC00ZDMzLTk5MTMt
ZWFkMjBiOGZlZmRmLzEvOWNOa09udlRDb2cyaGdpYXNhR1pkcm5QSGJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS80YTBkMWEtMGQ4ZC00ZDMzLTk5MTMtZWFkMjBiOGZlZmRm
LzEvWmRQNEN1Wm9zVHo3WWxqRnNaLUdnQ3AwX1JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiYgMA0G
CSqGSIb3DQEBCwUAA4IBAQCCoriAy5xLa6KWuUbMLfOfK8IQ+jZ24j7fapwxyflu
pO3stooC2fDbBZhIu1X+eGR0VCUzFV7NQ1RQiRngAe47ufmm8ot9F8c4fzYd/MhO
EYLw/dgzfT30IWx6pSDoF4AejhSciyQ5sbr+AMkU1RVZHYwjxJWPv+Z3UDChEbz0
LoJvDVWN3OmI4AF5BZOT+aRLjh+/dA+/bRvLmo0NeqsGz5Z+BpU97kOr1f/QmCZf
L8o2dgONTgVRAwsbUC2VVT7U1Ab9wRmkTRaY4Zm+E1coliMXpZftt1HVXc9uztaX
PLA3G04ihUVfVqQUikWSA/fxx9pMf7tOO32VD38hfHIt
-----END CERTIFICATE-----