Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/9059c8-bbd8-4f6e-a60e-ef26c344ef01/1/SuMxoTnjWOFIGQ5e_ubIXVg-ifc.roa
File:                     SuMxoTnjWOFIGQ5e_ubIXVg-ifc.roa (raw, json)
Hash identifier:          4a5X+FcMpa+jUkoOrvSWJKiesJVeSyiQCcapbSI0dxM=
Subject key identifier:   4A:E3:31:A1:39:E3:58:E1:48:19:0E:5E:FE:E6:C8:5D:58:3E:89:F7
Certificate issuer:       /CN=0f54f9e0a7a9eaeeacbc5b10310235b7fd0eed03
Certificate serial:       018CC4247A74E9E41E25888C511ABB94187A
Authority key identifier: 0F:54:F9:E0:A7:A9:EA:EE:AC:BC:5B:10:31:02:35:B7:FD:0E:ED:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D1T54Kep6u6svFsQMQI1t_0O7QM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/9059c8-bbd8-4f6e-a60e-ef26c344ef01/1/SuMxoTnjWOFIGQ5e_ubIXVg-ifc.roa
Signing time:             Mon 01 Jan 2024 08:29:34 +0000
ROA not before:           Mon 01 Jan 2024 08:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199901
IP address blocks:        195.62.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/9059c8-bbd8-4f6e-a60e-ef26c344ef01/1/D1T54Kep6u6svFsQMQI1t_0O7QM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/9059c8-bbd8-4f6e-a60e-ef26c344ef01/1/D1T54Kep6u6svFsQMQI1t_0O7QM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D1T54Kep6u6svFsQMQI1t_0O7QM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:7a:74:e9:e4:1e:25:88:8c:51:1a:bb:94:18:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f54f9e0a7a9eaeeacbc5b10310235b7fd0eed03
        Validity
            Not Before: Jan  1 08:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ae331a139e358e148190e5efee6c85d583e89f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ba:ad:b2:f7:d0:b5:a7:0c:60:12:fa:3a:92:
                    59:d5:8d:8f:c5:a8:b3:10:92:51:8c:b7:f3:88:2e:
                    87:b0:62:08:eb:15:20:db:61:58:36:6d:68:0a:31:
                    38:0e:c7:fe:53:de:f8:e6:3d:f2:62:98:4d:4c:c0:
                    cc:9a:b1:cc:1f:b0:1b:b4:e2:c0:11:db:50:5f:44:
                    5e:aa:37:ce:ab:58:7a:8d:81:81:42:f2:96:23:22:
                    76:3b:2b:c0:da:22:15:02:d1:95:df:5c:d7:97:52:
                    49:c7:22:3f:e3:00:8a:86:29:2e:48:5f:be:a1:7e:
                    bd:50:3b:f2:aa:4f:9a:17:e7:9a:c0:e6:c6:7d:56:
                    32:61:ea:82:06:e1:f1:aa:f0:7e:94:f1:8e:ef:67:
                    0c:a3:c8:53:d7:c1:fc:94:2e:2c:b2:17:3f:7f:71:
                    95:8e:6c:6c:09:f9:31:15:cf:ca:9c:99:01:98:b0:
                    30:6f:9a:42:e8:88:6a:2f:2c:d0:ed:4e:f1:68:c6:
                    92:7b:e3:2f:ff:4c:e6:a1:c8:37:f5:45:9a:68:3b:
                    b4:db:7a:d6:de:fd:7c:29:39:83:25:42:2c:b1:88:
                    8f:33:31:dc:f2:1b:9c:4e:73:69:9f:4c:d7:66:8a:
                    37:ad:aa:f3:56:b4:31:65:26:6d:a3:e0:e5:6f:80:
                    b6:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:E3:31:A1:39:E3:58:E1:48:19:0E:5E:FE:E6:C8:5D:58:3E:89:F7
            X509v3 Authority Key Identifier:
                keyid:0F:54:F9:E0:A7:A9:EA:EE:AC:BC:5B:10:31:02:35:B7:FD:0E:ED:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D1T54Kep6u6svFsQMQI1t_0O7QM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/9059c8-bbd8-4f6e-a60e-ef26c344ef01/1/SuMxoTnjWOFIGQ5e_ubIXVg-ifc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/9059c8-bbd8-4f6e-a60e-ef26c344ef01/1/D1T54Kep6u6svFsQMQI1t_0O7QM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.62.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:b3:0c:22:1d:60:9a:b0:e5:6c:2a:c2:7e:64:81:bb:53:f0:
         ff:01:11:a8:31:e7:88:b5:1e:b8:d3:4a:46:f3:09:3e:f2:57:
         7e:10:5f:8d:d0:b0:10:3a:70:c7:16:10:37:3a:76:6e:fe:f9:
         3a:dc:12:44:2b:87:dc:a1:80:98:bd:a2:18:56:32:63:b1:58:
         ab:d0:41:ec:af:56:55:12:8c:03:d1:5c:8b:cc:16:1a:b5:26:
         23:0f:00:8c:28:c7:af:85:b4:d5:d3:dd:64:46:5e:e3:9d:8b:
         3a:8b:ed:8b:47:d4:71:df:26:58:03:e3:9f:e7:fe:76:03:c7:
         36:50:2f:6a:47:88:66:d6:ff:9a:bb:47:d5:bf:a1:9a:ad:2f:
         15:ed:a5:60:69:42:0d:ea:96:b8:e3:90:10:b3:08:c1:b6:8e:
         69:62:7e:2f:1b:e2:f2:44:fe:0e:09:8a:8c:38:46:6e:4d:26:
         28:aa:88:0f:c2:ac:54:6b:3f:e4:11:e5:01:58:40:8b:59:89:
         b5:c9:f6:7a:6e:ca:b2:a3:36:34:a7:7f:ba:ba:1d:09:8d:91:
         32:99:72:dd:b0:61:53:3b:ff:c3:27:ba:38:3b:a9:ba:bc:21:
         9e:41:92:3d:54:d2:3f:57:87:39:eb:d5:8f:d5:06:d0:c2:74:
         2c:02:57:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJHp06eQeJYiMURq7lBh6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNTRmOWUwYTdhOWVhZWVhY2JjNWIxMDMxMDIzNWI3ZmQw
ZWVkMDMwHhcNMjQwMTAxMDgyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWUzMzFhMTM5ZTM1OGUxNDgxOTBlNWVmZWU2Yzg1ZDU4M2U4OWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirqtsvfQtacMYBL6OpJZ1Y2Pxaiz
EJJRjLfziC6HsGII6xUg22FYNm1oCjE4Dsf+U9745j3yYphNTMDMmrHMH7AbtOLA
EdtQX0ReqjfOq1h6jYGBQvKWIyJ2OyvA2iIVAtGV31zXl1JJxyI/4wCKhikuSF++
oX69UDvyqk+aF+eawObGfVYyYeqCBuHxqvB+lPGO72cMo8hT18H8lC4sshc/f3GV
jmxsCfkxFc/KnJkBmLAwb5pC6IhqLyzQ7U7xaMaSe+Mv/0zmocg39UWaaDu023rW
3v18KTmDJUIssYiPMzHc8hucTnNpn0zXZoo3rarzVrQxZSZto+Dlb4C2nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFErjMaE541jhSBkOXv7myF1YPon3MB8GA1UdIwQY
MBaAFA9U+eCnqerurLxbEDECNbf9Du0DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDFUNTRLZXA2dTZzdkZzUU1RSTF0XzBPN1FNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS85MDU5YzgtYmJkOC00ZjZlLWE2MGUt
ZWYyNmMzNDRlZjAxLzEvU3VNeG9UbmpXT0ZJR1E1ZV91YklYVmctaWZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS85MDU5YzgtYmJkOC00ZjZlLWE2MGUtZWYyNmMzNDRlZjAx
LzEvRDFUNTRLZXA2dTZzdkZzUU1RSTF0XzBPN1FNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwz4iMA0G
CSqGSIb3DQEBCwUAA4IBAQAAswwiHWCasOVsKsJ+ZIG7U/D/ARGoMeeItR6400pG
8wk+8ld+EF+N0LAQOnDHFhA3OnZu/vk63BJEK4fcoYCYvaIYVjJjsVir0EHsr1ZV
EowD0VyLzBYatSYjDwCMKMevhbTV091kRl7jnYs6i+2LR9Rx3yZYA+Of5/52A8c2
UC9qR4hm1v+au0fVv6GarS8V7aVgaUIN6pa445AQswjBto5pYn4vG+LyRP4OCYqM
OEZuTSYoqogPwqxUaz/kEeUBWECLWYm1yfZ6bsqyozY0p3+6uh0JjZEymXLdsGFT
O//DJ7o4O6m6vCGeQZI9VNI/V4c569WP1QbQwnQsAlcX
-----END CERTIFICATE-----