Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/2995cd-465f-4b40-a455-16d3cd352f2e/1/cJSI54H5VFQ2WH2c5tRDTHAFGTc.roa
File:                     cJSI54H5VFQ2WH2c5tRDTHAFGTc.roa (raw, json)
Hash identifier:          htVuZxNP9gYUNYZp8mk4xAs1N2O4uGlsXpPFaWt2C2M=
Subject key identifier:   70:94:88:E7:81:F9:54:54:36:58:7D:9C:E6:D4:43:4C:70:05:19:37
Certificate issuer:       /CN=9bda3414137129fa38a6c61c496ab8b61409ce02
Certificate serial:       018CC4250580388AE41879AFD2C938917987
Authority key identifier: 9B:DA:34:14:13:71:29:FA:38:A6:C6:1C:49:6A:B8:B6:14:09:CE:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9o0FBNxKfo4psYcSWq4thQJzgI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/2995cd-465f-4b40-a455-16d3cd352f2e/1/cJSI54H5VFQ2WH2c5tRDTHAFGTc.roa
Signing time:             Mon 01 Jan 2024 08:30:09 +0000
ROA not before:           Mon 01 Jan 2024 08:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34108
IP address blocks:        95.128.88.0/21 maxlen: 24
                          178.250.144.0/21 maxlen: 24
                          2a02:928::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/2995cd-465f-4b40-a455-16d3cd352f2e/1/m9o0FBNxKfo4psYcSWq4thQJzgI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/2995cd-465f-4b40-a455-16d3cd352f2e/1/m9o0FBNxKfo4psYcSWq4thQJzgI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9o0FBNxKfo4psYcSWq4thQJzgI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:05:80:38:8a:e4:18:79:af:d2:c9:38:91:79:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bda3414137129fa38a6c61c496ab8b61409ce02
        Validity
            Not Before: Jan  1 08:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=709488e781f9545436587d9ce6d4434c70051937
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:fa:26:42:19:2e:a8:71:c7:97:cc:b2:47:18:
                    80:33:2a:39:82:ff:bd:82:bf:ea:e2:c8:23:8d:3e:
                    42:7f:ff:2c:a4:8a:5c:6b:1f:a3:b3:11:c5:17:e2:
                    3e:d1:dc:58:32:34:c4:ed:eb:89:19:4c:73:83:de:
                    ab:d5:c4:2d:35:86:6b:06:59:07:cd:84:4e:99:d0:
                    00:9d:8c:e5:59:74:01:28:da:8b:65:31:8b:aa:a6:
                    0c:1e:8b:b9:56:c7:20:6e:da:25:ac:94:67:cf:20:
                    df:e4:6d:fd:39:d2:42:3a:c2:f8:7e:2e:29:b4:06:
                    d4:44:f2:c3:78:a1:e4:a7:54:9e:84:72:5e:99:32:
                    39:57:7b:5e:a3:90:28:fb:de:b1:fe:6b:e3:68:5e:
                    1d:0b:c2:16:22:ab:ba:b1:ff:bc:9c:3a:15:ff:71:
                    49:7a:a4:ff:11:9a:ab:6e:f0:2b:a6:b9:39:98:91:
                    54:9b:b8:55:cf:b8:9d:49:f6:42:e7:6c:16:be:ef:
                    52:ba:ad:b0:9f:7c:9e:6e:3b:b5:19:62:f7:67:32:
                    d7:0e:38:a5:8e:fa:d6:60:b6:70:97:37:93:f7:0a:
                    1f:62:ff:fa:56:8d:98:4a:26:f6:ac:6b:ea:5f:05:
                    9f:37:2b:05:c3:40:c1:ee:ea:8e:94:d2:5c:d7:3e:
                    8e:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:94:88:E7:81:F9:54:54:36:58:7D:9C:E6:D4:43:4C:70:05:19:37
            X509v3 Authority Key Identifier:
                keyid:9B:DA:34:14:13:71:29:FA:38:A6:C6:1C:49:6A:B8:B6:14:09:CE:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9o0FBNxKfo4psYcSWq4thQJzgI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2995cd-465f-4b40-a455-16d3cd352f2e/1/cJSI54H5VFQ2WH2c5tRDTHAFGTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2995cd-465f-4b40-a455-16d3cd352f2e/1/m9o0FBNxKfo4psYcSWq4thQJzgI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.88.0/21
                  178.250.144.0/21
                IPv6:
                  2a02:928::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:3d:eb:ff:0a:a8:6a:1e:bc:b2:10:ee:d1:2f:fb:3f:b2:ad:
         7d:03:35:d1:86:a4:90:9a:9f:70:73:05:3d:a9:e1:a9:3f:72:
         0b:25:03:e4:fc:4d:76:8d:bb:c1:00:8c:c9:0a:f3:78:d2:9c:
         1c:94:a6:d6:56:b9:80:d9:bd:72:6e:51:56:5a:0e:5a:6a:2b:
         d3:97:b7:25:b9:63:fa:87:86:dd:8b:f5:c3:a5:a0:5a:16:b6:
         d9:0b:92:d3:a2:48:27:7c:9b:e2:81:8b:42:c1:ac:4d:2d:42:
         11:e9:73:a0:d9:d8:9e:44:a4:b4:4b:59:e0:49:00:3a:e3:f4:
         d8:4a:a5:85:6b:f2:c5:26:7f:ec:9d:69:6e:a7:0d:d2:f1:30:
         ff:60:0b:47:57:6b:3b:33:d1:df:64:77:81:f2:57:82:4d:7b:
         a0:da:28:40:f7:15:28:00:08:b3:ca:9c:35:b5:89:2b:9e:51:
         ac:fe:48:fd:45:d1:ec:77:87:6c:17:34:f9:67:aa:8a:59:3e:
         e4:dd:18:12:00:d5:54:cc:06:fc:e8:84:3e:02:9b:13:03:a3:
         df:c7:5d:b8:79:73:99:aa:0c:dc:71:4c:70:76:5c:65:18:d3:
         9e:51:a3:5e:aa:00:7c:1f:ca:62:ae:41:f2:a1:b5:b3:34:0b:
         9d:25:a6:b9
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEJQWAOIrkGHmv0sk4kXmHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZGEzNDE0MTM3MTI5ZmEzOGE2YzYxYzQ5NmFiOGI2MTQw
OWNlMDIwHhcNMjQwMTAxMDgzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDk0ODhlNzgxZjk1NDU0MzY1ODdkOWNlNmQ0NDM0YzcwMDUxOTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/omQhkuqHHHl8yyRxiAMyo5gv+9
gr/q4sgjjT5Cf/8spIpcax+jsxHFF+I+0dxYMjTE7euJGUxzg96r1cQtNYZrBlkH
zYROmdAAnYzlWXQBKNqLZTGLqqYMHou5VscgbtolrJRnzyDf5G39OdJCOsL4fi4p
tAbURPLDeKHkp1SehHJemTI5V3teo5Ao+96x/mvjaF4dC8IWIqu6sf+8nDoV/3FJ
eqT/EZqrbvArprk5mJFUm7hVz7idSfZC52wWvu9Suq2wn3yebju1GWL3ZzLXDjil
jvrWYLZwlzeT9wofYv/6Vo2YSib2rGvqXwWfNysFw0DB7uqOlNJc1z6OPQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHCUiOeB+VRUNlh9nObUQ0xwBRk3MB8GA1UdIwQY
MBaAFJvaNBQTcSn6OKbGHElquLYUCc4CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTlvMEZCTnhLZm80cHNZY1NXcTR0aFFKemdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8yOTk1Y2QtNDY1Zi00YjQwLWE0NTUt
MTZkM2NkMzUyZjJlLzEvY0pTSTU0SDVWRlEyV0gyYzV0UkRUSEFGR1RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8yOTk1Y2QtNDY1Zi00YjQwLWE0NTUtMTZkM2NkMzUyZjJl
LzEvbTlvMEZCTnhLZm80cHNZY1NXcTR0aFFKemdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDX4BYAwQD
svqQMA0EAgACMAcDBQAqAgkoMA0GCSqGSIb3DQEBCwUAA4IBAQBvPev/CqhqHryy
EO7RL/s/sq19AzXRhqSQmp9wcwU9qeGpP3ILJQPk/E12jbvBAIzJCvN40pwclKbW
VrmA2b1yblFWWg5aaivTl7cluWP6h4bdi/XDpaBaFrbZC5LTokgnfJvigYtCwaxN
LUIR6XOg2dieRKS0S1ngSQA64/TYSqWFa/LFJn/snWlupw3S8TD/YAtHV2s7M9Hf
ZHeB8leCTXug2ihA9xUoAAizypw1tYkrnlGs/kj9RdHsd4dsFzT5Z6qKWT7k3RgS
ANVUzAb86IQ+ApsTA6Pfx124eXOZqgzccUxwdlxlGNOeUaNeqgB8H8pirkHyobWz
NAudJaa5
-----END CERTIFICATE-----