Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/720394-cf71-40a3-a538-ed01ed7c129b/1/SaHmRPnK-KPmejG8IX97kamcWwU.roa
File:                     SaHmRPnK-KPmejG8IX97kamcWwU.roa (raw, json)
Hash identifier:          W/iOMmL6CVAZLJ2IoHAK3J5H1YwiMblbmVL3lzPmigY=
Subject key identifier:   49:A1:E6:44:F9:CA:F8:A3:E6:7A:31:BC:21:7F:7B:91:A9:9C:5B:05
Certificate issuer:       /CN=c255989d579c4b5eade852f97f62e9bf2cfbde3c
Certificate serial:       018CC42523E6B5618BF6E9E74211F86508FB
Authority key identifier: C2:55:98:9D:57:9C:4B:5E:AD:E8:52:F9:7F:62:E9:BF:2C:FB:DE:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wlWYnVecS16t6FL5f2Lpvyz73jw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/720394-cf71-40a3-a538-ed01ed7c129b/1/SaHmRPnK-KPmejG8IX97kamcWwU.roa
Signing time:             Mon 01 Jan 2024 08:30:17 +0000
ROA not before:           Mon 01 Jan 2024 08:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51088
IP address blocks:        188.95.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/720394-cf71-40a3-a538-ed01ed7c129b/1/wlWYnVecS16t6FL5f2Lpvyz73jw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/720394-cf71-40a3-a538-ed01ed7c129b/1/wlWYnVecS16t6FL5f2Lpvyz73jw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wlWYnVecS16t6FL5f2Lpvyz73jw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:23:e6:b5:61:8b:f6:e9:e7:42:11:f8:65:08:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c255989d579c4b5eade852f97f62e9bf2cfbde3c
        Validity
            Not Before: Jan  1 08:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49a1e644f9caf8a3e67a31bc217f7b91a99c5b05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:27:0d:6e:c2:80:e3:15:dc:dc:2b:06:dd:a5:
                    9d:93:cd:79:36:a4:16:12:c0:22:3d:6a:0f:9f:25:
                    88:f1:91:26:c7:d3:a4:62:3c:0a:60:83:b9:28:d5:
                    a1:af:cf:a0:4e:74:62:6c:dc:5a:99:ee:a1:29:ec:
                    18:9c:ee:d7:25:54:90:0f:49:85:4f:f6:ca:59:5f:
                    85:c2:a6:df:a2:81:67:da:cd:3e:dd:f9:b1:9e:58:
                    fb:90:9f:69:89:92:12:f6:db:a9:7a:b5:e9:ac:66:
                    02:1f:12:58:85:80:e5:fb:0c:c8:4b:8c:05:7c:54:
                    53:11:ed:32:7f:de:f1:d6:6b:30:e7:3b:e5:f4:66:
                    f8:c5:89:c4:ce:1b:f5:77:a6:0c:4a:44:0f:d7:2c:
                    5f:7a:c1:a7:4b:33:f9:ad:d7:1b:17:35:cb:01:ed:
                    50:3a:6f:85:38:5f:4d:ae:d7:f3:42:25:23:5e:cb:
                    74:91:1e:a1:ec:08:08:42:e1:7c:e7:ec:98:26:de:
                    69:76:64:42:4a:70:15:56:c4:b5:3e:e3:ee:ae:ad:
                    90:d6:c4:ea:80:b8:97:ab:07:af:54:70:b8:48:10:
                    9e:15:5b:1d:93:30:47:4f:db:d4:40:94:1a:93:70:
                    0b:ee:2f:91:72:c8:97:c2:e4:31:54:d4:e6:1f:22:
                    0f:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:A1:E6:44:F9:CA:F8:A3:E6:7A:31:BC:21:7F:7B:91:A9:9C:5B:05
            X509v3 Authority Key Identifier:
                keyid:C2:55:98:9D:57:9C:4B:5E:AD:E8:52:F9:7F:62:E9:BF:2C:FB:DE:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wlWYnVecS16t6FL5f2Lpvyz73jw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/720394-cf71-40a3-a538-ed01ed7c129b/1/SaHmRPnK-KPmejG8IX97kamcWwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/720394-cf71-40a3-a538-ed01ed7c129b/1/wlWYnVecS16t6FL5f2Lpvyz73jw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:39:1f:a6:7b:df:b7:e3:dc:c4:b6:d6:20:07:55:f7:34:0d:
         83:03:ad:0a:f2:20:dc:88:f1:b5:21:53:68:ea:8b:45:b2:74:
         e7:aa:fe:3b:d2:26:2d:79:53:52:d8:56:50:15:b0:3e:a8:21:
         81:92:82:51:24:1f:05:22:de:26:d7:84:a5:6c:d0:e2:10:83:
         04:c3:57:fe:cb:5f:80:02:db:90:0f:1f:cc:bc:c5:ef:86:bc:
         38:27:69:b7:44:c8:9a:05:84:f9:95:7e:da:fc:0e:7c:51:3d:
         bf:3d:3a:51:6f:74:9f:fa:50:db:bd:03:ed:95:df:8a:a5:97:
         ea:fb:b1:2c:dd:b5:98:d3:9b:ec:47:27:20:3d:bb:eb:00:62:
         6b:b7:10:99:f4:89:95:49:c4:c5:b1:d2:48:b1:06:69:cd:e8:
         f9:7b:4f:31:ee:51:53:57:14:a3:a0:af:8a:9b:d6:11:62:b5:
         ac:6b:29:6d:f6:2b:67:ba:75:c4:3c:66:a1:36:a3:9f:df:d9:
         4f:8b:08:33:5d:0b:42:c7:a7:2f:2f:84:83:0c:61:c6:04:9d:
         a9:fb:75:dd:c0:ea:e8:7c:29:4a:72:4c:14:bb:e4:b8:6b:96:
         8d:8e:bc:8a:41:ff:e2:42:98:d1:f0:44:1d:a3:33:d3:12:a7:
         a8:8b:f7:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJSPmtWGL9unnQhH4ZQj7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNTU5ODlkNTc5YzRiNWVhZGU4NTJmOTdmNjJlOWJmMmNm
YmRlM2MwHhcNMjQwMTAxMDgzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWExZTY0NGY5Y2FmOGEzZTY3YTMxYmMyMTdmN2I5MWE5OWM1YjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgycNbsKA4xXc3CsG3aWdk815NqQW
EsAiPWoPnyWI8ZEmx9OkYjwKYIO5KNWhr8+gTnRibNxame6hKewYnO7XJVSQD0mF
T/bKWV+FwqbfooFn2s0+3fmxnlj7kJ9piZIS9tuperXprGYCHxJYhYDl+wzIS4wF
fFRTEe0yf97x1msw5zvl9Gb4xYnEzhv1d6YMSkQP1yxfesGnSzP5rdcbFzXLAe1Q
Om+FOF9NrtfzQiUjXst0kR6h7AgIQuF85+yYJt5pdmRCSnAVVsS1PuPurq2Q1sTq
gLiXqwevVHC4SBCeFVsdkzBHT9vUQJQak3AL7i+RcsiXwuQxVNTmHyIPHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEmh5kT5yvij5noxvCF/e5GpnFsFMB8GA1UdIwQY
MBaAFMJVmJ1XnEterehS+X9i6b8s+948MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2xXWW5WZWNTMTZ0NkZMNWYyTHB2eXo3M2p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS83MjAzOTQtY2Y3MS00MGEzLWE1Mzgt
ZWQwMWVkN2MxMjliLzEvU2FIbVJQbkstS1BtZWpHOElYOTdrYW1jV3dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS83MjAzOTQtY2Y3MS00MGEzLWE1MzgtZWQwMWVkN2MxMjli
LzEvd2xXWW5WZWNTMTZ0NkZMNWYyTHB2eXo3M2p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvF+PMA0G
CSqGSIb3DQEBCwUAA4IBAQCFOR+me9+349zEttYgB1X3NA2DA60K8iDciPG1IVNo
6otFsnTnqv470iYteVNS2FZQFbA+qCGBkoJRJB8FIt4m14SlbNDiEIMEw1f+y1+A
AtuQDx/MvMXvhrw4J2m3RMiaBYT5lX7a/A58UT2/PTpRb3Sf+lDbvQPtld+KpZfq
+7Es3bWY05vsRycgPbvrAGJrtxCZ9ImVScTFsdJIsQZpzej5e08x7lFTVxSjoK+K
m9YRYrWsaylt9itnunXEPGahNqOf39lPiwgzXQtCx6cvL4SDDGHGBJ2p+3XdwOro
fClKckwUu+S4a5aNjryKQf/iQpjR8EQdozPTEqeoi/fU
-----END CERTIFICATE-----