Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/1-hDl6-ZP3NoUgaJGc7Ba1BF7AfI.roa
File:                     1-hDl6-ZP3NoUgaJGc7Ba1BF7AfI.roa (raw, json)
Hash identifier:          FduqsCG5vs9AdWX6DZeOJebCO11MvIcxvxqmm/pvW4g=
Subject key identifier:   FA:10:E5:EB:E6:4F:DC:DA:14:81:A2:46:73:B0:5A:D4:11:7B:01:F2
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       018CC3B687FFE89774035909474C61638059
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/1-hDl6-ZP3NoUgaJGc7Ba1BF7AfI.roa
Signing time:             Mon 01 Jan 2024 06:29:28 +0000
ROA not before:           Mon 01 Jan 2024 06:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59917
IP address blocks:        95.181.208.0/23 maxlen: 23
                          95.181.210.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:87:ff:e8:97:74:03:59:09:47:4c:61:63:80:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 06:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa10e5ebe64fdcda1481a24673b05ad4117b01f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:0c:eb:43:e7:a0:6f:a9:cd:0b:e8:8a:56:17:
                    26:6b:31:36:08:97:45:87:a9:00:b9:00:be:6a:b6:
                    4e:20:a4:c9:be:df:f8:4f:11:20:fc:03:6d:10:43:
                    48:55:66:6b:a0:fa:3f:7e:b0:b1:90:5b:63:ec:47:
                    dd:90:7e:29:35:79:b4:4c:66:24:65:21:9d:eb:f6:
                    97:f1:7e:7b:5a:b5:13:38:0f:09:7d:f9:40:1d:bb:
                    56:11:df:dd:29:97:24:83:ed:66:28:a9:2c:3b:59:
                    83:10:27:87:21:af:09:a9:db:67:2d:95:16:17:de:
                    06:5c:00:9e:73:a4:fa:56:68:86:2e:a5:67:9a:a2:
                    cd:61:1e:6a:ab:d9:a9:1b:d1:27:0b:d4:b7:4f:c2:
                    95:b2:58:27:ef:3b:82:b5:7f:90:92:63:b1:c4:8c:
                    13:b3:7e:92:3c:18:f2:fa:a0:52:b0:c2:c9:6e:7d:
                    1c:41:1f:ae:1b:f9:14:a3:79:1a:bb:68:26:95:b1:
                    19:03:ff:ee:c6:e4:64:f0:fe:8a:6d:95:a0:9c:48:
                    d3:81:b2:45:b1:14:dd:3f:58:f0:e8:16:1f:c1:37:
                    26:5d:ae:1d:51:31:a2:87:5d:17:0d:0b:3a:ee:ab:
                    16:da:29:a1:e4:e0:8b:83:f1:15:db:87:c6:cd:85:
                    6c:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:10:E5:EB:E6:4F:DC:DA:14:81:A2:46:73:B0:5A:D4:11:7B:01:F2
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/1-hDl6-ZP3NoUgaJGc7Ba1BF7AfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.181.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         33:8b:4b:37:48:58:fa:7e:e6:ce:68:f0:5d:44:4f:6e:9e:34:
         73:07:42:77:a7:38:bf:e2:47:93:49:5a:d8:5e:eb:90:91:34:
         1d:de:b2:f3:44:90:77:3e:81:e9:5e:a9:70:25:9f:d6:3c:e3:
         59:0a:ee:0c:ac:06:4e:1e:48:6a:32:1e:78:06:bf:1d:a8:4e:
         3d:8a:90:07:de:2b:b3:cf:8b:3e:db:9d:4f:2f:fe:ac:33:eb:
         a8:d5:23:18:40:62:56:9e:ec:c4:82:2b:ce:57:0e:7c:a1:d0:
         b2:06:fc:f6:3e:07:80:b1:e1:69:de:53:cd:b1:af:f3:77:a1:
         4d:cb:0d:53:dd:46:3a:57:62:b7:d9:cb:7c:23:c7:5d:4f:c3:
         bf:f0:45:c3:d8:7c:b4:0c:0c:cb:ab:8e:20:42:f5:11:c0:54:
         81:24:fc:15:b9:6d:4e:6d:9b:62:87:51:ce:77:43:ae:e4:d8:
         ba:94:ef:50:81:53:ae:e8:1b:4d:7c:fc:17:85:0e:5c:a8:22:
         47:0c:26:38:9a:d9:df:ee:85:eb:94:cd:f3:4a:30:99:23:61:
         4b:11:dd:40:99:ab:70:70:30:e3:35:10:e2:79:28:a0:28:7c:
         3d:3f:7b:42:c6:8a:f5:2b:00:3d:f2:7e:8b:80:6b:2f:1c:b2:
         0b:f9:06:cb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDtof/6Jd0A1kJR0xhY4BZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjQwMTAxMDYyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTEwZTVlYmU2NGZkY2RhMTQ4MWEyNDY3M2IwNWFkNDExN2IwMWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAzrQ+egb6nNC+iKVhcmazE2CJdF
h6kAuQC+arZOIKTJvt/4TxEg/ANtEENIVWZroPo/frCxkFtj7EfdkH4pNXm0TGYk
ZSGd6/aX8X57WrUTOA8JfflAHbtWEd/dKZckg+1mKKksO1mDECeHIa8JqdtnLZUW
F94GXACec6T6VmiGLqVnmqLNYR5qq9mpG9EnC9S3T8KVslgn7zuCtX+QkmOxxIwT
s36SPBjy+qBSsMLJbn0cQR+uG/kUo3kau2gmlbEZA//uxuRk8P6KbZWgnEjTgbJF
sRTdP1jw6BYfwTcmXa4dUTGih10XDQs67qsW2imh5OCLg/EV24fGzYVsgwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPoQ5evmT9zaFIGiRnOwWtQRewHyMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvMS1oRGw2LVpQM05vVWdhSkdjN0JhMUJGN0FmSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWUvNDBkOTk2LWEyY2QtNDFmMS1hNzM4LTI4ZmM3Nzk2Nzc2
My8xL2d6anZRYkxBRUZxUnpMdWNpVE5fcnJFcF80US5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAl+10DAN
BgkqhkiG9w0BAQsFAAOCAQEAM4tLN0hY+n7mzmjwXURPbp40cwdCd6c4v+JHk0la
2F7rkJE0Hd6y80SQdz6B6V6pcCWf1jzjWQruDKwGTh5IajIeeAa/HahOPYqQB94r
s8+LPtudTy/+rDPrqNUjGEBiVp7sxIIrzlcOfKHQsgb89j4HgLHhad5TzbGv83eh
TcsNU91GOldit9nLfCPHXU/Dv/BFw9h8tAwMy6uOIEL1EcBUgST8FbltTm2bYodR
zndDruTYupTvUIFTrugbTXz8F4UOXKgiRwwmOJrZ3+6F65TN80owmSNhSxHdQJmr
cHAw4zUQ4nkooCh8PT97QsaK9SsAPfJ+i4BrLxyyC/kGyw==
-----END CERTIFICATE-----