Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/xxVqOcqcuyv0kJFFZ8AXAIPCiCU.roa
File:                     xxVqOcqcuyv0kJFFZ8AXAIPCiCU.roa (raw, json)
Hash identifier:          kL/dUR9glHqbIVLHnvEpz4Rmtwt2KAXjlVlBW6MBsiQ=
Subject key identifier:   C7:15:6A:39:CA:9C:BB:2B:F4:90:91:45:67:C0:17:00:83:C2:88:25
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       018CC3B686EB75D3EC8E2D7767168D44F3D7
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/xxVqOcqcuyv0kJFFZ8AXAIPCiCU.roa
Signing time:             Mon 01 Jan 2024 06:29:28 +0000
ROA not before:           Mon 01 Jan 2024 06:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49637
IP address blocks:        95.181.146.0/24 maxlen: 24
                          95.181.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:86:eb:75:d3:ec:8e:2d:77:67:16:8d:44:f3:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 06:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7156a39ca9cbb2bf490914567c0170083c28825
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:42:04:cd:e0:30:59:36:8f:22:07:ea:07:19:
                    58:09:4b:1e:49:89:82:d4:cb:bd:16:6c:1b:b1:a8:
                    ed:20:d5:68:d8:26:5b:d3:a1:01:8d:47:63:4e:ad:
                    2c:90:d7:e1:c7:1c:ea:78:c5:b1:d4:3d:e9:32:36:
                    22:10:41:bb:b6:3d:0f:6c:d8:62:40:fe:2c:12:9d:
                    71:f1:93:4d:78:9e:56:25:d3:55:ee:49:16:98:d2:
                    62:9a:33:c9:2d:29:6d:bc:9e:52:02:eb:45:0d:d9:
                    f8:dc:b8:d3:37:4e:66:46:37:54:4f:93:85:23:a9:
                    6c:2c:1b:53:f2:3a:43:fd:42:af:c7:a4:b3:ca:5e:
                    fe:84:cb:12:15:57:a0:fb:c9:70:6b:6d:14:9c:df:
                    fb:56:7d:cd:2b:54:c5:e7:1d:82:40:4e:8a:c3:1c:
                    cf:6a:e1:c4:41:51:b1:4f:4a:4d:15:1a:5a:f1:da:
                    e9:a0:c4:bd:c9:60:a2:99:f5:ed:26:00:2a:da:c9:
                    81:6a:ad:85:40:bd:72:fb:91:21:10:f6:40:cf:ee:
                    ee:65:98:0d:91:1c:7e:91:16:ce:18:10:63:cf:95:
                    c1:58:83:75:e3:a6:ad:bf:96:a6:27:b6:e1:58:02:
                    6f:07:c0:ed:4b:87:d9:a0:7e:5e:b4:96:98:b5:59:
                    5a:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:15:6A:39:CA:9C:BB:2B:F4:90:91:45:67:C0:17:00:83:C2:88:25
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/xxVqOcqcuyv0kJFFZ8AXAIPCiCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.181.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:2e:6d:e5:6e:6d:3e:4c:bd:ac:c2:c7:56:f6:92:ff:02:ad:
         4f:b7:77:e4:0f:3f:b9:29:4e:46:bb:1d:d9:cc:5c:a1:8a:12:
         e1:f9:41:59:97:1d:44:c0:e1:3e:2b:87:00:4a:9d:0d:21:4a:
         73:91:13:63:a7:52:ff:52:d8:ed:51:87:68:59:7b:60:0a:d5:
         54:5c:7e:fa:77:9c:92:e2:ff:78:cc:62:a0:b7:91:95:fc:45:
         b2:6b:3c:74:4a:de:b7:3c:08:dc:51:f1:f3:f5:d2:ba:89:da:
         68:bc:1a:90:de:fc:af:58:60:76:93:b2:67:59:e8:c9:13:b2:
         98:39:ad:2d:01:12:08:86:ba:04:15:bc:5c:1a:e1:c0:80:b9:
         a3:ef:13:c8:41:50:79:4c:71:25:90:d0:1b:0d:54:84:ea:4f:
         29:94:f6:f8:44:c5:61:53:97:71:c4:36:da:b4:3a:e8:9a:bc:
         c0:3f:54:3c:9e:82:64:64:c1:33:ba:7e:50:d8:a0:74:d5:e1:
         f7:a3:4f:0f:ec:d1:da:29:d4:79:12:7a:44:bc:0a:5f:aa:47:
         25:4a:2f:3a:b9:bb:d4:ce:07:1b:d8:34:cc:68:97:65:87:91:
         c7:35:0f:0a:d8:dd:45:90:d7:87:83:f4:21:39:6d:56:9c:fc:
         30:a4:ee:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtobrddPsji13ZxaNRPPXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjQwMTAxMDYyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzE1NmEzOWNhOWNiYjJiZjQ5MDkxNDU2N2MwMTcwMDgzYzI4ODI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUIEzeAwWTaPIgfqBxlYCUseSYmC
1Mu9FmwbsajtINVo2CZb06EBjUdjTq0skNfhxxzqeMWx1D3pMjYiEEG7tj0PbNhi
QP4sEp1x8ZNNeJ5WJdNV7kkWmNJimjPJLSltvJ5SAutFDdn43LjTN05mRjdUT5OF
I6lsLBtT8jpD/UKvx6Szyl7+hMsSFVeg+8lwa20UnN/7Vn3NK1TF5x2CQE6KwxzP
auHEQVGxT0pNFRpa8drpoMS9yWCimfXtJgAq2smBaq2FQL1y+5EhEPZAz+7uZZgN
kRx+kRbOGBBjz5XBWIN146atv5amJ7bhWAJvB8DtS4fZoH5etJaYtVlaBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMcVajnKnLsr9JCRRWfAFwCDwoglMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEveHhWcU9jcWN1eXYwa0pGRlo4QVhBSVBDaUNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBX7WSMA0G
CSqGSIb3DQEBCwUAA4IBAQCNLm3lbm0+TL2swsdW9pL/Aq1Pt3fkDz+5KU5Gux3Z
zFyhihLh+UFZlx1EwOE+K4cASp0NIUpzkRNjp1L/UtjtUYdoWXtgCtVUXH76d5yS
4v94zGKgt5GV/EWyazx0St63PAjcUfHz9dK6idpovBqQ3vyvWGB2k7JnWejJE7KY
Oa0tARIIhroEFbxcGuHAgLmj7xPIQVB5THElkNAbDVSE6k8plPb4RMVhU5dxxDba
tDromrzAP1Q8noJkZMEzun5Q2KB01eH3o08P7NHaKdR5EnpEvApfqkclSi86ubvU
zgcb2DTMaJdlh5HHNQ8K2N1FkNeHg/QhOW1WnPwwpO56
-----END CERTIFICATE-----