Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/7142b1-7091-4d3a-bd6d-9fe7ee9c0368/1/xRc_2SKdp0p-SJGSKhVg55XH7-s.roa
File:                     xRc_2SKdp0p-SJGSKhVg55XH7-s.roa (raw, json)
Hash identifier:          ZoIPyJeUp4y/LLPvEnNsmwnyYRemRxF2Hg5Mt+cr1H4=
Subject key identifier:   C5:17:3F:D9:22:9D:A7:4A:7E:48:91:92:2A:15:60:E7:95:C7:EF:EB
Certificate issuer:       /CN=84db747b289717a0684cd6ac82307aa67bb2d7bb
Certificate serial:       018CC56DEE779BEFC6B8A07540AFC4DB3695
Authority key identifier: 84:DB:74:7B:28:97:17:A0:68:4C:D6:AC:82:30:7A:A6:7B:B2:D7:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hNt0eyiXF6BoTNasgjB6pnuy17s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/7142b1-7091-4d3a-bd6d-9fe7ee9c0368/1/xRc_2SKdp0p-SJGSKhVg55XH7-s.roa
Signing time:             Mon 01 Jan 2024 14:29:25 +0000
ROA not before:           Mon 01 Jan 2024 14:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203461
IP address blocks:        195.110.108.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/7142b1-7091-4d3a-bd6d-9fe7ee9c0368/1/hNt0eyiXF6BoTNasgjB6pnuy17s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/7142b1-7091-4d3a-bd6d-9fe7ee9c0368/1/hNt0eyiXF6BoTNasgjB6pnuy17s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hNt0eyiXF6BoTNasgjB6pnuy17s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:ee:77:9b:ef:c6:b8:a0:75:40:af:c4:db:36:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84db747b289717a0684cd6ac82307aa67bb2d7bb
        Validity
            Not Before: Jan  1 14:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5173fd9229da74a7e4891922a1560e795c7efeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0b:e2:eb:22:8c:c4:9c:6c:b7:42:6a:54:2f:
                    1a:94:65:0a:43:f9:c1:3d:2a:5b:69:15:9f:aa:58:
                    f0:89:52:15:cc:50:c3:39:ee:6a:a4:46:93:dc:31:
                    ec:73:11:71:5f:94:68:08:6b:cc:11:fa:f7:47:d3:
                    6a:99:1d:47:63:95:ae:24:ac:0e:c9:10:27:67:88:
                    c8:89:69:a8:f1:f7:f9:97:1b:65:77:eb:a6:39:85:
                    94:1f:9e:30:21:a9:af:7a:32:54:f3:25:b5:5a:b3:
                    35:c0:4a:42:bf:35:3d:c9:d5:dc:22:c3:26:90:75:
                    b9:3f:f8:cf:41:b4:f9:27:4b:92:5a:bb:af:92:2a:
                    2e:ad:f9:b1:ab:9d:a0:c3:18:2e:b7:ba:12:08:25:
                    1e:10:4b:53:46:dd:ff:69:17:51:42:fe:03:ca:08:
                    56:7f:79:1e:18:75:0a:96:3a:86:14:bb:44:b9:7e:
                    dc:db:42:31:47:9c:9e:21:44:3d:76:ef:dd:56:bf:
                    19:dc:e0:be:d1:23:58:a2:cc:8e:3f:10:61:62:75:
                    0b:9d:81:33:ba:f2:2a:05:b3:7e:c1:66:85:95:99:
                    a0:78:86:f3:2d:89:7e:14:08:27:05:72:68:5a:05:
                    82:cc:1a:f2:e4:c4:72:04:c8:3b:da:3e:0b:ed:fe:
                    43:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:17:3F:D9:22:9D:A7:4A:7E:48:91:92:2A:15:60:E7:95:C7:EF:EB
            X509v3 Authority Key Identifier:
                keyid:84:DB:74:7B:28:97:17:A0:68:4C:D6:AC:82:30:7A:A6:7B:B2:D7:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hNt0eyiXF6BoTNasgjB6pnuy17s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/7142b1-7091-4d3a-bd6d-9fe7ee9c0368/1/xRc_2SKdp0p-SJGSKhVg55XH7-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/7142b1-7091-4d3a-bd6d-9fe7ee9c0368/1/hNt0eyiXF6BoTNasgjB6pnuy17s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.110.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a7:05:6f:f7:fe:48:d8:43:57:fd:1c:d0:f1:44:18:37:73:f8:
         12:d3:05:e6:5d:94:fc:c9:55:75:9a:2f:f9:51:34:1a:71:92:
         55:e6:69:a2:94:9d:ea:88:c8:4f:92:d7:74:66:0e:1c:76:dd:
         06:01:8b:6c:55:82:ce:95:cc:dd:1e:fc:52:1b:0c:73:a6:8e:
         80:ca:06:da:ec:5c:07:7f:df:e4:61:e4:5e:68:2d:f2:74:62:
         61:2b:4c:e5:65:a7:a5:66:5a:48:73:d4:75:b2:b2:37:f6:f1:
         31:af:8a:c4:db:44:2c:f1:db:cc:85:d6:f6:97:f1:11:b7:32:
         d1:ef:60:7c:cc:cb:85:a9:5d:2d:4d:a3:d3:ba:3a:b0:48:82:
         0e:2d:21:c5:2f:6c:00:8b:d0:36:22:a7:5c:d5:3d:ec:c4:86:
         75:a8:42:cd:45:d9:d1:75:9e:b5:98:93:43:1e:81:94:44:da:
         9a:22:b2:5e:4f:ed:55:19:ac:56:19:da:3d:94:12:b0:7f:db:
         fb:f2:f9:02:24:40:6f:a9:2b:bc:09:5b:bd:c7:4d:d1:bc:e1:
         01:90:43:7e:cd:9c:2c:2b:7f:dd:e0:3e:d7:cb:0f:01:15:67:
         e9:e9:21:4b:a2:8d:1f:37:34:76:b4:ae:b5:6a:85:af:ea:9b:
         fa:50:a9:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbe53m+/GuKB1QK/E2zaVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0ZGI3NDdiMjg5NzE3YTA2ODRjZDZhYzgyMzA3YWE2N2Ji
MmQ3YmIwHhcNMjQwMTAxMTQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTE3M2ZkOTIyOWRhNzRhN2U0ODkxOTIyYTE1NjBlNzk1YzdlZmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwvi6yKMxJxst0JqVC8alGUKQ/nB
PSpbaRWfqljwiVIVzFDDOe5qpEaT3DHscxFxX5RoCGvMEfr3R9NqmR1HY5WuJKwO
yRAnZ4jIiWmo8ff5lxtld+umOYWUH54wIamvejJU8yW1WrM1wEpCvzU9ydXcIsMm
kHW5P/jPQbT5J0uSWruvkiourfmxq52gwxgut7oSCCUeEEtTRt3/aRdRQv4DyghW
f3keGHUKljqGFLtEuX7c20IxR5yeIUQ9du/dVr8Z3OC+0SNYosyOPxBhYnULnYEz
uvIqBbN+wWaFlZmgeIbzLYl+FAgnBXJoWgWCzBry5MRyBMg72j4L7f5DLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMUXP9kinadKfkiRkioVYOeVx+/rMB8GA1UdIwQY
MBaAFITbdHsolxegaEzWrIIweqZ7ste7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaE50MGV5aVhGNkJvVE5hc2dqQjZwbnV5MTdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi83MTQyYjEtNzA5MS00ZDNhLWJkNmQt
OWZlN2VlOWMwMzY4LzEveFJjXzJTS2RwMHAtU0pHU0toVmc1NVhINy1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi83MTQyYjEtNzA5MS00ZDNhLWJkNmQtOWZlN2VlOWMwMzY4
LzEvaE50MGV5aVhGNkJvVE5hc2dqQjZwbnV5MTdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw25sMA0G
CSqGSIb3DQEBCwUAA4IBAQCnBW/3/kjYQ1f9HNDxRBg3c/gS0wXmXZT8yVV1mi/5
UTQacZJV5mmilJ3qiMhPktd0Zg4cdt0GAYtsVYLOlczdHvxSGwxzpo6Aygba7FwH
f9/kYeReaC3ydGJhK0zlZaelZlpIc9R1srI39vExr4rE20Qs8dvMhdb2l/ERtzLR
72B8zMuFqV0tTaPTujqwSIIOLSHFL2wAi9A2Iqdc1T3sxIZ1qELNRdnRdZ61mJND
HoGURNqaIrJeT+1VGaxWGdo9lBKwf9v78vkCJEBvqSu8CVu9x03RvOEBkEN+zZws
K3/d4D7Xyw8BFWfp6SFLoo0fNzR2tK61aoWv6pv6UKkt
-----END CERTIFICATE-----