Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/8f0e23-6994-4595-8b1c-7e0a4b3299be/1/dnApwUk79B5h78I0iHmUaFPF8VQ.roa
File:                     dnApwUk79B5h78I0iHmUaFPF8VQ.roa (raw, json)
Hash identifier:          9GIfG/mgrLu4dBN4ZSLpzcosTySai5mJEn8+5g9QmIE=
Subject key identifier:   76:70:29:C1:49:3B:F4:1E:61:EF:C2:34:88:79:94:68:53:C5:F1:54
Certificate issuer:       /CN=08f1f2131f05a3c7186970d301723aaa00932096
Certificate serial:       018CC348DF46C09630F781659EE8F954ED71
Authority key identifier: 08:F1:F2:13:1F:05:A3:C7:18:69:70:D3:01:72:3A:AA:00:93:20:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPHyEx8Fo8cYaXDTAXI6qgCTIJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/8f0e23-6994-4595-8b1c-7e0a4b3299be/1/dnApwUk79B5h78I0iHmUaFPF8VQ.roa
Signing time:             Mon 01 Jan 2024 04:29:42 +0000
ROA not before:           Mon 01 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        195.35.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/8f0e23-6994-4595-8b1c-7e0a4b3299be/1/CPHyEx8Fo8cYaXDTAXI6qgCTIJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/8f0e23-6994-4595-8b1c-7e0a4b3299be/1/CPHyEx8Fo8cYaXDTAXI6qgCTIJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPHyEx8Fo8cYaXDTAXI6qgCTIJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:df:46:c0:96:30:f7:81:65:9e:e8:f9:54:ed:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08f1f2131f05a3c7186970d301723aaa00932096
        Validity
            Not Before: Jan  1 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=767029c1493bf41e61efc2348879946853c5f154
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:21:ab:01:a4:54:ec:76:15:82:03:a2:cd:f9:
                    b1:98:22:7d:71:82:4a:19:e0:35:c4:26:e6:d6:b8:
                    d4:1b:28:f5:1e:ff:95:f5:4e:f8:d1:72:80:49:e3:
                    32:1d:90:99:55:4a:25:7f:e5:df:7f:0a:35:54:91:
                    50:d4:34:a7:43:2a:91:dc:4f:19:cb:4f:71:28:64:
                    64:44:05:36:e1:8c:2d:a7:12:ae:fc:59:15:d2:59:
                    63:f5:d3:c4:fe:b6:d8:23:6c:7c:83:ee:4c:b7:d4:
                    29:1d:53:af:d5:fe:f7:54:14:15:ed:d1:c4:73:11:
                    bc:71:fb:f0:14:85:1d:c4:f5:f6:21:9c:d1:b8:ad:
                    3e:2c:4d:d0:b5:a8:a3:92:54:23:ce:bb:6b:35:32:
                    c9:cd:9c:32:4e:13:23:25:57:bb:39:bf:07:b3:c6:
                    7e:6c:e1:93:22:8d:4d:0c:be:2d:00:82:76:64:3b:
                    01:ec:0a:01:96:05:e1:7e:94:54:37:17:eb:7b:14:
                    63:4e:02:eb:03:cb:c0:db:cd:83:db:7f:95:26:4e:
                    60:85:d7:7e:53:4d:82:e8:52:5c:ad:78:b7:12:76:
                    17:2d:f2:c5:9f:a4:12:0a:d8:3f:dc:b5:d3:a4:b4:
                    ea:b7:ec:4d:3e:9c:9f:e3:0c:0b:1d:ad:4d:84:81:
                    df:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:70:29:C1:49:3B:F4:1E:61:EF:C2:34:88:79:94:68:53:C5:F1:54
            X509v3 Authority Key Identifier:
                keyid:08:F1:F2:13:1F:05:A3:C7:18:69:70:D3:01:72:3A:AA:00:93:20:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPHyEx8Fo8cYaXDTAXI6qgCTIJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/8f0e23-6994-4595-8b1c-7e0a4b3299be/1/dnApwUk79B5h78I0iHmUaFPF8VQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/8f0e23-6994-4595-8b1c-7e0a4b3299be/1/CPHyEx8Fo8cYaXDTAXI6qgCTIJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:74:ba:39:37:76:c3:7a:12:26:67:21:ea:66:9e:38:a8:b3:
         64:1e:b4:b1:17:a0:40:08:d1:84:27:8d:fe:38:d5:02:af:74:
         69:2d:76:5d:cf:ca:6f:81:8c:b4:c6:81:34:cb:8a:9c:86:00:
         9b:ac:6e:f6:20:79:4e:77:43:7c:ba:93:63:5e:98:66:58:48:
         32:74:64:69:f0:28:95:fb:36:fc:71:64:f4:e6:64:e0:92:05:
         60:c2:92:c8:72:4a:a6:ff:c7:2e:07:22:f2:9d:1c:b1:86:ea:
         15:21:73:7c:6d:56:47:c1:a4:17:14:8a:28:51:ec:b0:94:75:
         35:53:66:dd:ce:c2:a7:0f:ad:af:1b:12:9a:3b:db:80:e4:80:
         22:fd:b5:f1:4f:ef:f7:ee:6d:ae:02:47:f4:b7:11:8b:51:5d:
         59:34:99:5d:f8:fd:b3:9c:44:9d:0c:74:c0:84:66:0f:19:19:
         db:77:27:27:da:da:18:c2:33:42:b4:bd:a6:74:f1:6b:67:e6:
         ea:f2:52:62:f0:1f:bf:a4:b0:ba:b7:2b:f4:97:a1:3d:37:1d:
         21:65:e1:d2:4a:1f:53:16:7b:f0:e1:8c:42:00:49:9b:90:33:
         ee:a5:ec:67:60:ee:d5:c2:bf:16:6c:c6:0b:f0:2f:37:cf:22:
         29:9b:bd:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSN9GwJYw94Flnuj5VO1xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZjFmMjEzMWYwNWEzYzcxODY5NzBkMzAxNzIzYWFhMDA5
MzIwOTYwHhcNMjQwMTAxMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjcwMjljMTQ5M2JmNDFlNjFlZmMyMzQ4ODc5OTQ2ODUzYzVmMTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCGrAaRU7HYVggOizfmxmCJ9cYJK
GeA1xCbm1rjUGyj1Hv+V9U740XKASeMyHZCZVUolf+Xffwo1VJFQ1DSnQyqR3E8Z
y09xKGRkRAU24YwtpxKu/FkV0llj9dPE/rbYI2x8g+5Mt9QpHVOv1f73VBQV7dHE
cxG8cfvwFIUdxPX2IZzRuK0+LE3QtaijklQjzrtrNTLJzZwyThMjJVe7Ob8Hs8Z+
bOGTIo1NDL4tAIJ2ZDsB7AoBlgXhfpRUNxfrexRjTgLrA8vA282D23+VJk5ghdd+
U02C6FJcrXi3EnYXLfLFn6QSCtg/3LXTpLTqt+xNPpyf4wwLHa1NhIHfAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZwKcFJO/QeYe/CNIh5lGhTxfFUMB8GA1UdIwQY
MBaAFAjx8hMfBaPHGGlw0wFyOqoAkyCWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1BIeUV4OEZvOGNZYVhEVEFYSTZxZ0NUSUpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS84ZjBlMjMtNjk5NC00NTk1LThiMWMt
N2UwYTRiMzI5OWJlLzEvZG5BcHdVazc5QjVoNzhJMGlIbVVhRlBGOFZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS84ZjBlMjMtNjk5NC00NTk1LThiMWMtN2UwYTRiMzI5OWJl
LzEvQ1BIeUV4OEZvOGNZYVhEVEFYSTZxZ0NUSUpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyNpMA0G
CSqGSIb3DQEBCwUAA4IBAQCmdLo5N3bDehImZyHqZp44qLNkHrSxF6BACNGEJ43+
ONUCr3RpLXZdz8pvgYy0xoE0y4qchgCbrG72IHlOd0N8upNjXphmWEgydGRp8CiV
+zb8cWT05mTgkgVgwpLIckqm/8cuByLynRyxhuoVIXN8bVZHwaQXFIooUeywlHU1
U2bdzsKnD62vGxKaO9uA5IAi/bXxT+/37m2uAkf0txGLUV1ZNJld+P2znESdDHTA
hGYPGRnbdycn2toYwjNCtL2mdPFrZ+bq8lJi8B+/pLC6tyv0l6E9Nx0hZeHSSh9T
Fnvw4YxCAEmbkDPupexnYO7Vwr8WbMYL8C83zyIpm70L
-----END CERTIFICATE-----