Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/8clc-NYUdgbEX4_C9-INOnUe-rk.roa
File:                     8clc-NYUdgbEX4_C9-INOnUe-rk.roa (raw, json)
Hash identifier:          7iZvwgkP95lO44JCB9S73ndYcFAVDW/+vvR6zB3subs=
Subject key identifier:   F1:C9:5C:F8:D6:14:76:06:C4:5F:8F:C2:F7:E2:0D:3A:75:1E:FA:B9
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DADA786E1CEBDB522427CC462F3B70
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/8clc-NYUdgbEX4_C9-INOnUe-rk.roa
Signing time:             Mon 01 Jan 2024 02:29:31 +0000
ROA not before:           Mon 01 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198984
IP address blocks:        195.136.172.0/24 maxlen: 24
                          195.136.175.0/24 maxlen: 24
                          195.136.184.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 18:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:da:78:6e:1c:eb:db:52:24:27:cc:46:2f:3b:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1c95cf8d6147606c45f8fc2f7e20d3a751efab9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:78:10:83:91:9a:a5:37:b8:b4:f8:4b:f4:f4:
                    f5:20:44:43:0d:1d:b4:51:12:4f:90:45:48:db:ac:
                    2c:d3:e5:68:45:23:ab:ea:80:13:97:41:52:0b:56:
                    09:f4:e4:fb:46:8c:89:62:22:8a:87:32:33:c2:08:
                    65:5e:1d:e0:9e:d7:07:ce:00:83:10:bf:aa:c4:1e:
                    9e:2d:32:2b:ea:de:e9:b2:0f:61:01:a4:87:76:90:
                    6c:b3:8f:91:04:7f:b4:12:da:36:86:83:11:a3:52:
                    69:1c:02:2e:51:1c:24:f9:f4:ec:51:76:de:9f:e3:
                    68:ca:47:8d:d2:10:84:c9:28:66:59:b7:81:21:e7:
                    cf:64:3f:b6:62:ee:59:ec:25:e5:83:ac:ed:16:fe:
                    df:f7:5b:cb:84:42:43:62:81:49:c8:0b:77:4c:ca:
                    b4:2a:6b:e9:69:16:bd:2e:0f:b3:6b:eb:3c:e4:15:
                    1e:2d:c2:fd:07:0e:61:a5:35:f8:0b:14:44:c6:b0:
                    8b:d9:65:c5:94:4e:96:45:24:66:c6:d8:f4:bc:39:
                    5b:63:20:f3:5d:1e:5b:08:93:0f:35:fe:a8:6f:bd:
                    67:82:a6:7f:f3:75:aa:3c:12:2c:1e:9b:41:11:76:
                    8f:ab:59:a6:4d:7f:c4:06:fc:13:86:b3:6d:ca:d0:
                    2b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:C9:5C:F8:D6:14:76:06:C4:5F:8F:C2:F7:E2:0D:3A:75:1E:FA:B9
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/8clc-NYUdgbEX4_C9-INOnUe-rk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.136.172.0/24
                  195.136.175.0/24
                  195.136.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bc:b6:f6:00:e4:34:8a:c5:0a:63:83:67:b6:b4:0c:cc:77:aa:
         1e:89:79:a2:f2:fd:55:ff:f8:5a:34:c0:63:df:28:33:bd:5d:
         bc:e9:a7:b3:21:e5:4b:27:97:79:b8:f8:62:0b:2a:56:94:4b:
         ab:27:fc:72:57:92:be:73:6e:41:18:17:53:e3:1e:c1:4d:70:
         78:28:c0:ab:58:53:e7:eb:37:d8:67:ba:df:77:27:f8:2e:8b:
         e3:da:8e:6f:1f:90:bd:d3:25:20:a0:e8:2e:c7:1f:61:50:c6:
         11:03:9d:b3:f6:65:01:48:f4:93:37:9c:76:dd:bb:2d:e8:8a:
         0e:ed:69:2c:f4:1f:29:9a:e5:79:33:a9:45:71:16:f9:35:5e:
         8a:9b:cb:de:27:17:e1:08:85:03:4a:95:a8:18:ae:a2:f5:68:
         18:47:39:3f:d9:69:5c:80:d6:25:d3:2f:26:ad:4c:cd:d5:09:
         a2:5f:df:e7:66:d3:ca:2e:4e:5f:d6:5b:7e:6f:6a:ab:7d:5b:
         35:c6:63:78:b2:fd:66:2a:f6:a3:cb:17:61:cb:80:17:6a:cb:
         40:39:c4:3a:80:9f:2f:b2:e9:80:0f:4e:c1:de:ac:32:c3:95:
         f2:f6:e6:1f:89:a2:d2:00:9f:36:a1:14:57:0f:c1:a6:7d:43:
         67:e0:d8:59
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzC2tp4bhzr21IkJ8xGLztwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWM5NWNmOGQ2MTQ3NjA2YzQ1ZjhmYzJmN2UyMGQzYTc1MWVmYWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjngQg5GapTe4tPhL9PT1IERDDR20
URJPkEVI26ws0+VoRSOr6oATl0FSC1YJ9OT7RoyJYiKKhzIzwghlXh3gntcHzgCD
EL+qxB6eLTIr6t7psg9hAaSHdpBss4+RBH+0Eto2hoMRo1JpHAIuURwk+fTsUXbe
n+NoykeN0hCEyShmWbeBIefPZD+2Yu5Z7CXlg6ztFv7f91vLhEJDYoFJyAt3TMq0
KmvpaRa9Lg+za+s85BUeLcL9Bw5hpTX4CxRExrCL2WXFlE6WRSRmxtj0vDlbYyDz
XR5bCJMPNf6ob71ngqZ/83WqPBIsHptBEXaPq1mmTX/EBvwThrNtytArVQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPHJXPjWFHYGxF+PwvfiDTp1Hvq5MB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvOGNsYy1OWVVkZ2JFWDRfQzktSU5PblVlLXJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAw4isAwQA
w4ivAwQBw4i4MA0GCSqGSIb3DQEBCwUAA4IBAQC8tvYA5DSKxQpjg2e2tAzMd6oe
iXmi8v1V//haNMBj3ygzvV286aezIeVLJ5d5uPhiCypWlEurJ/xyV5K+c25BGBdT
4x7BTXB4KMCrWFPn6zfYZ7rfdyf4Lovj2o5vH5C90yUgoOguxx9hUMYRA52z9mUB
SPSTN5x23bst6IoO7Wks9B8pmuV5M6lFcRb5NV6Km8veJxfhCIUDSpWoGK6i9WgY
Rzk/2WlcgNYl0y8mrUzN1QmiX9/nZtPKLk5f1lt+b2qrfVs1xmN4sv1mKvajyxdh
y4AXastAOcQ6gJ8vsumAD07B3qwyw5Xy9uYfiaLSAJ82oRRXD8GmfUNn4NhZ
-----END CERTIFICATE-----