Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/DVpjixJopAS-mCe3T-Tr17VqhdI.roa
File:                     DVpjixJopAS-mCe3T-Tr17VqhdI.roa (raw, json)
Hash identifier:          TS/6vRBdH4qHplmwGD2pPg0fH4puiKjxtGwX4cbQ5bk=
Subject key identifier:   0D:5A:63:8B:12:68:A4:04:BE:98:27:B7:4F:E4:EB:D7:B5:6A:85:D2
Certificate issuer:       /CN=e7f881401abacc88c941fdf740f1ab1536f05dba
Certificate serial:       018CCA2BB541DBC1E661C7ABE5BAFCAD28E8
Authority key identifier: E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/DVpjixJopAS-mCe3T-Tr17VqhdI.roa
Signing time:             Tue 02 Jan 2024 12:35:11 +0000
ROA not before:           Tue 02 Jan 2024 12:35:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39456
IP address blocks:        195.12.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:b5:41:db:c1:e6:61:c7:ab:e5:ba:fc:ad:28:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7f881401abacc88c941fdf740f1ab1536f05dba
        Validity
            Not Before: Jan  2 12:35:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d5a638b1268a404be9827b74fe4ebd7b56a85d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:a9:c2:46:61:50:a7:b0:cf:34:b9:6b:e1:42:
                    77:fe:53:52:98:81:71:03:c8:0e:84:9b:a9:ed:62:
                    29:b2:86:4f:d4:8b:c2:cd:3c:3f:25:8b:0d:7f:72:
                    f6:6d:ce:19:a2:2e:2b:ef:a9:b8:8a:e3:7e:97:5e:
                    e5:87:53:50:d2:00:34:67:dd:82:0c:63:a5:c8:ca:
                    f8:a6:b8:89:9c:73:c5:17:6a:e2:4e:88:3b:90:98:
                    1f:8d:56:82:de:68:85:58:4f:61:87:53:27:be:6e:
                    59:01:81:be:02:cb:75:22:b5:56:b9:b0:98:3c:e1:
                    aa:9a:61:7a:04:78:8a:91:9f:43:a8:e2:7c:4f:d2:
                    6b:f0:50:52:59:29:fa:5f:1c:6c:8b:a5:0f:52:1a:
                    f7:7c:49:59:43:8f:92:ff:02:af:0a:e7:d0:ae:e6:
                    d5:fd:03:ed:5b:4e:9a:3a:4e:91:75:26:71:68:4f:
                    85:a0:ae:63:5e:04:d2:f6:41:ed:21:ae:63:8d:8e:
                    48:e1:63:23:46:5d:cd:24:fb:de:a5:87:56:d5:64:
                    a2:1d:fd:b0:0e:2a:d1:4a:81:13:62:2c:a1:13:32:
                    89:41:04:4b:1a:a3:f2:cc:c9:88:5b:e5:2a:b0:8b:
                    7d:98:2e:61:c1:68:c4:c9:07:26:40:b9:40:16:75:
                    40:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:5A:63:8B:12:68:A4:04:BE:98:27:B7:4F:E4:EB:D7:B5:6A:85:D2
            X509v3 Authority Key Identifier:
                keyid:E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/DVpjixJopAS-mCe3T-Tr17VqhdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.12.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:8e:7e:33:2e:76:7a:ea:d3:b7:60:a8:66:f0:81:4c:62:d5:
         cf:f9:94:3a:6b:39:ce:d9:42:09:13:f6:9c:59:10:4f:40:fe:
         4f:97:b3:3e:8e:7e:9f:38:50:43:49:e7:a9:be:c4:b6:16:ba:
         ac:32:e2:9c:88:8c:21:cc:99:1d:17:b3:54:68:83:0f:dd:db:
         61:c9:11:3c:52:12:0e:b4:8a:42:91:f7:d4:48:f9:75:1b:a3:
         4f:db:b1:e3:b3:b7:03:38:2a:92:f2:6e:84:cb:7e:3a:4a:2c:
         c7:60:c3:01:04:c0:df:f3:c2:39:38:ab:eb:d5:41:a1:b7:58:
         da:b0:dd:50:69:c0:bc:97:a3:d0:52:48:74:4a:0e:cf:26:ac:
         2f:4e:c7:9c:89:8a:db:72:e8:1b:83:32:0e:13:14:1b:2a:f2:
         b8:68:60:66:5c:53:a5:ff:45:d8:ee:fc:45:6f:36:1a:42:30:
         3f:a2:68:d2:35:e8:4d:e6:a2:73:cd:9c:7e:f6:f1:39:8f:af:
         b5:4a:a2:a5:ae:26:ca:56:35:09:6a:f4:fa:48:85:1a:9f:8b:
         48:a4:65:51:83:53:a1:71:32:a9:ee:4b:ca:16:5f:91:c9:65:
         5c:43:ed:1c:f0:32:c8:48:67:bc:16:18:66:9f:65:3b:b2:90:
         12:b9:0d:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK7VB28HmYcer5br8rSjoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Zjg4MTQwMWFiYWNjODhjOTQxZmRmNzQwZjFhYjE1MzZm
MDVkYmEwHhcNMjQwMTAyMTIzNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDVhNjM4YjEyNjhhNDA0YmU5ODI3Yjc0ZmU0ZWJkN2I1NmE4NWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qnCRmFQp7DPNLlr4UJ3/lNSmIFx
A8gOhJup7WIpsoZP1IvCzTw/JYsNf3L2bc4Zoi4r76m4iuN+l17lh1NQ0gA0Z92C
DGOlyMr4priJnHPFF2riTog7kJgfjVaC3miFWE9hh1Mnvm5ZAYG+Ast1IrVWubCY
POGqmmF6BHiKkZ9DqOJ8T9Jr8FBSWSn6Xxxsi6UPUhr3fElZQ4+S/wKvCufQrubV
/QPtW06aOk6RdSZxaE+FoK5jXgTS9kHtIa5jjY5I4WMjRl3NJPvepYdW1WSiHf2w
DirRSoETYiyhEzKJQQRLGqPyzMmIW+UqsIt9mC5hwWjEyQcmQLlAFnVAUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1aY4sSaKQEvpgnt0/k69e1aoXSMB8GA1UdIwQY
MBaAFOf4gUAausyIyUH990DxqxU28F26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmIt
ZTJmYmMzYTY4ODAwLzEvRFZwaml4Sm9wQVMtbUNlM1QtVHIxN1ZxaGRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmItZTJmYmMzYTY4ODAw
LzEvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwyJMA0G
CSqGSIb3DQEBCwUAA4IBAQCxjn4zLnZ66tO3YKhm8IFMYtXP+ZQ6aznO2UIJE/ac
WRBPQP5Pl7M+jn6fOFBDSeepvsS2FrqsMuKciIwhzJkdF7NUaIMP3dthyRE8UhIO
tIpCkffUSPl1G6NP27Hjs7cDOCqS8m6Ey346SizHYMMBBMDf88I5OKvr1UGht1ja
sN1QacC8l6PQUkh0Sg7PJqwvTseciYrbcugbgzIOExQbKvK4aGBmXFOl/0XY7vxF
bzYaQjA/omjSNehN5qJzzZx+9vE5j6+1SqKlribKVjUJavT6SIUan4tIpGVRg1Oh
cTKp7kvKFl+RyWVcQ+0c8DLISGe8Fhhmn2U7spASuQ0t
-----END CERTIFICATE-----