Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/4a293d-2ad3-4114-a2b1-1cc505501a0f/1/1352S60D6hLXj0gyTNyw3sJlhwA.roa
File:                     1352S60D6hLXj0gyTNyw3sJlhwA.roa (raw, json)
Hash identifier:          c4XK8vZFcQMSdUeC7u4XDLdRoIRMB/gTMIVp9p3NpEs=
Subject key identifier:   D7:7E:76:4B:AD:03:EA:12:D7:8F:48:32:4C:DC:B0:DE:C2:65:87:00
Certificate issuer:       /CN=f811fa5eff370bc36d0e3929625e3414081a2392
Certificate serial:       018CC8DD971910927542A86E10DB97088EB1
Authority key identifier: F8:11:FA:5E:FF:37:0B:C3:6D:0E:39:29:62:5E:34:14:08:1A:23:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-BH6Xv83C8NtDjkpYl40FAgaI5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/4a293d-2ad3-4114-a2b1-1cc505501a0f/1/1352S60D6hLXj0gyTNyw3sJlhwA.roa
Signing time:             Tue 02 Jan 2024 06:30:14 +0000
ROA not before:           Tue 02 Jan 2024 06:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59831
IP address blocks:        94.127.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/4a293d-2ad3-4114-a2b1-1cc505501a0f/1/1-BH6Xv83C8NtDjkpYl40FAgaI5I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/4a293d-2ad3-4114-a2b1-1cc505501a0f/1/1-BH6Xv83C8NtDjkpYl40FAgaI5I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-BH6Xv83C8NtDjkpYl40FAgaI5I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 12:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:97:19:10:92:75:42:a8:6e:10:db:97:08:8e:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f811fa5eff370bc36d0e3929625e3414081a2392
        Validity
            Not Before: Jan  2 06:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d77e764bad03ea12d78f48324cdcb0dec2658700
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:65:6d:f2:bf:a5:76:64:95:03:11:ae:ce:d6:
                    0a:1f:35:ff:a9:30:07:4d:8f:3a:4f:68:8b:68:7e:
                    7a:87:e1:21:cb:ce:a1:db:ac:de:3a:20:80:8f:4c:
                    3b:ad:24:fc:58:40:a2:5c:62:7d:1c:8a:7b:1c:4b:
                    92:cd:41:45:88:28:6b:36:57:3f:a2:c6:5d:d1:aa:
                    3a:2f:ae:4b:f5:9a:9e:2a:b5:26:7e:48:85:f8:49:
                    e9:4b:4c:90:5c:08:65:11:a6:69:02:8b:0b:52:20:
                    d5:6a:98:29:67:20:92:89:af:0b:16:e0:f5:0a:83:
                    99:e7:8a:ce:7c:b2:93:95:80:98:db:1c:ef:0a:4a:
                    c4:19:45:f7:af:07:d1:cb:b4:ea:06:a8:34:43:41:
                    c2:9d:62:5f:c7:c7:86:d4:45:0e:54:0f:30:92:cf:
                    0e:f6:0f:f9:a9:d4:ed:52:d4:07:a4:ea:a0:39:ec:
                    8d:74:2d:ca:f1:00:21:82:cf:3b:27:d9:32:a2:0a:
                    ec:ea:77:f3:f4:ad:c0:7e:d1:2d:94:eb:9c:91:ee:
                    ce:09:1c:97:b9:e5:17:cb:ba:28:8d:62:90:1e:f4:
                    d6:5b:2d:0c:c6:26:fd:85:54:86:b9:ee:5a:1f:f6:
                    b6:05:2c:14:3a:8e:50:b7:a5:c6:22:bb:6b:eb:98:
                    4e:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:7E:76:4B:AD:03:EA:12:D7:8F:48:32:4C:DC:B0:DE:C2:65:87:00
            X509v3 Authority Key Identifier:
                keyid:F8:11:FA:5E:FF:37:0B:C3:6D:0E:39:29:62:5E:34:14:08:1A:23:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-BH6Xv83C8NtDjkpYl40FAgaI5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4a293d-2ad3-4114-a2b1-1cc505501a0f/1/1352S60D6hLXj0gyTNyw3sJlhwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4a293d-2ad3-4114-a2b1-1cc505501a0f/1/1-BH6Xv83C8NtDjkpYl40FAgaI5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.127.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:eb:c7:fd:0a:cb:e5:7b:45:11:10:e5:68:f0:47:a4:05:47:
         25:d9:25:04:2e:12:52:9c:58:de:53:ae:27:9d:36:17:bd:6c:
         22:2c:35:5f:fb:80:86:f9:06:26:e2:4f:00:4d:01:b1:96:52:
         f4:ec:8a:c2:d5:b8:dc:ac:e3:b3:8b:f8:ab:ca:b1:80:19:aa:
         0d:87:60:31:d3:8e:cb:46:71:f8:b0:46:15:45:47:a3:21:a1:
         43:3e:91:0a:df:4f:4b:72:b0:45:6c:16:54:fe:18:c9:d4:9a:
         e2:b4:29:08:c3:7f:b2:c0:fe:39:97:5c:d9:94:9d:08:13:17:
         08:6e:77:20:0c:c0:bd:8d:41:c1:37:52:f5:65:cf:8f:53:8d:
         e4:97:86:ae:64:2a:1a:84:44:c0:c6:e7:9d:9d:87:9a:1d:6a:
         6f:af:43:13:e7:37:29:6c:2c:15:61:b7:77:40:0a:80:6a:cf:
         b0:6d:fc:15:81:c4:55:f9:29:d6:00:2b:ee:33:d2:a9:86:88:
         ee:1d:98:ea:d6:7c:71:56:94:1a:68:36:3c:3e:0d:b1:ea:5f:
         1a:21:e9:b8:0b:b9:21:17:63:b0:50:db:7e:cf:b7:09:9a:2a:
         8b:54:1d:57:aa:e9:f2:34:49:a8:6d:f6:59:cb:22:8f:e6:56:
         42:6c:2a:39
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzI3ZcZEJJ1QqhuENuXCI6xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MTFmYTVlZmYzNzBiYzM2ZDBlMzkyOTYyNWUzNDE0MDgx
YTIzOTIwHhcNMjQwMTAyMDYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzdlNzY0YmFkMDNlYTEyZDc4ZjQ4MzI0Y2RjYjBkZWMyNjU4NzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWVt8r+ldmSVAxGuztYKHzX/qTAH
TY86T2iLaH56h+Ehy86h26zeOiCAj0w7rST8WECiXGJ9HIp7HEuSzUFFiChrNlc/
osZd0ao6L65L9ZqeKrUmfkiF+EnpS0yQXAhlEaZpAosLUiDVapgpZyCSia8LFuD1
CoOZ54rOfLKTlYCY2xzvCkrEGUX3rwfRy7TqBqg0Q0HCnWJfx8eG1EUOVA8wks8O
9g/5qdTtUtQHpOqgOeyNdC3K8QAhgs87J9kyogrs6nfz9K3AftEtlOucke7OCRyX
ueUXy7oojWKQHvTWWy0Mxib9hVSGue5aH/a2BSwUOo5Qt6XGIrtr65hOEwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNd+dkutA+oS149IMkzcsN7CZYcAMB8GA1UdIwQY
MBaAFPgR+l7/NwvDbQ45KWJeNBQIGiOSMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1CSDZYdjgzQzhOdERqa3BZbDQwRkFnYUk1SS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmEvNGEyOTNkLTJhZDMtNDExNC1hMmIx
LTFjYzUwNTUwMWEwZi8xLzEzNTJTNjBENmhMWGowZ3lUTnl3M3NKbGh3QS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNmEvNGEyOTNkLTJhZDMtNDExNC1hMmIxLTFjYzUwNTUwMWEw
Zi8xLzEtQkg2WHY4M0M4TnREamtwWWw0MEZBZ2FJNUkuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABef18w
DQYJKoZIhvcNAQELBQADggEBAGbrx/0Ky+V7RREQ5WjwR6QFRyXZJQQuElKcWN5T
riedNhe9bCIsNV/7gIb5BibiTwBNAbGWUvTsisLVuNys47OL+KvKsYAZqg2HYDHT
jstGcfiwRhVFR6MhoUM+kQrfT0tysEVsFlT+GMnUmuK0KQjDf7LA/jmXXNmUnQgT
FwhudyAMwL2NQcE3UvVlz49TjeSXhq5kKhqERMDG552dh5odam+vQxPnNylsLBVh
t3dACoBqz7Bt/BWBxFX5KdYAK+4z0qmGiO4dmOrWfHFWlBpoNjw+DbHqXxoh6bgL
uSEXY7BQ237PtwmaKotUHVeq6fI0Saht9lnLIo/mVkJsKjk=
-----END CERTIFICATE-----