Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/283234-a52a-4556-b3cb-f1d5ca96a7d6/1/I7IZ22ETZr8wJXZeL5Vure1J9Ds.roa
File:                     I7IZ22ETZr8wJXZeL5Vure1J9Ds.roa (raw, json)
Hash identifier:          uvkf/6j6Eabxe5fvLaQuIApzJ2nQ1tGnN+nlvAabyF4=
Subject key identifier:   23:B2:19:DB:61:13:66:BF:30:25:76:5E:2F:95:6E:AD:ED:49:F4:3B
Certificate issuer:       /CN=414915cdd322bfe39472536955464a5ff67117c3
Certificate serial:       018CC3494F95C28D07FA68C72979B46BDB12
Authority key identifier: 41:49:15:CD:D3:22:BF:E3:94:72:53:69:55:46:4A:5F:F6:71:17:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QUkVzdMiv-OUclNpVUZKX_ZxF8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/283234-a52a-4556-b3cb-f1d5ca96a7d6/1/I7IZ22ETZr8wJXZeL5Vure1J9Ds.roa
Signing time:             Mon 01 Jan 2024 04:30:10 +0000
ROA not before:           Mon 01 Jan 2024 04:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9044
IP address blocks:        195.137.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/283234-a52a-4556-b3cb-f1d5ca96a7d6/1/QUkVzdMiv-OUclNpVUZKX_ZxF8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/283234-a52a-4556-b3cb-f1d5ca96a7d6/1/QUkVzdMiv-OUclNpVUZKX_ZxF8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QUkVzdMiv-OUclNpVUZKX_ZxF8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:4f:95:c2:8d:07:fa:68:c7:29:79:b4:6b:db:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=414915cdd322bfe39472536955464a5ff67117c3
        Validity
            Not Before: Jan  1 04:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23b219db611366bf3025765e2f956eaded49f43b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:6b:eb:21:83:9f:6b:20:c6:a2:9b:bd:e5:e8:
                    08:8b:a3:90:68:17:96:d1:b3:5f:e8:f8:88:2c:3e:
                    93:f9:30:ba:58:bf:f2:21:ac:61:90:cc:2f:05:7d:
                    6d:1c:13:2a:7a:cc:b8:5c:c8:e7:30:ac:a9:0d:94:
                    cb:b3:be:62:da:17:0c:53:a3:6f:90:84:ca:21:31:
                    66:70:8c:af:57:41:9d:74:40:39:78:0f:ca:33:af:
                    e7:1b:48:c5:10:d2:6d:d9:cf:8b:13:a2:09:c7:7b:
                    35:37:b5:7f:a4:e1:9e:20:c2:b1:12:95:54:ff:9a:
                    45:0c:2f:16:65:fb:4c:3b:6b:f8:68:a4:36:cc:4c:
                    39:99:d4:99:f8:8e:15:f6:b0:58:86:cf:bc:5d:63:
                    a7:48:ec:a2:d8:32:f5:07:12:ce:24:8d:e5:79:6d:
                    19:1f:a7:ea:e1:a3:53:af:e3:c8:a5:43:37:a2:5e:
                    bc:47:ef:c5:5a:8d:e9:38:42:7d:62:e2:9a:71:c7:
                    f4:42:63:07:f8:a2:1e:9a:7e:ee:af:34:8b:c9:0f:
                    05:db:4e:9d:a0:0d:9e:57:62:37:b8:92:a1:ff:b0:
                    80:63:3f:24:09:4c:c5:b1:75:05:1e:2e:04:f0:ae:
                    db:d0:d1:21:7e:52:09:13:fd:eb:69:de:ed:dd:2d:
                    67:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:B2:19:DB:61:13:66:BF:30:25:76:5E:2F:95:6E:AD:ED:49:F4:3B
            X509v3 Authority Key Identifier:
                keyid:41:49:15:CD:D3:22:BF:E3:94:72:53:69:55:46:4A:5F:F6:71:17:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QUkVzdMiv-OUclNpVUZKX_ZxF8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/283234-a52a-4556-b3cb-f1d5ca96a7d6/1/I7IZ22ETZr8wJXZeL5Vure1J9Ds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/283234-a52a-4556-b3cb-f1d5ca96a7d6/1/QUkVzdMiv-OUclNpVUZKX_ZxF8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.137.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:3c:e0:35:9c:60:84:47:6a:b6:48:c9:9f:e2:46:cf:e0:82:
         fb:ef:e4:fd:bf:b2:09:29:d1:6e:4c:b7:89:3a:e0:0a:90:09:
         e9:46:c0:ab:62:65:ae:db:0a:9d:30:00:12:60:d1:cb:12:c0:
         4f:e0:87:f1:f9:51:3c:ae:48:03:ea:a9:d4:b1:d8:bc:a7:cc:
         5f:25:a0:50:42:1b:38:93:68:b7:74:99:6a:aa:00:79:fa:e9:
         59:1d:12:8e:a8:a7:03:c7:fa:c3:6a:bc:d9:37:ca:97:b7:c8:
         d5:02:2b:47:a3:0d:b5:78:b7:06:79:d2:ff:01:45:e0:90:86:
         2b:e9:5c:75:33:1d:3c:f6:e5:37:5b:26:0a:95:7f:64:7e:0a:
         83:68:41:22:9a:c6:45:a3:21:46:74:00:0f:c0:19:aa:f6:f7:
         85:ae:9e:71:9b:ba:59:c4:52:ef:10:31:09:bb:20:4d:a0:f3:
         2b:37:24:cc:e3:b6:69:4c:18:3d:37:c8:4c:14:b1:aa:50:48:
         20:9e:4b:a2:13:09:f9:36:fa:c9:49:07:a4:e6:6b:fd:c2:1b:
         3f:36:e0:82:b6:19:18:e1:bd:4b:78:24:72:90:b6:fd:5e:2e:
         70:0f:84:08:af:68:93:5b:5a:1d:19:79:34:67:60:ef:77:15:
         14:95:a1:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSU+Vwo0H+mjHKXm0a9sSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNDkxNWNkZDMyMmJmZTM5NDcyNTM2OTU1NDY0YTVmZjY3
MTE3YzMwHhcNMjQwMTAxMDQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2IyMTlkYjYxMTM2NmJmMzAyNTc2NWUyZjk1NmVhZGVkNDlmNDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGvrIYOfayDGopu95egIi6OQaBeW
0bNf6PiILD6T+TC6WL/yIaxhkMwvBX1tHBMqesy4XMjnMKypDZTLs75i2hcMU6Nv
kITKITFmcIyvV0GddEA5eA/KM6/nG0jFENJt2c+LE6IJx3s1N7V/pOGeIMKxEpVU
/5pFDC8WZftMO2v4aKQ2zEw5mdSZ+I4V9rBYhs+8XWOnSOyi2DL1BxLOJI3leW0Z
H6fq4aNTr+PIpUM3ol68R+/FWo3pOEJ9YuKaccf0QmMH+KIemn7urzSLyQ8F206d
oA2eV2I3uJKh/7CAYz8kCUzFsXUFHi4E8K7b0NEhflIJE/3rad7t3S1nSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCOyGdthE2a/MCV2Xi+Vbq3tSfQ7MB8GA1UdIwQY
MBaAFEFJFc3TIr/jlHJTaVVGSl/2cRfDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVVrVnpkTWl2LU9VY2xOcFZVWktYX1p4RjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS8yODMyMzQtYTUyYS00NTU2LWIzY2It
ZjFkNWNhOTZhN2Q2LzEvSTdJWjIyRVRacjh3SlhaZUw1VnVyZTFKOURzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS8yODMyMzQtYTUyYS00NTU2LWIzY2ItZjFkNWNhOTZhN2Q2
LzEvUVVrVnpkTWl2LU9VY2xOcFZVWktYX1p4RjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4mvMA0G
CSqGSIb3DQEBCwUAA4IBAQBtPOA1nGCER2q2SMmf4kbP4IL77+T9v7IJKdFuTLeJ
OuAKkAnpRsCrYmWu2wqdMAASYNHLEsBP4Ifx+VE8rkgD6qnUsdi8p8xfJaBQQhs4
k2i3dJlqqgB5+ulZHRKOqKcDx/rDarzZN8qXt8jVAitHow21eLcGedL/AUXgkIYr
6Vx1Mx089uU3WyYKlX9kfgqDaEEimsZFoyFGdAAPwBmq9veFrp5xm7pZxFLvEDEJ
uyBNoPMrNyTM47ZpTBg9N8hMFLGqUEggnkuiEwn5NvrJSQek5mv9whs/NuCCthkY
4b1LeCRykLb9Xi5wD4QIr2iTW1odGXk0Z2DvdxUUlaGl
-----END CERTIFICATE-----