Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/026f16-5c4c-49ad-a030-812bbeec51df/1/bxxjpUPNkbNFoveKZ2hElX7yDvQ.roa
File:                     bxxjpUPNkbNFoveKZ2hElX7yDvQ.roa (raw, json)
Hash identifier:          alW3+VEfsWJrMEtBxBz9fb9YFxkcMjiSte9de8xNbF4=
Subject key identifier:   6F:1C:63:A5:43:CD:91:B3:45:A2:F7:8A:67:68:44:95:7E:F2:0E:F4
Certificate issuer:       /CN=5beacabe9fdccbb547ed5ea9944afd79ddf35197
Certificate serial:       018CC26D0C3373AE6D6C5C0A5386863C0FEA
Authority key identifier: 5B:EA:CA:BE:9F:DC:CB:B5:47:ED:5E:A9:94:4A:FD:79:DD:F3:51:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W-rKvp_cy7VH7V6plEr9ed3zUZc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/026f16-5c4c-49ad-a030-812bbeec51df/1/bxxjpUPNkbNFoveKZ2hElX7yDvQ.roa
Signing time:             Mon 01 Jan 2024 00:29:35 +0000
ROA not before:           Mon 01 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        195.85.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/026f16-5c4c-49ad-a030-812bbeec51df/1/W-rKvp_cy7VH7V6plEr9ed3zUZc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/026f16-5c4c-49ad-a030-812bbeec51df/1/W-rKvp_cy7VH7V6plEr9ed3zUZc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W-rKvp_cy7VH7V6plEr9ed3zUZc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 07:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0c:33:73:ae:6d:6c:5c:0a:53:86:86:3c:0f:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5beacabe9fdccbb547ed5ea9944afd79ddf35197
        Validity
            Not Before: Jan  1 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f1c63a543cd91b345a2f78a676844957ef20ef4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:22:78:6f:b8:1c:0a:e1:da:98:79:d8:01:88:
                    19:44:8b:aa:9e:27:a6:9f:9e:01:54:03:9a:18:53:
                    38:51:c7:ed:50:f6:77:2a:86:bd:50:c7:ba:58:af:
                    af:48:fd:15:16:1e:4b:6d:d6:42:e3:54:3d:ae:9d:
                    86:53:4d:d1:f2:da:60:cf:f6:b2:7a:ec:fa:db:1e:
                    2c:8c:b8:48:26:7c:8b:66:6d:e0:e8:5e:dd:cc:1c:
                    dd:2a:42:37:07:27:61:af:bb:2c:67:c3:8a:f3:3c:
                    64:b0:f9:88:9b:2b:95:57:c0:87:a9:7e:16:cb:20:
                    12:e3:b9:3c:e7:50:1d:30:9c:cc:e2:c6:59:14:13:
                    02:e6:cb:89:33:2e:1f:e9:6a:b5:85:d0:9b:25:ea:
                    2d:f9:fb:35:4b:5e:a2:16:de:53:c9:c4:b3:6e:a3:
                    42:31:ca:22:5e:82:c9:21:1d:56:d1:95:b2:e6:f5:
                    41:df:80:30:99:a5:53:f0:4f:16:f2:4e:6b:b2:c5:
                    28:65:83:9d:a3:d9:9f:93:f7:90:84:66:05:d5:0d:
                    1d:44:eb:37:52:fd:1e:2f:9f:6a:68:a5:2c:be:5d:
                    a7:20:df:8a:2b:82:70:e6:45:fb:6b:41:08:b3:8c:
                    f4:1a:a7:a6:42:15:a7:86:5e:7b:9c:bc:a3:77:24:
                    55:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:1C:63:A5:43:CD:91:B3:45:A2:F7:8A:67:68:44:95:7E:F2:0E:F4
            X509v3 Authority Key Identifier:
                keyid:5B:EA:CA:BE:9F:DC:CB:B5:47:ED:5E:A9:94:4A:FD:79:DD:F3:51:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W-rKvp_cy7VH7V6plEr9ed3zUZc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/026f16-5c4c-49ad-a030-812bbeec51df/1/bxxjpUPNkbNFoveKZ2hElX7yDvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/026f16-5c4c-49ad-a030-812bbeec51df/1/W-rKvp_cy7VH7V6plEr9ed3zUZc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:88:dd:72:da:ce:f9:31:2c:87:fb:0a:8b:fa:0d:6e:d0:81:
         f0:91:8d:94:0b:36:42:4b:3d:20:b1:c6:5b:53:79:aa:8c:f7:
         c8:90:2d:8e:1a:a0:19:eb:12:f4:f8:8f:c9:e4:d4:76:f1:63:
         d2:8b:9b:04:81:2c:35:a2:06:af:9d:40:51:e6:d0:a3:9d:39:
         73:77:d6:31:8b:f9:4a:da:14:12:6b:af:cb:f6:a7:f5:ba:ec:
         d9:bb:ed:b6:c6:1f:d4:0b:39:a7:be:bd:b6:95:9c:0a:a5:22:
         b7:79:f1:83:04:ca:06:12:8e:87:e3:ce:b2:33:4b:cf:25:2b:
         da:94:d6:b7:13:b6:16:e1:84:96:ca:a8:d9:fb:2b:77:60:c0:
         c9:b6:ac:1b:e7:40:4d:a0:75:c1:d6:c0:c8:cb:64:44:46:43:
         dd:35:ea:fa:66:f4:51:9c:e4:d9:c6:8b:7d:63:62:1d:f8:b9:
         19:6a:d2:5d:2d:48:90:7d:67:ca:2f:6f:2f:0b:6c:a2:ca:45:
         d5:66:34:b0:d8:2a:79:ae:34:10:05:5a:08:9b:bf:fb:8d:45:
         dc:b0:3a:c1:7f:3d:6c:2f:fc:6b:52:f3:a8:e0:cf:93:5a:7c:
         d4:7d:ac:c3:4a:3d:9c:45:d5:ce:ce:fd:92:26:e2:f5:85:f6:
         02:51:84:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQwzc65tbFwKU4aGPA/qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZWFjYWJlOWZkY2NiYjU0N2VkNWVhOTk0NGFmZDc5ZGRm
MzUxOTcwHhcNMjQwMTAxMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjFjNjNhNTQzY2Q5MWIzNDVhMmY3OGE2NzY4NDQ5NTdlZjIwZWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmiJ4b7gcCuHamHnYAYgZRIuqniem
n54BVAOaGFM4UcftUPZ3Koa9UMe6WK+vSP0VFh5LbdZC41Q9rp2GU03R8tpgz/ay
euz62x4sjLhIJnyLZm3g6F7dzBzdKkI3Bydhr7ssZ8OK8zxksPmImyuVV8CHqX4W
yyAS47k851AdMJzM4sZZFBMC5suJMy4f6Wq1hdCbJeot+fs1S16iFt5TycSzbqNC
McoiXoLJIR1W0ZWy5vVB34AwmaVT8E8W8k5rssUoZYOdo9mfk/eQhGYF1Q0dROs3
Uv0eL59qaKUsvl2nIN+KK4Jw5kX7a0EIs4z0GqemQhWnhl57nLyjdyRVhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8cY6VDzZGzRaL3imdoRJV+8g70MB8GA1UdIwQY
MBaAFFvqyr6f3Mu1R+1eqZRK/Xnd81GXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVy1yS3ZwX2N5N1ZIN1Y2cGxFcjllZDN6VVpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8wMjZmMTYtNWM0Yy00OWFkLWEwMzAt
ODEyYmJlZWM1MWRmLzEvYnh4anBVUE5rYk5Gb3ZlS1oyaEVsWDd5RHZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8wMjZmMTYtNWM0Yy00OWFkLWEwMzAtODEyYmJlZWM1MWRm
LzEvVy1yS3ZwX2N5N1ZIN1Y2cGxFcjllZDN6VVpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1X6MA0G
CSqGSIb3DQEBCwUAA4IBAQB0iN1y2s75MSyH+wqL+g1u0IHwkY2UCzZCSz0gscZb
U3mqjPfIkC2OGqAZ6xL0+I/J5NR28WPSi5sEgSw1ogavnUBR5tCjnTlzd9Yxi/lK
2hQSa6/L9qf1uuzZu+22xh/UCzmnvr22lZwKpSK3efGDBMoGEo6H486yM0vPJSva
lNa3E7YW4YSWyqjZ+yt3YMDJtqwb50BNoHXB1sDIy2RERkPdNer6ZvRRnOTZxot9
Y2Id+LkZatJdLUiQfWfKL28vC2yiykXVZjSw2Cp5rjQQBVoIm7/7jUXcsDrBfz1s
L/xrUvOo4M+TWnzUfazDSj2cRdXOzv2SJuL1hfYCUYQi
-----END CERTIFICATE-----