Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/1edd25-ff90-40ae-8a20-f76b8353ad68/1/nl8JNrxUnzEGMdNS2WVtOgO2Ru0.roa
File:                     nl8JNrxUnzEGMdNS2WVtOgO2Ru0.roa (raw, json)
Hash identifier:          FAOHLMEk9dcz04oGFUCUq0eKxAD6ftAhzdG1dbge1w0=
Subject key identifier:   9E:5F:09:36:BC:54:9F:31:06:31:D3:52:D9:65:6D:3A:03:B6:46:ED
Certificate issuer:       /CN=99962f5ee0278a60cbbcd4169191f71481216ad4
Certificate serial:       018CC9BC4D042925001EC189F5A915E576D8
Authority key identifier: 99:96:2F:5E:E0:27:8A:60:CB:BC:D4:16:91:91:F7:14:81:21:6A:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mZYvXuAnimDLvNQWkZH3FIEhatQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/1edd25-ff90-40ae-8a20-f76b8353ad68/1/nl8JNrxUnzEGMdNS2WVtOgO2Ru0.roa
Signing time:             Tue 02 Jan 2024 10:33:30 +0000
ROA not before:           Tue 02 Jan 2024 10:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6851
IP address blocks:        195.246.226.0/24 maxlen: 24
                          195.246.226.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/1edd25-ff90-40ae-8a20-f76b8353ad68/1/mZYvXuAnimDLvNQWkZH3FIEhatQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/1edd25-ff90-40ae-8a20-f76b8353ad68/1/mZYvXuAnimDLvNQWkZH3FIEhatQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mZYvXuAnimDLvNQWkZH3FIEhatQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:4d:04:29:25:00:1e:c1:89:f5:a9:15:e5:76:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99962f5ee0278a60cbbcd4169191f71481216ad4
        Validity
            Not Before: Jan  2 10:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e5f0936bc549f310631d352d9656d3a03b646ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:68:c3:a8:7b:dd:69:8e:bc:d4:f7:ee:b5:58:
                    e5:2a:0e:91:c6:f1:5b:9a:6c:3d:51:95:44:f3:3f:
                    77:bf:0a:97:ff:8d:55:cb:6e:b1:f2:1c:5d:13:24:
                    37:be:ab:f3:7a:5d:f6:dc:69:f6:c2:54:02:16:d6:
                    df:ed:2e:84:b0:d5:66:40:59:53:bc:25:3b:4b:54:
                    c8:b9:0c:16:b4:70:ac:7c:05:24:15:33:91:91:85:
                    70:52:67:ec:63:bf:38:29:da:fb:e1:1a:00:d0:bf:
                    3d:3c:2d:b8:8f:cb:bb:51:fa:df:32:e7:54:87:0e:
                    34:3e:2e:09:9b:c6:c1:3c:c2:6e:e7:f9:57:5f:c7:
                    20:9e:f0:12:55:82:9e:33:89:24:01:c6:db:d5:31:
                    e4:aa:2d:0c:3a:6b:b3:36:81:9b:94:0f:76:36:58:
                    3b:48:87:d3:8b:bc:f5:29:b3:70:4c:6c:a9:b9:1d:
                    65:60:d4:30:15:12:75:fd:45:63:d1:56:e6:51:37:
                    24:da:0e:b6:40:d2:81:c5:84:73:2f:f6:7d:53:74:
                    11:56:6a:e7:5b:59:70:8b:86:c9:65:87:1b:93:a8:
                    80:31:e6:ae:94:10:5a:a2:a6:9f:54:f9:d2:7f:87:
                    dd:d2:f1:b7:f1:2d:58:29:08:f4:71:f7:64:25:71:
                    35:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:5F:09:36:BC:54:9F:31:06:31:D3:52:D9:65:6D:3A:03:B6:46:ED
            X509v3 Authority Key Identifier:
                keyid:99:96:2F:5E:E0:27:8A:60:CB:BC:D4:16:91:91:F7:14:81:21:6A:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mZYvXuAnimDLvNQWkZH3FIEhatQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/1edd25-ff90-40ae-8a20-f76b8353ad68/1/nl8JNrxUnzEGMdNS2WVtOgO2Ru0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/1edd25-ff90-40ae-8a20-f76b8353ad68/1/mZYvXuAnimDLvNQWkZH3FIEhatQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.246.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:e5:8c:fc:72:ca:f3:7d:c3:17:d5:c8:4a:67:39:99:c6:bd:
         59:3e:d5:34:aa:51:a0:08:3e:4b:ef:7a:07:43:5c:b4:f5:6d:
         23:a7:d1:4a:58:9a:79:7a:61:e8:ac:12:f8:b1:63:cc:c0:f4:
         f9:b8:69:73:bc:3d:7d:00:ca:b2:e2:24:72:9e:46:56:31:12:
         dc:cb:a7:49:f6:ae:04:8b:a2:03:24:74:e4:63:28:e3:2d:6e:
         89:e7:30:b9:d0:7a:38:43:6d:e1:cd:4a:17:8c:41:6e:30:3e:
         6b:dc:83:48:e6:b8:98:00:3c:a6:8d:dc:47:d4:c0:f8:8e:bb:
         dd:18:92:2a:0c:34:e2:6a:1b:54:c0:db:98:64:c9:1b:21:e5:
         f9:33:0d:5e:9e:ca:80:39:15:50:6d:a0:74:86:f1:ca:24:41:
         e8:e0:51:c1:70:1f:a8:0a:f7:3f:71:c7:52:82:40:81:7c:73:
         37:89:7f:c1:b4:88:c6:8c:1d:27:68:67:4e:45:42:ce:12:bb:
         1d:88:ec:50:9e:03:d5:d3:c0:7c:c7:dc:ba:58:a0:df:a9:76:
         31:89:f6:c9:4d:b3:02:0a:e0:8a:7f:4f:3b:28:8b:ad:8e:61:
         a0:44:de:0a:55:54:ed:38:d0:0d:d2:77:09:2c:4b:cd:d4:f9:
         48:0a:f9:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvE0EKSUAHsGJ9akV5XbYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5OTYyZjVlZTAyNzhhNjBjYmJjZDQxNjkxOTFmNzE0ODEy
MTZhZDQwHhcNMjQwMTAyMTAzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTVmMDkzNmJjNTQ5ZjMxMDYzMWQzNTJkOTY1NmQzYTAzYjY0NmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmjDqHvdaY681PfutVjlKg6RxvFb
mmw9UZVE8z93vwqX/41Vy26x8hxdEyQ3vqvzel323Gn2wlQCFtbf7S6EsNVmQFlT
vCU7S1TIuQwWtHCsfAUkFTORkYVwUmfsY784Kdr74RoA0L89PC24j8u7UfrfMudU
hw40Pi4Jm8bBPMJu5/lXX8cgnvASVYKeM4kkAcbb1THkqi0MOmuzNoGblA92Nlg7
SIfTi7z1KbNwTGypuR1lYNQwFRJ1/UVj0VbmUTck2g62QNKBxYRzL/Z9U3QRVmrn
W1lwi4bJZYcbk6iAMeaulBBaoqafVPnSf4fd0vG38S1YKQj0cfdkJXE17QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ5fCTa8VJ8xBjHTUtllbToDtkbtMB8GA1UdIwQY
MBaAFJmWL17gJ4pgy7zUFpGR9xSBIWrUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVpZdlh1QW5pbURMdk5RV2taSDNGSUVoYXRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8xZWRkMjUtZmY5MC00MGFlLThhMjAt
Zjc2YjgzNTNhZDY4LzEvbmw4Sk5yeFVuekVHTWROUzJXVnRPZ08yUnUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8xZWRkMjUtZmY5MC00MGFlLThhMjAtZjc2YjgzNTNhZDY4
LzEvbVpZdlh1QW5pbURMdk5RV2taSDNGSUVoYXRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/biMA0G
CSqGSIb3DQEBCwUAA4IBAQBM5Yz8csrzfcMX1chKZzmZxr1ZPtU0qlGgCD5L73oH
Q1y09W0jp9FKWJp5emHorBL4sWPMwPT5uGlzvD19AMqy4iRynkZWMRLcy6dJ9q4E
i6IDJHTkYyjjLW6J5zC50Ho4Q23hzUoXjEFuMD5r3INI5riYADymjdxH1MD4jrvd
GJIqDDTiahtUwNuYZMkbIeX5Mw1ensqAORVQbaB0hvHKJEHo4FHBcB+oCvc/ccdS
gkCBfHM3iX/BtIjGjB0naGdORULOErsdiOxQngPV08B8x9y6WKDfqXYxifbJTbMC
CuCKf087KIutjmGgRN4KVVTtONAN0ncJLEvN1PlICvkI
-----END CERTIFICATE-----