Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/9d63f7-e4b6-4d3c-8044-3c93bb6cfee1/1/DQD1u8u62R2YAULivH5NxlcFYc4.roa
File:                     DQD1u8u62R2YAULivH5NxlcFYc4.roa (raw, json)
Hash identifier:          fhL18DQHeOmM4U9qjzQ6maeqOedLD9+gsjBs3Qwdutg=
Subject key identifier:   0D:00:F5:BB:CB:BA:D9:1D:98:01:42:E2:BC:7E:4D:C6:57:05:61:CE
Certificate issuer:       /CN=8a7150074ea6fdd1e84dd95e0b06836407e9411b
Certificate serial:       018CC80174649B5B59927AEA365159E9B3BB
Authority key identifier: 8A:71:50:07:4E:A6:FD:D1:E8:4D:D9:5E:0B:06:83:64:07:E9:41:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/inFQB06m_dHoTdleCwaDZAfpQRs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/9d63f7-e4b6-4d3c-8044-3c93bb6cfee1/1/DQD1u8u62R2YAULivH5NxlcFYc4.roa
Signing time:             Tue 02 Jan 2024 02:29:47 +0000
ROA not before:           Tue 02 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204203
IP address blocks:        195.88.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/9d63f7-e4b6-4d3c-8044-3c93bb6cfee1/1/inFQB06m_dHoTdleCwaDZAfpQRs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/9d63f7-e4b6-4d3c-8044-3c93bb6cfee1/1/inFQB06m_dHoTdleCwaDZAfpQRs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/inFQB06m_dHoTdleCwaDZAfpQRs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:74:64:9b:5b:59:92:7a:ea:36:51:59:e9:b3:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a7150074ea6fdd1e84dd95e0b06836407e9411b
        Validity
            Not Before: Jan  2 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d00f5bbcbbad91d980142e2bc7e4dc6570561ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:b2:66:76:2f:bf:a1:bd:92:12:43:67:92:4e:
                    a8:2b:80:f1:56:a1:63:a2:6a:d2:13:5d:34:fa:11:
                    ad:13:eb:e2:42:bc:9d:9e:45:86:2a:e2:fb:a6:0e:
                    3d:b2:79:22:67:f1:4a:4e:c9:29:f0:00:e8:d5:23:
                    71:bf:15:c4:d3:b8:de:7f:45:13:b7:0c:fc:b0:59:
                    39:b6:84:4a:44:71:1a:e5:b9:20:6e:97:32:3e:b9:
                    7f:62:9c:17:e3:16:a6:8d:39:98:ea:66:7d:f3:7a:
                    41:b5:a0:75:c2:39:c1:55:c8:ff:6c:6c:ce:8b:c3:
                    79:3d:f0:28:6a:6f:28:ed:5a:7c:9e:ed:f5:64:4d:
                    6e:d0:6e:e4:65:5b:89:0b:c9:34:f0:28:1e:76:86:
                    b9:79:b9:3a:d4:53:ed:4c:b1:51:65:bc:35:a7:29:
                    61:b1:0a:f9:b6:08:f1:4d:85:37:6d:8b:eb:77:64:
                    79:f0:7b:3d:a8:0f:85:9b:a6:ff:cb:68:e9:88:95:
                    43:d7:96:51:6d:bd:3b:1d:ef:b7:9e:02:d7:f3:00:
                    ea:b1:f4:b8:26:12:f6:10:1a:b9:7b:dc:71:55:8b:
                    e3:5f:1b:e8:e2:ff:a5:bf:79:04:40:2a:38:ab:9e:
                    53:0f:17:0f:f3:cd:ea:bb:12:8b:20:d8:4f:24:55:
                    5e:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:00:F5:BB:CB:BA:D9:1D:98:01:42:E2:BC:7E:4D:C6:57:05:61:CE
            X509v3 Authority Key Identifier:
                keyid:8A:71:50:07:4E:A6:FD:D1:E8:4D:D9:5E:0B:06:83:64:07:E9:41:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/inFQB06m_dHoTdleCwaDZAfpQRs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/9d63f7-e4b6-4d3c-8044-3c93bb6cfee1/1/DQD1u8u62R2YAULivH5NxlcFYc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/9d63f7-e4b6-4d3c-8044-3c93bb6cfee1/1/inFQB06m_dHoTdleCwaDZAfpQRs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:3a:53:57:a8:b1:19:d5:5e:ff:13:7b:60:6f:61:10:2d:7a:
         d1:35:11:d6:5c:f4:cd:51:a0:32:9f:f4:37:cf:f4:b2:d8:85:
         5c:85:42:3a:9d:73:4a:b5:00:b7:45:c8:be:2b:7d:22:d2:ce:
         bc:49:6a:20:3d:8d:2f:a8:49:34:97:61:5d:51:ed:32:c5:e8:
         7a:ab:76:65:00:c9:02:61:8b:56:a1:ab:69:6f:21:b4:36:2d:
         5c:48:f7:94:5d:33:9f:08:ac:df:c4:5f:f6:a3:f4:14:7b:d6:
         de:07:27:3a:dd:94:ed:6a:be:e7:67:0b:9b:8e:e3:34:34:2a:
         6a:e1:03:e1:5e:3e:fb:2e:3c:2a:3c:2f:6a:45:91:bc:6a:d7:
         41:e8:e0:5b:7a:6d:9d:a4:e7:25:8b:58:0d:6b:b6:0f:9c:b7:
         04:39:71:f6:a3:69:9e:54:a6:cb:e4:89:1f:c1:b2:3b:56:15:
         cd:e8:13:b9:82:10:a9:8f:47:6e:10:d7:45:f6:25:33:eb:ed:
         8e:e9:43:b9:27:df:dc:d4:3e:5e:5c:b8:63:96:af:08:36:02:
         de:98:fb:9f:9c:08:81:75:77:3f:61:ee:2b:d1:57:52:32:b8:
         46:ed:d1:5b:49:f1:18:dc:09:42:56:77:a3:b8:ad:04:60:66:
         84:98:8f:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAXRkm1tZknrqNlFZ6bO7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNzE1MDA3NGVhNmZkZDFlODRkZDk1ZTBiMDY4MzY0MDdl
OTQxMWIwHhcNMjQwMTAyMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDAwZjViYmNiYmFkOTFkOTgwMTQyZTJiYzdlNGRjNjU3MDU2MWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7Jmdi+/ob2SEkNnkk6oK4DxVqFj
omrSE100+hGtE+viQrydnkWGKuL7pg49snkiZ/FKTskp8ADo1SNxvxXE07jef0UT
twz8sFk5toRKRHEa5bkgbpcyPrl/YpwX4xamjTmY6mZ983pBtaB1wjnBVcj/bGzO
i8N5PfAoam8o7Vp8nu31ZE1u0G7kZVuJC8k08Cgedoa5ebk61FPtTLFRZbw1pylh
sQr5tgjxTYU3bYvrd2R58Hs9qA+Fm6b/y2jpiJVD15ZRbb07He+3ngLX8wDqsfS4
JhL2EBq5e9xxVYvjXxvo4v+lv3kEQCo4q55TDxcP883quxKLINhPJFVemQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA0A9bvLutkdmAFC4rx+TcZXBWHOMB8GA1UdIwQY
MBaAFIpxUAdOpv3R6E3ZXgsGg2QH6UEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW5GUUIwNm1fZEhvVGRsZUN3YURaQWZwUVJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni85ZDYzZjctZTRiNi00ZDNjLTgwNDQt
M2M5M2JiNmNmZWUxLzEvRFFEMXU4dTYyUjJZQVVMaXZINU54bGNGWWM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni85ZDYzZjctZTRiNi00ZDNjLTgwNDQtM2M5M2JiNmNmZWUx
LzEvaW5GUUIwNm1fZEhvVGRsZUN3YURaQWZwUVJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1jQMA0G
CSqGSIb3DQEBCwUAA4IBAQArOlNXqLEZ1V7/E3tgb2EQLXrRNRHWXPTNUaAyn/Q3
z/Sy2IVchUI6nXNKtQC3Rci+K30i0s68SWogPY0vqEk0l2FdUe0yxeh6q3ZlAMkC
YYtWoatpbyG0Ni1cSPeUXTOfCKzfxF/2o/QUe9beByc63ZTtar7nZwubjuM0NCpq
4QPhXj77LjwqPC9qRZG8atdB6OBbem2dpOcli1gNa7YPnLcEOXH2o2meVKbL5Ikf
wbI7VhXN6BO5ghCpj0duENdF9iUz6+2O6UO5J9/c1D5eXLhjlq8INgLemPufnAiB
dXc/Ye4r0VdSMrhG7dFbSfEY3AlCVnejuK0EYGaEmI9+
-----END CERTIFICATE-----