Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/c5f9d5-7f4a-4e2f-ba4e-738886fd4edd/1/4btVN-jHXE3X8sRQ8LJ4m5fkzko.roa
File:                     4btVN-jHXE3X8sRQ8LJ4m5fkzko.roa (raw, json)
Hash identifier:          Hmz24UJRp52TODErNa5hIBr9wybHoyPwpEVI8HexvJ4=
Subject key identifier:   E1:BB:55:37:E8:C7:5C:4D:D7:F2:C4:50:F0:B2:78:9B:97:E4:CE:4A
Certificate issuer:       /CN=feeb528ca48b1f447582c54ccf6ed780751b51d5
Certificate serial:       018D12576584DDDDEF2591B1C198C83577C0
Authority key identifier: FE:EB:52:8C:A4:8B:1F:44:75:82:C5:4C:CF:6E:D7:80:75:1B:51:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_utSjKSLH0R1gsVMz27XgHUbUdU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/c5f9d5-7f4a-4e2f-ba4e-738886fd4edd/1/4btVN-jHXE3X8sRQ8LJ4m5fkzko.roa
Signing time:             Tue 16 Jan 2024 12:55:33 +0000
ROA not before:           Tue 16 Jan 2024 12:55:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208555
IP address blocks:        95.128.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/c5f9d5-7f4a-4e2f-ba4e-738886fd4edd/1/_utSjKSLH0R1gsVMz27XgHUbUdU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/c5f9d5-7f4a-4e2f-ba4e-738886fd4edd/1/_utSjKSLH0R1gsVMz27XgHUbUdU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_utSjKSLH0R1gsVMz27XgHUbUdU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:12:57:65:84:dd:dd:ef:25:91:b1:c1:98:c8:35:77:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=feeb528ca48b1f447582c54ccf6ed780751b51d5
        Validity
            Not Before: Jan 16 12:55:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1bb5537e8c75c4dd7f2c450f0b2789b97e4ce4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:61:60:fc:07:5a:1b:d2:be:3a:0d:07:4a:8f:
                    b1:86:b5:12:94:20:64:cb:c0:ea:59:45:fe:28:27:
                    1b:fb:f8:1b:37:aa:81:d1:69:b5:53:8d:a5:83:16:
                    a6:1f:dd:19:5e:aa:e2:3c:9b:4f:52:10:36:c1:b9:
                    92:87:7e:d1:ff:a2:74:02:5b:15:a3:44:da:e8:22:
                    9e:d1:f0:aa:1c:7b:9f:57:2c:cc:bb:9f:c9:39:32:
                    8f:d7:60:e2:b3:98:37:c8:19:79:cf:b8:d8:21:fd:
                    5c:58:f6:2a:8a:81:32:bd:13:b8:eb:da:2c:a8:f3:
                    bd:53:59:e3:07:36:8a:c9:c9:55:9d:87:b4:1b:c5:
                    cc:b7:64:c6:ef:73:4a:8d:d1:18:56:a9:e9:cd:60:
                    d7:a8:7d:d4:6e:17:25:77:e1:a6:c0:b5:5b:3c:0c:
                    88:4c:d7:0c:7c:a7:55:38:a6:7d:90:0f:e4:37:bd:
                    26:76:86:17:de:45:fd:73:50:83:54:a3:91:5d:9d:
                    f0:ac:84:01:93:e3:40:5e:2f:fa:af:8f:43:2c:91:
                    09:56:48:1b:8a:59:62:fc:0c:43:4c:75:98:ee:4c:
                    c3:9e:ce:cb:57:c8:b3:c0:47:40:38:ad:c1:99:2b:
                    92:b2:78:ab:39:60:bc:b4:d8:ef:bd:bf:d6:58:23:
                    a3:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:BB:55:37:E8:C7:5C:4D:D7:F2:C4:50:F0:B2:78:9B:97:E4:CE:4A
            X509v3 Authority Key Identifier:
                keyid:FE:EB:52:8C:A4:8B:1F:44:75:82:C5:4C:CF:6E:D7:80:75:1B:51:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_utSjKSLH0R1gsVMz27XgHUbUdU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c5f9d5-7f4a-4e2f-ba4e-738886fd4edd/1/4btVN-jHXE3X8sRQ8LJ4m5fkzko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c5f9d5-7f4a-4e2f-ba4e-738886fd4edd/1/_utSjKSLH0R1gsVMz27XgHUbUdU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:ce:59:ea:30:e0:ca:91:b6:6a:52:6e:be:53:3c:08:38:62:
         a5:5b:d7:a8:67:1b:50:75:b6:d0:a7:89:fe:fe:e5:c8:6c:ec:
         bf:fb:8a:bc:5e:c3:1f:5e:a2:12:07:e7:8d:12:77:dc:d9:2e:
         ff:95:d4:76:19:61:5e:25:fe:c3:fe:02:2e:ef:8f:37:d5:eb:
         e8:ae:de:59:1d:cd:f6:1c:a4:b2:c4:85:bc:a7:87:23:07:76:
         5a:70:34:e4:c9:c4:a7:ab:e9:44:a0:1e:2c:94:9f:2d:1d:5d:
         1a:77:c9:9d:42:8c:a2:89:9b:ca:fa:5b:fe:2d:75:ca:d4:b9:
         e4:40:22:30:d7:d0:1f:51:be:8c:37:1b:02:d1:b0:43:15:22:
         53:11:e2:92:4e:6a:33:eb:82:6f:8d:2b:d0:9e:c9:9b:d5:40:
         31:82:45:b8:01:ab:9a:5b:66:fd:df:de:99:8a:51:fd:fd:00:
         e9:9e:33:c4:5c:89:9a:2c:38:17:fd:f8:4a:c6:88:68:71:39:
         b5:d7:da:fc:45:d3:46:8d:8d:ac:8d:7b:d2:7e:4f:f5:6e:bf:
         7a:eb:54:e6:66:53:4a:13:31:64:51:f5:be:2b:27:eb:fe:03:
         5c:6e:59:22:97:57:e0:fd:88:37:96:ba:e5:7b:71:51:41:86:
         1d:de:ee:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0SV2WE3d3vJZGxwZjINXfAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlZWI1MjhjYTQ4YjFmNDQ3NTgyYzU0Y2NmNmVkNzgwNzUx
YjUxZDUwHhcNMjQwMTE2MTI1NTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWJiNTUzN2U4Yzc1YzRkZDdmMmM0NTBmMGIyNzg5Yjk3ZTRjZTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmFg/AdaG9K+Og0HSo+xhrUSlCBk
y8DqWUX+KCcb+/gbN6qB0Wm1U42lgxamH90ZXqriPJtPUhA2wbmSh37R/6J0AlsV
o0Ta6CKe0fCqHHufVyzMu5/JOTKP12Dis5g3yBl5z7jYIf1cWPYqioEyvRO469os
qPO9U1njBzaKyclVnYe0G8XMt2TG73NKjdEYVqnpzWDXqH3Ubhcld+GmwLVbPAyI
TNcMfKdVOKZ9kA/kN70mdoYX3kX9c1CDVKORXZ3wrIQBk+NAXi/6r49DLJEJVkgb
illi/AxDTHWY7kzDns7LV8izwEdAOK3BmSuSsnirOWC8tNjvvb/WWCOjawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOG7VTfox1xN1/LEUPCyeJuX5M5KMB8GA1UdIwQY
MBaAFP7rUoykix9EdYLFTM9u14B1G1HVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3V0U2pLU0xIMFIxZ3NWTXoyN1hnSFViVWRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jNWY5ZDUtN2Y0YS00ZTJmLWJhNGUt
NzM4ODg2ZmQ0ZWRkLzEvNGJ0Vk4takhYRTNYOHNSUThMSjRtNWZremtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jNWY5ZDUtN2Y0YS00ZTJmLWJhNGUtNzM4ODg2ZmQ0ZWRk
LzEvX3V0U2pLU0xIMFIxZ3NWTXoyN1hnSFViVWRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4DCMA0G
CSqGSIb3DQEBCwUAA4IBAQCDzlnqMODKkbZqUm6+UzwIOGKlW9eoZxtQdbbQp4n+
/uXIbOy/+4q8XsMfXqISB+eNEnfc2S7/ldR2GWFeJf7D/gIu74831evort5ZHc32
HKSyxIW8p4cjB3ZacDTkycSnq+lEoB4slJ8tHV0ad8mdQoyiiZvK+lv+LXXK1Lnk
QCIw19AfUb6MNxsC0bBDFSJTEeKSTmoz64JvjSvQnsmb1UAxgkW4AauaW2b9396Z
ilH9/QDpnjPEXImaLDgX/fhKxohocTm119r8RdNGjY2sjXvSfk/1br9661TmZlNK
EzFkUfW+Kyfr/gNcblkil1fg/Yg3lrrle3FRQYYd3u7B
-----END CERTIFICATE-----