Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/vogq3NHUqKHUvj-hdw2XqWWT_uE.roa
File:                     vogq3NHUqKHUvj-hdw2XqWWT_uE.roa (raw, json)
Hash identifier:          LqlqEik9pTeEz+KOg2q6xCeUZGhz+jlMBxP0LfH9dj4=
Subject key identifier:   BE:88:2A:DC:D1:D4:A8:A1:D4:BE:3F:A1:77:0D:97:A9:65:93:FE:E1
Certificate issuer:       /CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
Certificate serial:       018CC5010ADAE5DED3DBD76EE22F8CF6DF96
Authority key identifier: AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/vogq3NHUqKHUvj-hdw2XqWWT_uE.roa
Signing time:             Mon 01 Jan 2024 12:30:29 +0000
ROA not before:           Mon 01 Jan 2024 12:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210613
IP address blocks:        195.114.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:0a:da:e5:de:d3:db:d7:6e:e2:2f:8c:f6:df:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
        Validity
            Not Before: Jan  1 12:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be882adcd1d4a8a1d4be3fa1770d97a96593fee1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:da:c1:3c:0c:d8:62:b3:ea:03:4b:b6:5f:08:
                    4e:e5:ec:76:d4:6a:82:08:6e:ed:e0:62:9d:74:ab:
                    e4:89:15:d5:6b:1e:25:82:f9:b4:8f:f0:80:7a:a8:
                    0e:e8:1d:9d:d0:3b:2e:33:a7:1e:a8:53:20:a1:54:
                    00:cf:7d:42:c1:95:ee:fd:68:b8:1e:b3:e3:20:99:
                    2c:92:77:42:b6:6c:b1:50:3c:db:32:d5:44:e8:26:
                    d2:4b:3f:17:94:c2:2d:da:09:42:2d:77:94:65:5d:
                    7b:a8:43:b0:88:07:68:3c:48:5d:f5:03:2b:4f:b0:
                    dc:80:bc:3a:34:26:19:6e:ec:ae:55:32:49:90:54:
                    a3:7b:fe:26:b2:0c:98:a1:42:42:17:78:2e:10:df:
                    96:17:d8:f8:02:78:dd:e9:ec:d2:a1:db:7a:1c:a7:
                    4b:de:12:8f:dd:84:a8:f8:5e:e9:62:67:fc:47:34:
                    16:76:35:f6:a1:d4:c4:0a:3e:cb:ff:ec:38:a9:69:
                    1f:ef:70:7e:23:04:45:3f:a0:e7:fd:ca:06:5e:23:
                    42:8a:e4:ee:91:32:6b:a4:a5:3c:13:15:67:17:e1:
                    59:c9:ef:1d:41:16:1e:85:ab:ba:e9:03:8e:13:67:
                    e6:71:1d:44:32:36:4b:dd:92:e8:58:f4:1a:7e:82:
                    2f:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:88:2A:DC:D1:D4:A8:A1:D4:BE:3F:A1:77:0D:97:A9:65:93:FE:E1
            X509v3 Authority Key Identifier:
                keyid:AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/vogq3NHUqKHUvj-hdw2XqWWT_uE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:28:d3:b9:8f:bb:86:d9:40:33:99:88:53:1f:6d:ec:a6:d3:
         78:f0:d9:54:29:25:af:5b:61:b1:06:6a:14:cc:dd:ba:cd:43:
         cd:2b:02:04:2b:6d:80:ce:08:77:52:a3:33:32:02:e4:63:97:
         fe:8f:85:33:1e:ed:b3:c8:6c:a4:d6:dd:70:20:88:6b:60:90:
         09:69:6a:d1:f5:64:41:6e:f5:6c:c1:ab:79:01:ea:5f:1d:c7:
         6b:11:5a:9b:41:3d:85:9e:70:ed:ce:d6:99:e0:ff:f2:bd:3b:
         bf:71:70:de:95:15:5b:46:ee:be:52:a9:06:9b:3d:30:ba:c0:
         4f:dd:ea:7e:75:70:42:d3:0e:5a:5c:9e:4d:05:c9:fe:45:7a:
         65:4a:f0:24:ed:63:61:29:26:3a:27:2d:39:a6:16:33:31:97:
         fb:0c:6c:41:0a:6c:0a:b7:c4:18:23:74:24:87:a2:b2:d0:b4:
         bb:3a:8e:b5:24:12:ff:0e:05:8d:a4:36:31:8c:13:b4:2d:18:
         dc:b2:c3:5f:af:5d:fe:66:a1:86:8a:01:bf:b1:02:e1:84:f3:
         99:6a:95:82:6d:45:62:fb:1f:fc:ff:14:b5:18:aa:22:28:cb:
         e5:50:fd:d8:50:95:16:e8:33:c4:d2:0c:e8:bd:bb:b5:81:5b:
         28:8f:f4:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAQra5d7T29du4i+M9t+WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYzhkYmU1MjA4M2FkMzM1YzlmMWZkZTYwMTZlYzhiNDky
OTMxNDAwHhcNMjQwMTAxMTIzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTg4MmFkY2QxZDRhOGExZDRiZTNmYTE3NzBkOTdhOTY1OTNmZWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNrBPAzYYrPqA0u2XwhO5ex21GqC
CG7t4GKddKvkiRXVax4lgvm0j/CAeqgO6B2d0DsuM6ceqFMgoVQAz31CwZXu/Wi4
HrPjIJkskndCtmyxUDzbMtVE6CbSSz8XlMIt2glCLXeUZV17qEOwiAdoPEhd9QMr
T7DcgLw6NCYZbuyuVTJJkFSje/4msgyYoUJCF3guEN+WF9j4Anjd6ezSodt6HKdL
3hKP3YSo+F7pYmf8RzQWdjX2odTECj7L/+w4qWkf73B+IwRFP6Dn/coGXiNCiuTu
kTJrpKU8ExVnF+FZye8dQRYehau66QOOE2fmcR1EMjZL3ZLoWPQafoIvNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL6IKtzR1Kih1L4/oXcNl6llk/7hMB8GA1UdIwQY
MBaAFKvI2+Ugg60zXJ8f3mAW7ItJKTFAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2Qt
MzA1NmFmOWEzMzVlLzEvdm9ncTNOSFVxS0hVdmotaGR3MlhxV1dUX3VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2QtMzA1NmFmOWEzMzVl
LzEvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3KEMA0G
CSqGSIb3DQEBCwUAA4IBAQBEKNO5j7uG2UAzmYhTH23sptN48NlUKSWvW2GxBmoU
zN26zUPNKwIEK22Azgh3UqMzMgLkY5f+j4UzHu2zyGyk1t1wIIhrYJAJaWrR9WRB
bvVswat5AepfHcdrEVqbQT2FnnDtztaZ4P/yvTu/cXDelRVbRu6+UqkGmz0wusBP
3ep+dXBC0w5aXJ5NBcn+RXplSvAk7WNhKSY6Jy05phYzMZf7DGxBCmwKt8QYI3Qk
h6Ky0LS7Oo61JBL/DgWNpDYxjBO0LRjcssNfr13+ZqGGigG/sQLhhPOZapWCbUVi
+x/8/xS1GKoiKMvlUP3YUJUW6DPE0gzovbu1gVsoj/Ts
-----END CERTIFICATE-----