Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/d663ca-adf6-41c2-93c1-60b1de6c38d1/1/h5KrdnRauafYOXjAs_Gv4F0UCOI.roa
File:                     h5KrdnRauafYOXjAs_Gv4F0UCOI.roa (raw, json)
Hash identifier:          pSPAd3SsSTRR2GZ3LqvHYMc7BI/hu6XDmiBU3D0aL28=
Subject key identifier:   87:92:AB:76:74:5A:B9:A7:D8:39:78:C0:B3:F1:AF:E0:5D:14:08:E2
Certificate issuer:       /CN=f7af76989ed464fd9a5489fff7fb98cc2d2f93e4
Certificate serial:       018CC2DB273F0D67A4DE197F3C0A514F241C
Authority key identifier: F7:AF:76:98:9E:D4:64:FD:9A:54:89:FF:F7:FB:98:CC:2D:2F:93:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9692mJ7UZP2aVIn_9_uYzC0vk-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/d663ca-adf6-41c2-93c1-60b1de6c38d1/1/h5KrdnRauafYOXjAs_Gv4F0UCOI.roa
Signing time:             Mon 01 Jan 2024 02:29:51 +0000
ROA not before:           Mon 01 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29130
IP address blocks:        195.47.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/d663ca-adf6-41c2-93c1-60b1de6c38d1/1/9692mJ7UZP2aVIn_9_uYzC0vk-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/d663ca-adf6-41c2-93c1-60b1de6c38d1/1/9692mJ7UZP2aVIn_9_uYzC0vk-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9692mJ7UZP2aVIn_9_uYzC0vk-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 01:02:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:27:3f:0d:67:a4:de:19:7f:3c:0a:51:4f:24:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7af76989ed464fd9a5489fff7fb98cc2d2f93e4
        Validity
            Not Before: Jan  1 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8792ab76745ab9a7d83978c0b3f1afe05d1408e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:52:8e:41:25:25:32:64:f3:17:a5:9a:b8:ef:
                    7a:bf:83:1c:56:8b:51:b2:8f:1b:b7:e8:f5:27:eb:
                    03:57:96:38:fd:9f:5f:e3:85:b1:a5:a2:06:e6:69:
                    77:9e:dd:8a:f6:3e:92:8a:ff:b7:bc:dc:39:d5:fa:
                    ad:e2:50:43:18:73:64:93:35:1e:ce:a9:61:80:9f:
                    78:36:86:7d:77:7e:65:d7:c5:bd:68:3e:ee:67:1b:
                    71:d2:b5:59:a7:ca:37:14:e3:30:45:2d:e2:dd:7b:
                    fc:19:7e:52:4b:70:be:b8:31:94:1e:48:82:ce:88:
                    0a:38:91:0e:f4:6b:41:07:24:bd:f4:d5:99:3e:4a:
                    ae:3b:d5:fb:64:c2:e4:55:8d:03:e4:06:c4:8a:68:
                    a8:c9:37:81:3a:32:c8:ff:eb:a9:c8:8e:c0:8b:8b:
                    99:46:61:f7:6a:94:20:8d:95:35:75:2d:c5:2d:5e:
                    18:fe:2c:2b:2d:91:e4:7d:90:d5:e6:18:db:11:01:
                    f5:05:b0:a2:51:89:16:3b:b6:5c:c1:91:1e:5d:41:
                    27:8f:77:83:b2:de:50:b7:23:36:a6:c7:f5:e9:e7:
                    05:77:03:cf:93:ac:b3:c0:1d:44:6d:e5:e6:41:46:
                    d4:0e:76:17:0c:eb:33:45:a0:d0:05:10:90:b3:b4:
                    37:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:92:AB:76:74:5A:B9:A7:D8:39:78:C0:B3:F1:AF:E0:5D:14:08:E2
            X509v3 Authority Key Identifier:
                keyid:F7:AF:76:98:9E:D4:64:FD:9A:54:89:FF:F7:FB:98:CC:2D:2F:93:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9692mJ7UZP2aVIn_9_uYzC0vk-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d663ca-adf6-41c2-93c1-60b1de6c38d1/1/h5KrdnRauafYOXjAs_Gv4F0UCOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d663ca-adf6-41c2-93c1-60b1de6c38d1/1/9692mJ7UZP2aVIn_9_uYzC0vk-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.47.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:33:eb:39:7d:09:e8:3f:63:69:00:b8:da:8b:58:46:fe:b1:
         4d:2a:f1:1a:be:30:38:cc:3e:f0:0d:77:24:15:6b:a3:c3:11:
         e3:5c:4a:d3:cc:46:b4:d4:df:a2:c9:ba:24:56:6a:72:6d:3b:
         cf:92:bd:83:63:9e:6b:81:a0:b1:f2:15:d0:f6:08:39:83:c5:
         56:eb:b1:33:90:65:6e:7a:30:ac:4b:be:f8:b6:b6:65:51:5d:
         c9:71:60:fb:3d:9c:23:3e:56:c2:19:1f:58:c7:53:10:03:bf:
         e6:78:a1:e1:c7:ba:c2:5d:ba:f0:5c:54:af:a2:6c:68:6b:ab:
         9b:c7:67:a2:54:4f:e9:8c:01:e8:2f:9d:0e:72:cc:48:3d:37:
         e7:5e:bc:b0:b8:9c:9c:0c:cb:ad:37:17:94:81:62:19:74:4a:
         b4:63:07:56:af:6f:19:d8:b4:42:8d:c5:a7:3c:b0:1a:f9:22:
         7d:f2:50:9e:a1:91:36:27:c9:5d:ed:55:4d:5b:a5:c1:90:d1:
         5c:b2:9d:ae:be:5b:d8:c2:49:20:96:d5:61:f4:50:6f:ea:11:
         cf:f6:0e:3f:a2:7a:a4:5c:14:08:2e:a4:01:e3:ac:d7:f3:88:
         a7:ee:b4:af:ef:db:04:bc:43:23:cc:b8:91:01:ae:76:1a:54:
         24:93:1a:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2yc/DWek3hl/PApRTyQcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YWY3Njk4OWVkNDY0ZmQ5YTU0ODlmZmY3ZmI5OGNjMmQy
ZjkzZTQwHhcNMjQwMTAxMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzkyYWI3Njc0NWFiOWE3ZDgzOTc4YzBiM2YxYWZlMDVkMTQwOGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVKOQSUlMmTzF6WauO96v4McVotR
so8bt+j1J+sDV5Y4/Z9f44WxpaIG5ml3nt2K9j6Siv+3vNw51fqt4lBDGHNkkzUe
zqlhgJ94NoZ9d35l18W9aD7uZxtx0rVZp8o3FOMwRS3i3Xv8GX5SS3C+uDGUHkiC
zogKOJEO9GtBByS99NWZPkquO9X7ZMLkVY0D5AbEimioyTeBOjLI/+upyI7Ai4uZ
RmH3apQgjZU1dS3FLV4Y/iwrLZHkfZDV5hjbEQH1BbCiUYkWO7ZcwZEeXUEnj3eD
st5QtyM2psf16ecFdwPPk6yzwB1EbeXmQUbUDnYXDOszRaDQBRCQs7Q3qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIeSq3Z0Wrmn2Dl4wLPxr+BdFAjiMB8GA1UdIwQY
MBaAFPevdpie1GT9mlSJ//f7mMwtL5PkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTY5Mm1KN1VaUDJhVkluXzlfdVl6QzB2ay1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9kNjYzY2EtYWRmNi00MWMyLTkzYzEt
NjBiMWRlNmMzOGQxLzEvaDVLcmRuUmF1YWZZT1hqQXNfR3Y0RjBVQ09JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9kNjYzY2EtYWRmNi00MWMyLTkzYzEtNjBiMWRlNmMzOGQx
LzEvOTY5Mm1KN1VaUDJhVkluXzlfdVl6QzB2ay1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwy/4MA0G
CSqGSIb3DQEBCwUAA4IBAQAvM+s5fQnoP2NpALjai1hG/rFNKvEavjA4zD7wDXck
FWujwxHjXErTzEa01N+iybokVmpybTvPkr2DY55rgaCx8hXQ9gg5g8VW67EzkGVu
ejCsS774trZlUV3JcWD7PZwjPlbCGR9Yx1MQA7/meKHhx7rCXbrwXFSvomxoa6ub
x2eiVE/pjAHoL50OcsxIPTfnXrywuJycDMutNxeUgWIZdEq0YwdWr28Z2LRCjcWn
PLAa+SJ98lCeoZE2J8ld7VVNW6XBkNFcsp2uvlvYwkkgltVh9FBv6hHP9g4/onqk
XBQILqQB46zX84in7rSv79sEvEMjzLiRAa52GlQkkxpf
-----END CERTIFICATE-----