Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/852cfb-4471-4290-91f4-6bc4905c42d4/1/DLTd3WJjxjvYe7s9RQaXW0-asFQ.roa
File:                     DLTd3WJjxjvYe7s9RQaXW0-asFQ.roa (raw, json)
Hash identifier:          CEzU0MiwDAlXifXvS9Fry7MUXXUL96cqYeU54NDS/g8=
Subject key identifier:   0C:B4:DD:DD:62:63:C6:3B:D8:7B:BB:3D:45:06:97:5B:4F:9A:B0:54
Certificate issuer:       /CN=0a5318c58bf5ba74324b25d037404dd8dda9ff24
Certificate serial:       0194228D6C86C96C8AB27FF3DDA38626B83E
Authority key identifier: 0A:53:18:C5:8B:F5:BA:74:32:4B:25:D0:37:40:4D:D8:DD:A9:FF:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ClMYxYv1unQySyXQN0BN2N2p_yQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/852cfb-4471-4290-91f4-6bc4905c42d4/1/DLTd3WJjxjvYe7s9RQaXW0-asFQ.roa
Signing time:             Wed 01 Jan 2025 15:48:01 +0000
ROA not before:           Wed 01 Jan 2025 15:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44207
IP address blocks:        195.184.94.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/852cfb-4471-4290-91f4-6bc4905c42d4/1/ClMYxYv1unQySyXQN0BN2N2p_yQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/852cfb-4471-4290-91f4-6bc4905c42d4/1/ClMYxYv1unQySyXQN0BN2N2p_yQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ClMYxYv1unQySyXQN0BN2N2p_yQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:6c:86:c9:6c:8a:b2:7f:f3:dd:a3:86:26:b8:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a5318c58bf5ba74324b25d037404dd8dda9ff24
        Validity
            Not Before: Jan  1 15:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0cb4dddd6263c63bd87bbb3d4506975b4f9ab054
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:bc:f3:76:79:66:b6:0a:b6:f4:43:6a:ee:13:
                    5c:87:7b:47:2e:18:ea:7a:f4:5b:71:68:18:48:a0:
                    62:9f:36:01:bf:35:d6:a2:4f:56:52:31:02:24:74:
                    8e:eb:68:f5:0f:ba:12:dc:7d:b8:94:0d:5b:cb:03:
                    fa:ce:3a:ab:c9:b7:e0:56:61:4b:b2:16:ae:1a:f9:
                    f4:ca:5b:d3:ca:ef:dc:56:b1:a4:0e:e4:fd:fd:99:
                    5b:39:a3:87:95:58:25:af:cb:1f:89:aa:6e:99:a5:
                    af:05:17:3e:6a:3a:18:31:be:46:d7:45:91:d3:30:
                    d2:58:49:a3:bb:08:5b:89:57:39:82:50:be:f3:dc:
                    1f:88:20:04:a6:22:0e:92:c2:e4:11:fa:8e:08:7f:
                    46:91:a8:00:29:73:ce:f4:80:55:b8:e6:1e:98:67:
                    9e:75:d6:88:0d:23:f4:db:84:2d:cc:af:d3:cb:99:
                    c4:b0:fb:f3:bd:16:b5:fb:f0:1c:ca:54:5c:ec:d5:
                    bf:16:c1:5c:7b:c2:c0:ef:3e:b1:9c:99:4d:c5:fd:
                    8d:6d:ac:fd:a3:78:de:48:bf:30:73:71:43:90:2c:
                    f2:db:48:21:ad:3e:e9:4c:81:1d:4c:8f:58:a2:66:
                    c5:6d:70:4f:19:1e:70:19:6a:a7:17:b1:5b:d3:6b:
                    82:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:B4:DD:DD:62:63:C6:3B:D8:7B:BB:3D:45:06:97:5B:4F:9A:B0:54
            X509v3 Authority Key Identifier:
                keyid:0A:53:18:C5:8B:F5:BA:74:32:4B:25:D0:37:40:4D:D8:DD:A9:FF:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ClMYxYv1unQySyXQN0BN2N2p_yQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/852cfb-4471-4290-91f4-6bc4905c42d4/1/DLTd3WJjxjvYe7s9RQaXW0-asFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/852cfb-4471-4290-91f4-6bc4905c42d4/1/ClMYxYv1unQySyXQN0BN2N2p_yQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.184.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ae:af:c0:7c:a5:2a:f3:e1:00:06:3e:0e:8a:f7:c4:87:80:dd:
         0d:64:11:2d:df:a0:51:eb:0c:f3:29:58:aa:b6:1a:3a:25:1b:
         da:15:62:9b:0d:3f:53:fd:86:8c:ec:ad:27:ef:ad:5e:bf:44:
         e6:ce:65:74:33:19:32:12:90:07:7c:bf:ac:30:57:7d:4f:66:
         50:6d:cd:cd:76:f5:6f:ea:12:06:52:50:a9:dd:02:5a:56:b6:
         a8:59:ff:c9:e3:0d:35:30:79:b3:a6:3a:5d:ac:a4:bc:8d:47:
         4a:14:ac:06:d9:f6:d7:1c:52:d1:5e:ce:c8:8f:be:1d:62:a2:
         e7:35:d3:83:ca:2d:37:c4:3d:9a:0f:c0:bb:a3:93:47:bd:22:
         c0:92:28:3c:51:58:af:41:b4:2d:08:9a:a6:2b:db:7c:67:33:
         e7:f7:e0:92:09:e1:9b:19:1e:49:22:f6:43:f2:3f:ff:8f:1f:
         ab:f7:70:b4:0c:f2:12:f4:f6:a1:a1:a2:7a:f1:9f:3b:b5:86:
         00:29:9b:03:5e:f1:c3:20:1f:90:cb:39:29:ec:35:fd:5b:24:
         b3:82:a1:1e:32:c4:6b:1f:8c:96:61:de:7c:99:b1:b9:ac:e7:
         6c:dd:f4:57:e0:ed:e5:95:e1:e8:45:b7:4a:29:c2:8d:c3:d0:
         84:4e:49:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijWyGyWyKsn/z3aOGJrg+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNTMxOGM1OGJmNWJhNzQzMjRiMjVkMDM3NDA0ZGQ4ZGRh
OWZmMjQwHhcNMjUwMTAxMTU0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2I0ZGRkZDYyNjNjNjNiZDg3YmJiM2Q0NTA2OTc1YjRmOWFiMDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzbzzdnlmtgq29ENq7hNch3tHLhjq
evRbcWgYSKBinzYBvzXWok9WUjECJHSO62j1D7oS3H24lA1bywP6zjqrybfgVmFL
shauGvn0ylvTyu/cVrGkDuT9/ZlbOaOHlVglr8sfiapumaWvBRc+ajoYMb5G10WR
0zDSWEmjuwhbiVc5glC+89wfiCAEpiIOksLkEfqOCH9GkagAKXPO9IBVuOYemGee
ddaIDSP024QtzK/Ty5nEsPvzvRa1+/AcylRc7NW/FsFce8LA7z6xnJlNxf2Nbaz9
o3jeSL8wc3FDkCzy20ghrT7pTIEdTI9YombFbXBPGR5wGWqnF7Fb02uCkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAy03d1iY8Y72Hu7PUUGl1tPmrBUMB8GA1UdIwQY
MBaAFApTGMWL9bp0Mksl0DdATdjdqf8kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2xNWXhZdjF1blF5U3lYUU4wQk4yTjJwX3lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC84NTJjZmItNDQ3MS00MjkwLTkxZjQt
NmJjNDkwNWM0MmQ0LzEvRExUZDNXSmp4anZZZTdzOVJRYVhXMC1hc0ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC84NTJjZmItNDQ3MS00MjkwLTkxZjQtNmJjNDkwNWM0MmQ0
LzEvQ2xNWXhZdjF1blF5U3lYUU4wQk4yTjJwX3lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7heMA0G
CSqGSIb3DQEBCwUAA4IBAQCur8B8pSrz4QAGPg6K98SHgN0NZBEt36BR6wzzKViq
tho6JRvaFWKbDT9T/YaM7K0n761ev0TmzmV0MxkyEpAHfL+sMFd9T2ZQbc3NdvVv
6hIGUlCp3QJaVraoWf/J4w01MHmzpjpdrKS8jUdKFKwG2fbXHFLRXs7Ij74dYqLn
NdODyi03xD2aD8C7o5NHvSLAkig8UVivQbQtCJqmK9t8ZzPn9+CSCeGbGR5JIvZD
8j//jx+r93C0DPIS9PahoaJ68Z87tYYAKZsDXvHDIB+Qyzkp7DX9WySzgqEeMsRr
H4yWYd58mbG5rOds3fRX4O3lleHoRbdKKcKNw9CETkkC
-----END CERTIFICATE-----