Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/af78c9-999d-4651-b21e-f95cd36bf91a/1/R-9WfDp7TEvKVI_s0z11CaPLl60.roa
File:                     R-9WfDp7TEvKVI_s0z11CaPLl60.roa (raw, json)
Hash identifier:          3VETsgJEdR6lMwCwMA36WdXsBVD57XR4T6RsjWtJK9Q=
Subject key identifier:   47:EF:56:7C:3A:7B:4C:4B:CA:54:8F:EC:D3:3D:75:09:A3:CB:97:AD
Certificate issuer:       /CN=e81e325cd2126625c66d469db64e4ef9aab0dc63
Certificate serial:       018CC94E540A4486982AA7D4F11A8711BDB6
Authority key identifier: E8:1E:32:5C:D2:12:66:25:C6:6D:46:9D:B6:4E:4E:F9:AA:B0:DC:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6B4yXNISZiXGbUadtk5O-aqw3GM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/af78c9-999d-4651-b21e-f95cd36bf91a/1/R-9WfDp7TEvKVI_s0z11CaPLl60.roa
Signing time:             Tue 02 Jan 2024 08:33:22 +0000
ROA not before:           Tue 02 Jan 2024 08:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47284
IP address blocks:        195.182.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/af78c9-999d-4651-b21e-f95cd36bf91a/1/6B4yXNISZiXGbUadtk5O-aqw3GM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/af78c9-999d-4651-b21e-f95cd36bf91a/1/6B4yXNISZiXGbUadtk5O-aqw3GM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6B4yXNISZiXGbUadtk5O-aqw3GM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:54:0a:44:86:98:2a:a7:d4:f1:1a:87:11:bd:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e81e325cd2126625c66d469db64e4ef9aab0dc63
        Validity
            Not Before: Jan  2 08:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47ef567c3a7b4c4bca548fecd33d7509a3cb97ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:4f:9b:a5:46:36:d4:df:ed:7c:56:fe:cb:2f:
                    39:19:41:b0:6e:37:8e:eb:dd:c0:8d:3d:2f:d4:8a:
                    d2:3e:67:53:6a:f9:53:22:de:1f:de:26:f8:13:1e:
                    96:09:d0:5c:e4:96:1b:3f:75:55:e0:90:62:72:fe:
                    0a:ae:5a:2d:7c:69:1a:16:d7:a4:78:aa:9e:f0:1c:
                    ef:61:54:17:91:50:59:cb:fa:2d:eb:54:87:11:33:
                    3c:cf:9c:39:3d:50:c7:07:d5:3d:e6:88:9a:45:6f:
                    ac:fb:79:70:7a:d6:29:1a:11:6d:03:4f:97:b5:d5:
                    e4:24:de:54:b6:ce:a3:8a:b6:8c:11:90:c8:28:07:
                    51:46:de:c9:57:3c:b8:11:87:fd:be:b1:47:dd:1c:
                    9a:db:19:45:66:43:76:ab:6e:49:d0:45:dc:c4:0f:
                    cb:38:06:81:3c:68:84:95:19:67:3f:2d:07:d1:cd:
                    78:81:9b:60:4b:76:63:f7:8d:f7:bf:84:5b:0c:95:
                    04:c5:f4:1c:c0:c1:43:00:f2:15:74:2d:f3:25:a7:
                    04:61:93:d3:35:ac:d7:09:e2:69:52:e7:25:22:6b:
                    1d:e3:e2:2d:b1:58:1e:c1:1f:f4:50:0d:25:16:43:
                    b3:03:0c:d1:5a:fd:12:6c:a8:a3:bb:9a:ed:f0:c2:
                    f7:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:EF:56:7C:3A:7B:4C:4B:CA:54:8F:EC:D3:3D:75:09:A3:CB:97:AD
            X509v3 Authority Key Identifier:
                keyid:E8:1E:32:5C:D2:12:66:25:C6:6D:46:9D:B6:4E:4E:F9:AA:B0:DC:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6B4yXNISZiXGbUadtk5O-aqw3GM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/af78c9-999d-4651-b21e-f95cd36bf91a/1/R-9WfDp7TEvKVI_s0z11CaPLl60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/af78c9-999d-4651-b21e-f95cd36bf91a/1/6B4yXNISZiXGbUadtk5O-aqw3GM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:2d:73:1e:37:02:4b:45:3e:56:e8:eb:f8:a0:40:01:e8:39:
         f0:40:3f:c1:a0:27:72:b9:b1:70:36:b9:a9:0e:89:da:dc:da:
         da:e4:b2:7b:d4:03:b7:a9:03:af:78:3a:b7:9d:e6:47:71:51:
         4d:21:a8:b1:d0:8b:5d:1e:f1:6d:bd:98:85:a6:44:ac:b5:f0:
         22:f0:2c:fa:04:48:a7:5f:75:81:01:54:c9:dd:ba:83:45:71:
         dd:f3:23:53:be:ab:58:b0:65:26:76:8e:ce:53:41:c2:ac:8b:
         bd:b1:80:c5:96:06:06:45:b0:44:8e:9c:df:48:78:e6:86:e8:
         05:b0:15:73:22:f3:75:03:41:d0:89:c8:cd:0d:5c:8e:d4:5a:
         8a:ba:b1:a0:94:55:8e:d9:d2:81:88:4e:43:7d:80:73:a7:66:
         18:f2:5d:58:c5:28:60:d6:f4:13:ec:c6:14:e5:27:a8:a1:a4:
         50:5d:29:09:25:c2:64:bc:c1:9e:76:c8:b9:f4:c3:aa:80:ee:
         48:72:5d:64:02:dc:0f:f8:96:d9:50:3b:db:18:49:9f:a1:48:
         1f:00:6b:f0:e3:fd:bb:95:46:07:6d:d9:8a:bf:01:eb:f3:98:
         e8:01:18:da:4d:33:d1:23:e0:61:83:15:70:97:77:3f:11:cb:
         b6:9d:74:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTlQKRIaYKqfU8RqHEb22MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MWUzMjVjZDIxMjY2MjVjNjZkNDY5ZGI2NGU0ZWY5YWFi
MGRjNjMwHhcNMjQwMTAyMDgzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2VmNTY3YzNhN2I0YzRiY2E1NDhmZWNkMzNkNzUwOWEzY2I5N2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmk+bpUY21N/tfFb+yy85GUGwbjeO
693AjT0v1IrSPmdTavlTIt4f3ib4Ex6WCdBc5JYbP3VV4JBicv4KrlotfGkaFtek
eKqe8BzvYVQXkVBZy/ot61SHETM8z5w5PVDHB9U95oiaRW+s+3lwetYpGhFtA0+X
tdXkJN5Uts6jiraMEZDIKAdRRt7JVzy4EYf9vrFH3Rya2xlFZkN2q25J0EXcxA/L
OAaBPGiElRlnPy0H0c14gZtgS3Zj9433v4RbDJUExfQcwMFDAPIVdC3zJacEYZPT
NazXCeJpUuclImsd4+ItsVgewR/0UA0lFkOzAwzRWv0SbKiju5rt8ML3owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfvVnw6e0xLylSP7NM9dQmjy5etMB8GA1UdIwQY
MBaAFOgeMlzSEmYlxm1GnbZOTvmqsNxjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkI0eVhOSVNaaVhHYlVhZHRrNU8tYXF3M0dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9hZjc4YzktOTk5ZC00NjUxLWIyMWUt
Zjk1Y2QzNmJmOTFhLzEvUi05V2ZEcDdURXZLVklfczB6MTFDYVBMbDYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9hZjc4YzktOTk5ZC00NjUxLWIyMWUtZjk1Y2QzNmJmOTFh
LzEvNkI0eVhOSVNaaVhHYlVhZHRrNU8tYXF3M0dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7YvMA0G
CSqGSIb3DQEBCwUAA4IBAQCELXMeNwJLRT5W6Ov4oEAB6DnwQD/BoCdyubFwNrmp
Dona3Nra5LJ71AO3qQOveDq3neZHcVFNIaix0ItdHvFtvZiFpkSstfAi8Cz6BEin
X3WBAVTJ3bqDRXHd8yNTvqtYsGUmdo7OU0HCrIu9sYDFlgYGRbBEjpzfSHjmhugF
sBVzIvN1A0HQicjNDVyO1FqKurGglFWO2dKBiE5DfYBzp2YY8l1YxShg1vQT7MYU
5SeooaRQXSkJJcJkvMGedsi59MOqgO5Icl1kAtwP+JbZUDvbGEmfoUgfAGvw4/27
lUYHbdmKvwHr85joARjaTTPRI+BhgxVwl3c/Ecu2nXTO
-----END CERTIFICATE-----