Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/48AacTrpGGLgdMCduqYLc9CkRCU.roa
File:                     48AacTrpGGLgdMCduqYLc9CkRCU.roa (raw, json)
Hash identifier:          khercJWZvOX1CWx5GlxW1xah93QAXPs18dBkXv3jYJg=
Subject key identifier:   E3:C0:1A:71:3A:E9:18:62:E0:74:C0:9D:BA:A6:0B:73:D0:A4:44:25
Certificate issuer:       /CN=0562d5a67b7a20f865e753163a6ed0e5f347e839
Certificate serial:       018CC7955B2385827B3D91013E3AEDF93740
Authority key identifier: 05:62:D5:A6:7B:7A:20:F8:65:E7:53:16:3A:6E:D0:E5:F3:47:E8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BWLVpnt6IPhl51MWOm7Q5fNH6Dk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/48AacTrpGGLgdMCduqYLc9CkRCU.roa
Signing time:             Tue 02 Jan 2024 00:31:43 +0000
ROA not before:           Tue 02 Jan 2024 00:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34820
IP address blocks:        195.146.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/BWLVpnt6IPhl51MWOm7Q5fNH6Dk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/BWLVpnt6IPhl51MWOm7Q5fNH6Dk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BWLVpnt6IPhl51MWOm7Q5fNH6Dk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:5b:23:85:82:7b:3d:91:01:3e:3a:ed:f9:37:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0562d5a67b7a20f865e753163a6ed0e5f347e839
        Validity
            Not Before: Jan  2 00:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3c01a713ae91862e074c09dbaa60b73d0a44425
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:80:5c:c5:5d:92:64:3d:ed:7c:60:e1:a7:c4:
                    5c:67:82:c7:d8:82:62:9a:be:8b:0f:90:9b:5e:cc:
                    a4:26:b4:b7:06:9d:8d:75:d4:c0:f8:61:04:f0:20:
                    95:62:26:90:22:32:82:4f:0c:17:fb:2d:71:c5:67:
                    00:f7:4c:d8:9c:fe:1b:e7:54:c3:bd:4d:56:b9:cf:
                    63:47:ba:a0:3c:30:16:34:87:82:c8:33:a6:84:d2:
                    b0:a7:2e:1a:f2:64:5e:06:dd:40:03:aa:c8:90:55:
                    1c:07:53:6b:3f:a1:4b:7e:47:e1:47:ee:d5:56:cc:
                    97:87:6f:f0:e9:a4:5d:8a:bf:8b:68:ea:00:96:8f:
                    e6:31:51:00:6a:cb:7a:36:85:ed:47:cd:9e:6a:e7:
                    61:59:b4:57:00:0d:31:4c:9a:99:e0:15:29:d3:6d:
                    5e:d1:b6:48:7a:30:2e:99:6e:c1:6a:89:44:29:23:
                    f3:f6:11:b7:0b:78:d6:93:77:07:07:24:00:9c:25:
                    fd:7a:a6:e4:62:6c:e3:f1:2c:d8:25:fa:14:df:52:
                    4b:2d:f7:56:c9:9a:14:35:67:e4:cf:06:95:f6:2d:
                    02:22:ba:13:76:b2:e3:26:9a:dd:87:09:6d:dd:1a:
                    74:16:b2:3c:ea:f0:99:10:9c:73:32:b1:74:83:cb:
                    d0:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:C0:1A:71:3A:E9:18:62:E0:74:C0:9D:BA:A6:0B:73:D0:A4:44:25
            X509v3 Authority Key Identifier:
                keyid:05:62:D5:A6:7B:7A:20:F8:65:E7:53:16:3A:6E:D0:E5:F3:47:E8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BWLVpnt6IPhl51MWOm7Q5fNH6Dk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/48AacTrpGGLgdMCduqYLc9CkRCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/BWLVpnt6IPhl51MWOm7Q5fNH6Dk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.146.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:2e:8c:d6:1d:99:13:e9:1d:11:7e:23:0d:70:6e:94:c2:f4:
         e2:02:fb:96:60:ea:62:6e:7d:ed:c2:54:ab:13:38:da:83:a4:
         39:bb:08:3b:8c:01:08:3a:ad:51:46:b7:65:32:3e:8d:88:5d:
         bd:b9:d0:8b:da:85:6b:1f:8f:13:58:c5:31:f7:fd:07:46:04:
         2b:7a:a1:c9:1a:ab:b8:ed:7d:d9:ed:68:96:fc:71:ba:76:7a:
         1f:f4:ff:22:49:24:b9:b8:d0:0d:05:9b:74:d0:6d:0f:5d:6c:
         39:ad:4d:eb:00:c6:9c:90:19:f1:10:9b:6e:66:1c:c6:c7:81:
         d7:02:e1:1e:00:b1:54:df:b6:d4:12:83:27:d6:f2:c3:12:8d:
         8c:1e:d6:5a:9a:33:26:30:5a:e7:08:dd:51:96:39:06:84:95:
         3d:ad:1b:3d:f2:92:f7:3d:11:f5:54:e8:ec:35:be:e1:7d:3c:
         8a:21:91:1f:e0:71:02:cb:17:a0:bb:5d:21:8f:27:64:36:a2:
         0e:10:4e:8a:0b:52:a3:7b:cd:ed:e3:0e:f1:7b:1e:d9:01:c0:
         34:bf:16:cb:35:12:7d:b5:69:47:4e:32:11:e8:9b:a0:d6:4d:
         81:93:54:76:24:34:49:98:5b:d7:d6:fd:28:3f:d1:b1:15:d0:
         52:71:b2:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlVsjhYJ7PZEBPjrt+TdAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NjJkNWE2N2I3YTIwZjg2NWU3NTMxNjNhNmVkMGU1ZjM0
N2U4MzkwHhcNMjQwMTAyMDAzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2MwMWE3MTNhZTkxODYyZTA3NGMwOWRiYWE2MGI3M2QwYTQ0NDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4BcxV2SZD3tfGDhp8RcZ4LH2IJi
mr6LD5CbXsykJrS3Bp2NddTA+GEE8CCVYiaQIjKCTwwX+y1xxWcA90zYnP4b51TD
vU1Wuc9jR7qgPDAWNIeCyDOmhNKwpy4a8mReBt1AA6rIkFUcB1NrP6FLfkfhR+7V
VsyXh2/w6aRdir+LaOoAlo/mMVEAast6NoXtR82eaudhWbRXAA0xTJqZ4BUp021e
0bZIejAumW7BaolEKSPz9hG3C3jWk3cHByQAnCX9eqbkYmzj8SzYJfoU31JLLfdW
yZoUNWfkzwaV9i0CIroTdrLjJprdhwlt3Rp0FrI86vCZEJxzMrF0g8vQ5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOPAGnE66Rhi4HTAnbqmC3PQpEQlMB8GA1UdIwQY
MBaAFAVi1aZ7eiD4ZedTFjpu0OXzR+g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQldMVnBudDZJUGhsNTFNV09tN1E1Zk5INkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi84YjAxYzItZWNiZS00Zjg4LWFlMzct
NTA0YzhmYzIyMGVhLzEvNDhBYWNUcnBHR0xnZE1DZHVxWUxjOUNrUkNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi84YjAxYzItZWNiZS00Zjg4LWFlMzctNTA0YzhmYzIyMGVh
LzEvQldMVnBudDZJUGhsNTFNV09tN1E1Zk5INkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5IKMA0G
CSqGSIb3DQEBCwUAA4IBAQBkLozWHZkT6R0RfiMNcG6UwvTiAvuWYOpibn3twlSr
Ezjag6Q5uwg7jAEIOq1RRrdlMj6NiF29udCL2oVrH48TWMUx9/0HRgQreqHJGqu4
7X3Z7WiW/HG6dnof9P8iSSS5uNANBZt00G0PXWw5rU3rAMackBnxEJtuZhzGx4HX
AuEeALFU37bUEoMn1vLDEo2MHtZamjMmMFrnCN1RljkGhJU9rRs98pL3PRH1VOjs
Nb7hfTyKIZEf4HECyxegu10hjydkNqIOEE6KC1Kje83t4w7xex7ZAcA0vxbLNRJ9
tWlHTjIR6Jug1k2Bk1R2JDRJmFvX1v0oP9GxFdBScbKk
-----END CERTIFICATE-----