Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/310d34-f5d8-4e96-9b7c-648f501afae5/1/8DYb5ImMvNLSbyaBmd6CELL0iao.roa
File:                     8DYb5ImMvNLSbyaBmd6CELL0iao.roa (raw, json)
Hash identifier:          P3lJT6NAio9susCOwEr+V7hxwLZObBrwDWkYT5EGi44=
Subject key identifier:   F0:36:1B:E4:89:8C:BC:D2:D2:6F:26:81:99:DE:82:10:B2:F4:89:AA
Certificate issuer:       /CN=cc6532649a6aef4714841b9c8f54660d889b0629
Certificate serial:       018CC5DCD945A760F9EE27AE3BA642451FD0
Authority key identifier: CC:65:32:64:9A:6A:EF:47:14:84:1B:9C:8F:54:66:0D:88:9B:06:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zGUyZJpq70cUhBucj1RmDYibBik.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/310d34-f5d8-4e96-9b7c-648f501afae5/1/8DYb5ImMvNLSbyaBmd6CELL0iao.roa
Signing time:             Mon 01 Jan 2024 16:30:34 +0000
ROA not before:           Mon 01 Jan 2024 16:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15983
IP address blocks:        195.234.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/310d34-f5d8-4e96-9b7c-648f501afae5/1/zGUyZJpq70cUhBucj1RmDYibBik.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/310d34-f5d8-4e96-9b7c-648f501afae5/1/zGUyZJpq70cUhBucj1RmDYibBik.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zGUyZJpq70cUhBucj1RmDYibBik.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 19:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:d9:45:a7:60:f9:ee:27:ae:3b:a6:42:45:1f:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc6532649a6aef4714841b9c8f54660d889b0629
        Validity
            Not Before: Jan  1 16:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0361be4898cbcd2d26f268199de8210b2f489aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:89:24:fc:84:59:16:75:71:4b:d1:a8:73:39:
                    92:ab:a7:4a:4b:dd:9e:bb:f4:6e:4e:6a:ef:db:ef:
                    50:1a:f8:f7:21:bd:a4:07:37:41:37:2c:64:5a:4d:
                    74:7f:1e:9f:9d:17:c5:a8:81:58:44:ca:86:a4:d1:
                    83:9d:dd:1f:0f:ea:b8:1a:ba:b1:14:f7:76:8c:90:
                    80:0a:23:8e:73:e3:5a:66:74:a2:bd:5f:ac:3a:a6:
                    b5:1d:f7:26:b7:19:ca:56:1e:18:7b:0a:97:06:c8:
                    b0:df:66:27:8c:8c:92:5f:46:af:5b:72:e0:76:d9:
                    4b:fb:38:51:2d:c8:ab:5b:b5:a4:a4:b6:88:7a:b7:
                    ab:bf:2f:2b:15:05:21:8e:93:75:ad:10:4f:56:06:
                    45:f0:d2:b3:ed:87:77:20:88:de:33:10:e7:f9:72:
                    4a:53:96:c9:98:45:10:03:55:98:31:a0:ef:1a:d1:
                    75:5b:53:9b:bc:40:db:af:4c:4e:b0:05:b5:96:d0:
                    f6:59:81:62:ca:0d:65:82:05:5e:e8:37:e1:9a:fc:
                    54:51:f6:eb:c9:be:21:d9:2a:bf:0f:76:f1:51:13:
                    c3:97:3c:77:f3:46:25:5e:05:d7:16:c3:f9:8c:68:
                    f2:d6:1d:ec:ae:0c:f1:6d:27:52:75:54:58:c1:6e:
                    3a:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:36:1B:E4:89:8C:BC:D2:D2:6F:26:81:99:DE:82:10:B2:F4:89:AA
            X509v3 Authority Key Identifier:
                keyid:CC:65:32:64:9A:6A:EF:47:14:84:1B:9C:8F:54:66:0D:88:9B:06:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zGUyZJpq70cUhBucj1RmDYibBik.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/310d34-f5d8-4e96-9b7c-648f501afae5/1/8DYb5ImMvNLSbyaBmd6CELL0iao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/310d34-f5d8-4e96-9b7c-648f501afae5/1/zGUyZJpq70cUhBucj1RmDYibBik.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:c4:a4:39:bc:d3:c1:29:ce:d2:a1:09:df:60:e3:c8:5f:ac:
         df:3e:49:62:62:d8:1a:f7:f6:a9:88:9d:49:05:1c:b5:2d:31:
         73:62:47:b8:55:39:fc:7c:ab:55:06:fa:ed:b5:07:93:5a:c6:
         6c:a6:3a:de:43:69:62:56:cb:71:8f:8d:59:0c:ee:48:2b:73:
         d5:82:1e:93:d3:70:ad:9e:84:73:5c:f6:af:68:dd:03:33:59:
         c8:b6:b1:1a:46:da:13:e3:cc:1e:e7:88:0e:f6:3f:29:1d:c0:
         67:78:05:86:84:30:11:32:78:b6:6b:12:c8:5f:20:96:7f:29:
         39:75:62:ae:19:a1:3f:00:58:2e:4c:cd:ab:41:1b:b8:4d:f8:
         33:ba:22:bf:75:6b:c1:a4:27:f2:81:bf:a1:79:8e:8d:5d:e0:
         b7:4d:c0:a6:6d:79:a2:11:06:3b:21:03:23:a0:47:c5:d9:c4:
         23:7c:29:d1:01:51:1a:07:ec:cd:95:47:de:5e:1c:1b:43:49:
         25:1a:15:e1:75:ba:b0:17:ee:00:32:18:ef:76:22:96:f2:f2:
         c1:f6:ae:31:cf:e5:cd:58:ca:b0:18:11:35:5a:36:99:af:0f:
         df:91:d1:4a:b8:b9:08:39:88:80:39:8d:c7:2c:ae:c4:71:65:
         a3:bc:58:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3NlFp2D57ieuO6ZCRR/QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNjUzMjY0OWE2YWVmNDcxNDg0MWI5YzhmNTQ2NjBkODg5
YjA2MjkwHhcNMjQwMTAxMTYzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDM2MWJlNDg5OGNiY2QyZDI2ZjI2ODE5OWRlODIxMGIyZjQ4OWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4kk/IRZFnVxS9GoczmSq6dKS92e
u/RuTmrv2+9QGvj3Ib2kBzdBNyxkWk10fx6fnRfFqIFYRMqGpNGDnd0fD+q4Grqx
FPd2jJCACiOOc+NaZnSivV+sOqa1HfcmtxnKVh4YewqXBsiw32YnjIySX0avW3Lg
dtlL+zhRLcirW7WkpLaIerervy8rFQUhjpN1rRBPVgZF8NKz7Yd3IIjeMxDn+XJK
U5bJmEUQA1WYMaDvGtF1W1ObvEDbr0xOsAW1ltD2WYFiyg1lggVe6DfhmvxUUfbr
yb4h2Sq/D3bxURPDlzx380YlXgXXFsP5jGjy1h3srgzxbSdSdVRYwW468wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPA2G+SJjLzS0m8mgZneghCy9ImqMB8GA1UdIwQY
MBaAFMxlMmSaau9HFIQbnI9UZg2ImwYpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekdVeVpKcHE3MGNVaEJ1Y2oxUm1EWWliQmlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8zMTBkMzQtZjVkOC00ZTk2LTliN2Mt
NjQ4ZjUwMWFmYWU1LzEvOERZYjVJbU12TkxTYnlhQm1kNkNFTEwwaWFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8zMTBkMzQtZjVkOC00ZTk2LTliN2MtNjQ4ZjUwMWFmYWU1
LzEvekdVeVpKcHE3MGNVaEJ1Y2oxUm1EWWliQmlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+qRMA0G
CSqGSIb3DQEBCwUAA4IBAQC2xKQ5vNPBKc7SoQnfYOPIX6zfPkliYtga9/apiJ1J
BRy1LTFzYke4VTn8fKtVBvrttQeTWsZspjreQ2liVstxj41ZDO5IK3PVgh6T03Ct
noRzXPavaN0DM1nItrEaRtoT48we54gO9j8pHcBneAWGhDARMni2axLIXyCWfyk5
dWKuGaE/AFguTM2rQRu4TfgzuiK/dWvBpCfygb+heY6NXeC3TcCmbXmiEQY7IQMj
oEfF2cQjfCnRAVEaB+zNlUfeXhwbQ0klGhXhdbqwF+4AMhjvdiKW8vLB9q4xz+XN
WMqwGBE1WjaZrw/fkdFKuLkIOYiAOY3HLK7EcWWjvFgK
-----END CERTIFICATE-----