Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/d56693-2254-4a3b-acbb-efaaff0a982f/1/3WoNDtF74VJJtXNW8utPjAW31OY.roa
File:                     3WoNDtF74VJJtXNW8utPjAW31OY.roa (raw, json)
Hash identifier:          /eVJxZQlkXO+Epn8EsWE6u7WTgDm/8wCtJ9tYTDOydU=
Subject key identifier:   DD:6A:0D:0E:D1:7B:E1:52:49:B5:73:56:F2:EB:4F:8C:05:B7:D4:E6
Certificate issuer:       /CN=47d064fb3e541f23563065e48f300f2cfdfe009a
Certificate serial:       018CC348BAEA46B74F9F8438056862BA623F
Authority key identifier: 47:D0:64:FB:3E:54:1F:23:56:30:65:E4:8F:30:0F:2C:FD:FE:00:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R9Bk-z5UHyNWMGXkjzAPLP3-AJo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/d56693-2254-4a3b-acbb-efaaff0a982f/1/3WoNDtF74VJJtXNW8utPjAW31OY.roa
Signing time:             Mon 01 Jan 2024 04:29:32 +0000
ROA not before:           Mon 01 Jan 2024 04:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39592
IP address blocks:        195.244.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/d56693-2254-4a3b-acbb-efaaff0a982f/1/R9Bk-z5UHyNWMGXkjzAPLP3-AJo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/d56693-2254-4a3b-acbb-efaaff0a982f/1/R9Bk-z5UHyNWMGXkjzAPLP3-AJo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R9Bk-z5UHyNWMGXkjzAPLP3-AJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ba:ea:46:b7:4f:9f:84:38:05:68:62:ba:62:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47d064fb3e541f23563065e48f300f2cfdfe009a
        Validity
            Not Before: Jan  1 04:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd6a0d0ed17be15249b57356f2eb4f8c05b7d4e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:12:b2:0d:cd:21:19:83:92:82:af:f5:ed:30:
                    fb:6c:35:02:2d:24:90:56:22:f4:69:52:18:90:89:
                    d7:70:6f:14:62:39:a8:87:4a:20:31:08:8f:21:00:
                    32:63:90:75:7f:cf:e0:7b:bb:c9:3d:69:34:d6:f6:
                    b8:9a:01:68:54:a2:51:30:7d:34:83:4e:5a:fb:45:
                    a1:1a:fc:bb:96:aa:e7:7c:ce:33:df:1c:76:fa:f2:
                    35:af:eb:0e:46:65:10:4a:d8:91:c3:c1:82:09:a0:
                    20:c0:d9:35:cf:2b:ef:f5:08:0d:28:ff:e7:09:1e:
                    30:9d:0a:58:c6:ec:78:33:c4:2c:32:0c:d0:37:1c:
                    45:7d:b7:2b:65:63:8b:74:06:00:3a:72:c9:19:17:
                    38:d9:3e:cd:5e:11:99:f6:96:6c:29:ea:bf:fb:f5:
                    d0:62:86:b5:ab:8b:bd:f0:f8:80:91:a5:a6:c2:dc:
                    a4:96:7b:53:0f:1e:99:b9:7e:e1:30:20:b8:a7:aa:
                    85:93:1f:c4:e0:2c:db:f6:de:68:28:f7:f1:ab:37:
                    38:0e:6a:3e:7a:42:43:f0:69:2b:a3:90:bc:74:33:
                    2d:00:03:d5:77:d1:15:7c:d5:0a:fc:af:6e:6f:67:
                    08:6b:44:52:7f:d5:70:79:4e:8c:cf:dc:0e:80:59:
                    eb:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:6A:0D:0E:D1:7B:E1:52:49:B5:73:56:F2:EB:4F:8C:05:B7:D4:E6
            X509v3 Authority Key Identifier:
                keyid:47:D0:64:FB:3E:54:1F:23:56:30:65:E4:8F:30:0F:2C:FD:FE:00:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R9Bk-z5UHyNWMGXkjzAPLP3-AJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d56693-2254-4a3b-acbb-efaaff0a982f/1/3WoNDtF74VJJtXNW8utPjAW31OY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d56693-2254-4a3b-acbb-efaaff0a982f/1/R9Bk-z5UHyNWMGXkjzAPLP3-AJo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.244.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:23:67:d3:fc:38:ba:cb:8c:4f:dd:e9:07:55:06:2a:d6:96:
         2b:bf:2a:7c:c3:55:c2:cc:7d:6b:df:c3:74:90:b2:5b:8a:85:
         e4:29:06:88:8a:6f:72:14:66:77:00:9e:1b:71:73:db:a1:65:
         fb:f7:ff:c3:4c:bb:ff:e2:8d:2c:a2:20:f7:10:ff:57:34:97:
         2d:94:63:e7:6f:35:43:51:5d:57:5a:d2:bb:1a:84:9f:11:54:
         e8:eb:cc:4b:82:81:6b:7e:6b:a6:22:25:82:34:54:06:9c:d2:
         fc:f1:04:b9:32:be:f2:de:cd:f2:1f:18:df:2a:4d:3a:c9:6b:
         d1:a1:a4:ca:a3:16:25:0e:89:a7:d1:6a:fd:87:9f:c9:94:5d:
         4f:84:84:6f:59:67:6f:71:04:65:e4:47:19:4f:0d:bd:36:d6:
         09:2e:d2:da:ee:f2:86:71:cf:fb:6a:c5:d6:71:d4:9a:c9:d3:
         2b:00:d6:a6:fb:70:b7:54:fb:57:cb:fd:a6:bf:54:db:b3:4a:
         b0:98:97:bd:19:74:94:7c:39:aa:be:2a:45:c5:34:b1:35:df:
         cf:d8:b1:d9:18:10:88:e7:b2:2a:f1:34:75:3c:7c:10:55:1d:
         a0:ff:0d:fa:cf:0c:2b:81:ac:4c:d4:67:6f:69:f4:49:87:80:
         4f:fe:04:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSLrqRrdPn4Q4BWhiumI/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3ZDA2NGZiM2U1NDFmMjM1NjMwNjVlNDhmMzAwZjJjZmRm
ZTAwOWEwHhcNMjQwMTAxMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDZhMGQwZWQxN2JlMTUyNDliNTczNTZmMmViNGY4YzA1YjdkNGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthKyDc0hGYOSgq/17TD7bDUCLSSQ
ViL0aVIYkInXcG8UYjmoh0ogMQiPIQAyY5B1f8/ge7vJPWk01va4mgFoVKJRMH00
g05a+0WhGvy7lqrnfM4z3xx2+vI1r+sORmUQStiRw8GCCaAgwNk1zyvv9QgNKP/n
CR4wnQpYxux4M8QsMgzQNxxFfbcrZWOLdAYAOnLJGRc42T7NXhGZ9pZsKeq/+/XQ
Yoa1q4u98PiAkaWmwtyklntTDx6ZuX7hMCC4p6qFkx/E4Czb9t5oKPfxqzc4Dmo+
ekJD8Gkro5C8dDMtAAPVd9EVfNUK/K9ub2cIa0RSf9VweU6Mz9wOgFnrywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1qDQ7Re+FSSbVzVvLrT4wFt9TmMB8GA1UdIwQY
MBaAFEfQZPs+VB8jVjBl5I8wDyz9/gCaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjlCay16NVVIeU5XTUdYa2p6QVBMUDMtQUpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9kNTY2OTMtMjI1NC00YTNiLWFjYmIt
ZWZhYWZmMGE5ODJmLzEvM1dvTkR0Rjc0VkpKdFhOVzh1dFBqQVczMU9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9kNTY2OTMtMjI1NC00YTNiLWFjYmItZWZhYWZmMGE5ODJm
LzEvUjlCay16NVVIeU5XTUdYa2p6QVBMUDMtQUpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/QdMA0G
CSqGSIb3DQEBCwUAA4IBAQAdI2fT/Di6y4xP3ekHVQYq1pYrvyp8w1XCzH1r38N0
kLJbioXkKQaIim9yFGZ3AJ4bcXPboWX79//DTLv/4o0soiD3EP9XNJctlGPnbzVD
UV1XWtK7GoSfEVTo68xLgoFrfmumIiWCNFQGnNL88QS5Mr7y3s3yHxjfKk06yWvR
oaTKoxYlDomn0Wr9h5/JlF1PhIRvWWdvcQRl5EcZTw29NtYJLtLa7vKGcc/7asXW
cdSaydMrANam+3C3VPtXy/2mv1Tbs0qwmJe9GXSUfDmqvipFxTSxNd/P2LHZGBCI
57Iq8TR1PHwQVR2g/w36zwwrgaxM1GdvafRJh4BP/gSP
-----END CERTIFICATE-----