Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/61ccd4-e053-45e0-b635-7fea066f0b96/1/SUQYe2qXmJr5r-vCzJCpD1VDSh0.roa
File:                     SUQYe2qXmJr5r-vCzJCpD1VDSh0.roa (raw, json)
Hash identifier:          TZdigseljNfkkPzKpgMEE1g2XHYrkBt6hOR71T5A3JA=
Subject key identifier:   49:44:18:7B:6A:97:98:9A:F9:AF:EB:C2:CC:90:A9:0F:55:43:4A:1D
Certificate issuer:       /CN=88a94a4140e19b32063fc6e779f59314a74a0c51
Certificate serial:       018CC50117A7B72A60CEC87D5F0B9175BB8E
Authority key identifier: 88:A9:4A:41:40:E1:9B:32:06:3F:C6:E7:79:F5:93:14:A7:4A:0C:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iKlKQUDhmzIGP8bnefWTFKdKDFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/61ccd4-e053-45e0-b635-7fea066f0b96/1/SUQYe2qXmJr5r-vCzJCpD1VDSh0.roa
Signing time:             Mon 01 Jan 2024 12:30:32 +0000
ROA not before:           Mon 01 Jan 2024 12:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44018
IP address blocks:        195.8.122.0/23 maxlen: 24
                          195.8.121.0/24 maxlen: 24
                          2001:67c:2590::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/61ccd4-e053-45e0-b635-7fea066f0b96/1/iKlKQUDhmzIGP8bnefWTFKdKDFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/61ccd4-e053-45e0-b635-7fea066f0b96/1/iKlKQUDhmzIGP8bnefWTFKdKDFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iKlKQUDhmzIGP8bnefWTFKdKDFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:17:a7:b7:2a:60:ce:c8:7d:5f:0b:91:75:bb:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88a94a4140e19b32063fc6e779f59314a74a0c51
        Validity
            Not Before: Jan  1 12:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4944187b6a97989af9afebc2cc90a90f55434a1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:7b:cf:25:e6:4c:fb:fc:d9:8f:40:d3:4b:a9:
                    8b:57:56:a0:0a:4b:00:00:40:b6:9d:72:eb:f0:4c:
                    ec:73:73:d6:20:7a:99:d9:38:4b:47:94:d9:ec:ff:
                    33:27:04:af:8b:01:b4:cd:c6:fe:7d:aa:8d:54:c6:
                    14:10:14:ff:aa:c2:51:fa:b2:5b:b1:ff:89:3a:72:
                    e0:53:af:80:a6:2e:8e:47:5e:9b:c0:c7:c4:dd:42:
                    44:f5:a5:bb:b2:67:3a:fb:c5:ff:75:30:eb:c4:71:
                    19:2b:2e:98:39:9d:e8:aa:c1:6f:df:73:6b:df:fc:
                    bc:2c:c5:8b:eb:c0:ba:e3:b6:b0:d6:ad:49:33:c6:
                    ba:cc:07:bd:c0:40:94:c6:1e:67:2a:f1:36:3b:19:
                    78:a5:fb:50:42:06:1a:4c:3b:ea:52:34:25:04:75:
                    b0:15:4f:2b:cb:37:fd:b9:57:12:b2:48:05:e9:29:
                    46:ab:bb:49:6e:b1:7e:1d:cc:f7:da:58:b9:4d:45:
                    57:6d:00:b3:a6:37:a5:d3:d8:19:3b:0e:0a:5c:13:
                    12:ed:eb:5f:9a:aa:ae:e0:7f:61:23:d0:da:a6:d6:
                    d0:34:b7:8a:1f:a8:5d:39:28:38:7c:fa:06:2c:7c:
                    b5:09:e5:6d:01:73:8d:b1:f1:97:10:64:6f:06:de:
                    82:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:44:18:7B:6A:97:98:9A:F9:AF:EB:C2:CC:90:A9:0F:55:43:4A:1D
            X509v3 Authority Key Identifier:
                keyid:88:A9:4A:41:40:E1:9B:32:06:3F:C6:E7:79:F5:93:14:A7:4A:0C:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iKlKQUDhmzIGP8bnefWTFKdKDFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/61ccd4-e053-45e0-b635-7fea066f0b96/1/SUQYe2qXmJr5r-vCzJCpD1VDSh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/61ccd4-e053-45e0-b635-7fea066f0b96/1/iKlKQUDhmzIGP8bnefWTFKdKDFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.121.0-195.8.123.255
                IPv6:
                  2001:67c:2590::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:ce:cb:0b:7c:9d:5b:3f:14:73:36:26:84:30:06:ab:79:3a:
         08:0c:89:2b:37:7a:de:da:2f:f1:ec:22:b1:c1:70:fc:10:97:
         e2:8a:82:c5:9a:a1:67:6e:c4:e4:bc:57:31:13:71:ce:6e:7a:
         c8:a2:3e:29:2b:d5:dd:b3:f0:9e:fe:0a:26:26:08:f2:89:ce:
         b6:bc:53:38:2c:3b:45:41:e6:4c:30:97:6b:ff:8c:77:7a:d0:
         0e:f2:17:19:6b:fd:f9:b9:57:8a:de:21:5e:36:aa:81:fc:29:
         a1:d9:4c:ce:42:8f:58:b9:47:ea:71:8b:db:85:bc:d1:ea:df:
         65:d8:0a:3a:9b:23:51:a2:21:1c:64:5c:a3:1f:53:8d:61:4f:
         4b:1d:0f:75:0f:af:a9:d3:bb:dd:76:18:62:75:e3:69:16:a1:
         cb:84:7d:fe:a9:79:e6:ad:6d:9a:c9:5a:28:84:97:ad:6e:4d:
         59:72:db:0d:e8:09:72:de:7a:10:23:44:82:53:2c:7d:a5:c7:
         94:80:2e:e1:91:da:7d:89:01:ee:11:ad:ea:80:9d:a1:1f:ac:
         4a:cf:17:2f:79:5c:4a:c1:2e:a9:bf:8f:1e:2a:57:fb:cc:01:
         28:41:dd:47:81:19:3a:5d:c5:e4:40:3f:88:c0:08:72:f1:9c:
         7d:7c:84:12
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYzFARentypgzsh9XwuRdbuOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YTk0YTQxNDBlMTliMzIwNjNmYzZlNzc5ZjU5MzE0YTc0
YTBjNTEwHhcNMjQwMTAxMTIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTQ0MTg3YjZhOTc5ODlhZjlhZmViYzJjYzkwYTkwZjU1NDM0YTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonvPJeZM+/zZj0DTS6mLV1agCksA
AEC2nXLr8Ezsc3PWIHqZ2ThLR5TZ7P8zJwSviwG0zcb+faqNVMYUEBT/qsJR+rJb
sf+JOnLgU6+Api6OR16bwMfE3UJE9aW7smc6+8X/dTDrxHEZKy6YOZ3oqsFv33Nr
3/y8LMWL68C647aw1q1JM8a6zAe9wECUxh5nKvE2Oxl4pftQQgYaTDvqUjQlBHWw
FU8ryzf9uVcSskgF6SlGq7tJbrF+Hcz32li5TUVXbQCzpjel09gZOw4KXBMS7etf
mqqu4H9hI9DaptbQNLeKH6hdOSg4fPoGLHy1CeVtAXONsfGXEGRvBt6CVQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFElEGHtql5ia+a/rwsyQqQ9VQ0odMB8GA1UdIwQY
MBaAFIipSkFA4ZsyBj/G53n1kxSnSgxRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUtsS1FVRGhteklHUDhibmVmV1RGS2RLREZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS82MWNjZDQtZTA1My00NWUwLWI2MzUt
N2ZlYTA2NmYwYjk2LzEvU1VRWWUycVhtSnI1ci12Q3pKQ3BEMVZEU2gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS82MWNjZDQtZTA1My00NWUwLWI2MzUtN2ZlYTA2NmYwYjk2
LzEvaUtsS1FVRGhteklHUDhibmVmV1RGS2RLREZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBADDCHkD
BALDCHgwDwQCAAIwCQMHACABBnwlkDANBgkqhkiG9w0BAQsFAAOCAQEALs7LC3yd
Wz8UczYmhDAGq3k6CAyJKzd63tov8ewiscFw/BCX4oqCxZqhZ27E5LxXMRNxzm56
yKI+KSvV3bPwnv4KJiYI8onOtrxTOCw7RUHmTDCXa/+Md3rQDvIXGWv9+blXit4h
XjaqgfwpodlMzkKPWLlH6nGL24W80erfZdgKOpsjUaIhHGRcox9TjWFPSx0PdQ+v
qdO73XYYYnXjaRahy4R9/ql55q1tmslaKISXrW5NWXLbDegJct56ECNEglMsfaXH
lIAu4ZHafYkB7hGt6oCdoR+sSs8XL3lcSsEuqb+PHipX+8wBKEHdR4EZOl3F5EA/
iMAIcvGcfXyEEg==
-----END CERTIFICATE-----