Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/76xpigLvDSDEURZnt_4mMemHiJ0.roa
File:                     76xpigLvDSDEURZnt_4mMemHiJ0.roa (raw, json)
Hash identifier:          yQBMbv510PEFojneaqlqF5faLpy4npIOhq35JtoSPeU=
Subject key identifier:   EF:AC:69:8A:02:EF:0D:20:C4:51:16:67:B7:FE:26:31:E9:87:88:9D
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       018CC9BBCD1A82C976EE36CF1C627EF4432D
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/76xpigLvDSDEURZnt_4mMemHiJ0.roa
Signing time:             Tue 02 Jan 2024 10:32:57 +0000
ROA not before:           Tue 02 Jan 2024 10:32:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30917
IP address blocks:        195.56.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:cd:1a:82:c9:76:ee:36:cf:1c:62:7e:f4:43:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  2 10:32:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efac698a02ef0d20c4511667b7fe2631e987889d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:34:c8:18:e8:a5:55:b6:8e:22:43:f7:12:05:
                    6f:80:a6:ea:2f:b2:5a:bb:51:5b:37:32:26:c2:c7:
                    17:08:cf:e2:0f:18:60:e3:91:ef:c2:4c:28:a1:41:
                    05:fa:6e:c6:db:90:c4:78:3c:d7:94:4c:9c:af:e0:
                    1c:27:94:8a:d2:e7:2f:97:cd:d8:03:ed:50:1d:8f:
                    f4:de:b1:9f:80:d3:f8:c7:41:59:7c:ef:20:a4:40:
                    bf:c1:ac:7c:d5:3e:53:60:0f:2a:f9:fd:29:4a:01:
                    29:20:11:64:b2:be:c1:71:6b:ab:c5:27:b9:18:96:
                    9f:65:10:82:28:8b:d8:35:84:ba:75:e4:b8:1c:3e:
                    5a:92:b2:7a:79:54:5c:08:a9:7e:de:de:ea:e2:29:
                    59:d8:94:64:90:28:6d:8a:19:43:2b:f1:d3:ca:ae:
                    2d:c1:f8:cd:bb:5e:21:8f:34:24:1a:cb:e8:22:27:
                    c6:3f:8b:23:5a:6a:70:33:49:70:ef:16:a2:71:00:
                    50:31:e5:b2:d9:2b:ae:68:59:8e:9a:12:32:53:e1:
                    3f:78:39:6b:62:5d:7a:cc:18:dd:66:82:9f:cc:60:
                    cc:91:84:eb:34:35:e6:3a:5a:12:9e:4b:c7:27:0f:
                    1e:99:58:71:41:e4:b8:1e:d8:fb:97:ce:a5:12:08:
                    53:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:AC:69:8A:02:EF:0D:20:C4:51:16:67:B7:FE:26:31:E9:87:88:9D
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/76xpigLvDSDEURZnt_4mMemHiJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.56.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:43:ec:f4:ee:6f:fa:6c:0d:f5:5f:90:91:59:ee:89:e7:f8:
         b1:3f:73:52:5b:8d:1f:d8:7d:6e:d6:e2:65:a4:b5:84:ec:54:
         80:b8:81:27:7a:6b:f9:d2:60:50:00:cc:b0:c7:22:1c:a3:f8:
         6b:52:ca:cf:b4:1e:12:bf:e9:9b:ca:dd:fa:1b:cd:ca:f9:17:
         df:66:90:e7:aa:d8:f4:b5:f4:b1:a4:60:80:5b:46:27:d0:65:
         bb:03:52:57:19:75:77:68:06:b6:09:4f:14:d6:48:d5:24:90:
         49:99:a4:a3:69:97:78:69:f2:7f:3a:d7:d2:33:76:7e:8f:8e:
         f8:72:65:b5:0a:4d:da:7e:76:6d:b6:21:74:f0:41:e3:57:6e:
         7f:2c:0d:12:ab:a8:b0:15:db:bc:dd:10:d2:8d:ed:42:33:1e:
         a5:e6:b1:9a:63:f6:38:44:91:31:64:82:13:b9:0c:c7:ef:ef:
         f1:62:90:80:a9:72:dc:3c:2b:3f:53:f8:f1:27:b9:31:39:e0:
         3d:77:00:0a:3d:1f:39:d2:88:3c:5b:c0:bb:ca:58:7c:9c:f7:
         5b:53:cd:20:d3:a5:82:90:1c:9b:24:e2:aa:78:08:08:69:67:
         88:db:79:e7:f8:a1:f9:e3:a3:65:12:f2:23:f7:d8:c9:e3:21:
         3d:6c:93:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu80agsl27jbPHGJ+9EMtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjQwMTAyMTAzMjU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmFjNjk4YTAyZWYwZDIwYzQ1MTE2NjdiN2ZlMjYzMWU5ODc4ODlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DTIGOilVbaOIkP3EgVvgKbqL7Ja
u1FbNzImwscXCM/iDxhg45HvwkwooUEF+m7G25DEeDzXlEycr+AcJ5SK0ucvl83Y
A+1QHY/03rGfgNP4x0FZfO8gpEC/wax81T5TYA8q+f0pSgEpIBFksr7BcWurxSe5
GJafZRCCKIvYNYS6deS4HD5akrJ6eVRcCKl+3t7q4ilZ2JRkkChtihlDK/HTyq4t
wfjNu14hjzQkGsvoIifGP4sjWmpwM0lw7xaicQBQMeWy2SuuaFmOmhIyU+E/eDlr
Yl16zBjdZoKfzGDMkYTrNDXmOloSnkvHJw8emVhxQeS4Htj7l86lEghT9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+saYoC7w0gxFEWZ7f+JjHph4idMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvNzZ4cGlnTHZEU0RFVVJabnRfNG1NZW1IaUowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwziNMA0G
CSqGSIb3DQEBCwUAA4IBAQAXQ+z07m/6bA31X5CRWe6J5/ixP3NSW40f2H1u1uJl
pLWE7FSAuIEnemv50mBQAMywxyIco/hrUsrPtB4Sv+mbyt36G83K+RffZpDnqtj0
tfSxpGCAW0Yn0GW7A1JXGXV3aAa2CU8U1kjVJJBJmaSjaZd4afJ/OtfSM3Z+j474
cmW1Ck3afnZttiF08EHjV25/LA0Sq6iwFdu83RDSje1CMx6l5rGaY/Y4RJExZIIT
uQzH7+/xYpCAqXLcPCs/U/jxJ7kxOeA9dwAKPR850og8W8C7ylh8nPdbU80g06WC
kBybJOKqeAgIaWeI23nn+KH546NlEvIj99jJ4yE9bJOE
-----END CERTIFICATE-----