Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/Olvba8b0LQ3XYjmweIYYCWlaL24.roa
File:                     Olvba8b0LQ3XYjmweIYYCWlaL24.roa (raw, json)
Hash identifier:          Wj2tE5RhOaTBOgwtpy7j+LlliXQCV/ipn4kpk6MvU1M=
Subject key identifier:   3A:5B:DB:6B:C6:F4:2D:0D:D7:62:39:B0:78:86:18:09:69:5A:2F:6E
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       0194FA8539B1D30A4D10D5FD56523DA8566A
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/Olvba8b0LQ3XYjmweIYYCWlaL24.roa
Signing time:             Wed 12 Feb 2025 14:17:02 +0000
ROA not before:           Wed 12 Feb 2025 14:17:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        195.216.183.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:fa:85:39:b1:d3:0a:4d:10:d5:fd:56:52:3d:a8:56:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Feb 12 14:17:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a5bdb6bc6f42d0dd76239b078861809695a2f6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:d8:be:91:34:a3:23:5f:ed:df:df:44:77:51:
                    69:b5:ae:75:aa:0e:57:3a:17:b8:c3:3a:cd:e9:42:
                    b5:d9:22:49:b4:90:00:97:f8:46:6e:f8:17:03:14:
                    61:a0:2a:78:e3:9f:e4:e8:e3:30:66:7c:2c:68:92:
                    2a:58:2a:89:c9:e1:bc:33:24:ff:37:b3:46:d6:cd:
                    5c:48:dd:27:62:55:91:25:02:30:6c:4d:81:c0:e1:
                    8b:f5:bc:6f:06:26:b0:70:19:e3:27:71:60:95:2d:
                    c1:26:9f:53:d3:07:b6:77:4d:e5:28:8c:77:58:cd:
                    e0:9e:8b:43:7c:d7:8b:32:a2:e5:53:ec:5b:ea:95:
                    13:7c:68:5c:d7:f5:61:7f:99:ac:5d:cf:3d:81:c1:
                    4a:96:b9:09:d6:b6:57:48:b0:9c:9b:0b:f8:70:f4:
                    b6:65:80:25:d9:7b:54:25:c6:c0:9a:06:ac:ec:2b:
                    3c:98:21:85:61:ab:c9:6d:ee:8f:d6:02:d1:7b:a4:
                    17:db:10:d9:fc:21:ec:82:1b:33:44:54:6b:69:7f:
                    84:b0:ff:39:79:1f:d5:14:ff:28:dc:4e:a2:92:3c:
                    33:84:87:4d:8b:0f:c1:8f:80:e4:9d:94:bc:6a:ff:
                    8f:0a:ce:b4:a6:50:7e:7d:5a:22:df:e7:8a:b3:ca:
                    48:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:5B:DB:6B:C6:F4:2D:0D:D7:62:39:B0:78:86:18:09:69:5A:2F:6E
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/Olvba8b0LQ3XYjmweIYYCWlaL24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:31:16:66:b3:d8:bc:4c:28:99:c3:0f:1e:6b:9d:9c:58:75:
         a2:3f:d5:32:36:83:b3:80:36:31:ca:eb:26:5a:f4:ae:7d:f1:
         13:f1:f5:4c:85:3f:45:36:14:23:f2:3d:d2:d0:81:c2:99:13:
         4b:fb:70:80:26:5f:ad:1d:fb:02:4f:4d:f5:65:62:5e:cc:bd:
         75:52:46:cc:a5:16:fe:74:f2:c5:1f:78:38:27:40:59:2d:12:
         19:bb:50:b0:ad:f4:b4:74:c1:7a:a5:51:e6:60:0f:ad:62:40:
         81:8b:fa:48:2b:76:39:ef:f3:bc:5f:e9:e8:92:e8:9f:ba:7a:
         46:03:1f:40:74:ae:0a:c5:6b:62:98:6e:4e:7f:09:fe:f7:1e:
         8c:83:14:7d:53:31:51:41:41:91:79:b2:a7:6f:3f:0b:e3:ec:
         2d:80:85:db:90:b5:ab:1f:49:75:c8:98:1f:05:03:ff:eb:8e:
         6e:2b:4a:2d:11:46:1d:fb:89:bf:51:a9:3c:5a:fc:7f:b8:0c:
         80:8b:fc:6f:f1:58:bb:8d:0e:87:b4:ee:0e:5e:74:2e:4d:97:
         9c:85:a5:31:74:82:3c:fc:04:f4:d9:6a:51:7e:34:4b:c3:60:
         1a:22:8d:c6:f0:71:ac:f4:ff:1f:bf:4d:c4:d7:7b:b5:d9:bf:
         d3:27:9e:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZT6hTmx0wpNENX9VlI9qFZqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjUwMjEyMTQxNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTViZGI2YmM2ZjQyZDBkZDc2MjM5YjA3ODg2MTgwOTY5NWEyZjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9i+kTSjI1/t399Ed1Fpta51qg5X
Ohe4wzrN6UK12SJJtJAAl/hGbvgXAxRhoCp445/k6OMwZnwsaJIqWCqJyeG8MyT/
N7NG1s1cSN0nYlWRJQIwbE2BwOGL9bxvBiawcBnjJ3FglS3BJp9T0we2d03lKIx3
WM3gnotDfNeLMqLlU+xb6pUTfGhc1/Vhf5msXc89gcFKlrkJ1rZXSLCcmwv4cPS2
ZYAl2XtUJcbAmgas7Cs8mCGFYavJbe6P1gLRe6QX2xDZ/CHsghszRFRraX+EsP85
eR/VFP8o3E6ikjwzhIdNiw/Bj4DknZS8av+PCs60plB+fVoi3+eKs8pIFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDpb22vG9C0N12I5sHiGGAlpWi9uMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvT2x2YmE4YjBMUTNYWWptd2VJWVlDV2xhTDI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9i3MA0G
CSqGSIb3DQEBCwUAA4IBAQBFMRZms9i8TCiZww8ea52cWHWiP9UyNoOzgDYxyusm
WvSuffET8fVMhT9FNhQj8j3S0IHCmRNL+3CAJl+tHfsCT031ZWJezL11UkbMpRb+
dPLFH3g4J0BZLRIZu1CwrfS0dMF6pVHmYA+tYkCBi/pIK3Y57/O8X+nokuifunpG
Ax9AdK4KxWtimG5Ofwn+9x6MgxR9UzFRQUGRebKnbz8L4+wtgIXbkLWrH0l1yJgf
BQP/645uK0otEUYd+4m/Uak8Wvx/uAyAi/xv8Vi7jQ6HtO4OXnQuTZechaUxdII8
/AT02WpRfjRLw2AaIo3G8HGs9P8fv03E13u12b/TJ56V
-----END CERTIFICATE-----