Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/5ebc5d-8683-4c37-a050-20ef42c9bc38/1/bMeOR0h3i3Seg-HvC3T2pglXsqY.roa
File:                     bMeOR0h3i3Seg-HvC3T2pglXsqY.roa (raw, json)
Hash identifier:          hXhpU2Yt2TGN6MC/EQyLtdcesAZ1TeDrMLfUPE6rF3Y=
Subject key identifier:   6C:C7:8E:47:48:77:8B:74:9E:83:E1:EF:0B:74:F6:A6:09:57:B2:A6
Certificate issuer:       /CN=6381f72082e312069d83d9af4f319cf0af803647
Certificate serial:       018CC3B71E5CD948F4903DFC6F262176C84E
Authority key identifier: 63:81:F7:20:82:E3:12:06:9D:83:D9:AF:4F:31:9C:F0:AF:80:36:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y4H3IILjEgadg9mvTzGc8K-ANkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/5ebc5d-8683-4c37-a050-20ef42c9bc38/1/bMeOR0h3i3Seg-HvC3T2pglXsqY.roa
Signing time:             Mon 01 Jan 2024 06:30:07 +0000
ROA not before:           Mon 01 Jan 2024 06:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13039
IP address blocks:        195.85.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/5ebc5d-8683-4c37-a050-20ef42c9bc38/1/Y4H3IILjEgadg9mvTzGc8K-ANkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/5ebc5d-8683-4c37-a050-20ef42c9bc38/1/Y4H3IILjEgadg9mvTzGc8K-ANkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y4H3IILjEgadg9mvTzGc8K-ANkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1e:5c:d9:48:f4:90:3d:fc:6f:26:21:76:c8:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6381f72082e312069d83d9af4f319cf0af803647
        Validity
            Not Before: Jan  1 06:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cc78e4748778b749e83e1ef0b74f6a60957b2a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:64:05:4f:15:af:91:66:b6:d4:14:16:ae:a6:
                    01:86:d6:39:0c:e1:7f:ee:03:f2:e2:71:a2:35:27:
                    f1:88:f1:76:5e:0b:6f:29:22:83:e3:0b:57:d2:cc:
                    ff:e9:f1:c2:4d:6d:64:81:17:5d:47:13:dc:bd:4d:
                    24:81:0b:1b:01:48:13:07:9f:fd:c3:fe:1a:90:ca:
                    07:53:7c:0a:1d:8a:67:da:00:27:f4:05:9d:ee:a3:
                    8c:a5:2c:9a:10:37:5b:59:a1:24:16:1b:29:8a:ac:
                    f0:61:25:6d:a1:a9:02:5d:19:76:30:2e:65:80:f9:
                    f1:92:0e:a7:0d:f2:29:2d:df:9f:bc:ef:2b:aa:06:
                    4a:6a:f5:12:82:52:cb:74:a2:d7:1d:ae:40:0b:e5:
                    e3:00:03:88:e6:0f:ff:b0:b4:ca:ed:c0:df:8a:5d:
                    df:b9:72:ca:12:ba:35:c9:ff:fd:3f:40:fc:8c:b3:
                    14:fa:d2:3d:42:f3:27:51:b5:36:11:35:51:a3:6d:
                    c3:fb:f9:92:8b:3a:9e:97:e2:3f:7b:d3:c6:0f:52:
                    de:89:72:15:4d:79:46:2b:09:ef:0c:f2:0e:a5:52:
                    f2:61:e8:52:15:57:33:e5:ae:df:bb:be:e1:5f:7b:
                    90:68:d4:c3:1d:b7:33:9e:5a:fe:9a:d7:34:8e:a9:
                    cc:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:C7:8E:47:48:77:8B:74:9E:83:E1:EF:0B:74:F6:A6:09:57:B2:A6
            X509v3 Authority Key Identifier:
                keyid:63:81:F7:20:82:E3:12:06:9D:83:D9:AF:4F:31:9C:F0:AF:80:36:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y4H3IILjEgadg9mvTzGc8K-ANkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/5ebc5d-8683-4c37-a050-20ef42c9bc38/1/bMeOR0h3i3Seg-HvC3T2pglXsqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/5ebc5d-8683-4c37-a050-20ef42c9bc38/1/Y4H3IILjEgadg9mvTzGc8K-ANkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:97:a6:34:b2:55:d7:83:6f:83:1d:59:15:c5:f7:dd:8a:7f:
         f3:a2:01:8a:65:96:96:ed:4b:ec:ab:2b:1a:28:38:05:bb:5b:
         f5:39:8d:c8:7d:12:40:21:08:df:fa:aa:3b:fc:fc:6e:ff:04:
         9a:f2:dd:83:77:85:36:73:c9:46:64:e8:fa:48:cf:92:d5:42:
         b1:c1:b0:98:01:d1:6b:bf:02:33:87:02:00:df:c6:41:13:ac:
         9f:a1:8e:71:36:b1:42:5b:a8:54:ff:d0:58:0a:19:93:93:8c:
         ac:57:57:71:5d:2d:a7:1b:76:39:5b:6c:e7:03:28:ba:1d:e5:
         4e:a6:6a:1f:3d:76:e2:40:59:c5:b8:58:6b:9d:04:12:c1:65:
         e5:fc:0d:3d:8c:85:6a:8f:56:32:10:86:0e:04:90:73:8e:e4:
         d2:bd:4b:90:58:35:b2:ea:17:4a:76:57:14:04:e3:45:51:b6:
         67:2d:3d:a7:a8:7a:3b:35:1a:34:55:42:75:b7:69:82:f1:d7:
         64:5f:3a:1b:a5:c2:65:29:5c:db:0a:1c:ea:02:02:11:55:cd:
         3b:49:0b:91:c7:63:7d:80:0d:af:97:23:bf:ae:1d:8e:6a:4e:
         0e:f1:5e:87:90:e5:ed:46:bc:9d:97:74:79:d0:7f:31:ae:ba:
         5c:0e:4c:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtx5c2Uj0kD38byYhdshOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzODFmNzIwODJlMzEyMDY5ZDgzZDlhZjRmMzE5Y2YwYWY4
MDM2NDcwHhcNMjQwMTAxMDYzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2M3OGU0NzQ4Nzc4Yjc0OWU4M2UxZWYwYjc0ZjZhNjA5NTdiMmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWQFTxWvkWa21BQWrqYBhtY5DOF/
7gPy4nGiNSfxiPF2XgtvKSKD4wtX0sz/6fHCTW1kgRddRxPcvU0kgQsbAUgTB5/9
w/4akMoHU3wKHYpn2gAn9AWd7qOMpSyaEDdbWaEkFhspiqzwYSVtoakCXRl2MC5l
gPnxkg6nDfIpLd+fvO8rqgZKavUSglLLdKLXHa5AC+XjAAOI5g//sLTK7cDfil3f
uXLKEro1yf/9P0D8jLMU+tI9QvMnUbU2ETVRo23D+/mSizqel+I/e9PGD1LeiXIV
TXlGKwnvDPIOpVLyYehSFVcz5a7fu77hX3uQaNTDHbcznlr+mtc0jqnMAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGzHjkdId4t0noPh7wt09qYJV7KmMB8GA1UdIwQY
MBaAFGOB9yCC4xIGnYPZr08xnPCvgDZHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTRIM0lJTGpFZ2FkZzltdlR6R2M4Sy1BTmtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS81ZWJjNWQtODY4My00YzM3LWEwNTAt
MjBlZjQyYzliYzM4LzEvYk1lT1IwaDNpM1NlZy1IdkMzVDJwZ2xYc3FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS81ZWJjNWQtODY4My00YzM3LWEwNTAtMjBlZjQyYzliYzM4
LzEvWTRIM0lJTGpFZ2FkZzltdlR6R2M4Sy1BTmtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1XwMA0G
CSqGSIb3DQEBCwUAA4IBAQBZl6Y0slXXg2+DHVkVxffdin/zogGKZZaW7Uvsqysa
KDgFu1v1OY3IfRJAIQjf+qo7/Pxu/wSa8t2Dd4U2c8lGZOj6SM+S1UKxwbCYAdFr
vwIzhwIA38ZBE6yfoY5xNrFCW6hU/9BYChmTk4ysV1dxXS2nG3Y5W2znAyi6HeVO
pmofPXbiQFnFuFhrnQQSwWXl/A09jIVqj1YyEIYOBJBzjuTSvUuQWDWy6hdKdlcU
BONFUbZnLT2nqHo7NRo0VUJ1t2mC8ddkXzobpcJlKVzbChzqAgIRVc07SQuRx2N9
gA2vlyO/rh2Oak4O8V6HkOXtRrydl3R50H8xrrpcDkxz
-----END CERTIFICATE-----