Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f4b1a1-fe88-4450-bd32-d0c83be40185/1/vKU4Jh9YONxKngfwtqDpPUqIUvo.roa
File:                     vKU4Jh9YONxKngfwtqDpPUqIUvo.roa (raw, json)
Hash identifier:          hVV3V5VT+cb3yypv/Y8dhy7UtcuR6t5QMPN14+T2Gi0=
Subject key identifier:   BC:A5:38:26:1F:58:38:DC:4A:9E:07:F0:B6:A0:E9:3D:4A:88:52:FA
Certificate issuer:       /CN=80c72eaebc20461c31cf942e4e155f07b8a03c7c
Certificate serial:       018CC86F75AB99C91CBDB88B911585818230
Authority key identifier: 80:C7:2E:AE:BC:20:46:1C:31:CF:94:2E:4E:15:5F:07:B8:A0:3C:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gMcurrwgRhwxz5QuThVfB7igPHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/f4b1a1-fe88-4450-bd32-d0c83be40185/1/vKU4Jh9YONxKngfwtqDpPUqIUvo.roa
Signing time:             Tue 02 Jan 2024 04:29:56 +0000
ROA not before:           Tue 02 Jan 2024 04:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45035
IP address blocks:        195.60.178.0/24 maxlen: 24
                          195.60.179.0/24 maxlen: 24
                          195.158.234.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/f4b1a1-fe88-4450-bd32-d0c83be40185/1/gMcurrwgRhwxz5QuThVfB7igPHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/f4b1a1-fe88-4450-bd32-d0c83be40185/1/gMcurrwgRhwxz5QuThVfB7igPHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gMcurrwgRhwxz5QuThVfB7igPHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:75:ab:99:c9:1c:bd:b8:8b:91:15:85:81:82:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80c72eaebc20461c31cf942e4e155f07b8a03c7c
        Validity
            Not Before: Jan  2 04:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bca538261f5838dc4a9e07f0b6a0e93d4a8852fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7e:e0:f5:d6:bd:36:f4:88:52:01:20:35:2f:
                    b1:10:a8:18:22:3e:a4:7f:a5:94:b8:85:13:0e:17:
                    aa:0f:86:c4:c4:54:7c:d6:ea:dc:ad:53:e6:38:73:
                    8a:d6:2b:65:de:81:8e:5b:b8:14:c6:51:3e:2e:12:
                    05:71:19:b6:09:72:57:16:c7:35:47:0c:f4:d4:6e:
                    f6:4e:88:cf:7b:9b:3d:be:6a:d7:c7:28:d1:e9:b3:
                    1b:2e:ff:81:b8:39:d9:2b:04:bd:e9:52:6a:f9:f2:
                    76:02:61:a7:b2:53:d0:d0:41:43:14:63:d2:f6:01:
                    4b:14:a8:83:54:a7:a9:0f:d5:f1:66:40:34:dc:0f:
                    b7:32:c0:0b:8c:f2:87:3e:6b:80:99:4b:1a:5a:1c:
                    dd:96:24:31:a9:fa:a9:56:dc:65:b6:f7:49:79:d3:
                    e1:7b:00:14:f7:57:21:bc:b9:4c:82:a7:d9:24:2d:
                    d9:46:34:8b:d8:12:c8:62:ff:b0:3f:28:cb:26:89:
                    ba:8c:d9:a7:4f:c4:a2:8f:b2:4a:7d:fd:d5:f4:d9:
                    0d:51:17:38:86:d3:ae:03:00:4a:8f:65:e3:d8:39:
                    f6:33:39:05:a5:3a:ca:b9:27:7c:11:2f:fc:2e:80:
                    5f:a9:59:d2:b8:37:c9:f2:51:a6:b9:fb:58:db:f2:
                    72:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:A5:38:26:1F:58:38:DC:4A:9E:07:F0:B6:A0:E9:3D:4A:88:52:FA
            X509v3 Authority Key Identifier:
                keyid:80:C7:2E:AE:BC:20:46:1C:31:CF:94:2E:4E:15:5F:07:B8:A0:3C:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gMcurrwgRhwxz5QuThVfB7igPHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f4b1a1-fe88-4450-bd32-d0c83be40185/1/vKU4Jh9YONxKngfwtqDpPUqIUvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f4b1a1-fe88-4450-bd32-d0c83be40185/1/gMcurrwgRhwxz5QuThVfB7igPHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.178.0/23
                  195.158.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:7e:a9:7c:89:85:74:43:de:28:65:c6:df:9c:1f:8b:e1:14:
         1d:40:2b:d3:f3:52:e4:b2:ce:6b:b6:66:d1:52:8e:1f:99:0a:
         a9:f3:ed:ca:27:9c:c3:0c:c7:26:86:40:30:56:64:50:0e:84:
         dc:87:c7:de:d0:5b:7f:65:5e:49:5d:62:bd:e7:d9:92:83:be:
         71:9b:d6:8f:33:50:1a:90:dc:d8:d2:fe:16:aa:4e:6b:6c:38:
         68:08:e0:cb:ab:c6:48:d0:62:01:b0:31:b6:db:61:bf:84:ba:
         b5:e6:8e:a1:02:71:da:3b:74:39:15:88:73:04:82:7e:57:d0:
         40:25:2a:df:b2:44:c5:ee:86:cc:ef:e5:bd:9b:76:ac:7b:60:
         0f:6b:bd:5d:98:d7:11:b4:8a:01:00:58:b9:a6:98:ae:26:c6:
         2c:4b:a5:84:66:28:f2:b8:59:b7:d9:e2:22:34:dd:b4:01:82:
         8e:b0:02:a2:d6:76:9e:1b:9b:7e:18:4c:de:27:d4:ef:17:04:
         4d:fe:3e:8a:61:72:a0:8f:dc:1a:3a:26:e8:dd:57:0f:e2:72:
         9b:b8:65:07:c3:f6:5c:a1:b3:b1:d8:f7:05:37:b5:f5:b6:25:
         8d:f3:c2:0e:91:54:0f:49:f6:9c:93:e4:71:67:5f:15:c5:a0:
         23:72:5c:3d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb3WrmckcvbiLkRWFgYIwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwYzcyZWFlYmMyMDQ2MWMzMWNmOTQyZTRlMTU1ZjA3Yjhh
MDNjN2MwHhcNMjQwMTAyMDQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2E1MzgyNjFmNTgzOGRjNGE5ZTA3ZjBiNmEwZTkzZDRhODg1MmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr37g9da9NvSIUgEgNS+xEKgYIj6k
f6WUuIUTDheqD4bExFR81urcrVPmOHOK1itl3oGOW7gUxlE+LhIFcRm2CXJXFsc1
Rwz01G72TojPe5s9vmrXxyjR6bMbLv+BuDnZKwS96VJq+fJ2AmGnslPQ0EFDFGPS
9gFLFKiDVKepD9XxZkA03A+3MsALjPKHPmuAmUsaWhzdliQxqfqpVtxltvdJedPh
ewAU91chvLlMgqfZJC3ZRjSL2BLIYv+wPyjLJom6jNmnT8Sij7JKff3V9NkNURc4
htOuAwBKj2Xj2Dn2MzkFpTrKuSd8ES/8LoBfqVnSuDfJ8lGmuftY2/JyzQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLylOCYfWDjcSp4H8Lag6T1KiFL6MB8GA1UdIwQY
MBaAFIDHLq68IEYcMc+ULk4VXwe4oDx8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ01jdXJyd2dSaHd4ejVRdVRoVmZCN2lnUEh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNGIxYTEtZmU4OC00NDUwLWJkMzIt
ZDBjODNiZTQwMTg1LzEvdktVNEpoOVlPTnhLbmdmd3RxRHBQVXFJVXZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNGIxYTEtZmU4OC00NDUwLWJkMzItZDBjODNiZTQwMTg1
LzEvZ01jdXJyd2dSaHd4ejVRdVRoVmZCN2lnUEh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwzyyAwQB
w57qMA0GCSqGSIb3DQEBCwUAA4IBAQBBfql8iYV0Q94oZcbfnB+L4RQdQCvT81Lk
ss5rtmbRUo4fmQqp8+3KJ5zDDMcmhkAwVmRQDoTch8fe0Ft/ZV5JXWK959mSg75x
m9aPM1AakNzY0v4Wqk5rbDhoCODLq8ZI0GIBsDG222G/hLq15o6hAnHaO3Q5FYhz
BIJ+V9BAJSrfskTF7obM7+W9m3ase2APa71dmNcRtIoBAFi5ppiuJsYsS6WEZijy
uFm32eIiNN20AYKOsAKi1naeG5t+GEzeJ9TvFwRN/j6KYXKgj9waOibo3VcP4nKb
uGUHw/ZcobOx2PcFN7X1tiWN88IOkVQPSfack+RxZ18VxaAjclw9
-----END CERTIFICATE-----