Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/eac86b-6e91-4bbe-a203-67ac97118cac/1/CbuE_XwyQkwKHDc3YmSFPwu3LVg.roa
File:                     CbuE_XwyQkwKHDc3YmSFPwu3LVg.roa (raw, json)
Hash identifier:          BVJ7JaJOf+rCAa7TNXT2FAbJQePyEkeapeaPnAys5B0=
Subject key identifier:   09:BB:84:FD:7C:32:42:4C:0A:1C:37:37:62:64:85:3F:0B:B7:2D:58
Certificate issuer:       /CN=d8b92af44b79fc0acf64103eb5fb337a91eecd9a
Certificate serial:       018CC5DBE9EF682B519C205B2829B3137ED0
Authority key identifier: D8:B9:2A:F4:4B:79:FC:0A:CF:64:10:3E:B5:FB:33:7A:91:EE:CD:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Lkq9Et5_ArPZBA-tfszepHuzZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/eac86b-6e91-4bbe-a203-67ac97118cac/1/CbuE_XwyQkwKHDc3YmSFPwu3LVg.roa
Signing time:             Mon 01 Jan 2024 16:29:32 +0000
ROA not before:           Mon 01 Jan 2024 16:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        195.95.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/eac86b-6e91-4bbe-a203-67ac97118cac/1/2Lkq9Et5_ArPZBA-tfszepHuzZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/eac86b-6e91-4bbe-a203-67ac97118cac/1/2Lkq9Et5_ArPZBA-tfszepHuzZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2Lkq9Et5_ArPZBA-tfszepHuzZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e9:ef:68:2b:51:9c:20:5b:28:29:b3:13:7e:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8b92af44b79fc0acf64103eb5fb337a91eecd9a
        Validity
            Not Before: Jan  1 16:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09bb84fd7c32424c0a1c37376264853f0bb72d58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:29:d8:cf:f0:e2:85:cc:2b:5f:9f:10:6e:96:
                    8a:c1:29:56:12:18:d6:32:64:35:f5:45:e9:8c:ea:
                    7a:2b:89:9d:01:cc:87:14:f3:fa:43:fc:34:87:25:
                    4d:aa:4e:95:44:64:b2:60:13:e9:fc:a6:d8:2f:0c:
                    28:02:a9:49:c9:c7:44:60:fc:c9:86:ab:c7:e1:26:
                    db:f8:98:fc:a5:9e:92:48:ff:b9:0d:44:8c:00:5c:
                    ff:7a:5e:71:7d:21:62:00:1f:8a:e4:63:25:3b:ba:
                    aa:c9:0d:f4:c9:52:57:02:61:5d:6b:5c:21:04:77:
                    48:61:d3:36:f0:1d:1d:2e:5a:ec:90:9c:81:f1:22:
                    08:b9:b7:3d:20:57:42:80:58:c7:d3:12:16:82:86:
                    c3:95:4f:e9:89:7f:66:b7:e6:13:33:42:00:26:5f:
                    5f:00:b1:aa:ad:53:84:7c:ad:b8:46:d3:22:fc:c6:
                    57:ba:2b:ea:cf:ea:b9:23:1f:40:b8:22:23:73:78:
                    16:b3:ae:8b:4f:ab:56:b8:5a:14:a4:8f:db:4c:e9:
                    a4:cd:71:fc:b9:e5:c0:5e:89:33:ac:b8:7f:60:4d:
                    57:6a:33:8f:4d:01:c1:2b:50:f1:75:55:ae:9e:41:
                    ba:da:b0:88:5f:2d:f8:6c:8b:c8:49:75:cb:d6:73:
                    d7:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:BB:84:FD:7C:32:42:4C:0A:1C:37:37:62:64:85:3F:0B:B7:2D:58
            X509v3 Authority Key Identifier:
                keyid:D8:B9:2A:F4:4B:79:FC:0A:CF:64:10:3E:B5:FB:33:7A:91:EE:CD:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Lkq9Et5_ArPZBA-tfszepHuzZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/eac86b-6e91-4bbe-a203-67ac97118cac/1/CbuE_XwyQkwKHDc3YmSFPwu3LVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/eac86b-6e91-4bbe-a203-67ac97118cac/1/2Lkq9Et5_ArPZBA-tfszepHuzZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:55:4d:53:80:c7:7c:70:60:21:28:85:cd:2d:c3:76:c8:d5:
         23:3b:ae:ba:b7:5c:3d:ec:c7:51:c4:a9:55:de:11:9c:02:40:
         0b:87:9a:c8:5d:b3:a9:59:79:00:e4:00:41:f1:8c:c1:97:ec:
         7f:b0:99:0a:34:c6:d3:94:aa:62:fc:37:76:bd:9f:a4:a3:24:
         1c:7b:c5:c7:ff:ce:33:c8:d5:75:58:44:b3:8c:4f:d1:91:5d:
         90:31:98:0b:8b:40:61:4b:5e:af:4c:2f:ef:19:70:6c:35:72:
         54:b0:63:ee:89:94:2e:1d:b8:9a:88:29:bc:ca:91:74:ee:db:
         39:cf:83:e7:ce:49:3f:e9:4c:c6:f7:92:ec:72:0d:f6:dc:fe:
         36:ef:6d:45:ba:d9:40:0e:a8:bd:cc:b9:6f:14:29:97:e0:90:
         73:a0:f9:72:00:18:8d:e5:a2:70:19:22:a1:44:6e:2a:77:71:
         8c:07:a3:6f:e4:5b:c8:12:9c:a1:51:9c:77:28:c8:13:7a:c2:
         63:98:da:e0:80:65:72:43:e4:1e:e3:b3:09:88:a4:2d:2f:e0:
         44:95:a1:83:c2:ec:c8:67:0f:94:ba:78:62:2a:56:b5:03:c3:
         a0:6d:45:5a:69:f7:c3:ab:6b:1a:2c:96:2f:b2:b0:16:fc:bf:
         0c:87:41:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2+nvaCtRnCBbKCmzE37QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4YjkyYWY0NGI3OWZjMGFjZjY0MTAzZWI1ZmIzMzdhOTFl
ZWNkOWEwHhcNMjQwMTAxMTYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWJiODRmZDdjMzI0MjRjMGExYzM3Mzc2MjY0ODUzZjBiYjcyZDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlynYz/DihcwrX58QbpaKwSlWEhjW
MmQ19UXpjOp6K4mdAcyHFPP6Q/w0hyVNqk6VRGSyYBPp/KbYLwwoAqlJycdEYPzJ
hqvH4Sbb+Jj8pZ6SSP+5DUSMAFz/el5xfSFiAB+K5GMlO7qqyQ30yVJXAmFda1wh
BHdIYdM28B0dLlrskJyB8SIIubc9IFdCgFjH0xIWgobDlU/piX9mt+YTM0IAJl9f
ALGqrVOEfK24RtMi/MZXuivqz+q5Ix9AuCIjc3gWs66LT6tWuFoUpI/bTOmkzXH8
ueXAXokzrLh/YE1XajOPTQHBK1DxdVWunkG62rCIXy34bIvISXXL1nPX4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAm7hP18MkJMChw3N2JkhT8Lty1YMB8GA1UdIwQY
MBaAFNi5KvRLefwKz2QQPrX7M3qR7s2aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkxrcTlFdDVfQXJQWkJBLXRmc3plcEh1elpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9lYWM4NmItNmU5MS00YmJlLWEyMDMt
NjdhYzk3MTE4Y2FjLzEvQ2J1RV9Yd3lRa3dLSERjM1ltU0ZQd3UzTFZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9lYWM4NmItNmU5MS00YmJlLWEyMDMtNjdhYzk3MTE4Y2Fj
LzEvMkxrcTlFdDVfQXJQWkJBLXRmc3plcEh1elpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1+UMA0G
CSqGSIb3DQEBCwUAA4IBAQBDVU1TgMd8cGAhKIXNLcN2yNUjO666t1w97MdRxKlV
3hGcAkALh5rIXbOpWXkA5ABB8YzBl+x/sJkKNMbTlKpi/Dd2vZ+koyQce8XH/84z
yNV1WESzjE/RkV2QMZgLi0BhS16vTC/vGXBsNXJUsGPuiZQuHbiaiCm8ypF07ts5
z4Pnzkk/6UzG95Lscg323P42721FutlADqi9zLlvFCmX4JBzoPlyABiN5aJwGSKh
RG4qd3GMB6Nv5FvIEpyhUZx3KMgTesJjmNrggGVyQ+Qe47MJiKQtL+BElaGDwuzI
Zw+UunhiKla1A8OgbUVaaffDq2saLJYvsrAW/L8Mh0H8
-----END CERTIFICATE-----