Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/0f25b7-4f81-4f41-a162-086c16f736b1/1/DCS5XTDQLTlv8-5ENuEqgofCiv0.roa
File:                     DCS5XTDQLTlv8-5ENuEqgofCiv0.roa (raw, json)
Hash identifier:          ogd9yCiGO4Tjj8ljesUzdTGS8Y9LEs+02ENvXtCPLeg=
Subject key identifier:   0C:24:B9:5D:30:D0:2D:39:6F:F3:EE:44:36:E1:2A:82:87:C2:8A:FD
Certificate issuer:       /CN=1f4af2b479815f07cd82e9f82bab2fea13fb21b1
Certificate serial:       018CC5DC264EA8D55F74B8BABF6C1BA7DF37
Authority key identifier: 1F:4A:F2:B4:79:81:5F:07:CD:82:E9:F8:2B:AB:2F:EA:13:FB:21:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0rytHmBXwfNgun4K6sv6hP7IbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/0f25b7-4f81-4f41-a162-086c16f736b1/1/DCS5XTDQLTlv8-5ENuEqgofCiv0.roa
Signing time:             Mon 01 Jan 2024 16:29:48 +0000
ROA not before:           Mon 01 Jan 2024 16:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33915
IP address blocks:        195.130.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/0f25b7-4f81-4f41-a162-086c16f736b1/1/H0rytHmBXwfNgun4K6sv6hP7IbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/0f25b7-4f81-4f41-a162-086c16f736b1/1/H0rytHmBXwfNgun4K6sv6hP7IbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0rytHmBXwfNgun4K6sv6hP7IbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:26:4e:a8:d5:5f:74:b8:ba:bf:6c:1b:a7:df:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4af2b479815f07cd82e9f82bab2fea13fb21b1
        Validity
            Not Before: Jan  1 16:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c24b95d30d02d396ff3ee4436e12a8287c28afd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f7:1d:fd:90:3d:30:9c:a8:5d:96:a6:97:f5:
                    75:cd:f5:23:fb:53:bf:b6:dc:1b:a1:5e:62:a8:ab:
                    98:bd:47:50:50:74:7a:63:01:f7:de:31:f6:63:02:
                    a0:c3:5f:19:81:c0:9a:30:21:48:a6:57:ae:40:de:
                    bf:ac:0e:c4:ea:ce:eb:14:c9:5f:fc:60:e7:53:e0:
                    6c:3c:25:d4:d2:9b:68:49:00:63:a1:40:e0:02:06:
                    02:cb:78:54:81:81:31:35:8c:f3:04:34:fe:3a:d3:
                    ed:03:23:8c:e2:54:e5:71:6c:92:86:75:c4:a2:c6:
                    a8:5a:37:d5:1c:c5:3b:a4:04:c7:5f:01:27:4d:d8:
                    d7:71:6a:c8:83:99:56:0b:2f:41:db:5f:98:67:9f:
                    7e:13:a2:7d:f8:7c:6e:b7:c8:f4:43:fa:d9:27:e9:
                    ee:19:2c:6f:af:cc:74:f9:85:27:32:02:b0:f1:10:
                    8f:06:cd:3d:d5:39:d4:e2:69:8f:54:37:4f:33:2b:
                    95:25:2d:0d:4b:1b:b0:af:d7:2c:22:8a:ad:1e:5e:
                    5f:f3:b8:87:09:66:c8:c3:58:13:11:82:d2:bc:4a:
                    4d:42:9e:ff:1d:b0:02:b8:6f:60:a9:9f:72:19:5a:
                    11:7a:00:1c:80:17:e9:c1:68:23:1d:9a:8a:15:dd:
                    7b:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:24:B9:5D:30:D0:2D:39:6F:F3:EE:44:36:E1:2A:82:87:C2:8A:FD
            X509v3 Authority Key Identifier:
                keyid:1F:4A:F2:B4:79:81:5F:07:CD:82:E9:F8:2B:AB:2F:EA:13:FB:21:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0rytHmBXwfNgun4K6sv6hP7IbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/0f25b7-4f81-4f41-a162-086c16f736b1/1/DCS5XTDQLTlv8-5ENuEqgofCiv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/0f25b7-4f81-4f41-a162-086c16f736b1/1/H0rytHmBXwfNgun4K6sv6hP7IbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.130.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:2c:30:2e:df:29:45:17:13:d2:75:73:4b:c3:f7:11:4e:b8:
         8f:20:ea:35:91:dc:fc:98:e0:3c:57:37:69:c5:5b:dd:cb:7e:
         98:e1:ce:d3:10:dc:2d:47:19:14:cf:c2:59:74:4b:82:17:de:
         1f:b5:0a:ee:32:b0:84:e0:d8:55:13:6a:57:15:fb:2c:39:d7:
         bc:9e:4e:7d:10:51:fb:a4:bc:ac:26:5c:6a:9f:7d:69:3b:46:
         75:1e:ea:44:b8:d8:a7:81:3b:7b:b0:a3:f7:28:b0:ba:66:11:
         1d:4e:02:c8:0a:87:0f:09:79:3e:02:0f:64:f8:02:51:30:a9:
         86:ab:c3:82:88:37:0f:db:b6:2a:81:c7:b2:ce:e3:90:f2:5d:
         0f:8b:08:3e:50:b3:94:2e:23:f9:51:8a:90:4e:4c:61:d0:d5:
         ad:d2:ab:32:ce:ff:54:59:2d:6e:1b:64:af:15:f2:9a:17:8b:
         89:e8:4d:fe:54:1c:ef:e8:96:1a:7a:f3:f3:0d:e7:16:61:6c:
         33:a4:f1:78:86:41:f6:bf:d4:5a:9a:d7:f3:a7:46:f1:9d:b8:
         24:a6:a8:cf:c0:26:a5:72:ef:21:d4:8a:28:36:43:39:ec:2e:
         94:7c:a7:ea:c0:27:c1:47:2a:4d:af:19:12:9f:f5:09:55:19:
         98:36:68:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CZOqNVfdLi6v2wbp983MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNGFmMmI0Nzk4MTVmMDdjZDgyZTlmODJiYWIyZmVhMTNm
YjIxYjEwHhcNMjQwMTAxMTYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzI0Yjk1ZDMwZDAyZDM5NmZmM2VlNDQzNmUxMmE4Mjg3YzI4YWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvcd/ZA9MJyoXZaml/V1zfUj+1O/
ttwboV5iqKuYvUdQUHR6YwH33jH2YwKgw18ZgcCaMCFIpleuQN6/rA7E6s7rFMlf
/GDnU+BsPCXU0ptoSQBjoUDgAgYCy3hUgYExNYzzBDT+OtPtAyOM4lTlcWyShnXE
osaoWjfVHMU7pATHXwEnTdjXcWrIg5lWCy9B21+YZ59+E6J9+Hxut8j0Q/rZJ+nu
GSxvr8x0+YUnMgKw8RCPBs091TnU4mmPVDdPMyuVJS0NSxuwr9csIoqtHl5f87iH
CWbIw1gTEYLSvEpNQp7/HbACuG9gqZ9yGVoRegAcgBfpwWgjHZqKFd17zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAwkuV0w0C05b/PuRDbhKoKHwor9MB8GA1UdIwQY
MBaAFB9K8rR5gV8HzYLp+CurL+oT+yGxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDByeXRIbUJYd2ZOZ3VuNEs2c3Y2aFA3SWJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8wZjI1YjctNGY4MS00ZjQxLWExNjIt
MDg2YzE2ZjczNmIxLzEvRENTNVhURFFMVGx2OC01RU51RXFnb2ZDaXYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8wZjI1YjctNGY4MS00ZjQxLWExNjItMDg2YzE2ZjczNmIx
LzEvSDByeXRIbUJYd2ZOZ3VuNEs2c3Y2aFA3SWJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4LfMA0G
CSqGSIb3DQEBCwUAA4IBAQAqLDAu3ylFFxPSdXNLw/cRTriPIOo1kdz8mOA8Vzdp
xVvdy36Y4c7TENwtRxkUz8JZdEuCF94ftQruMrCE4NhVE2pXFfssOde8nk59EFH7
pLysJlxqn31pO0Z1HupEuNingTt7sKP3KLC6ZhEdTgLICocPCXk+Ag9k+AJRMKmG
q8OCiDcP27YqgceyzuOQ8l0Piwg+ULOULiP5UYqQTkxh0NWt0qsyzv9UWS1uG2Sv
FfKaF4uJ6E3+VBzv6JYaevPzDecWYWwzpPF4hkH2v9Ramtfzp0bxnbgkpqjPwCal
cu8h1IooNkM57C6UfKfqwCfBRypNrxkSn/UJVRmYNmgD
-----END CERTIFICATE-----