Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/9vkUHktPUPIpPg4MJ8PrOkcVEoQ.roa
File:                     9vkUHktPUPIpPg4MJ8PrOkcVEoQ.roa (raw, json)
Hash identifier:          BnBUJaQmDXnw4zkMl7jV+/P/CD6+RR11yKypKihVKGI=
Subject key identifier:   F6:F9:14:1E:4B:4F:50:F2:29:3E:0E:0C:27:C3:EB:3A:47:15:12:84
Certificate issuer:       /CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
Certificate serial:       018CC64A038AF01701D0FDB9B4090432C6D5
Authority key identifier: B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/9vkUHktPUPIpPg4MJ8PrOkcVEoQ.roa
Signing time:             Mon 01 Jan 2024 18:29:48 +0000
ROA not before:           Mon 01 Jan 2024 18:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6789
IP address blocks:        95.140.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:03:8a:f0:17:01:d0:fd:b9:b4:09:04:32:c6:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
        Validity
            Not Before: Jan  1 18:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6f9141e4b4f50f2293e0e0c27c3eb3a47151284
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:af:25:24:d4:6a:a8:09:4c:6c:74:0d:e1:3e:
                    a8:51:a9:56:d0:da:b5:46:0a:29:29:0a:9d:85:ec:
                    f5:fe:5d:a9:2e:19:08:fc:e9:3b:41:ae:30:1f:19:
                    9c:89:81:98:f3:9e:a0:fa:05:b2:40:4d:3d:43:f7:
                    95:54:fd:bb:0c:d0:7e:27:75:58:c5:4a:3b:be:75:
                    5a:e7:50:24:5f:cb:9e:a0:93:d6:8c:09:0b:51:ad:
                    45:ba:5f:37:aa:64:1f:52:fd:be:e0:58:a8:59:c6:
                    77:67:71:cf:0c:d3:21:9e:ba:33:79:e6:8c:90:60:
                    e5:ff:22:bc:d0:fa:22:db:db:ab:f7:64:14:cb:5d:
                    f6:b4:cb:77:0d:e5:e2:15:37:0b:3a:b2:15:a0:52:
                    72:d1:fa:29:33:0b:be:c8:7f:54:29:7e:49:f2:b0:
                    12:90:7a:b9:16:54:41:34:9a:c0:7f:3b:87:c9:b7:
                    6a:1d:dc:95:a0:f2:4c:cd:7e:f7:84:e3:0d:dc:a2:
                    36:4b:e0:2e:b7:08:78:85:ac:ff:20:1f:b3:f7:ef:
                    39:3a:55:fa:6b:ce:cc:22:ea:f7:35:2b:1d:ae:44:
                    d8:c1:ec:ba:8d:e6:83:b8:44:4f:f6:27:da:87:df:
                    2d:2a:d8:e9:98:5e:55:c9:0b:92:d5:eb:10:b1:e6:
                    c5:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:F9:14:1E:4B:4F:50:F2:29:3E:0E:0C:27:C3:EB:3A:47:15:12:84
            X509v3 Authority Key Identifier:
                keyid:B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/9vkUHktPUPIpPg4MJ8PrOkcVEoQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.140.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:fa:ac:38:9c:cf:fa:90:c6:8b:37:96:dd:8e:a6:74:8b:2c:
         57:d4:11:9e:06:b8:1a:3c:1c:dd:ae:55:de:3c:84:55:3d:4c:
         38:46:a3:8c:c8:9f:a9:80:86:08:13:a7:0f:5d:4d:53:c8:e1:
         37:89:aa:b3:e3:cf:25:1d:80:23:e2:21:19:3e:b0:4c:f9:40:
         69:90:f9:ea:5f:46:8c:1a:03:36:68:78:09:e2:a4:79:52:8c:
         e0:67:83:02:47:df:de:b4:b6:ac:4d:b1:94:ef:0b:bd:ad:f5:
         29:36:83:54:86:2c:34:a2:2c:60:2c:be:70:f9:a6:ee:b9:7d:
         48:ea:7c:84:03:40:84:59:52:28:b0:a4:21:6a:86:cf:43:a6:
         81:50:88:94:b1:b9:42:75:4b:e9:64:11:00:f2:a8:f0:ec:76:
         da:14:58:ac:01:16:82:d2:fa:48:47:f7:68:66:2b:bf:35:a6:
         95:37:0a:15:ca:04:12:53:76:32:92:73:09:20:0a:fb:d3:bd:
         9e:72:67:40:3c:67:c6:24:86:57:0d:c2:d6:11:af:2b:f6:7e:
         4f:f6:00:82:f5:3f:e7:e8:17:d1:b4:a7:a3:db:c2:ae:8f:c0:
         7d:f9:92:7f:90:9b:07:2f:ea:2a:bc:69:79:cc:b4:04:d1:62:
         68:ad:6b:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSgOK8BcB0P25tAkEMsbVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZWE4OTM2ZjhlNTMwNjNiNGIzYmRmMGYzYjE1YjJhZTY2
N2VmMTMwHhcNMjQwMTAxMTgyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmY5MTQxZTRiNGY1MGYyMjkzZTBlMGMyN2MzZWIzYTQ3MTUxMjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyK8lJNRqqAlMbHQN4T6oUalW0Nq1
RgopKQqdhez1/l2pLhkI/Ok7Qa4wHxmciYGY856g+gWyQE09Q/eVVP27DNB+J3VY
xUo7vnVa51AkX8ueoJPWjAkLUa1Ful83qmQfUv2+4FioWcZ3Z3HPDNMhnrozeeaM
kGDl/yK80Poi29ur92QUy132tMt3DeXiFTcLOrIVoFJy0fopMwu+yH9UKX5J8rAS
kHq5FlRBNJrAfzuHybdqHdyVoPJMzX73hOMN3KI2S+Autwh4haz/IB+z9+85OlX6
a87MIur3NSsdrkTYwey6jeaDuERP9ifah98tKtjpmF5VyQuS1esQsebFgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPb5FB5LT1DyKT4ODCfD6zpHFRKEMB8GA1UdIwQY
MBaAFLnqiTb45TBjtLO98POxWyrmZ+8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEt
YjI1MDk5N2ZjNzVkLzEvOXZrVUhrdFBVUElwUGc0TUo4UHJPa2NWRW9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEtYjI1MDk5N2ZjNzVk
LzEvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4yXMA0G
CSqGSIb3DQEBCwUAA4IBAQBZ+qw4nM/6kMaLN5bdjqZ0iyxX1BGeBrgaPBzdrlXe
PIRVPUw4RqOMyJ+pgIYIE6cPXU1TyOE3iaqz488lHYAj4iEZPrBM+UBpkPnqX0aM
GgM2aHgJ4qR5UozgZ4MCR9/etLasTbGU7wu9rfUpNoNUhiw0oixgLL5w+abuuX1I
6nyEA0CEWVIosKQhaobPQ6aBUIiUsblCdUvpZBEA8qjw7HbaFFisARaC0vpIR/do
Ziu/NaaVNwoVygQSU3YyknMJIAr7072ecmdAPGfGJIZXDcLWEa8r9n5P9gCC9T/n
6BfRtKej28Kuj8B9+ZJ/kJsHL+oqvGl5zLQE0WJorWs/
-----END CERTIFICATE-----