Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/4A02ozJJTsvpsFG_Q4Ob91VfUuw.roa
File:                     4A02ozJJTsvpsFG_Q4Ob91VfUuw.roa (raw, json)
Hash identifier:          ZqJmPBB4fDThliTZFs+y0JdBAKAYnenl+zyFP3XCD5c=
Subject key identifier:   E0:0D:36:A3:32:49:4E:CB:E9:B0:51:BF:43:83:9B:F7:55:5F:52:EC
Certificate issuer:       /CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
Certificate serial:       018CC4925258456203C0395EFF53B14A27F9
Authority key identifier: EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/4A02ozJJTsvpsFG_Q4Ob91VfUuw.roa
Signing time:             Mon 01 Jan 2024 10:29:32 +0000
ROA not before:           Mon 01 Jan 2024 10:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204448
IP address blocks:        80.95.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:52:58:45:62:03:c0:39:5e:ff:53:b1:4a:27:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
        Validity
            Not Before: Jan  1 10:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e00d36a332494ecbe9b051bf43839bf7555f52ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:bb:9b:cc:f1:a9:87:a6:0c:d1:5f:a0:d5:87:
                    8b:5a:a4:2c:51:de:fa:4a:e6:b8:14:9f:3e:4c:cd:
                    cf:a6:e4:b5:01:72:4a:53:d9:f4:ce:5e:80:df:9c:
                    8e:45:75:ba:a0:63:71:63:79:b6:c8:ca:dc:64:0d:
                    7a:c9:ae:f4:de:73:15:71:32:c7:f1:f2:ff:01:f8:
                    74:f4:71:ca:34:0f:ce:fe:14:c7:80:e8:16:a5:3d:
                    02:04:c6:b4:69:3f:8f:be:97:10:59:a4:18:28:fe:
                    dd:6e:85:60:3d:61:b1:f6:f6:9a:de:d5:32:40:a2:
                    a4:c8:cf:80:80:c1:e6:dd:34:b9:f6:1f:6d:7b:e1:
                    14:51:1b:6c:0c:5e:18:0a:ad:6d:f0:e5:91:a8:a5:
                    ee:62:f3:b2:65:3e:cc:dc:94:2b:a5:2c:10:43:5a:
                    94:03:d2:9c:3c:81:18:a5:b7:5e:be:18:03:7e:48:
                    06:77:a2:66:cf:43:9b:4a:27:af:21:8a:39:5b:a4:
                    a0:4a:5c:64:be:db:68:e8:90:e1:66:b1:9d:5e:f6:
                    06:ca:5b:62:b9:70:ee:57:f0:4c:18:0c:9e:26:64:
                    af:9f:e3:b5:f4:57:d4:79:3c:34:54:cd:6a:4a:5d:
                    5a:4c:26:fb:61:70:81:7e:ee:cb:1c:81:3a:e9:be:
                    70:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:0D:36:A3:32:49:4E:CB:E9:B0:51:BF:43:83:9B:F7:55:5F:52:EC
            X509v3 Authority Key Identifier:
                keyid:EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/4A02ozJJTsvpsFG_Q4Ob91VfUuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.95.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:a5:ba:c5:9e:30:09:ed:6e:3e:1d:88:85:af:34:b5:f5:fd:
         55:98:69:ad:9f:1f:b2:ed:d9:40:f4:ed:09:0c:27:fb:21:99:
         17:99:34:45:41:0c:cb:66:a2:64:06:96:53:1b:bd:a6:c5:85:
         a9:e9:a2:4c:9e:e6:17:d5:9b:b2:ca:e2:ce:5b:dc:e5:fb:5b:
         60:25:aa:2f:92:ea:f5:ab:38:37:9c:b7:65:26:d2:45:0d:e8:
         86:1a:4d:d7:c7:8d:15:01:9b:a5:10:9f:96:84:81:f5:53:eb:
         27:92:32:0b:4f:b6:ca:3d:a7:b3:0b:fa:18:00:bc:85:a7:d0:
         98:36:3e:3c:00:79:5e:1b:c4:1d:66:bf:e5:e4:b4:bb:6a:ec:
         08:47:7f:9d:e9:bb:c3:91:f6:43:4a:19:c2:cb:6b:d3:a6:b2:
         3b:e2:be:28:f8:a1:94:67:ed:e7:0b:bd:e1:cd:cd:b3:dc:57:
         ef:b0:a9:1f:d2:02:4e:9a:2d:29:39:f7:20:3a:bd:03:57:24:
         62:fb:09:6e:c8:a8:37:73:37:ad:db:36:7f:bc:09:6d:3d:48:
         27:4a:e0:2f:ff:0a:6a:88:01:74:d0:5f:86:bc:4f:f0:3c:5d:
         b6:ec:d5:90:ff:77:c1:12:96:c0:94:f6:09:12:9a:3a:10:e0:
         17:8d:e0:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEklJYRWIDwDle/1OxSif5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZWM5MDMwYzcwYTNkNDE5MmQ1OWMyOGRjYzhkNTQ3Njk0
MzQwYjMwHhcNMjQwMTAxMTAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDBkMzZhMzMyNDk0ZWNiZTliMDUxYmY0MzgzOWJmNzU1NWY1MmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk7ubzPGph6YM0V+g1YeLWqQsUd76
Sua4FJ8+TM3PpuS1AXJKU9n0zl6A35yORXW6oGNxY3m2yMrcZA16ya703nMVcTLH
8fL/Afh09HHKNA/O/hTHgOgWpT0CBMa0aT+PvpcQWaQYKP7dboVgPWGx9vaa3tUy
QKKkyM+AgMHm3TS59h9te+EUURtsDF4YCq1t8OWRqKXuYvOyZT7M3JQrpSwQQ1qU
A9KcPIEYpbdevhgDfkgGd6Jmz0ObSievIYo5W6SgSlxkvtto6JDhZrGdXvYGylti
uXDuV/BMGAyeJmSvn+O19FfUeTw0VM1qSl1aTCb7YXCBfu7LHIE66b5wjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOANNqMySU7L6bBRv0ODm/dVX1LsMB8GA1UdIwQY
MBaAFOvskDDHCj1BktWcKNzI1UdpQ0CzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQt
NGE2Zjg2ODMyNjVjLzEvNEEwMm96SkpUc3Zwc0ZHX1E0T2I5MVZmVXV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQtNGE2Zjg2ODMyNjVj
LzEvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUF8XMA0G
CSqGSIb3DQEBCwUAA4IBAQBVpbrFnjAJ7W4+HYiFrzS19f1VmGmtnx+y7dlA9O0J
DCf7IZkXmTRFQQzLZqJkBpZTG72mxYWp6aJMnuYX1ZuyyuLOW9zl+1tgJaovkur1
qzg3nLdlJtJFDeiGGk3Xx40VAZulEJ+WhIH1U+snkjILT7bKPaezC/oYALyFp9CY
Nj48AHleG8QdZr/l5LS7auwIR3+d6bvDkfZDShnCy2vTprI74r4o+KGUZ+3nC73h
zc2z3FfvsKkf0gJOmi0pOfcgOr0DVyRi+wluyKg3czet2zZ/vAltPUgnSuAv/wpq
iAF00F+GvE/wPF227NWQ/3fBEpbAlPYJEpo6EOAXjeAF
-----END CERTIFICATE-----