Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/Y6Frgb86jilSF-PLpUtOe0SUWx8.roa
File:                     Y6Frgb86jilSF-PLpUtOe0SUWx8.roa (raw, json)
Hash identifier:          nNj1h8pX9W3qBMOXDk+6yHrUES9MQE/7o8xn8aDGgcQ=
Subject key identifier:   63:A1:6B:81:BF:3A:8E:29:52:17:E3:CB:A5:4B:4E:7B:44:94:5B:1F
Certificate issuer:       /CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
Certificate serial:       018CC4925142AE84C45E6D7E00FECD076F87
Authority key identifier: EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/Y6Frgb86jilSF-PLpUtOe0SUWx8.roa
Signing time:             Mon 01 Jan 2024 10:29:32 +0000
ROA not before:           Mon 01 Jan 2024 10:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197168
IP address blocks:        95.158.142.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:51:42:ae:84:c4:5e:6d:7e:00:fe:cd:07:6f:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
        Validity
            Not Before: Jan  1 10:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63a16b81bf3a8e295217e3cba54b4e7b44945b1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d5:1e:d5:01:25:1e:37:aa:38:3f:46:e4:79:
                    42:f7:e1:b1:f2:a6:05:13:03:5a:b4:8f:a2:42:39:
                    12:ec:b0:5d:ba:be:d4:a3:81:ae:c1:3f:45:91:50:
                    4d:0c:f0:40:4f:f7:11:13:e0:7e:e2:b2:57:9c:b9:
                    e1:b4:7b:47:1d:06:d4:25:d6:b3:b2:dd:dc:96:65:
                    89:57:db:13:1c:31:4b:79:43:07:c1:2b:e7:5d:21:
                    62:67:35:3d:a6:b5:cd:e3:60:f8:1b:77:6f:f5:30:
                    5f:68:bf:98:c2:5b:08:cb:69:07:89:fd:c6:00:99:
                    d5:0d:57:91:30:2a:0b:f6:16:4d:25:11:42:be:1d:
                    4a:f9:44:23:7c:ff:1c:ef:90:cb:9a:aa:01:fb:bc:
                    a0:7c:19:f5:93:ae:0b:43:9d:22:04:3a:bf:f3:ef:
                    05:2c:b0:1c:80:5e:df:10:35:d5:94:db:54:ab:cc:
                    da:86:d0:05:9c:e6:5f:7a:0d:cd:53:b1:f2:d3:a2:
                    bd:54:2a:18:0b:60:a5:85:d2:8f:70:e0:b4:0e:a0:
                    7b:14:df:08:9d:bd:6e:45:e9:a6:f0:4e:c0:8d:0d:
                    ce:12:23:d3:f3:63:5d:4b:c3:28:0e:7e:92:b6:31:
                    18:76:35:59:a3:ef:d3:db:68:71:88:71:6f:b0:0a:
                    ac:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:A1:6B:81:BF:3A:8E:29:52:17:E3:CB:A5:4B:4E:7B:44:94:5B:1F
            X509v3 Authority Key Identifier:
                keyid:EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/Y6Frgb86jilSF-PLpUtOe0SUWx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.158.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3a:f9:54:ef:f5:23:f5:28:c4:4a:38:5d:69:8c:bc:ee:f1:3d:
         59:9e:cf:98:ab:e5:d8:1e:7c:3a:26:87:ba:fe:8c:a4:ed:88:
         fd:6e:d8:b3:35:fc:c1:fe:3a:e1:af:91:9e:29:b4:94:17:54:
         aa:71:1b:5f:ac:56:5a:06:d7:23:22:d5:b4:0a:d3:9e:d3:c5:
         80:a9:ef:79:2b:12:5e:2b:ff:9c:08:89:26:87:c5:80:86:6c:
         a4:20:76:c8:5b:4b:73:26:5b:17:26:54:6d:c3:62:b2:50:b7:
         0b:4b:d4:fe:19:c9:8b:83:79:61:b2:6b:ca:37:27:4a:03:39:
         8c:17:79:61:a4:9d:70:8e:40:6e:27:db:c9:87:a1:a6:30:54:
         6f:5b:c0:91:e5:c2:be:21:dc:5c:0c:74:95:89:12:45:40:13:
         c9:51:27:4b:70:4e:ef:94:e1:0c:45:c3:fb:c8:e2:7e:f6:47:
         4d:a9:43:60:ba:d0:5a:fc:cb:e2:0f:1d:d8:b7:2b:69:02:b0:
         74:1e:96:cf:81:f6:e2:0d:62:fd:34:5d:5e:d8:2c:2d:53:45:
         91:b2:84:31:dd:65:c0:66:dd:ce:94:b8:fe:68:cf:27:c5:8c:
         45:83:1e:a4:7a:68:81:ba:1f:a1:f5:4e:50:f7:14:50:7f:16:
         f2:20:dc:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEklFCroTEXm1+AP7NB2+HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZWM5MDMwYzcwYTNkNDE5MmQ1OWMyOGRjYzhkNTQ3Njk0
MzQwYjMwHhcNMjQwMTAxMTAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2ExNmI4MWJmM2E4ZTI5NTIxN2UzY2JhNTRiNGU3YjQ0OTQ1YjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9Ue1QElHjeqOD9G5HlC9+Gx8qYF
EwNatI+iQjkS7LBdur7Uo4GuwT9FkVBNDPBAT/cRE+B+4rJXnLnhtHtHHQbUJdaz
st3clmWJV9sTHDFLeUMHwSvnXSFiZzU9prXN42D4G3dv9TBfaL+YwlsIy2kHif3G
AJnVDVeRMCoL9hZNJRFCvh1K+UQjfP8c75DLmqoB+7ygfBn1k64LQ50iBDq/8+8F
LLAcgF7fEDXVlNtUq8zahtAFnOZfeg3NU7Hy06K9VCoYC2ClhdKPcOC0DqB7FN8I
nb1uRemm8E7AjQ3OEiPT82NdS8MoDn6StjEYdjVZo+/T22hxiHFvsAqsZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGOha4G/Oo4pUhfjy6VLTntElFsfMB8GA1UdIwQY
MBaAFOvskDDHCj1BktWcKNzI1UdpQ0CzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQt
NGE2Zjg2ODMyNjVjLzEvWTZGcmdiODZqaWxTRi1QTHBVdE9lMFNVV3g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQtNGE2Zjg2ODMyNjVj
LzEvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBX56OMA0G
CSqGSIb3DQEBCwUAA4IBAQA6+VTv9SP1KMRKOF1pjLzu8T1Zns+Yq+XYHnw6Joe6
/oyk7Yj9btizNfzB/jrhr5GeKbSUF1SqcRtfrFZaBtcjItW0CtOe08WAqe95KxJe
K/+cCIkmh8WAhmykIHbIW0tzJlsXJlRtw2KyULcLS9T+GcmLg3lhsmvKNydKAzmM
F3lhpJ1wjkBuJ9vJh6GmMFRvW8CR5cK+IdxcDHSViRJFQBPJUSdLcE7vlOEMRcP7
yOJ+9kdNqUNgutBa/MviDx3YtytpArB0HpbPgfbiDWL9NF1e2CwtU0WRsoQx3WXA
Zt3OlLj+aM8nxYxFgx6kemiBuh+h9U5Q9xRQfxbyINw0
-----END CERTIFICATE-----