Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/4ee463-f0a8-4fdb-8c86-c4376273a2df/1/qr5OzRU3rTBB5qgau-pysqvZD3Q.roa
File:                     qr5OzRU3rTBB5qgau-pysqvZD3Q.roa (raw, json)
Hash identifier:          xVVoEovg2WqwuD9J2nahT5O4GWQz80js6OdjVgn2uNI=
Subject key identifier:   AA:BE:4E:CD:15:37:AD:30:41:E6:A8:1A:BB:EA:72:B2:AB:D9:0F:74
Certificate issuer:       /CN=1346e30276e0c603d0dee2f2d42fcd9a4415e256
Certificate serial:       018CC56EB487DCD1952569133A2E82676D56
Authority key identifier: 13:46:E3:02:76:E0:C6:03:D0:DE:E2:F2:D4:2F:CD:9A:44:15:E2:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E0bjAnbgxgPQ3uLy1C_NmkQV4lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/4ee463-f0a8-4fdb-8c86-c4376273a2df/1/qr5OzRU3rTBB5qgau-pysqvZD3Q.roa
Signing time:             Mon 01 Jan 2024 14:30:15 +0000
ROA not before:           Mon 01 Jan 2024 14:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33925
IP address blocks:        195.177.224.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/4ee463-f0a8-4fdb-8c86-c4376273a2df/1/E0bjAnbgxgPQ3uLy1C_NmkQV4lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/4ee463-f0a8-4fdb-8c86-c4376273a2df/1/E0bjAnbgxgPQ3uLy1C_NmkQV4lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E0bjAnbgxgPQ3uLy1C_NmkQV4lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:b4:87:dc:d1:95:25:69:13:3a:2e:82:67:6d:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1346e30276e0c603d0dee2f2d42fcd9a4415e256
        Validity
            Not Before: Jan  1 14:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aabe4ecd1537ad3041e6a81abbea72b2abd90f74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:5e:d8:6c:e5:bf:e3:ce:a5:8d:dd:17:01:ed:
                    db:63:48:22:84:cb:61:0d:b6:54:5d:b2:6e:e2:4d:
                    66:e5:c6:77:35:6f:e3:12:2f:8d:28:ad:81:2a:cc:
                    98:a3:7d:04:56:ed:d7:b5:03:42:51:5d:f3:cc:fc:
                    91:02:8f:d9:d4:d5:29:4c:54:11:02:1c:d7:27:e4:
                    e6:fa:ad:df:a3:e9:9f:e5:22:9a:a1:f7:ac:f1:43:
                    91:1b:c6:56:9a:88:f9:b2:a8:48:7c:42:51:58:57:
                    f0:d0:44:3a:28:c8:11:78:2c:6f:69:96:c9:a2:10:
                    54:36:7b:44:3b:bc:ec:6e:0a:99:06:46:45:06:70:
                    cb:a1:b0:78:09:43:db:09:f3:eb:75:ba:80:50:03:
                    13:ec:af:7e:92:9f:47:29:6a:26:3c:59:64:93:a2:
                    e5:b4:a9:c4:7f:32:a7:30:30:d2:1d:2e:21:68:71:
                    01:8d:c9:6b:83:56:d5:c5:17:90:a5:b6:c4:56:85:
                    92:c0:47:60:ba:41:08:c9:17:6a:3c:63:6b:00:f0:
                    fb:91:f1:d3:e5:02:79:3b:6f:22:56:35:65:de:47:
                    70:27:bc:37:cf:c5:50:0c:be:cc:80:ba:c3:25:1b:
                    c8:1d:00:91:13:a0:1e:2b:42:09:d5:95:9b:0e:cc:
                    b0:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:BE:4E:CD:15:37:AD:30:41:E6:A8:1A:BB:EA:72:B2:AB:D9:0F:74
            X509v3 Authority Key Identifier:
                keyid:13:46:E3:02:76:E0:C6:03:D0:DE:E2:F2:D4:2F:CD:9A:44:15:E2:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E0bjAnbgxgPQ3uLy1C_NmkQV4lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/4ee463-f0a8-4fdb-8c86-c4376273a2df/1/qr5OzRU3rTBB5qgau-pysqvZD3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/4ee463-f0a8-4fdb-8c86-c4376273a2df/1/E0bjAnbgxgPQ3uLy1C_NmkQV4lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.177.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:f5:5b:4c:0f:fe:95:02:c1:89:0f:fd:68:bb:8c:53:6b:3e:
         17:e7:12:6f:9e:f3:d6:96:fa:d0:9b:ed:32:eb:ee:48:66:d3:
         de:ec:ce:7b:b0:67:f1:33:68:7c:41:f2:46:c1:af:4d:f8:61:
         38:df:4b:01:c2:dc:6d:ee:80:51:27:67:89:95:20:ac:e8:29:
         2c:23:02:39:10:98:8b:d6:76:e2:37:0f:ea:91:c9:d6:95:7c:
         8e:67:30:89:03:a8:4c:44:d2:ab:91:bd:7a:75:81:b2:b1:05:
         64:cd:83:d3:a3:17:73:30:89:50:e8:d0:9f:3c:ba:71:f9:0f:
         5a:64:15:11:aa:24:0b:ad:45:9e:f8:8c:ae:95:57:f7:bc:4e:
         a4:48:d8:19:ba:c8:f1:d4:61:29:a3:ce:c6:f6:9d:cc:50:0d:
         a6:fb:8c:d0:3c:da:fa:1c:c6:fe:a8:fa:12:84:c4:b9:48:ce:
         28:74:84:39:2e:25:53:8f:f7:75:c8:fe:2a:bc:b6:fc:84:bc:
         32:86:97:b1:df:7d:af:fd:fd:98:5b:38:b9:2b:b5:2f:25:9c:
         6d:65:8f:66:2a:84:72:f3:f9:7e:c8:ba:d2:1b:a3:79:63:dd:
         40:c7:3a:60:7c:46:93:67:61:dc:1f:98:d0:11:7a:2e:0e:b2:
         a6:7b:6d:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbrSH3NGVJWkTOi6CZ21WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzNDZlMzAyNzZlMGM2MDNkMGRlZTJmMmQ0MmZjZDlhNDQx
NWUyNTYwHhcNMjQwMTAxMTQzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWJlNGVjZDE1MzdhZDMwNDFlNmE4MWFiYmVhNzJiMmFiZDkwZjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkV7YbOW/486ljd0XAe3bY0gihMth
DbZUXbJu4k1m5cZ3NW/jEi+NKK2BKsyYo30EVu3XtQNCUV3zzPyRAo/Z1NUpTFQR
AhzXJ+Tm+q3fo+mf5SKaofes8UORG8ZWmoj5sqhIfEJRWFfw0EQ6KMgReCxvaZbJ
ohBUNntEO7zsbgqZBkZFBnDLobB4CUPbCfPrdbqAUAMT7K9+kp9HKWomPFlkk6Ll
tKnEfzKnMDDSHS4haHEBjclrg1bVxReQpbbEVoWSwEdgukEIyRdqPGNrAPD7kfHT
5QJ5O28iVjVl3kdwJ7w3z8VQDL7MgLrDJRvIHQCRE6AeK0IJ1ZWbDsywFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKq+Ts0VN60wQeaoGrvqcrKr2Q90MB8GA1UdIwQY
MBaAFBNG4wJ24MYD0N7i8tQvzZpEFeJWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTBiakFuYmd4Z1BRM3VMeTFDX05ta1FWNGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy80ZWU0NjMtZjBhOC00ZmRiLThjODYt
YzQzNzYyNzNhMmRmLzEvcXI1T3pSVTNyVEJCNXFnYXUtcHlzcXZaRDNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy80ZWU0NjMtZjBhOC00ZmRiLThjODYtYzQzNzYyNzNhMmRm
LzEvRTBiakFuYmd4Z1BRM3VMeTFDX05ta1FWNGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7HgMA0G
CSqGSIb3DQEBCwUAA4IBAQBo9VtMD/6VAsGJD/1ou4xTaz4X5xJvnvPWlvrQm+0y
6+5IZtPe7M57sGfxM2h8QfJGwa9N+GE430sBwtxt7oBRJ2eJlSCs6CksIwI5EJiL
1nbiNw/qkcnWlXyOZzCJA6hMRNKrkb16dYGysQVkzYPToxdzMIlQ6NCfPLpx+Q9a
ZBURqiQLrUWe+IyulVf3vE6kSNgZusjx1GEpo87G9p3MUA2m+4zQPNr6HMb+qPoS
hMS5SM4odIQ5LiVTj/d1yP4qvLb8hLwyhpex332v/f2YWzi5K7UvJZxtZY9mKoRy
8/l+yLrSG6N5Y91AxzpgfEaTZ2HcH5jQEXouDrKme203
-----END CERTIFICATE-----