Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/608f6d-8cd1-499e-a518-5f15939e7680/1/5qOipuwyxGss5xBRdHV9bVRKsWY.roa
File:                     5qOipuwyxGss5xBRdHV9bVRKsWY.roa (raw, json)
Hash identifier:          ALkbJ4sXf6hgsvM6OHHMpQAbyCOVSIsYGD2NpOc4+q8=
Subject key identifier:   E6:A3:A2:A6:EC:32:C4:6B:2C:E7:10:51:74:75:7D:6D:54:4A:B1:66
Certificate issuer:       /CN=fa1de37bbc6c06420da626c0bb4d723231e93e84
Certificate serial:       018CC4934DF345D0B7B895527882BB8457D3
Authority key identifier: FA:1D:E3:7B:BC:6C:06:42:0D:A6:26:C0:BB:4D:72:32:31:E9:3E:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-h3je7xsBkINpibAu01yMjHpPoQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/608f6d-8cd1-499e-a518-5f15939e7680/1/5qOipuwyxGss5xBRdHV9bVRKsWY.roa
Signing time:             Mon 01 Jan 2024 10:30:37 +0000
ROA not before:           Mon 01 Jan 2024 10:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203167
IP address blocks:        195.88.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/608f6d-8cd1-499e-a518-5f15939e7680/1/1-h3je7xsBkINpibAu01yMjHpPoQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/608f6d-8cd1-499e-a518-5f15939e7680/1/1-h3je7xsBkINpibAu01yMjHpPoQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-h3je7xsBkINpibAu01yMjHpPoQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:4d:f3:45:d0:b7:b8:95:52:78:82:bb:84:57:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa1de37bbc6c06420da626c0bb4d723231e93e84
        Validity
            Not Before: Jan  1 10:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6a3a2a6ec32c46b2ce7105174757d6d544ab166
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:af:0e:53:9c:9c:d8:6b:91:f7:b3:b6:76:62:
                    83:b1:da:26:f4:c7:d6:1f:a4:7c:d5:fb:42:1e:fd:
                    3b:55:1e:c8:05:33:a5:d9:d9:da:dc:a1:c7:d7:c0:
                    b5:4d:a8:55:4e:02:04:51:34:d9:8d:28:24:d0:e4:
                    b2:71:7c:c7:89:46:7c:1c:35:90:ff:87:9a:fa:ae:
                    80:ac:bd:2d:29:3d:bd:08:65:12:e7:21:21:0c:8e:
                    e7:69:52:dc:75:c7:9e:74:fb:96:37:de:ba:db:93:
                    2f:29:03:43:4b:53:81:32:02:1c:ea:10:7b:e1:9b:
                    ed:67:6f:7d:d8:9a:5a:e0:0e:8c:bf:2e:9c:9c:96:
                    0a:ab:5a:f1:4a:1c:fe:4b:87:f9:ee:61:ab:32:1b:
                    d9:6b:1f:e4:b5:8c:78:77:fb:be:20:bd:4d:1b:fb:
                    d7:78:eb:26:24:05:db:c1:4a:9b:6d:de:52:a5:37:
                    1a:58:16:3e:f9:3e:27:46:18:6b:f6:56:8e:8e:3a:
                    dd:ec:1b:82:b9:66:2e:69:34:a1:1d:ea:79:f5:cc:
                    c3:9c:38:7c:64:e4:02:4a:a6:09:f1:70:45:14:6f:
                    a3:17:88:3d:cb:a4:a2:09:47:44:42:89:2f:ae:1e:
                    1d:b1:17:4d:e2:58:1c:80:33:aa:d9:a4:bb:81:cd:
                    42:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:A3:A2:A6:EC:32:C4:6B:2C:E7:10:51:74:75:7D:6D:54:4A:B1:66
            X509v3 Authority Key Identifier:
                keyid:FA:1D:E3:7B:BC:6C:06:42:0D:A6:26:C0:BB:4D:72:32:31:E9:3E:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-h3je7xsBkINpibAu01yMjHpPoQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/608f6d-8cd1-499e-a518-5f15939e7680/1/5qOipuwyxGss5xBRdHV9bVRKsWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/608f6d-8cd1-499e-a518-5f15939e7680/1/1-h3je7xsBkINpibAu01yMjHpPoQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:15:97:73:af:8c:67:13:7d:87:5e:74:15:28:62:f7:98:75:
         85:f8:3a:64:16:f8:c2:73:41:4e:8d:34:68:8a:7f:c8:58:28:
         88:a5:e7:03:98:f8:92:12:6f:9f:c2:fa:bc:09:1b:36:ae:e6:
         75:7b:0f:c0:cb:7b:96:6c:5a:d6:ef:cd:9b:72:b7:19:09:23:
         b2:1f:48:3a:2e:bc:52:de:a8:43:d5:d3:77:93:97:52:e5:8c:
         32:71:3f:f1:56:9c:c3:cf:27:41:5a:4c:5e:85:70:d0:f2:d0:
         5c:ca:a3:45:23:b6:57:08:1c:89:fe:e2:0b:ec:68:d7:c4:e5:
         ae:1a:80:07:39:4a:aa:eb:e3:27:92:d4:fb:b2:d4:9f:3a:be:
         71:b4:6c:a2:e0:c8:92:02:ab:f2:39:90:7a:07:b4:fa:56:0f:
         7f:6f:7a:a1:12:72:83:56:44:ec:86:f5:60:5c:b4:5b:fb:a4:
         32:2d:10:08:3b:bb:bd:70:20:16:f1:49:07:24:9b:45:98:cd:
         a0:66:ac:67:72:10:83:9d:12:8e:49:f1:bc:7b:40:62:5f:ce:
         83:9a:5f:1b:ed:2a:7b:70:5a:bb:b8:2e:2c:87:0c:69:80:21:
         00:9f:e8:d0:ac:e9:67:b0:fd:63:c1:63:c1:2d:e7:10:ac:7c:
         64:51:97:84
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEk03zRdC3uJVSeIK7hFfTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhMWRlMzdiYmM2YzA2NDIwZGE2MjZjMGJiNGQ3MjMyMzFl
OTNlODQwHhcNMjQwMTAxMTAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmEzYTJhNmVjMzJjNDZiMmNlNzEwNTE3NDc1N2Q2ZDU0NGFiMTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi68OU5yc2GuR97O2dmKDsdom9MfW
H6R81ftCHv07VR7IBTOl2dna3KHH18C1TahVTgIEUTTZjSgk0OSycXzHiUZ8HDWQ
/4ea+q6ArL0tKT29CGUS5yEhDI7naVLcdceedPuWN96625MvKQNDS1OBMgIc6hB7
4ZvtZ2992Jpa4A6Mvy6cnJYKq1rxShz+S4f57mGrMhvZax/ktYx4d/u+IL1NG/vX
eOsmJAXbwUqbbd5SpTcaWBY++T4nRhhr9laOjjrd7BuCuWYuaTShHep59czDnDh8
ZOQCSqYJ8XBFFG+jF4g9y6SiCUdEQokvrh4dsRdN4lgcgDOq2aS7gc1C4wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOajoqbsMsRrLOcQUXR1fW1USrFmMB8GA1UdIwQY
MBaAFPod43u8bAZCDaYmwLtNcjIx6T6EMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1oM2plN3hzQmtJTnBpYkF1MDF5TWpIcFBvUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWMvNjA4ZjZkLThjZDEtNDk5ZS1hNTE4
LTVmMTU5MzllNzY4MC8xLzVxT2lwdXd5eEdzczV4QlJkSFY5YlZSS3NXWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYWMvNjA4ZjZkLThjZDEtNDk5ZS1hNTE4LTVmMTU5MzllNzY4
MC8xLzEtaDNqZTd4c0JrSU5waWJBdTAxeU1qSHBQb1EuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDWMUw
DQYJKoZIhvcNAQELBQADggEBAEIVl3OvjGcTfYdedBUoYveYdYX4OmQW+MJzQU6N
NGiKf8hYKIil5wOY+JISb5/C+rwJGzau5nV7D8DLe5ZsWtbvzZtytxkJI7IfSDou
vFLeqEPV03eTl1LljDJxP/FWnMPPJ0FaTF6FcNDy0FzKo0UjtlcIHIn+4gvsaNfE
5a4agAc5Sqrr4yeS1Puy1J86vnG0bKLgyJICq/I5kHoHtPpWD39veqEScoNWROyG
9WBctFv7pDItEAg7u71wIBbxSQckm0WYzaBmrGdyEIOdEo5J8bx7QGJfzoOaXxvt
KntwWru4LiyHDGmAIQCf6NCs6Wew/WPBY8Et5xCsfGRRl4Q=
-----END CERTIFICATE-----