Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/c0ad4d-20fe-4a93-af06-1d0a4ec827ab/1/KpBTMl57rGzzcu0w512EyPOVbtM.roa
File:                     KpBTMl57rGzzcu0w512EyPOVbtM.roa (raw, json)
Hash identifier:          hvS7r36Dcgot/8hP6uJBRpsVTGb9vM2YKt97fIxWbhM=
Subject key identifier:   2A:90:53:32:5E:7B:AC:6C:F3:72:ED:30:E7:5D:84:C8:F3:95:6E:D3
Certificate issuer:       /CN=abc113c7aea6b714a060e9f7c3e71569e603d395
Certificate serial:       018CC4254FD0E27ACF914C3428AC461726C4
Authority key identifier: AB:C1:13:C7:AE:A6:B7:14:A0:60:E9:F7:C3:E7:15:69:E6:03:D3:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q8ETx66mtxSgYOn3w-cVaeYD05U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/c0ad4d-20fe-4a93-af06-1d0a4ec827ab/1/KpBTMl57rGzzcu0w512EyPOVbtM.roa
Signing time:             Mon 01 Jan 2024 08:30:28 +0000
ROA not before:           Mon 01 Jan 2024 08:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50413
IP address blocks:        195.78.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/c0ad4d-20fe-4a93-af06-1d0a4ec827ab/1/q8ETx66mtxSgYOn3w-cVaeYD05U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/c0ad4d-20fe-4a93-af06-1d0a4ec827ab/1/q8ETx66mtxSgYOn3w-cVaeYD05U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q8ETx66mtxSgYOn3w-cVaeYD05U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:4f:d0:e2:7a:cf:91:4c:34:28:ac:46:17:26:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abc113c7aea6b714a060e9f7c3e71569e603d395
        Validity
            Not Before: Jan  1 08:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a9053325e7bac6cf372ed30e75d84c8f3956ed3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:86:60:38:66:59:d3:34:77:3e:19:c1:9b:57:
                    6b:76:a8:5e:d6:40:8d:25:8f:cb:e7:96:9c:e4:60:
                    1c:df:d7:14:f6:6a:c1:86:ae:0d:b3:0e:98:d9:70:
                    1b:e7:b2:bb:b8:b1:0c:ed:af:1c:05:22:4b:cb:95:
                    5c:10:7e:1d:91:85:92:17:c6:ee:2a:7a:92:a6:b2:
                    5f:49:15:10:b8:6b:5b:97:00:e0:0c:ff:a8:98:44:
                    dd:b7:3b:17:c6:d5:56:4e:8e:29:97:e1:5a:a3:34:
                    90:41:26:d0:55:02:4e:4c:ec:a5:67:d9:13:74:d6:
                    7a:90:a5:28:4a:9c:18:c8:fd:d3:5a:0a:88:de:9c:
                    71:59:0d:e8:b6:fd:09:75:a6:b2:9e:7e:e8:51:d6:
                    6d:27:2b:68:73:9a:d4:34:9f:1b:f5:74:10:ca:cb:
                    8a:b9:ac:dd:bd:6c:9f:3c:1d:f0:a0:03:89:2b:4b:
                    30:bd:1d:b9:36:ca:34:ac:86:f3:83:33:52:5b:0b:
                    d9:2d:3d:e8:c3:10:3d:bb:b4:ee:31:33:4f:d1:8f:
                    9e:b0:e4:b4:9f:b7:17:a7:38:6f:2d:f7:d4:e0:0b:
                    da:92:3f:35:c3:ac:6d:ad:96:68:0b:26:21:20:f2:
                    d2:30:ed:22:c0:fc:2c:7b:cb:30:5d:78:41:85:57:
                    b0:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:90:53:32:5E:7B:AC:6C:F3:72:ED:30:E7:5D:84:C8:F3:95:6E:D3
            X509v3 Authority Key Identifier:
                keyid:AB:C1:13:C7:AE:A6:B7:14:A0:60:E9:F7:C3:E7:15:69:E6:03:D3:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q8ETx66mtxSgYOn3w-cVaeYD05U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/c0ad4d-20fe-4a93-af06-1d0a4ec827ab/1/KpBTMl57rGzzcu0w512EyPOVbtM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/c0ad4d-20fe-4a93-af06-1d0a4ec827ab/1/q8ETx66mtxSgYOn3w-cVaeYD05U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.78.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:52:d4:57:33:68:11:c0:b3:60:80:66:eb:c4:8c:49:ca:dc:
         84:9e:99:73:97:3f:58:5d:ff:79:cb:a1:73:f4:fb:05:1a:70:
         92:88:e6:ea:e1:60:d6:8e:f3:ce:61:f6:ea:fa:e9:75:ec:df:
         49:be:61:9d:05:ec:70:69:b9:eb:fb:42:1c:cd:b0:ca:a0:e4:
         c1:b7:c1:45:0d:9d:bb:0d:c3:f5:3e:e4:3b:5e:a2:bf:b2:1d:
         58:62:95:83:a9:76:47:77:09:10:0b:ca:70:23:96:64:0a:b4:
         c5:ac:ea:93:7a:97:1d:9f:f8:a9:52:92:ae:c5:67:5d:1e:f0:
         db:bb:30:7a:1e:7e:be:ca:59:11:d3:be:23:2a:ee:8e:8f:bb:
         81:17:6b:5c:a6:8e:56:58:3c:c7:17:2b:71:8b:2a:56:db:a2:
         68:e7:93:3a:3f:f5:c8:3f:de:b1:0b:d3:cf:7f:99:08:71:0e:
         05:f7:73:1f:73:ed:52:06:80:3b:49:34:ee:a2:89:0d:c4:3a:
         b9:e6:4b:49:b5:d0:ce:ed:94:e0:46:bd:02:cf:d0:d3:64:00:
         9f:20:b3:e1:3a:b9:88:d0:52:f2:8d:cb:69:98:38:3f:c3:a7:
         6e:53:58:c6:af:86:da:bb:e8:73:be:a0:1b:2e:86:d9:9a:a8:
         01:9e:a6:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJU/Q4nrPkUw0KKxGFybEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYzExM2M3YWVhNmI3MTRhMDYwZTlmN2MzZTcxNTY5ZTYw
M2QzOTUwHhcNMjQwMTAxMDgzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTkwNTMzMjVlN2JhYzZjZjM3MmVkMzBlNzVkODRjOGYzOTU2ZWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4ZgOGZZ0zR3PhnBm1drdqhe1kCN
JY/L55ac5GAc39cU9mrBhq4Nsw6Y2XAb57K7uLEM7a8cBSJLy5VcEH4dkYWSF8bu
KnqSprJfSRUQuGtblwDgDP+omETdtzsXxtVWTo4pl+FaozSQQSbQVQJOTOylZ9kT
dNZ6kKUoSpwYyP3TWgqI3pxxWQ3otv0Jdaaynn7oUdZtJytoc5rUNJ8b9XQQysuK
uazdvWyfPB3woAOJK0swvR25Nso0rIbzgzNSWwvZLT3owxA9u7TuMTNP0Y+esOS0
n7cXpzhvLffU4Avakj81w6xtrZZoCyYhIPLSMO0iwPwse8swXXhBhVewjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqQUzJee6xs83LtMOddhMjzlW7TMB8GA1UdIwQY
MBaAFKvBE8euprcUoGDp98PnFWnmA9OVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcThFVHg2Nm10eFNnWU9uM3ctY1ZhZVlEMDVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9jMGFkNGQtMjBmZS00YTkzLWFmMDYt
MWQwYTRlYzgyN2FiLzEvS3BCVE1sNTdyR3p6Y3UwdzUxMkV5UE9WYnRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9jMGFkNGQtMjBmZS00YTkzLWFmMDYtMWQwYTRlYzgyN2Fi
LzEvcThFVHg2Nm10eFNnWU9uM3ctY1ZhZVlEMDVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw05rMA0G
CSqGSIb3DQEBCwUAA4IBAQBuUtRXM2gRwLNggGbrxIxJytyEnplzlz9YXf95y6Fz
9PsFGnCSiObq4WDWjvPOYfbq+ul17N9JvmGdBexwabnr+0IczbDKoOTBt8FFDZ27
DcP1PuQ7XqK/sh1YYpWDqXZHdwkQC8pwI5ZkCrTFrOqTepcdn/ipUpKuxWddHvDb
uzB6Hn6+ylkR074jKu6Oj7uBF2tcpo5WWDzHFytxiypW26Jo55M6P/XIP96xC9PP
f5kIcQ4F93Mfc+1SBoA7STTuookNxDq55ktJtdDO7ZTgRr0Cz9DTZACfILPhOrmI
0FLyjctpmDg/w6duU1jGr4bau+hzvqAbLobZmqgBnqb8
-----END CERTIFICATE-----