Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/o_no3uPzC_QLtG8YXLXOUH64mCg.roa
File:                     o_no3uPzC_QLtG8YXLXOUH64mCg.roa (raw, json)
Hash identifier:          mgyNkd+RIY4aUEgudP424q1GOIjFVBtk1u6xPY8kacA=
Subject key identifier:   A3:F9:E8:DE:E3:F3:0B:F4:0B:B4:6F:18:5C:B5:CE:50:7E:B8:98:28
Certificate issuer:       /CN=7ec5d4828dc34199ef717cc03a48a0074c1443b8
Certificate serial:       018CC5DCF51C1D0BA643E3D4FF04DED5A1FE
Authority key identifier: 7E:C5:D4:82:8D:C3:41:99:EF:71:7C:C0:3A:48:A0:07:4C:14:43:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fsXUgo3DQZnvcXzAOkigB0wUQ7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/o_no3uPzC_QLtG8YXLXOUH64mCg.roa
Signing time:             Mon 01 Jan 2024 16:30:41 +0000
ROA not before:           Mon 01 Jan 2024 16:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39071
IP address blocks:        195.66.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/fsXUgo3DQZnvcXzAOkigB0wUQ7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/fsXUgo3DQZnvcXzAOkigB0wUQ7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fsXUgo3DQZnvcXzAOkigB0wUQ7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:f5:1c:1d:0b:a6:43:e3:d4:ff:04:de:d5:a1:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ec5d4828dc34199ef717cc03a48a0074c1443b8
        Validity
            Not Before: Jan  1 16:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3f9e8dee3f30bf40bb46f185cb5ce507eb89828
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:15:04:69:4a:c5:81:73:33:23:05:b3:33:c2:
                    ac:9a:56:a8:f6:19:5d:2a:1b:5e:ee:a1:9b:99:a4:
                    34:55:c6:07:8d:ae:ba:fd:d8:ce:44:b8:d2:70:c4:
                    7a:3a:c9:71:be:04:77:6c:e8:bf:f1:f0:ea:68:a5:
                    85:e1:a7:24:2f:0f:0b:9c:c7:9b:01:9d:8d:8e:91:
                    d0:fc:35:4a:9c:31:ca:ba:21:e1:00:3d:88:84:2c:
                    45:97:4e:75:c7:6b:5f:a6:c4:ad:e2:bf:b9:f9:a2:
                    07:dc:6b:18:07:f2:29:89:61:49:35:49:7e:c2:bf:
                    4f:b4:ad:53:c4:7d:77:81:75:4b:dd:5f:cd:36:68:
                    9f:19:64:c7:93:81:d6:99:61:37:6c:e3:22:db:3f:
                    67:09:96:06:4a:ce:d0:8d:52:85:3b:11:3e:33:2c:
                    a3:e9:52:cb:77:58:0d:f3:ae:6d:5f:94:8f:fd:9f:
                    2b:77:62:a8:33:3c:9a:02:75:66:7f:15:29:8c:e2:
                    d6:9e:3a:a5:70:f8:17:5a:ac:a1:67:3f:8a:d1:19:
                    66:0a:28:75:34:30:a4:a8:2a:02:d0:27:21:da:1c:
                    48:ec:39:2b:5a:cf:1e:cf:29:7c:26:96:07:e7:79:
                    2c:77:8b:44:68:dd:29:65:a8:57:a9:58:69:d9:0a:
                    3f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:F9:E8:DE:E3:F3:0B:F4:0B:B4:6F:18:5C:B5:CE:50:7E:B8:98:28
            X509v3 Authority Key Identifier:
                keyid:7E:C5:D4:82:8D:C3:41:99:EF:71:7C:C0:3A:48:A0:07:4C:14:43:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fsXUgo3DQZnvcXzAOkigB0wUQ7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/o_no3uPzC_QLtG8YXLXOUH64mCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/fsXUgo3DQZnvcXzAOkigB0wUQ7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:90:ad:bb:dd:f2:1d:ce:72:2f:fc:01:eb:ec:9d:e3:e6:ac:
         48:fa:02:5c:13:bd:d7:a9:cf:ed:fd:8b:0f:01:4d:94:db:5e:
         3c:b9:51:3b:a6:d7:09:f0:f2:d5:92:fa:2a:c5:21:4d:51:41:
         f2:d4:76:03:e9:1e:27:f9:9f:82:11:e7:8f:5e:73:88:e0:29:
         37:c8:13:de:06:2f:52:75:c3:c4:11:39:2e:97:c5:07:68:44:
         7c:9a:b9:07:4e:71:65:12:5f:80:7c:f1:93:1d:09:65:91:51:
         20:17:f5:fb:f7:9d:6b:aa:2c:9c:53:0e:7c:8a:50:b7:a3:0a:
         35:1b:eb:1a:35:58:c4:2d:65:04:cd:84:4b:4f:6f:2e:55:4d:
         92:39:ae:5f:60:56:fe:a4:08:88:88:71:ca:da:8a:af:d8:5b:
         c8:a0:84:dd:c0:66:24:ad:ed:26:65:e7:f8:09:72:49:0a:18:
         da:27:62:ec:e3:61:4d:a6:74:e2:21:bb:a9:44:b4:bc:23:e3:
         61:21:24:87:86:24:8f:71:18:8d:a7:b1:e3:f6:52:ab:13:ae:
         17:ea:80:5e:20:89:39:d1:78:d7:87:38:80:a5:0f:67:1b:52:
         e8:a4:2a:d4:d2:77:7d:25:81:6e:89:8a:21:1e:b4:25:23:a2:
         49:6a:24:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3PUcHQumQ+PU/wTe1aH+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlYzVkNDgyOGRjMzQxOTllZjcxN2NjMDNhNDhhMDA3NGMx
NDQzYjgwHhcNMjQwMTAxMTYzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2Y5ZThkZWUzZjMwYmY0MGJiNDZmMTg1Y2I1Y2U1MDdlYjg5ODI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhUEaUrFgXMzIwWzM8Ksmlao9hld
Khte7qGbmaQ0VcYHja66/djORLjScMR6OslxvgR3bOi/8fDqaKWF4ackLw8LnMeb
AZ2NjpHQ/DVKnDHKuiHhAD2IhCxFl051x2tfpsSt4r+5+aIH3GsYB/IpiWFJNUl+
wr9PtK1TxH13gXVL3V/NNmifGWTHk4HWmWE3bOMi2z9nCZYGSs7QjVKFOxE+Myyj
6VLLd1gN865tX5SP/Z8rd2KoMzyaAnVmfxUpjOLWnjqlcPgXWqyhZz+K0RlmCih1
NDCkqCoC0Cch2hxI7DkrWs8ezyl8JpYH53ksd4tEaN0pZahXqVhp2Qo/YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKP56N7j8wv0C7RvGFy1zlB+uJgoMB8GA1UdIwQY
MBaAFH7F1IKNw0GZ73F8wDpIoAdMFEO4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnNYVWdvM0RRWm52Y1h6QU9raWdCMHdVUTdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9hMDBiODktYjM5OC00MGQ5LWJkYjUt
NDI3YjJkNGY5YzgyLzEvb19ubzN1UHpDX1FMdEc4WVhMWE9VSDY0bUNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9hMDBiODktYjM5OC00MGQ5LWJkYjUtNDI3YjJkNGY5Yzgy
LzEvZnNYVWdvM0RRWm52Y1h6QU9raWdCMHdVUTdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0JCMA0G
CSqGSIb3DQEBCwUAA4IBAQBGkK273fIdznIv/AHr7J3j5qxI+gJcE73Xqc/t/YsP
AU2U2148uVE7ptcJ8PLVkvoqxSFNUUHy1HYD6R4n+Z+CEeePXnOI4Ck3yBPeBi9S
dcPEETkul8UHaER8mrkHTnFlEl+AfPGTHQllkVEgF/X7951rqiycUw58ilC3owo1
G+saNVjELWUEzYRLT28uVU2SOa5fYFb+pAiIiHHK2oqv2FvIoITdwGYkre0mZef4
CXJJChjaJ2Ls42FNpnTiIbupRLS8I+NhISSHhiSPcRiNp7Hj9lKrE64X6oBeIIk5
0XjXhziApQ9nG1LopCrU0nd9JYFuiYohHrQlI6JJaiS1
-----END CERTIFICATE-----