Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/P0D1-nwD0liEYq1CYI2eiXljWP4.roa
File:                     P0D1-nwD0liEYq1CYI2eiXljWP4.roa (raw, json)
Hash identifier:          SUXyzbw7tzBG9gwaCp5Hrv21qMojP+5Cr1UpYbPZpJk=
Subject key identifier:   3F:40:F5:FA:7C:03:D2:58:84:62:AD:42:60:8D:9E:89:79:63:58:FE
Certificate issuer:       /CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
Certificate serial:       018CC64B204ABC5FD32F2690568319106A13
Authority key identifier: AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/P0D1-nwD0liEYq1CYI2eiXljWP4.roa
Signing time:             Mon 01 Jan 2024 18:31:01 +0000
ROA not before:           Mon 01 Jan 2024 18:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21734
IP address blocks:        95.172.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:20:4a:bc:5f:d3:2f:26:90:56:83:19:10:6a:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
        Validity
            Not Before: Jan  1 18:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f40f5fa7c03d2588462ad42608d9e89796358fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:83:26:95:5e:55:41:8c:6c:3f:d6:40:9f:8e:
                    34:01:69:e3:7d:9b:7b:30:e3:b4:56:cc:d0:57:1f:
                    07:3e:16:e7:32:dd:f3:83:2d:eb:a7:f2:5a:c1:cf:
                    3f:66:ab:9e:6b:98:8b:ba:51:ec:68:fd:76:cd:99:
                    3d:40:bb:6f:18:b7:57:70:cc:81:3a:bc:70:f3:fc:
                    a9:3c:ee:c6:f3:82:af:cb:c1:9f:46:7f:b8:af:48:
                    86:da:96:a1:b1:43:cd:d0:cf:90:71:7c:ac:28:71:
                    b2:f7:8f:0d:d6:59:ca:fb:9f:30:cb:2d:08:65:7b:
                    7c:dc:64:6d:da:37:ce:9b:05:ec:32:c4:7a:1d:cb:
                    51:21:c5:e7:cf:05:8b:4a:2a:51:cc:7b:23:d1:8e:
                    07:99:35:28:a0:16:e9:72:28:39:8d:38:b6:2f:42:
                    ef:38:7b:a7:35:e2:1f:4e:43:2f:0f:e9:73:18:32:
                    4f:41:0b:3f:4a:08:97:95:7a:a5:38:15:5c:aa:7d:
                    0a:61:c1:8b:cd:98:21:51:56:f3:8a:94:4d:e2:61:
                    bc:f5:2c:fc:20:3b:71:3c:12:77:b5:3e:0a:66:e5:
                    ed:68:c4:fb:80:2b:72:71:6d:33:15:76:05:66:7c:
                    4d:40:82:74:ce:03:64:8b:5a:32:c6:24:7b:07:7b:
                    4d:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:40:F5:FA:7C:03:D2:58:84:62:AD:42:60:8D:9E:89:79:63:58:FE
            X509v3 Authority Key Identifier:
                keyid:AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/P0D1-nwD0liEYq1CYI2eiXljWP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.172.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:6f:f8:bf:8a:4d:39:2e:34:b6:72:6d:9c:66:85:33:ce:11:
         79:f0:82:21:09:10:6a:e2:18:07:a9:d1:db:5d:86:24:09:75:
         7b:a5:61:94:e5:90:da:53:32:ec:a3:8d:e2:eb:f6:c0:26:44:
         a3:ef:b8:5e:c1:28:8e:7e:7b:04:e3:78:17:f1:5b:a0:52:57:
         32:aa:e0:2f:fd:98:05:d7:b9:41:87:eb:35:d2:36:79:4d:f0:
         9c:3a:5e:d9:e2:1f:ad:60:19:a1:e5:18:22:9e:6a:ff:68:c1:
         b9:22:30:d7:c8:37:ba:80:29:a9:43:c6:1c:a0:0f:01:e0:f6:
         f5:dc:23:61:6b:06:2c:67:a1:65:65:da:b2:9e:ba:85:3d:fe:
         83:68:20:ef:e2:73:9d:79:d2:66:5d:cf:50:37:4b:fb:a8:48:
         4d:55:61:ed:b4:b5:79:cb:ea:a2:d4:31:a8:33:d6:cd:3f:0c:
         c1:9c:18:70:51:77:de:9d:ae:87:e8:fa:d7:69:52:b5:65:ad:
         c4:ad:e5:47:51:1d:48:04:a2:c0:99:c0:4e:fe:81:98:88:da:
         cd:d0:58:30:9d:6d:4c:6c:f8:44:46:3e:91:e4:73:5a:21:f5:
         bc:08:1b:5f:58:70:2d:f0:02:bd:f3:72:90:2b:c6:0e:6b:2b:
         33:3b:20:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSyBKvF/TLyaQVoMZEGoTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZGFlZWE5MTE3YTFkNWNjYzMyMDIyMjk1NWEwOWZhYTA3
OThmZDkwHhcNMjQwMTAxMTgzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjQwZjVmYTdjMDNkMjU4ODQ2MmFkNDI2MDhkOWU4OTc5NjM1OGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYMmlV5VQYxsP9ZAn440AWnjfZt7
MOO0VszQVx8HPhbnMt3zgy3rp/Jawc8/Zquea5iLulHsaP12zZk9QLtvGLdXcMyB
Orxw8/ypPO7G84Kvy8GfRn+4r0iG2pahsUPN0M+QcXysKHGy948N1lnK+58wyy0I
ZXt83GRt2jfOmwXsMsR6HctRIcXnzwWLSipRzHsj0Y4HmTUooBbpcig5jTi2L0Lv
OHunNeIfTkMvD+lzGDJPQQs/SgiXlXqlOBVcqn0KYcGLzZghUVbzipRN4mG89Sz8
IDtxPBJ3tT4KZuXtaMT7gCtycW0zFXYFZnxNQIJ0zgNki1oyxiR7B3tNkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9A9fp8A9JYhGKtQmCNnol5Y1j+MB8GA1UdIwQY
MBaAFK7a7qkReh1czDICIpVaCfqgeY/ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEt
OTk4NjhjNTEzMjlhLzEvUDBEMS1ud0QwbGlFWXExQ1lJMmVpWGxqV1A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEtOTk4NjhjNTEzMjlh
LzEvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6xMMA0G
CSqGSIb3DQEBCwUAA4IBAQA2b/i/ik05LjS2cm2cZoUzzhF58IIhCRBq4hgHqdHb
XYYkCXV7pWGU5ZDaUzLso43i6/bAJkSj77hewSiOfnsE43gX8VugUlcyquAv/ZgF
17lBh+s10jZ5TfCcOl7Z4h+tYBmh5Rginmr/aMG5IjDXyDe6gCmpQ8YcoA8B4Pb1
3CNhawYsZ6FlZdqynrqFPf6DaCDv4nOdedJmXc9QN0v7qEhNVWHttLV5y+qi1DGo
M9bNPwzBnBhwUXfena6H6PrXaVK1Za3EreVHUR1IBKLAmcBO/oGYiNrN0FgwnW1M
bPhERj6R5HNaIfW8CBtfWHAt8AK983KQK8YOayszOyA4
-----END CERTIFICATE-----