Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/mChy1Q-yGYKAuBtCpwG2BrYpKK0.roa
File:                     mChy1Q-yGYKAuBtCpwG2BrYpKK0.roa (raw, json)
Hash identifier:          opJqXCswnM8gk5M6btYT/annRn1VRJjytY8D+xBfiUs=
Subject key identifier:   98:28:72:D5:0F:B2:19:82:80:B8:1B:42:A7:01:B6:06:B6:29:28:AD
Certificate issuer:       /CN=d38cd9440552e7dab9cd5631d4ab872451535b7a
Certificate serial:       018E31E91FDC541493175A961D89EF8D9E8C
Authority key identifier: D3:8C:D9:44:05:52:E7:DA:B9:CD:56:31:D4:AB:87:24:51:53:5B:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/04zZRAVS59q5zVYx1KuHJFFTW3o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/mChy1Q-yGYKAuBtCpwG2BrYpKK0.roa
Signing time:             Tue 12 Mar 2024 09:05:45 +0000
ROA not before:           Tue 12 Mar 2024 09:05:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        95.128.156.0/24 maxlen: 24
                          185.180.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/04zZRAVS59q5zVYx1KuHJFFTW3o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/04zZRAVS59q5zVYx1KuHJFFTW3o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/04zZRAVS59q5zVYx1KuHJFFTW3o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:31:e9:1f:dc:54:14:93:17:5a:96:1d:89:ef:8d:9e:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d38cd9440552e7dab9cd5631d4ab872451535b7a
        Validity
            Not Before: Mar 12 09:05:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=982872d50fb2198280b81b42a701b606b62928ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:07:20:27:72:a7:e7:3a:d0:1c:55:b6:91:30:
                    8a:21:05:34:6b:27:3a:2f:89:e6:80:d0:46:09:a3:
                    ea:29:77:0a:2a:a0:94:e2:cd:28:fe:26:cd:ee:e6:
                    34:85:9d:9a:ff:32:23:8b:39:29:0a:bd:35:b0:af:
                    93:bb:d4:1a:58:d2:bc:db:17:c2:44:63:13:1c:29:
                    e9:a5:55:70:ab:22:6c:88:f0:79:ed:01:7d:69:ee:
                    a3:a1:cc:cf:c7:9c:7b:5d:85:63:c1:3a:95:0c:f9:
                    51:ee:82:4c:64:2c:6c:51:4f:0c:8e:be:16:db:2e:
                    5a:cd:19:7c:36:46:ac:ae:36:f1:6b:55:60:2f:f0:
                    24:d9:57:51:d2:0c:e9:e8:e7:f8:87:f6:7f:31:bd:
                    d0:d2:50:dc:5d:4a:85:b5:b0:94:0d:63:23:80:86:
                    8f:a2:b7:22:f2:c2:bc:b8:8a:9e:ec:a2:cd:df:33:
                    24:f9:7b:71:93:6a:98:3b:02:15:3a:d5:b1:ad:bc:
                    93:ca:52:76:15:89:a5:4d:be:26:7a:a1:91:bf:64:
                    8d:58:52:b2:aa:5e:a2:2c:5d:9c:37:d0:d7:dd:33:
                    98:cf:fa:5f:32:85:20:8f:e4:52:14:db:50:5e:e8:
                    60:f4:40:39:13:98:5b:61:06:79:b2:09:9f:70:c0:
                    83:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:28:72:D5:0F:B2:19:82:80:B8:1B:42:A7:01:B6:06:B6:29:28:AD
            X509v3 Authority Key Identifier:
                keyid:D3:8C:D9:44:05:52:E7:DA:B9:CD:56:31:D4:AB:87:24:51:53:5B:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/04zZRAVS59q5zVYx1KuHJFFTW3o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/mChy1Q-yGYKAuBtCpwG2BrYpKK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/04zZRAVS59q5zVYx1KuHJFFTW3o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.156.0/24
                  185.180.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:0d:f1:de:1b:69:c5:80:59:c4:7e:95:8e:39:62:07:4c:30:
         b9:fa:b0:ce:5b:62:83:1d:a7:8b:df:31:42:ab:f9:14:60:a6:
         2d:e4:02:13:2b:75:32:8c:61:76:3d:d8:94:94:30:76:96:c2:
         9b:7c:02:01:d5:69:2f:52:75:0c:8f:95:a1:eb:2d:43:72:58:
         01:c9:85:cf:81:94:01:92:aa:20:41:68:b0:68:88:8e:bc:cc:
         0a:49:ca:63:c8:35:8d:75:4a:f6:98:03:58:b7:e3:76:d2:c7:
         ed:fe:c7:19:9b:73:a3:60:0e:2e:bd:75:fd:b1:39:41:a9:74:
         d7:23:92:c1:72:ab:f9:f1:14:b8:cd:4f:65:46:41:30:79:e8:
         8a:02:c9:ca:71:e8:7e:8d:a2:9d:eb:4a:fd:ce:79:d8:c6:c6:
         52:2c:a7:07:1c:4c:55:2e:91:b0:64:bc:13:2d:bd:ff:ca:d0:
         bd:b5:37:55:d1:ce:b5:5b:bc:c1:b2:74:9f:fc:ca:9f:58:e2:
         a9:c9:40:7d:a0:62:5f:7b:a4:f2:c6:0a:1c:f1:45:74:2e:d2:
         96:92:3b:8e:c8:e4:3c:b5:cc:47:36:22:d3:a4:3e:38:6f:fd:
         09:a1:1f:4f:1f:7c:38:ae:0b:5f:d1:dd:2d:47:96:e5:84:2d:
         17:4a:41:f2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4x6R/cVBSTF1qWHYnvjZ6MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzOGNkOTQ0MDU1MmU3ZGFiOWNkNTYzMWQ0YWI4NzI0NTE1
MzViN2EwHhcNMjQwMzEyMDkwNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODI4NzJkNTBmYjIxOTgyODBiODFiNDJhNzAxYjYwNmI2MjkyOGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAcgJ3Kn5zrQHFW2kTCKIQU0ayc6
L4nmgNBGCaPqKXcKKqCU4s0o/ibN7uY0hZ2a/zIjizkpCr01sK+Tu9QaWNK82xfC
RGMTHCnppVVwqyJsiPB57QF9ae6joczPx5x7XYVjwTqVDPlR7oJMZCxsUU8Mjr4W
2y5azRl8Nkasrjbxa1VgL/Ak2VdR0gzp6Of4h/Z/Mb3Q0lDcXUqFtbCUDWMjgIaP
orci8sK8uIqe7KLN3zMk+Xtxk2qYOwIVOtWxrbyTylJ2FYmlTb4meqGRv2SNWFKy
ql6iLF2cN9DX3TOYz/pfMoUgj+RSFNtQXuhg9EA5E5hbYQZ5sgmfcMCDPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJgoctUPshmCgLgbQqcBtga2KSitMB8GA1UdIwQY
MBaAFNOM2UQFUufauc1WMdSrhyRRU1t6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDR6WlJBVlM1OXE1elZZeDFLdUhKRkZUVzNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi80YzMxNjAtZGUxMi00OTI5LWE0ODMt
N2M2NWE4NTJmMDkyLzEvbUNoeTFRLXlHWUtBdUJ0Q3B3RzJCcllwS0swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi80YzMxNjAtZGUxMi00OTI5LWE0ODMtN2M2NWE4NTJmMDky
LzEvMDR6WlJBVlM1OXE1elZZeDFLdUhKRkZUVzNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX4CcAwQA
ubSQMA0GCSqGSIb3DQEBCwUAA4IBAQAHDfHeG2nFgFnEfpWOOWIHTDC5+rDOW2KD
HaeL3zFCq/kUYKYt5AITK3UyjGF2PdiUlDB2lsKbfAIB1WkvUnUMj5Wh6y1DclgB
yYXPgZQBkqogQWiwaIiOvMwKScpjyDWNdUr2mANYt+N20sft/scZm3OjYA4uvXX9
sTlBqXTXI5LBcqv58RS4zU9lRkEweeiKAsnKceh+jaKd60r9znnYxsZSLKcHHExV
LpGwZLwTLb3/ytC9tTdV0c61W7zBsnSf/MqfWOKpyUB9oGJfe6Tyxgoc8UV0LtKW
kjuOyOQ8tcxHNiLTpD44b/0JoR9PH3w4rgtf0d0tR5blhC0XSkHy
-----END CERTIFICATE-----