Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/d06832-dbdf-4f87-99b8-38d8a78a4862/1/ACtGecJJAJmuFtIB_Xuk3R8U-jA.roa
File:                     ACtGecJJAJmuFtIB_Xuk3R8U-jA.roa (raw, json)
Hash identifier:          EV1ru+tEmzjvjl0JdbwT7XMX0flwYi5qD+edbusxh14=
Subject key identifier:   00:2B:46:79:C2:49:00:99:AE:16:D2:01:FD:7B:A4:DD:1F:14:FA:30
Certificate issuer:       /CN=403f08bbaffa4161843203a8a757ab6e9546b0ce
Certificate serial:       018EC248C457CB0A1A605B73391F0E85BF1C
Authority key identifier: 40:3F:08:BB:AF:FA:41:61:84:32:03:A8:A7:57:AB:6E:95:46:B0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QD8Iu6_6QWGEMgOop1erbpVGsM4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/d06832-dbdf-4f87-99b8-38d8a78a4862/1/ACtGecJJAJmuFtIB_Xuk3R8U-jA.roa
Signing time:             Tue 09 Apr 2024 09:55:32 +0000
ROA not before:           Tue 09 Apr 2024 09:55:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213295
IP address blocks:        195.200.234.0/24 maxlen: 24
                          2a10:d0c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/d06832-dbdf-4f87-99b8-38d8a78a4862/1/QD8Iu6_6QWGEMgOop1erbpVGsM4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/d06832-dbdf-4f87-99b8-38d8a78a4862/1/QD8Iu6_6QWGEMgOop1erbpVGsM4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QD8Iu6_6QWGEMgOop1erbpVGsM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c2:48:c4:57:cb:0a:1a:60:5b:73:39:1f:0e:85:bf:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=403f08bbaffa4161843203a8a757ab6e9546b0ce
        Validity
            Not Before: Apr  9 09:55:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=002b4679c2490099ae16d201fd7ba4dd1f14fa30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:8c:b8:72:8d:87:96:5e:55:66:31:2a:4f:ce:
                    32:86:6a:73:31:31:45:f4:3e:bf:19:ae:72:9f:82:
                    8e:6b:f2:0b:c1:66:95:9b:1c:96:16:e3:47:50:49:
                    ae:db:4a:85:35:22:e0:f3:49:3f:fd:ec:fe:5f:ff:
                    d2:c4:5d:95:27:43:eb:92:a2:c2:70:2a:6c:ad:5e:
                    07:e8:86:27:10:9a:6f:49:cb:67:ab:2b:f2:26:7f:
                    40:e9:7f:d8:7c:05:89:d0:78:22:87:ae:51:91:6c:
                    78:e5:42:e4:81:14:06:96:1d:42:88:85:b5:c3:90:
                    45:a2:90:85:ac:2c:3c:2d:90:56:da:60:54:79:25:
                    74:b6:a6:b5:0e:5e:47:44:b5:a9:ab:8c:0f:29:3a:
                    fb:a4:57:90:59:16:61:84:7a:72:e8:99:8d:8c:11:
                    0c:dd:bb:1c:a6:12:8a:ec:aa:b2:46:e4:0b:8d:34:
                    ea:73:72:7a:8f:57:4c:b7:a2:e9:2d:7e:04:c2:39:
                    6b:d2:e6:4e:10:83:5a:f3:75:56:6d:57:a1:5b:2c:
                    cc:99:f2:99:87:6b:79:ce:74:be:12:27:5c:8d:1f:
                    f7:87:08:c9:73:ca:95:f4:64:78:9f:c2:0f:88:c9:
                    b1:68:c8:94:1b:36:9d:fe:fc:ed:26:ec:3e:58:a3:
                    8c:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:2B:46:79:C2:49:00:99:AE:16:D2:01:FD:7B:A4:DD:1F:14:FA:30
            X509v3 Authority Key Identifier:
                keyid:40:3F:08:BB:AF:FA:41:61:84:32:03:A8:A7:57:AB:6E:95:46:B0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QD8Iu6_6QWGEMgOop1erbpVGsM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/d06832-dbdf-4f87-99b8-38d8a78a4862/1/ACtGecJJAJmuFtIB_Xuk3R8U-jA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/d06832-dbdf-4f87-99b8-38d8a78a4862/1/QD8Iu6_6QWGEMgOop1erbpVGsM4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.234.0/24
                IPv6:
                  2a10:d0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         50:ff:0b:42:a5:e4:d1:e9:88:b4:5b:b3:ed:1d:79:c6:ae:54:
         bb:31:52:35:22:90:10:a0:9c:0c:22:64:b0:5d:3f:fa:f0:c8:
         39:9a:f9:6c:3d:be:72:fd:56:fc:2a:7a:15:1c:4d:36:98:ad:
         a7:67:15:6b:b7:39:51:ed:d1:3d:79:11:30:dc:b0:d4:a8:fd:
         ac:b4:0b:9b:f5:9e:c9:36:bc:77:e7:f6:b4:8f:ae:53:21:72:
         2a:1c:96:d1:cf:c2:f0:fb:0e:3e:35:c6:be:3c:19:23:28:d1:
         61:80:d5:c9:4d:40:85:d8:56:3c:a3:64:dc:03:e4:3b:b7:d7:
         84:37:f4:f8:60:60:19:8a:5b:c0:b3:78:50:df:de:62:2c:40:
         bc:b3:77:83:08:16:16:fb:a1:2d:86:cd:18:97:ab:46:25:41:
         ab:cb:a2:dd:24:9c:51:35:73:a4:41:85:3f:da:7c:50:7b:53:
         9b:80:c7:ea:03:c3:5d:26:f3:be:6b:74:a2:e3:57:46:d9:6a:
         f4:16:67:a1:c1:82:5c:74:74:32:ea:b2:76:9f:0f:92:66:9d:
         36:64:25:56:07:55:8d:8d:cf:38:f6:f5:eb:bf:87:99:43:7d:
         2c:72:83:7e:a8:0f:14:65:f3:12:53:3e:3f:45:35:04:bc:b4:
         b2:7f:af:23
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY7CSMRXywoaYFtzOR8Ohb8cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwM2YwOGJiYWZmYTQxNjE4NDMyMDNhOGE3NTdhYjZlOTU0
NmIwY2UwHhcNMjQwNDA5MDk1NTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDJiNDY3OWMyNDkwMDk5YWUxNmQyMDFmZDdiYTRkZDFmMTRmYTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjoy4co2Hll5VZjEqT84yhmpzMTFF
9D6/Ga5yn4KOa/ILwWaVmxyWFuNHUEmu20qFNSLg80k//ez+X//SxF2VJ0PrkqLC
cCpsrV4H6IYnEJpvSctnqyvyJn9A6X/YfAWJ0Hgih65RkWx45ULkgRQGlh1CiIW1
w5BFopCFrCw8LZBW2mBUeSV0tqa1Dl5HRLWpq4wPKTr7pFeQWRZhhHpy6JmNjBEM
3bscphKK7KqyRuQLjTTqc3J6j1dMt6LpLX4Ewjlr0uZOEINa83VWbVehWyzMmfKZ
h2t5znS+EidcjR/3hwjJc8qV9GR4n8IPiMmxaMiUGzad/vztJuw+WKOMawIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAArRnnCSQCZrhbSAf17pN0fFPowMB8GA1UdIwQY
MBaAFEA/CLuv+kFhhDIDqKdXq26VRrDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUQ4SXU2XzZRV0dFTWdPb3AxZXJicFZHc000LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9kMDY4MzItZGJkZi00Zjg3LTk5Yjgt
MzhkOGE3OGE0ODYyLzEvQUN0R2VjSkpBSm11RnRJQl9YdWszUjhVLWpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9kMDY4MzItZGJkZi00Zjg3LTk5YjgtMzhkOGE3OGE0ODYy
LzEvUUQ4SXU2XzZRV0dFTWdPb3AxZXJicFZHc000LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAw8jqMA0E
AgACMAcDBQMqENDAMA0GCSqGSIb3DQEBCwUAA4IBAQBQ/wtCpeTR6Yi0W7PtHXnG
rlS7MVI1IpAQoJwMImSwXT/68Mg5mvlsPb5y/Vb8KnoVHE02mK2nZxVrtzlR7dE9
eREw3LDUqP2stAub9Z7JNrx35/a0j65TIXIqHJbRz8Lw+w4+Nca+PBkjKNFhgNXJ
TUCF2FY8o2TcA+Q7t9eEN/T4YGAZilvAs3hQ395iLEC8s3eDCBYW+6Eths0Yl6tG
JUGry6LdJJxRNXOkQYU/2nxQe1ObgMfqA8NdJvO+a3Si41dG2Wr0FmehwYJcdHQy
6rJ2nw+SZp02ZCVWB1WNjc849vXrv4eZQ30scoN+qA8UZfMSUz4/RTUEvLSyf68j
-----END CERTIFICATE-----