Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/0PlmwiddedsC9qdqjeCklgVOHf0.roa
File:                     0PlmwiddedsC9qdqjeCklgVOHf0.roa (raw, json)
Hash identifier:          /hLtI0Bmg6wZPAF5+4yW7hEyglYCK1kVvODXOW0Dj+M=
Subject key identifier:   D0:F9:66:C2:27:5D:79:DB:02:F6:A7:6A:8D:E0:A4:96:05:4E:1D:FD
Certificate issuer:       /CN=9aeecb353f1cdc5fd3a9d54a8873531efd285c46
Certificate serial:       018CC5009A5AF2072F2C692C004BE87E6CFA
Authority key identifier: 9A:EE:CB:35:3F:1C:DC:5F:D3:A9:D5:4A:88:73:53:1E:FD:28:5C:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu7LNT8c3F_TqdVKiHNTHv0oXEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/0PlmwiddedsC9qdqjeCklgVOHf0.roa
Signing time:             Mon 01 Jan 2024 12:30:00 +0000
ROA not before:           Mon 01 Jan 2024 12:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210924
IP address blocks:        195.96.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/mu7LNT8c3F_TqdVKiHNTHv0oXEY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/mu7LNT8c3F_TqdVKiHNTHv0oXEY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu7LNT8c3F_TqdVKiHNTHv0oXEY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:9a:5a:f2:07:2f:2c:69:2c:00:4b:e8:7e:6c:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aeecb353f1cdc5fd3a9d54a8873531efd285c46
        Validity
            Not Before: Jan  1 12:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0f966c2275d79db02f6a76a8de0a496054e1dfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:4e:3a:f7:ab:e6:01:4a:9e:bd:7c:df:b2:ac:
                    4a:a2:be:e6:78:ef:3a:fa:97:71:15:2d:82:bc:a6:
                    c3:46:53:f5:5a:23:ae:ff:2d:01:51:20:ef:b0:53:
                    4c:a2:00:fb:33:a7:ea:5f:d3:50:8c:9c:38:72:62:
                    06:aa:05:a3:05:02:35:3a:ee:11:cc:1b:58:d6:ac:
                    f3:4c:e3:9a:c7:7b:47:87:48:75:28:52:bd:db:57:
                    f7:7c:2d:45:c6:47:8f:62:93:b4:3c:ea:10:f4:65:
                    a1:2e:83:bb:a2:5b:c6:40:1c:36:a7:89:b5:d0:10:
                    82:36:ca:f4:1b:ff:99:05:e7:30:18:b1:a3:d7:3b:
                    9e:85:2a:49:63:44:ed:35:90:30:c7:d2:83:08:d3:
                    33:1f:08:d5:2a:fc:75:fc:36:3e:61:cf:65:ba:96:
                    54:68:a8:e8:61:24:4a:e1:1c:f5:c0:32:2e:69:da:
                    fd:c7:30:78:94:9b:06:14:8a:b9:0a:ee:c4:f3:ef:
                    07:1c:ab:25:24:aa:2e:4e:15:60:13:c3:64:35:7b:
                    d0:88:26:56:43:07:c8:b0:61:01:d7:f6:02:8e:56:
                    a9:cd:f3:59:07:a3:62:12:0c:37:7f:f0:49:9a:86:
                    f0:0d:e8:6b:77:b8:3b:f9:5c:ed:da:47:8a:68:4c:
                    ac:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:F9:66:C2:27:5D:79:DB:02:F6:A7:6A:8D:E0:A4:96:05:4E:1D:FD
            X509v3 Authority Key Identifier:
                keyid:9A:EE:CB:35:3F:1C:DC:5F:D3:A9:D5:4A:88:73:53:1E:FD:28:5C:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu7LNT8c3F_TqdVKiHNTHv0oXEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/0PlmwiddedsC9qdqjeCklgVOHf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/mu7LNT8c3F_TqdVKiHNTHv0oXEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:fc:20:de:08:6d:27:6d:7e:16:cd:5b:9f:14:55:7d:e4:59:
         fa:97:51:8f:06:55:03:be:38:01:cb:cc:14:54:78:00:78:a1:
         3e:a5:5b:5e:ec:8e:66:0e:87:e9:92:a9:e2:30:00:4d:ec:e4:
         25:57:c8:95:80:e7:e6:67:95:1e:32:90:d2:03:49:6c:e9:4d:
         ab:3a:98:62:8b:86:40:93:f5:6e:41:58:ab:18:06:f3:a1:67:
         22:ff:e2:d5:8a:a9:03:27:83:d5:69:9f:ee:42:2c:96:6f:02:
         7b:21:58:c4:58:c1:71:61:08:c6:9b:a7:c6:bf:dc:df:07:8d:
         66:ec:b2:94:23:0a:63:ea:a5:e8:fc:1e:60:67:5c:c5:40:76:
         3c:26:c4:46:32:34:fc:cc:a4:b9:2b:49:d6:10:94:e2:e3:19:
         3e:2f:04:f6:ce:50:a5:eb:9b:60:83:23:05:83:16:61:b9:31:
         f5:7b:4c:72:fa:04:95:4d:4d:ad:03:2a:f5:95:f3:e7:89:72:
         be:f4:2b:de:16:ae:ce:dd:a0:11:d2:9c:65:0f:4e:5c:b9:05:
         5b:b1:98:59:dd:e1:bf:3c:f7:2e:82:8f:94:a7:6b:98:20:2a:
         a0:ee:9a:e2:75:08:0c:36:3e:2d:4e:5c:80:ae:c0:4a:a3:b6:
         6f:b2:de:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAJpa8gcvLGksAEvofmz6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWVjYjM1M2YxY2RjNWZkM2E5ZDU0YTg4NzM1MzFlZmQy
ODVjNDYwHhcNMjQwMTAxMTIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGY5NjZjMjI3NWQ3OWRiMDJmNmE3NmE4ZGUwYTQ5NjA1NGUxZGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkk4696vmAUqevXzfsqxKor7meO86
+pdxFS2CvKbDRlP1WiOu/y0BUSDvsFNMogD7M6fqX9NQjJw4cmIGqgWjBQI1Ou4R
zBtY1qzzTOOax3tHh0h1KFK921f3fC1FxkePYpO0POoQ9GWhLoO7olvGQBw2p4m1
0BCCNsr0G/+ZBecwGLGj1zuehSpJY0TtNZAwx9KDCNMzHwjVKvx1/DY+Yc9lupZU
aKjoYSRK4Rz1wDIuadr9xzB4lJsGFIq5Cu7E8+8HHKslJKouThVgE8NkNXvQiCZW
QwfIsGEB1/YCjlapzfNZB6NiEgw3f/BJmobwDehrd7g7+Vzt2keKaEysOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFND5ZsInXXnbAvanao3gpJYFTh39MB8GA1UdIwQY
MBaAFJruyzU/HNxf06nVSohzUx79KFxGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU3TE5UOGMzRl9UcWRWS2lITlRIdjBvWEVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8xNTg2M2ItNzg3Zi00MDg0LWI3ZjYt
NTk0NDk2MGUzMWNmLzEvMFBsbXdpZGRlZHNDOXFkcWplQ2tsZ1ZPSGYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8xNTg2M2ItNzg3Zi00MDg0LWI3ZjYtNTk0NDk2MGUzMWNm
LzEvbXU3TE5UOGMzRl9UcWRWS2lITlRIdjBvWEVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw2CKMA0G
CSqGSIb3DQEBCwUAA4IBAQAq/CDeCG0nbX4WzVufFFV95Fn6l1GPBlUDvjgBy8wU
VHgAeKE+pVte7I5mDofpkqniMABN7OQlV8iVgOfmZ5UeMpDSA0ls6U2rOphii4ZA
k/VuQVirGAbzoWci/+LViqkDJ4PVaZ/uQiyWbwJ7IVjEWMFxYQjGm6fGv9zfB41m
7LKUIwpj6qXo/B5gZ1zFQHY8JsRGMjT8zKS5K0nWEJTi4xk+LwT2zlCl65tggyMF
gxZhuTH1e0xy+gSVTU2tAyr1lfPniXK+9CveFq7O3aAR0pxlD05cuQVbsZhZ3eG/
PPcugo+Up2uYICqg7pridQgMNj4tTlyArsBKo7Zvst51
-----END CERTIFICATE-----