Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/3b7c43-4241-44d4-8534-409d0f9c8a04/1/iHWuG-vCxS4gvYjBLrCIq5ynSFk.roa
File:                     iHWuG-vCxS4gvYjBLrCIq5ynSFk.roa (raw, json)
Hash identifier:          jY/ORcMAGvwCv/Ad8S5vHAWBCs2EWmMARhCCPwUfaq8=
Subject key identifier:   88:75:AE:1B:EB:C2:C5:2E:20:BD:88:C1:2E:B0:88:AB:9C:A7:48:59
Certificate issuer:       /CN=bd8f133d1095cd31205c7a3462248cc9941203ac
Certificate serial:       018CC8DCCAE305EC418F8D8C3BD73CDE9F82
Authority key identifier: BD:8F:13:3D:10:95:CD:31:20:5C:7A:34:62:24:8C:C9:94:12:03:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vY8TPRCVzTEgXHo0YiSMyZQSA6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/3b7c43-4241-44d4-8534-409d0f9c8a04/1/iHWuG-vCxS4gvYjBLrCIq5ynSFk.roa
Signing time:             Tue 02 Jan 2024 06:29:22 +0000
ROA not before:           Tue 02 Jan 2024 06:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34396
IP address blocks:        195.200.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/3b7c43-4241-44d4-8534-409d0f9c8a04/1/vY8TPRCVzTEgXHo0YiSMyZQSA6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/3b7c43-4241-44d4-8534-409d0f9c8a04/1/vY8TPRCVzTEgXHo0YiSMyZQSA6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vY8TPRCVzTEgXHo0YiSMyZQSA6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 00:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:ca:e3:05:ec:41:8f:8d:8c:3b:d7:3c:de:9f:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd8f133d1095cd31205c7a3462248cc9941203ac
        Validity
            Not Before: Jan  2 06:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8875ae1bebc2c52e20bd88c12eb088ab9ca74859
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:21:6e:19:60:2e:e7:e3:33:52:9e:7a:55:76:
                    7e:d9:82:c0:6c:45:36:45:bc:b8:62:ef:a9:63:4f:
                    a8:20:a9:54:52:b1:be:e9:c9:6c:e6:ef:dc:31:46:
                    ba:b9:98:55:2f:37:37:bf:cc:57:fb:5e:2c:90:1c:
                    63:d0:32:cb:ba:a1:97:ea:3d:f1:33:7c:84:09:e7:
                    89:5f:95:e9:1a:bb:cb:c1:11:37:fd:36:5e:5c:fa:
                    b1:fd:f2:1a:36:df:81:8d:11:87:49:78:65:47:b5:
                    0a:86:36:bf:c4:2d:ba:1a:96:bd:14:78:32:ef:1a:
                    a4:a5:84:1d:08:09:da:bf:a0:ff:8c:b9:40:8f:de:
                    b7:26:89:46:a3:59:97:1a:e6:b9:d9:ca:63:4d:d1:
                    e0:bd:30:2a:55:4a:dc:94:f6:60:c8:4f:a4:f3:52:
                    ba:1a:ce:a3:3d:65:b0:d9:f8:de:49:1d:e1:d2:16:
                    20:73:f4:b1:b1:38:70:4d:b9:a2:20:68:b0:a8:75:
                    52:f7:70:a6:79:9e:10:30:7c:0c:f1:93:bb:d1:ba:
                    c8:b9:db:bb:b9:c7:89:ed:19:48:b5:8e:0c:c2:61:
                    dd:b5:cc:ab:bf:4f:93:3c:64:aa:6d:77:34:55:2f:
                    a6:18:d7:01:9a:ec:5e:14:fc:5b:7e:fe:5e:2e:b8:
                    23:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:75:AE:1B:EB:C2:C5:2E:20:BD:88:C1:2E:B0:88:AB:9C:A7:48:59
            X509v3 Authority Key Identifier:
                keyid:BD:8F:13:3D:10:95:CD:31:20:5C:7A:34:62:24:8C:C9:94:12:03:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vY8TPRCVzTEgXHo0YiSMyZQSA6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/3b7c43-4241-44d4-8534-409d0f9c8a04/1/iHWuG-vCxS4gvYjBLrCIq5ynSFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/3b7c43-4241-44d4-8534-409d0f9c8a04/1/vY8TPRCVzTEgXHo0YiSMyZQSA6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:53:c6:2f:1d:be:e8:77:4c:09:81:2d:79:53:98:cb:72:0f:
         8d:70:45:2e:53:db:bb:36:8e:8d:dd:90:6e:29:9c:dd:a6:22:
         c4:11:83:9e:43:41:cc:7a:87:9b:11:a0:3a:7c:74:35:35:50:
         90:59:94:fb:e2:55:a9:dc:d3:04:f3:bf:e7:b6:a2:85:eb:6e:
         1f:2f:2f:79:f8:d8:ec:cd:67:3b:27:c9:72:ee:af:9f:39:d5:
         db:40:af:d2:b4:28:85:be:60:23:2f:c6:f9:2c:19:96:fd:73:
         32:4b:cd:12:40:38:b4:8c:d6:a9:a9:b1:dd:3d:5d:b1:d2:d6:
         8b:92:23:6b:f9:5b:e3:29:0e:11:02:67:be:d1:20:55:54:e1:
         aa:98:6e:d9:6b:09:a9:6b:81:62:d1:36:43:cf:48:d4:da:f3:
         28:8e:5b:f4:06:97:30:ef:c8:8c:6f:f6:63:30:fc:b6:ff:15:
         ac:ed:bb:4b:3d:29:e0:c7:8c:b9:6b:39:af:a6:7c:a9:6d:21:
         7e:3d:09:54:a9:36:08:1e:c8:d1:72:f7:9a:86:c4:fb:42:d8:
         12:91:56:a5:08:28:6c:68:d6:48:90:57:3f:4c:5a:79:12:0c:
         22:cb:35:3c:4f:09:d7:ea:d3:33:18:42:91:6e:12:37:6e:99:
         9f:74:11:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3MrjBexBj42MO9c83p+CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkOGYxMzNkMTA5NWNkMzEyMDVjN2EzNDYyMjQ4Y2M5OTQx
MjAzYWMwHhcNMjQwMTAyMDYyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODc1YWUxYmViYzJjNTJlMjBiZDg4YzEyZWIwODhhYjljYTc0ODU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyFuGWAu5+MzUp56VXZ+2YLAbEU2
Rby4Yu+pY0+oIKlUUrG+6cls5u/cMUa6uZhVLzc3v8xX+14skBxj0DLLuqGX6j3x
M3yECeeJX5XpGrvLwRE3/TZeXPqx/fIaNt+BjRGHSXhlR7UKhja/xC26Gpa9FHgy
7xqkpYQdCAnav6D/jLlAj963JolGo1mXGua52cpjTdHgvTAqVUrclPZgyE+k81K6
Gs6jPWWw2fjeSR3h0hYgc/SxsThwTbmiIGiwqHVS93CmeZ4QMHwM8ZO70brIudu7
uceJ7RlItY4MwmHdtcyrv0+TPGSqbXc0VS+mGNcBmuxeFPxbfv5eLrgjCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIh1rhvrwsUuIL2IwS6wiKucp0hZMB8GA1UdIwQY
MBaAFL2PEz0Qlc0xIFx6NGIkjMmUEgOsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlk4VFBSQ1Z6VEVnWEhvMFlpU015WlFTQTZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8zYjdjNDMtNDI0MS00NGQ0LTg1MzQt
NDA5ZDBmOWM4YTA0LzEvaUhXdUctdkN4UzRndllqQkxyQ0lxNXluU0ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8zYjdjNDMtNDI0MS00NGQ0LTg1MzQtNDA5ZDBmOWM4YTA0
LzEvdlk4VFBSQ1Z6VEVnWEhvMFlpU015WlFTQTZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw8hRMA0G
CSqGSIb3DQEBCwUAA4IBAQAxU8YvHb7od0wJgS15U5jLcg+NcEUuU9u7No6N3ZBu
KZzdpiLEEYOeQ0HMeoebEaA6fHQ1NVCQWZT74lWp3NME87/ntqKF624fLy95+Njs
zWc7J8ly7q+fOdXbQK/StCiFvmAjL8b5LBmW/XMyS80SQDi0jNapqbHdPV2x0taL
kiNr+VvjKQ4RAme+0SBVVOGqmG7Zawmpa4Fi0TZDz0jU2vMojlv0Bpcw78iMb/Zj
MPy2/xWs7btLPSngx4y5azmvpnypbSF+PQlUqTYIHsjRcveahsT7QtgSkValCChs
aNZIkFc/TFp5EgwiyzU8TwnX6tMzGEKRbhI3bpmfdBHv
-----END CERTIFICATE-----