Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/43d255-284a-468f-8b6e-fb1e9db0c388/1/cOeWGjPrfDbdekm50ETDxDiusso.roa
File:                     cOeWGjPrfDbdekm50ETDxDiusso.roa (raw, json)
Hash identifier:          phvh6yCE5Kio1WDnxkI47r7Ps+yHg0pk934hPDqZ19A=
Subject key identifier:   70:E7:96:1A:33:EB:7C:36:DD:7A:49:B9:D0:44:C3:C4:38:AE:B2:CA
Certificate issuer:       /CN=94fa6c4299321dc5fc91fc7963aa51487e4af5e6
Certificate serial:       018CC7276A7DF3CF29460C532120BA98FACB
Authority key identifier: 94:FA:6C:42:99:32:1D:C5:FC:91:FC:79:63:AA:51:48:7E:4A:F5:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lPpsQpkyHcX8kfx5Y6pRSH5K9eY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/43d255-284a-468f-8b6e-fb1e9db0c388/1/cOeWGjPrfDbdekm50ETDxDiusso.roa
Signing time:             Mon 01 Jan 2024 22:31:38 +0000
ROA not before:           Mon 01 Jan 2024 22:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35162
IP address blocks:        194.165.30.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/43d255-284a-468f-8b6e-fb1e9db0c388/1/lPpsQpkyHcX8kfx5Y6pRSH5K9eY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/43d255-284a-468f-8b6e-fb1e9db0c388/1/lPpsQpkyHcX8kfx5Y6pRSH5K9eY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lPpsQpkyHcX8kfx5Y6pRSH5K9eY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:6a:7d:f3:cf:29:46:0c:53:21:20:ba:98:fa:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94fa6c4299321dc5fc91fc7963aa51487e4af5e6
        Validity
            Not Before: Jan  1 22:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70e7961a33eb7c36dd7a49b9d044c3c438aeb2ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:5d:c6:7f:08:1d:ab:95:47:d5:30:d6:89:44:
                    8a:52:e8:0b:a9:63:f8:1c:02:09:cb:2f:30:2f:7a:
                    f7:9d:37:84:c5:f0:d5:a2:72:f4:43:d9:5b:df:08:
                    d8:2c:a8:8d:28:66:78:3e:49:e4:95:52:3d:6d:8d:
                    7e:06:71:9d:1b:46:43:01:92:38:f2:05:7b:ac:75:
                    5d:ba:6d:3b:d8:88:16:3b:6f:3b:c4:6d:63:cd:f4:
                    8b:13:8f:0b:00:d1:c5:10:a2:81:32:56:ed:09:53:
                    e4:04:23:97:ee:21:e1:16:0d:61:e6:c6:25:58:01:
                    08:ce:0d:d0:90:6c:08:60:cb:44:5a:eb:ad:a2:fb:
                    39:9e:16:b7:2e:15:1c:07:75:e9:a4:81:3f:4d:33:
                    aa:89:99:15:46:48:0f:f1:e8:f9:82:7f:65:d7:0b:
                    78:ff:79:d2:7a:bd:77:c8:fc:f1:09:c2:b2:73:33:
                    18:b3:04:b0:d8:d7:1e:48:8d:0a:d6:78:46:37:8b:
                    f1:50:5a:c4:52:5f:db:c5:b2:48:ea:3a:6d:0c:05:
                    ac:f5:34:5d:81:53:64:c2:e4:12:31:0a:55:8a:28:
                    48:26:2e:64:3d:af:93:78:97:f0:6a:f5:d7:dc:82:
                    5b:cb:3b:58:c8:d8:29:95:37:23:15:37:86:0f:d2:
                    ac:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:E7:96:1A:33:EB:7C:36:DD:7A:49:B9:D0:44:C3:C4:38:AE:B2:CA
            X509v3 Authority Key Identifier:
                keyid:94:FA:6C:42:99:32:1D:C5:FC:91:FC:79:63:AA:51:48:7E:4A:F5:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lPpsQpkyHcX8kfx5Y6pRSH5K9eY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/43d255-284a-468f-8b6e-fb1e9db0c388/1/cOeWGjPrfDbdekm50ETDxDiusso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/43d255-284a-468f-8b6e-fb1e9db0c388/1/lPpsQpkyHcX8kfx5Y6pRSH5K9eY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.165.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:01:28:ce:95:3f:f0:1e:d4:b2:db:09:28:be:e2:75:06:00:
         03:65:6d:a3:6b:a6:43:f1:30:a4:84:1c:11:93:e7:05:88:5b:
         f4:1f:d9:5e:f4:4c:73:bd:c8:e1:88:2b:c0:a9:72:54:33:51:
         4b:a0:db:a5:5b:70:ad:25:41:74:4a:f8:2a:18:15:ee:d5:f8:
         3e:47:41:02:77:a5:4e:5d:2f:42:f0:a1:2d:eb:df:ff:92:bf:
         c8:29:ff:1e:c8:44:a3:32:ad:3d:14:89:f0:1a:7c:0d:e8:af:
         89:ae:57:07:ae:8d:fa:40:35:aa:d5:2e:79:98:60:9d:74:71:
         f1:16:99:c4:30:d8:2d:c9:29:74:1c:fc:62:8d:3f:28:b7:5d:
         e2:f3:b6:d0:c3:d5:08:00:57:8a:af:e2:ac:40:aa:4b:2c:a4:
         d2:4e:b8:26:d1:3b:77:0f:7c:51:aa:6c:69:22:2f:d6:35:20:
         7a:97:8c:ba:f6:57:4d:2e:9a:34:91:5e:61:6f:58:a6:c5:cb:
         17:fb:37:10:da:e3:4a:00:67:5b:49:94:fa:91:3c:6c:45:2f:
         13:82:91:e1:48:9f:52:97:bc:25:3f:d8:1c:30:70:58:91:25:
         6d:bc:b9:c2:1c:32:07:61:66:be:8d:04:5d:41:de:4a:95:45:
         24:87:e3:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2p9888pRgxTISC6mPrLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZmE2YzQyOTkzMjFkYzVmYzkxZmM3OTYzYWE1MTQ4N2U0
YWY1ZTYwHhcNMjQwMTAxMjIzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGU3OTYxYTMzZWI3YzM2ZGQ3YTQ5YjlkMDQ0YzNjNDM4YWViMmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqV3Gfwgdq5VH1TDWiUSKUugLqWP4
HAIJyy8wL3r3nTeExfDVonL0Q9lb3wjYLKiNKGZ4PknklVI9bY1+BnGdG0ZDAZI4
8gV7rHVdum072IgWO287xG1jzfSLE48LANHFEKKBMlbtCVPkBCOX7iHhFg1h5sYl
WAEIzg3QkGwIYMtEWuutovs5nha3LhUcB3XppIE/TTOqiZkVRkgP8ej5gn9l1wt4
/3nSer13yPzxCcKyczMYswSw2NceSI0K1nhGN4vxUFrEUl/bxbJI6jptDAWs9TRd
gVNkwuQSMQpViihIJi5kPa+TeJfwavXX3IJbyztYyNgplTcjFTeGD9KsRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDnlhoz63w23XpJudBEw8Q4rrLKMB8GA1UdIwQY
MBaAFJT6bEKZMh3F/JH8eWOqUUh+SvXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFBwc1Fwa3lIY1g4a2Z4NVk2cFJTSDVLOWVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC80M2QyNTUtMjg0YS00NjhmLThiNmUt
ZmIxZTlkYjBjMzg4LzEvY09lV0dqUHJmRGJkZWttNTBFVER4RGl1c3NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC80M2QyNTUtMjg0YS00NjhmLThiNmUtZmIxZTlkYjBjMzg4
LzEvbFBwc1Fwa3lIY1g4a2Z4NVk2cFJTSDVLOWVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwqUeMA0G
CSqGSIb3DQEBCwUAA4IBAQBoASjOlT/wHtSy2wkovuJ1BgADZW2ja6ZD8TCkhBwR
k+cFiFv0H9le9ExzvcjhiCvAqXJUM1FLoNulW3CtJUF0SvgqGBXu1fg+R0ECd6VO
XS9C8KEt69//kr/IKf8eyESjMq09FInwGnwN6K+JrlcHro36QDWq1S55mGCddHHx
FpnEMNgtySl0HPxijT8ot13i87bQw9UIAFeKr+KsQKpLLKTSTrgm0Tt3D3xRqmxp
Ii/WNSB6l4y69ldNLpo0kV5hb1imxcsX+zcQ2uNKAGdbSZT6kTxsRS8TgpHhSJ9S
l7wlP9gcMHBYkSVtvLnCHDIHYWa+jQRdQd5KlUUkh+MJ
-----END CERTIFICATE-----