Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/a3df81-2096-493d-b106-46d6cea20342/1/HNJk7z1HM846pEGQq_UmMcMIANQ.roa
File:                     HNJk7z1HM846pEGQq_UmMcMIANQ.roa (raw, json)
Hash identifier:          vh5rOfmLT3SX9UnP7qRUkZxS/ncQp1dbHp/jz8xICHE=
Subject key identifier:   1C:D2:64:EF:3D:47:33:CE:3A:A4:41:90:AB:F5:26:31:C3:08:00:D4
Certificate issuer:       /CN=191ee3af820563494647551a5206ef0c45cf95c9
Certificate serial:       018CC8DF103357EB31150ED683C0AF60D56F
Authority key identifier: 19:1E:E3:AF:82:05:63:49:46:47:55:1A:52:06:EF:0C:45:CF:95:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GR7jr4IFY0lGR1UaUgbvDEXPlck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/a3df81-2096-493d-b106-46d6cea20342/1/HNJk7z1HM846pEGQq_UmMcMIANQ.roa
Signing time:             Tue 02 Jan 2024 06:31:51 +0000
ROA not before:           Tue 02 Jan 2024 06:31:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197081
IP address blocks:        95.131.16.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/a3df81-2096-493d-b106-46d6cea20342/1/GR7jr4IFY0lGR1UaUgbvDEXPlck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/a3df81-2096-493d-b106-46d6cea20342/1/GR7jr4IFY0lGR1UaUgbvDEXPlck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GR7jr4IFY0lGR1UaUgbvDEXPlck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 06:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:10:33:57:eb:31:15:0e:d6:83:c0:af:60:d5:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=191ee3af820563494647551a5206ef0c45cf95c9
        Validity
            Not Before: Jan  2 06:31:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1cd264ef3d4733ce3aa44190abf52631c30800d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e8:5a:4c:4d:27:35:78:40:dd:4f:e4:fa:b4:
                    ec:78:f0:80:88:e4:02:0e:ec:e1:4e:7f:62:89:87:
                    24:bc:8a:9f:01:64:55:51:39:91:0d:cb:a8:b8:ea:
                    e2:79:77:f3:d7:ca:36:59:f5:0a:cc:59:f6:ee:32:
                    0e:79:b3:70:83:d4:db:80:37:ed:00:75:b0:42:b4:
                    02:e6:69:bc:b6:e5:03:f7:d7:12:f4:16:d8:f6:01:
                    11:c2:9a:6b:07:b0:98:ae:1e:78:2e:e6:9b:59:1e:
                    47:e4:bf:74:35:fe:15:e6:cf:48:91:71:91:43:93:
                    5d:2c:41:85:cb:1d:c5:82:3f:5a:3b:23:8d:d4:78:
                    0e:b4:de:a8:64:28:9c:55:8a:9e:c2:0e:7e:fc:7a:
                    6a:f2:97:54:3a:c5:ae:c4:65:28:d3:96:6f:3b:f5:
                    57:a2:22:c7:d5:2f:f3:ba:7e:40:71:c5:51:3a:90:
                    7c:1a:21:9b:6b:9f:f3:04:e1:fd:37:79:27:98:2e:
                    44:b6:72:a2:8a:be:f2:86:33:2e:56:f5:da:4e:bf:
                    53:1e:a1:3e:37:86:04:67:62:49:d0:f4:07:0f:d0:
                    1a:72:32:f2:06:9b:ba:f1:46:0a:80:b2:fa:14:98:
                    f9:08:9d:32:c1:df:d5:66:13:4e:a2:33:0a:f3:81:
                    f3:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:D2:64:EF:3D:47:33:CE:3A:A4:41:90:AB:F5:26:31:C3:08:00:D4
            X509v3 Authority Key Identifier:
                keyid:19:1E:E3:AF:82:05:63:49:46:47:55:1A:52:06:EF:0C:45:CF:95:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GR7jr4IFY0lGR1UaUgbvDEXPlck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/a3df81-2096-493d-b106-46d6cea20342/1/HNJk7z1HM846pEGQq_UmMcMIANQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/a3df81-2096-493d-b106-46d6cea20342/1/GR7jr4IFY0lGR1UaUgbvDEXPlck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.131.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:49:63:2b:5c:ef:ed:1d:69:12:8b:97:1a:8b:cf:58:7c:12:
         fb:aa:0c:6f:bf:ad:ea:8e:d9:2e:55:d2:40:5a:0c:ff:02:43:
         82:14:c5:61:5b:1b:9a:ca:c3:e5:13:df:ae:f4:b6:fb:2a:5b:
         46:9f:02:12:77:4c:2a:ae:14:53:e4:1e:2b:fc:35:54:af:52:
         65:6c:c8:ec:fb:f5:25:95:e9:ca:89:9d:43:5e:fb:e4:f1:d8:
         2b:b3:85:57:ca:16:79:79:8f:68:05:e5:d7:ac:01:40:84:72:
         af:5d:14:3a:eb:82:27:af:80:7b:a3:e7:1d:22:ec:b6:3d:af:
         5d:25:f4:c6:16:ab:a8:e7:6f:11:e0:5d:7d:72:13:c9:51:95:
         c2:96:fe:f0:ba:40:1f:7c:bc:1b:3f:0f:33:43:7f:1d:97:f4:
         1a:09:2d:da:7e:0b:db:ed:12:82:59:72:17:b3:a0:dc:4d:e0:
         14:89:c8:ac:91:1e:35:59:8b:cd:c5:fe:f4:1c:c6:24:2e:b4:
         ba:76:47:8c:9f:ed:7c:de:a8:1c:f7:d2:2b:0d:76:fa:62:2f:
         99:5c:8f:e8:8b:5f:76:66:c0:10:fa:c1:c3:ef:f3:1a:19:dc:
         62:b9:c5:df:e2:99:c3:81:59:55:ad:bf:ba:c5:3a:0c:82:bc:
         d1:e6:dd:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3xAzV+sxFQ7Wg8CvYNVvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5MWVlM2FmODIwNTYzNDk0NjQ3NTUxYTUyMDZlZjBjNDVj
Zjk1YzkwHhcNMjQwMTAyMDYzMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2QyNjRlZjNkNDczM2NlM2FhNDQxOTBhYmY1MjYzMWMzMDgwMGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+haTE0nNXhA3U/k+rTsePCAiOQC
DuzhTn9iiYckvIqfAWRVUTmRDcuouOrieXfz18o2WfUKzFn27jIOebNwg9TbgDft
AHWwQrQC5mm8tuUD99cS9BbY9gERwpprB7CYrh54LuabWR5H5L90Nf4V5s9IkXGR
Q5NdLEGFyx3Fgj9aOyON1HgOtN6oZCicVYqewg5+/Hpq8pdUOsWuxGUo05ZvO/VX
oiLH1S/zun5AccVROpB8GiGba5/zBOH9N3knmC5EtnKiir7yhjMuVvXaTr9THqE+
N4YEZ2JJ0PQHD9AacjLyBpu68UYKgLL6FJj5CJ0ywd/VZhNOojMK84HzEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBzSZO89RzPOOqRBkKv1JjHDCADUMB8GA1UdIwQY
MBaAFBke46+CBWNJRkdVGlIG7wxFz5XJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1I3anI0SUZZMGxHUjFVYVVnYnZERVhQbGNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9hM2RmODEtMjA5Ni00OTNkLWIxMDYt
NDZkNmNlYTIwMzQyLzEvSE5Kazd6MUhNODQ2cEVHUXFfVW1NY01JQU5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9hM2RmODEtMjA5Ni00OTNkLWIxMDYtNDZkNmNlYTIwMzQy
LzEvR1I3anI0SUZZMGxHUjFVYVVnYnZERVhQbGNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBX4MQMA0G
CSqGSIb3DQEBCwUAA4IBAQAsSWMrXO/tHWkSi5cai89YfBL7qgxvv63qjtkuVdJA
Wgz/AkOCFMVhWxuaysPlE9+u9Lb7KltGnwISd0wqrhRT5B4r/DVUr1JlbMjs+/Ul
lenKiZ1DXvvk8dgrs4VXyhZ5eY9oBeXXrAFAhHKvXRQ664Inr4B7o+cdIuy2Pa9d
JfTGFquo528R4F19chPJUZXClv7wukAffLwbPw8zQ38dl/QaCS3afgvb7RKCWXIX
s6DcTeAUiciskR41WYvNxf70HMYkLrS6dkeMn+183qgc99IrDXb6Yi+ZXI/oi192
ZsAQ+sHD7/MaGdxiucXf4pnDgVlVrb+6xToMgrzR5t0O
-----END CERTIFICATE-----