Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/U1JP2MuzfSFugPsjFlFL6_kxsc0.roa
File:                     U1JP2MuzfSFugPsjFlFL6_kxsc0.roa (raw, json)
Hash identifier:          IBz/FrnOV9KUQqfWB+26tXBEvOp6cEjxReGFO0wzXaY=
Subject key identifier:   53:52:4F:D8:CB:B3:7D:21:6E:80:FB:23:16:51:4B:EB:F9:31:B1:CD
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       018F5C2234E242576792C79FC370F0D59E4C
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/U1JP2MuzfSFugPsjFlFL6_kxsc0.roa
Signing time:             Thu 09 May 2024 06:54:56 +0000
ROA not before:           Thu 09 May 2024 06:54:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34636
IP address blocks:        195.190.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:5c:22:34:e2:42:57:67:92:c7:9f:c3:70:f0:d5:9e:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: May  9 06:54:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53524fd8cbb37d216e80fb2316514bebf931b1cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a5:8c:ae:6e:9d:38:91:c0:19:8f:6e:d0:ee:
                    be:3e:57:7e:56:c3:77:99:7c:11:2a:23:a3:27:2e:
                    f7:74:ee:f4:d2:88:1e:64:66:b0:3c:13:f8:ff:2e:
                    8b:a7:a2:cc:02:d5:af:66:40:9b:03:9a:e4:c3:29:
                    16:d6:53:e6:30:ac:af:17:91:7f:e4:9c:c0:bb:7e:
                    52:3d:9b:ea:9e:ef:dd:fc:3e:60:95:2a:61:cc:06:
                    ad:1d:7d:58:5b:f9:b9:40:13:e8:25:a2:fe:da:54:
                    67:ed:d3:d7:77:a3:66:30:a6:f4:1b:46:80:20:ca:
                    6e:f0:1c:f8:02:8f:7c:ca:a8:83:56:b9:6b:55:12:
                    58:eb:eb:fe:98:83:13:53:32:90:2a:4b:eb:ba:5b:
                    fb:c9:f5:71:f4:3c:5a:b3:88:ea:dd:7a:eb:e0:66:
                    b6:bd:00:db:96:2a:56:c4:45:c2:2a:4b:11:a5:51:
                    a3:65:f3:6b:3c:f3:24:f9:fe:7d:c2:e6:7b:36:39:
                    6d:16:62:d4:25:71:26:54:04:98:c9:fe:5d:ad:56:
                    cc:ea:73:66:35:0e:8c:10:c0:e0:31:8f:c4:ca:1e:
                    d2:3e:14:d2:7a:fd:88:1f:9d:d7:74:da:8b:a8:75:
                    59:3f:9b:eb:9a:c5:ef:6e:b9:54:70:c7:ca:8f:f1:
                    0a:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:52:4F:D8:CB:B3:7D:21:6E:80:FB:23:16:51:4B:EB:F9:31:B1:CD
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/U1JP2MuzfSFugPsjFlFL6_kxsc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.190.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:64:de:26:70:b6:23:4c:8b:e8:a7:bc:d3:fd:ec:05:a7:3c:
         79:c9:b6:36:bd:5a:32:0d:68:e2:cd:09:f7:92:d1:10:37:1e:
         50:ec:77:73:44:21:bf:60:f7:16:b7:e5:32:72:e7:90:79:8e:
         57:82:29:02:86:55:86:76:db:49:79:1c:c5:aa:a0:16:8d:3b:
         d7:02:01:c5:a0:8e:b1:96:d1:62:d5:78:4f:84:7a:d4:6e:cf:
         1c:3a:59:f2:24:23:05:ea:33:cc:e8:9b:21:0f:5d:47:1e:4a:
         ca:d0:a0:34:08:90:e1:e2:cf:34:62:7f:1f:54:25:09:74:f6:
         7e:f8:3e:9d:9b:c0:7d:15:e3:e2:fb:8c:d7:99:ee:97:c6:94:
         33:61:06:cf:88:d8:92:a2:fe:8e:09:08:12:7e:a4:da:b7:b4:
         50:f7:6a:d2:99:b3:02:1f:30:94:b6:30:c0:c3:0a:ab:f8:c8:
         9e:28:98:3e:0a:56:85:80:34:6a:ba:98:58:29:d0:3f:e6:6d:
         4a:cc:40:23:fd:d6:6b:ec:2d:43:91:b8:29:7d:46:99:ec:ae:
         6c:e3:7b:67:76:b1:f9:8b:cc:9c:9f:4e:bf:20:c5:e9:ca:54:
         7f:2d:67:c3:a3:c1:7f:0a:df:d5:03:4b:a0:0b:9b:ec:27:b3:
         7c:07:e1:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9cIjTiQldnksefw3Dw1Z5MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjQwNTA5MDY1NDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzUyNGZkOGNiYjM3ZDIxNmU4MGZiMjMxNjUxNGJlYmY5MzFiMWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6WMrm6dOJHAGY9u0O6+Pld+VsN3
mXwRKiOjJy73dO700ogeZGawPBP4/y6Lp6LMAtWvZkCbA5rkwykW1lPmMKyvF5F/
5JzAu35SPZvqnu/d/D5glSphzAatHX1YW/m5QBPoJaL+2lRn7dPXd6NmMKb0G0aA
IMpu8Bz4Ao98yqiDVrlrVRJY6+v+mIMTUzKQKkvrulv7yfVx9Dxas4jq3Xrr4Ga2
vQDblipWxEXCKksRpVGjZfNrPPMk+f59wuZ7NjltFmLUJXEmVASYyf5drVbM6nNm
NQ6MEMDgMY/Eyh7SPhTSev2IH53XdNqLqHVZP5vrmsXvbrlUcMfKj/EKxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFNST9jLs30hboD7IxZRS+v5MbHNMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvVTFKUDJNdXpmU0Z1Z1BzakZsRkw2X2t4c2MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw76QMA0G
CSqGSIb3DQEBCwUAA4IBAQBhZN4mcLYjTIvop7zT/ewFpzx5ybY2vVoyDWjizQn3
ktEQNx5Q7HdzRCG/YPcWt+UycueQeY5XgikChlWGdttJeRzFqqAWjTvXAgHFoI6x
ltFi1XhPhHrUbs8cOlnyJCMF6jPM6JshD11HHkrK0KA0CJDh4s80Yn8fVCUJdPZ+
+D6dm8B9FePi+4zXme6XxpQzYQbPiNiSov6OCQgSfqTat7RQ92rSmbMCHzCUtjDA
wwqr+MieKJg+ClaFgDRquphYKdA/5m1KzEAj/dZr7C1DkbgpfUaZ7K5s43tndrH5
i8ycn06/IMXpylR/LWfDo8F/Ct/VA0ugC5vsJ7N8B+H5
-----END CERTIFICATE-----