Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/oXNf5SHrKh2QWntqtmC7qB19SGk.roa
File:                     oXNf5SHrKh2QWntqtmC7qB19SGk.roa (raw, json)
Hash identifier:          qifSnbRKsEUjrXFAx3OGYSd8X1I2Ha3pqqE8xrvWVLQ=
Subject key identifier:   A1:73:5F:E5:21:EB:2A:1D:90:5A:7B:6A:B6:60:BB:A8:1D:7D:48:69
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       01942143E7F4F1358D17136E7C4F76FFBB90
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/oXNf5SHrKh2QWntqtmC7qB19SGk.roa
Signing time:             Wed 01 Jan 2025 09:48:05 +0000
ROA not before:           Wed 01 Jan 2025 09:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63023
IP address blocks:        195.254.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:e7:f4:f1:35:8d:17:13:6e:7c:4f:76:ff:bb:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Jan  1 09:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1735fe521eb2a1d905a7b6ab660bba81d7d4869
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:25:e1:20:cc:40:7e:80:ca:9a:53:08:2a:c6:
                    14:07:7d:4d:b6:65:2e:26:89:f8:8d:90:ae:63:a4:
                    ad:1a:ef:b9:2d:72:39:5d:63:a7:e9:23:94:09:05:
                    ce:cd:6b:2f:c1:0d:53:af:35:aa:74:30:63:ab:9b:
                    b5:5e:c5:27:cb:41:0b:9b:5c:c6:d8:82:d0:ce:07:
                    b1:f1:b1:db:64:ca:53:f0:04:85:82:2a:38:e8:84:
                    05:c8:f0:96:e4:21:b7:a0:0d:50:b0:86:68:99:8a:
                    84:29:a8:ea:18:29:1b:07:1a:f5:ea:08:17:7c:ef:
                    6a:df:d9:d3:33:63:1e:f7:db:27:d2:d6:42:21:dc:
                    13:e3:8a:8e:d3:59:b6:33:e0:42:27:45:b9:f9:55:
                    20:a8:98:f2:a7:e8:f2:59:20:14:70:8d:2a:cf:41:
                    9e:19:b8:93:e8:f8:02:13:59:e1:d9:0a:a7:cb:a1:
                    9e:0f:0e:c3:75:49:aa:c6:31:f9:94:fb:9c:1b:90:
                    d8:0a:79:03:93:cb:39:16:40:99:94:b9:0e:89:04:
                    2d:99:a3:a4:82:fc:01:1d:aa:3e:37:10:9c:59:3a:
                    02:50:bc:ba:e5:25:e1:5b:10:17:47:94:b2:53:26:
                    8f:6e:8d:8b:8b:9d:78:19:f9:b5:79:03:fa:94:5e:
                    c1:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:73:5F:E5:21:EB:2A:1D:90:5A:7B:6A:B6:60:BB:A8:1D:7D:48:69
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/oXNf5SHrKh2QWntqtmC7qB19SGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.254.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:58:be:0f:0e:dd:29:eb:bb:f6:41:96:76:d6:6a:c6:40:91:
         ec:f6:e9:1f:47:f9:26:de:93:fc:35:c3:1b:a2:18:ce:dd:51:
         2c:48:fc:6b:ca:0c:e3:1d:6f:4e:72:f7:ac:4f:16:b4:a2:5a:
         03:30:96:15:cd:e0:8b:68:c5:ff:38:0a:46:4e:3d:c7:9e:27:
         28:bd:3e:4a:44:0c:a7:07:f8:9e:68:09:96:73:99:77:c5:f3:
         c7:30:96:4c:b9:64:0c:04:00:e6:62:d7:48:15:70:b1:00:e7:
         79:e9:06:1a:da:88:da:ab:b9:9d:65:4c:b9:e2:dd:ca:b6:eb:
         e9:74:cd:3a:01:e5:55:16:bd:12:35:72:a5:df:3d:8d:45:2a:
         8c:03:db:b3:b9:13:2d:78:e0:dd:21:73:37:63:0c:ce:a1:a8:
         8f:b9:d5:15:9e:bc:2c:eb:57:85:d0:67:2a:0e:43:85:76:21:
         01:bf:2c:9c:71:90:11:5e:1f:3b:68:a2:f7:ba:27:81:57:3c:
         f0:16:4a:5c:2d:44:13:db:ba:a3:3a:64:44:2d:a7:ec:d6:ad:
         1b:3a:45:6e:d2:ec:bd:14:96:1f:60:cc:59:f1:e0:43:3f:e6:
         07:87:4d:1d:b1:00:b3:45:09:b3:73:3c:ac:28:76:2d:3b:e5:
         31:e9:e6:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ+f08TWNFxNufE92/7uQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjUwMTAxMDk0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTczNWZlNTIxZWIyYTFkOTA1YTdiNmFiNjYwYmJhODFkN2Q0ODY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryXhIMxAfoDKmlMIKsYUB31NtmUu
Jon4jZCuY6StGu+5LXI5XWOn6SOUCQXOzWsvwQ1TrzWqdDBjq5u1XsUny0ELm1zG
2ILQzgex8bHbZMpT8ASFgio46IQFyPCW5CG3oA1QsIZomYqEKajqGCkbBxr16ggX
fO9q39nTM2Me99sn0tZCIdwT44qO01m2M+BCJ0W5+VUgqJjyp+jyWSAUcI0qz0Ge
GbiT6PgCE1nh2Qqny6GeDw7DdUmqxjH5lPucG5DYCnkDk8s5FkCZlLkOiQQtmaOk
gvwBHao+NxCcWToCULy65SXhWxAXR5SyUyaPbo2Li514Gfm1eQP6lF7BawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKFzX+Uh6yodkFp7arZgu6gdfUhpMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvb1hOZjVTSHJLaDJRV250cXRtQzdxQjE5U0drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/6lMA0G
CSqGSIb3DQEBCwUAA4IBAQAcWL4PDt0p67v2QZZ21mrGQJHs9ukfR/km3pP8NcMb
ohjO3VEsSPxrygzjHW9OcvesTxa0oloDMJYVzeCLaMX/OApGTj3HnicovT5KRAyn
B/ieaAmWc5l3xfPHMJZMuWQMBADmYtdIFXCxAOd56QYa2ojaq7mdZUy54t3Ktuvp
dM06AeVVFr0SNXKl3z2NRSqMA9uzuRMteODdIXM3YwzOoaiPudUVnrws61eF0Gcq
DkOFdiEBvyyccZARXh87aKL3uieBVzzwFkpcLUQT27qjOmRELafs1q0bOkVu0uy9
FJYfYMxZ8eBDP+YHh00dsQCzRQmzczysKHYtO+Ux6eaP
-----END CERTIFICATE-----