Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/482708-c1d4-40fc-9321-6698b93233d6/1/XsLMgFhH6aIjmRPUYwcy8SA2mM8.roa
File:                     XsLMgFhH6aIjmRPUYwcy8SA2mM8.roa (raw, json)
Hash identifier:          LlD5nY0I8JDzIffH9n3rG6LInjdphBh7nqXgX4J8iaM=
Subject key identifier:   5E:C2:CC:80:58:47:E9:A2:23:99:13:D4:63:07:32:F1:20:36:98:CF
Certificate issuer:       /CN=f9742d777d082416a2d847d4003a331b50e2423e
Certificate serial:       018CC56EF0C3755167EF3D032A5DA2A8AC48
Authority key identifier: F9:74:2D:77:7D:08:24:16:A2:D8:47:D4:00:3A:33:1B:50:E2:42:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-XQtd30IJBai2EfUADozG1DiQj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/482708-c1d4-40fc-9321-6698b93233d6/1/XsLMgFhH6aIjmRPUYwcy8SA2mM8.roa
Signing time:             Mon 01 Jan 2024 14:30:31 +0000
ROA not before:           Mon 01 Jan 2024 14:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39373
IP address blocks:        195.178.100.0/24 maxlen: 24
                          195.178.100.0/23 maxlen: 24
                          195.178.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/482708-c1d4-40fc-9321-6698b93233d6/1/1-XQtd30IJBai2EfUADozG1DiQj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/482708-c1d4-40fc-9321-6698b93233d6/1/1-XQtd30IJBai2EfUADozG1DiQj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-XQtd30IJBai2EfUADozG1DiQj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f0:c3:75:51:67:ef:3d:03:2a:5d:a2:a8:ac:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f9742d777d082416a2d847d4003a331b50e2423e
        Validity
            Not Before: Jan  1 14:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ec2cc805847e9a2239913d4630732f1203698cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:23:29:4d:6b:09:c0:61:19:ce:a7:72:43:ca:
                    b3:12:3c:53:22:22:ba:6d:48:b0:5c:5e:cb:f2:6d:
                    1c:1d:1f:2a:a6:2d:c4:e8:20:08:1b:7d:b3:f3:56:
                    90:3c:32:79:03:ed:ad:74:2a:4e:a3:0d:f7:14:08:
                    44:0c:f1:56:e4:d3:aa:3d:42:17:8e:04:ce:8c:9e:
                    28:89:a4:44:b0:5a:83:86:9f:98:c0:ac:b8:2b:8d:
                    49:67:01:c3:74:97:a2:e7:0a:d8:d7:60:39:eb:c0:
                    4c:26:ff:e9:3d:98:11:6d:b2:87:fc:74:33:37:f6:
                    ec:96:eb:fa:6e:4b:9f:88:96:66:72:10:4d:07:37:
                    d0:52:7c:13:88:0e:29:ea:bb:a2:a7:2e:6d:8a:40:
                    cb:3e:ac:e4:36:01:8a:f6:07:5b:9d:ab:2e:ce:47:
                    63:e4:82:15:42:30:bc:b6:50:f1:cd:91:43:57:7f:
                    91:0f:f7:8b:37:2b:3e:53:33:04:00:0c:12:30:19:
                    fc:5d:05:c4:a5:77:ec:96:15:a2:f5:79:81:e5:4a:
                    9e:7f:e0:a0:8c:4a:7e:55:1b:80:0f:85:a7:8b:8b:
                    5b:8e:52:d6:38:74:3e:32:87:71:23:08:23:e5:28:
                    dc:3f:05:82:ed:31:ee:ad:fc:74:ab:b7:5c:f2:36:
                    4e:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:C2:CC:80:58:47:E9:A2:23:99:13:D4:63:07:32:F1:20:36:98:CF
            X509v3 Authority Key Identifier:
                keyid:F9:74:2D:77:7D:08:24:16:A2:D8:47:D4:00:3A:33:1B:50:E2:42:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-XQtd30IJBai2EfUADozG1DiQj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/482708-c1d4-40fc-9321-6698b93233d6/1/XsLMgFhH6aIjmRPUYwcy8SA2mM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/482708-c1d4-40fc-9321-6698b93233d6/1/1-XQtd30IJBai2EfUADozG1DiQj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:ea:75:90:3a:cd:9e:5e:38:56:06:4c:15:3e:02:79:65:b0:
         ef:5b:ea:c8:4f:6c:55:3a:8a:5e:0a:6c:9e:96:97:f6:f1:30:
         ea:a8:42:6a:80:ba:99:1e:5b:b2:47:e9:75:ed:b7:22:c4:65:
         16:92:ca:22:3c:c7:70:05:c4:21:a2:28:ec:ce:f1:eb:56:2f:
         e7:0f:3b:e0:85:8d:6c:e4:95:eb:90:53:c6:b6:02:17:83:36:
         e1:83:be:11:78:f9:1e:8e:94:a6:16:30:33:23:2c:66:14:04:
         46:b0:8d:8b:ec:1f:8b:ca:ad:7d:e0:44:33:90:79:9a:c7:5c:
         87:aa:63:f1:fd:60:5f:0b:ae:4e:bf:27:31:9f:58:2c:d6:e1:
         9c:3a:c5:86:67:82:08:7e:60:6b:1d:4b:2e:24:e9:12:af:75:
         fa:ba:15:fe:5c:3b:0b:df:a3:40:89:8e:0f:b9:2c:26:9b:db:
         03:ae:0a:a3:dc:f5:ec:8f:7c:79:92:f3:3e:7b:97:10:ea:e0:
         a6:4b:1c:13:25:2b:8c:78:3d:b8:4e:f2:01:05:b0:01:a7:0e:
         aa:ad:9c:9e:27:bb:a7:bf:69:5a:d8:3d:08:52:88:5f:e8:e7:
         ce:3d:2e:b9:a7:b8:2a:65:4b:4f:b2:a5:68:0f:b5:95:05:0b:
         d1:ad:ea:d3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzFbvDDdVFn7z0DKl2iqKxIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5NzQyZDc3N2QwODI0MTZhMmQ4NDdkNDAwM2EzMzFiNTBl
MjQyM2UwHhcNMjQwMTAxMTQzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWMyY2M4MDU4NDdlOWEyMjM5OTEzZDQ2MzA3MzJmMTIwMzY5OGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjiMpTWsJwGEZzqdyQ8qzEjxTIiK6
bUiwXF7L8m0cHR8qpi3E6CAIG32z81aQPDJ5A+2tdCpOow33FAhEDPFW5NOqPUIX
jgTOjJ4oiaREsFqDhp+YwKy4K41JZwHDdJei5wrY12A568BMJv/pPZgRbbKH/HQz
N/bsluv6bkufiJZmchBNBzfQUnwTiA4p6ruipy5tikDLPqzkNgGK9gdbnasuzkdj
5IIVQjC8tlDxzZFDV3+RD/eLNys+UzMEAAwSMBn8XQXEpXfslhWi9XmB5Uqef+Cg
jEp+VRuAD4Wni4tbjlLWOHQ+ModxIwgj5SjcPwWC7THurfx0q7dc8jZOzQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFF7CzIBYR+miI5kT1GMHMvEgNpjPMB8GA1UdIwQY
MBaAFPl0LXd9CCQWothH1AA6MxtQ4kI+MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1YUXRkMzBJSkJhaTJFZlVBRG96RzFEaVFqNC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDQvNDgyNzA4LWMxZDQtNDBmYy05MzIx
LTY2OThiOTMyMzNkNi8xL1hzTE1nRmhINmFJam1SUFVZd2N5OFNBMm1NOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDQvNDgyNzA4LWMxZDQtNDBmYy05MzIxLTY2OThiOTMyMzNk
Ni8xLzEtWFF0ZDMwSUpCYWkyRWZVQURvekcxRGlRajQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHDsmQw
DQYJKoZIhvcNAQELBQADggEBAHjqdZA6zZ5eOFYGTBU+AnllsO9b6shPbFU6il4K
bJ6Wl/bxMOqoQmqAupkeW7JH6XXttyLEZRaSyiI8x3AFxCGiKOzO8etWL+cPO+CF
jWzkleuQU8a2AheDNuGDvhF4+R6OlKYWMDMjLGYUBEawjYvsH4vKrX3gRDOQeZrH
XIeqY/H9YF8Lrk6/JzGfWCzW4Zw6xYZnggh+YGsdSy4k6RKvdfq6Ff5cOwvfo0CJ
jg+5LCab2wOuCqPc9eyPfHmS8z57lxDq4KZLHBMlK4x4PbhO8gEFsAGnDqqtnJ4n
u6e/aVrYPQhSiF/o5849LrmnuCplS0+ypWgPtZUFC9Gt6tM=
-----END CERTIFICATE-----