Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/7d314e-42cd-42ce-985e-954f26913f43/1/COsRGsqGwXJ9lSKUNqt_0Otp6Aw.roa
File:                     COsRGsqGwXJ9lSKUNqt_0Otp6Aw.roa (raw, json)
Hash identifier:          ti8WTcoKBvD1NIgkSldJu910xb1BO1ecEdcugNFCv8g=
Subject key identifier:   08:EB:11:1A:CA:86:C1:72:7D:95:22:94:36:AB:7F:D0:EB:69:E8:0C
Certificate issuer:       /CN=ab9cfd157441f69428dd1f6361ca4f4ae42cb38a
Certificate serial:       018CC6B924AE4B760EA73ABBA7A7955D55F2
Authority key identifier: AB:9C:FD:15:74:41:F6:94:28:DD:1F:63:61:CA:4F:4A:E4:2C:B3:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q5z9FXRB9pQo3R9jYcpPSuQss4o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/7d314e-42cd-42ce-985e-954f26913f43/1/COsRGsqGwXJ9lSKUNqt_0Otp6Aw.roa
Signing time:             Mon 01 Jan 2024 20:31:11 +0000
ROA not before:           Mon 01 Jan 2024 20:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6799
IP address blocks:        194.125.252.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/7d314e-42cd-42ce-985e-954f26913f43/1/q5z9FXRB9pQo3R9jYcpPSuQss4o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/7d314e-42cd-42ce-985e-954f26913f43/1/q5z9FXRB9pQo3R9jYcpPSuQss4o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q5z9FXRB9pQo3R9jYcpPSuQss4o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:24:ae:4b:76:0e:a7:3a:bb:a7:a7:95:5d:55:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab9cfd157441f69428dd1f6361ca4f4ae42cb38a
        Validity
            Not Before: Jan  1 20:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08eb111aca86c1727d95229436ab7fd0eb69e80c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b0:0c:8e:58:c7:ba:86:0b:5f:0a:ae:93:76:
                    4f:86:9f:96:3e:1f:61:94:da:08:1a:0d:7b:1a:fc:
                    c0:fd:08:6b:97:ff:7e:57:55:01:93:e7:44:ef:aa:
                    f0:51:6d:04:84:9e:12:02:aa:48:bc:9b:c1:ca:31:
                    df:0a:7b:97:11:18:a0:61:db:26:30:7d:a1:75:ed:
                    c4:6f:a6:70:43:76:30:eb:49:2e:eb:0e:35:a5:00:
                    51:b3:8e:0e:59:14:11:f9:d4:c8:2e:55:ae:d7:25:
                    dd:c0:be:04:80:00:9b:4c:e8:c5:fc:46:0d:ec:94:
                    bf:82:08:e6:bf:14:f8:c8:70:35:e9:22:75:90:7b:
                    7c:50:3f:92:97:8b:21:5d:32:a0:19:4a:39:7f:b8:
                    11:4b:65:10:f9:49:2b:80:d1:f0:84:d5:f0:c7:4c:
                    7f:f2:53:05:de:90:3a:1e:df:7c:50:0d:04:0c:d5:
                    2d:21:44:22:ca:c7:ac:ee:39:2b:11:c1:3e:0e:14:
                    c3:2c:3e:9d:a8:61:ea:b1:10:55:a1:69:12:f0:5b:
                    61:8b:95:3b:47:58:d9:50:6b:41:16:a2:52:99:0b:
                    85:bf:42:a4:33:7b:65:77:3d:25:d6:6f:a8:c3:13:
                    3a:00:c0:2d:e7:bd:40:c5:ba:b6:5f:1f:c8:bc:75:
                    83:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:EB:11:1A:CA:86:C1:72:7D:95:22:94:36:AB:7F:D0:EB:69:E8:0C
            X509v3 Authority Key Identifier:
                keyid:AB:9C:FD:15:74:41:F6:94:28:DD:1F:63:61:CA:4F:4A:E4:2C:B3:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q5z9FXRB9pQo3R9jYcpPSuQss4o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/7d314e-42cd-42ce-985e-954f26913f43/1/COsRGsqGwXJ9lSKUNqt_0Otp6Aw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/7d314e-42cd-42ce-985e-954f26913f43/1/q5z9FXRB9pQo3R9jYcpPSuQss4o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.125.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:01:6d:52:9d:ed:30:f2:ea:37:1d:fe:8d:a7:90:ca:32:44:
         06:13:e5:1d:a9:36:93:4a:27:ec:f6:fa:ab:28:ad:de:d5:bc:
         16:d6:d1:88:41:ff:50:f6:36:3a:e3:b2:86:5e:a4:9c:ef:f7:
         8a:43:67:38:cd:4e:e0:13:7a:f9:78:4f:00:c3:e5:43:78:ce:
         4c:88:dc:17:c9:6c:3d:b8:9b:93:6a:1e:8e:db:c9:80:df:69:
         a2:8e:3e:09:43:c2:de:cc:29:a2:36:44:6f:b7:43:89:28:e4:
         f9:83:dc:a4:99:f9:b6:df:84:cc:c7:b2:4e:ac:d8:18:93:55:
         64:f9:18:0e:51:83:64:80:a4:9a:c0:7b:af:12:f3:6a:4f:85:
         a0:9e:2c:ed:a7:58:62:95:54:84:68:76:54:86:4b:7d:74:4d:
         3c:8c:50:34:c3:70:71:c4:0f:96:40:1e:a7:3b:bb:38:05:6f:
         d4:a4:c0:80:7a:55:b8:7c:38:54:47:91:15:fb:55:a6:6a:ae:
         f8:a5:fa:be:f4:f8:46:65:8f:77:1d:ec:5a:98:6d:b8:5e:ea:
         9f:01:40:44:5b:55:0c:b8:32:9e:c0:ac:ad:e5:93:ea:c5:0e:
         c7:74:54:0e:34:33:3a:54:c8:51:c2:68:c0:a1:3a:30:b7:ba:
         55:14:1e:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSSuS3YOpzq7p6eVXVXyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiOWNmZDE1NzQ0MWY2OTQyOGRkMWY2MzYxY2E0ZjRhZTQy
Y2IzOGEwHhcNMjQwMTAxMjAzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGViMTExYWNhODZjMTcyN2Q5NTIyOTQzNmFiN2ZkMGViNjllODBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7AMjljHuoYLXwquk3ZPhp+WPh9h
lNoIGg17GvzA/Qhrl/9+V1UBk+dE76rwUW0EhJ4SAqpIvJvByjHfCnuXERigYdsm
MH2hde3Eb6ZwQ3Yw60ku6w41pQBRs44OWRQR+dTILlWu1yXdwL4EgACbTOjF/EYN
7JS/ggjmvxT4yHA16SJ1kHt8UD+Sl4shXTKgGUo5f7gRS2UQ+UkrgNHwhNXwx0x/
8lMF3pA6Ht98UA0EDNUtIUQiyses7jkrEcE+DhTDLD6dqGHqsRBVoWkS8Fthi5U7
R1jZUGtBFqJSmQuFv0KkM3tldz0l1m+owxM6AMAt571Axbq2Xx/IvHWD9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjrERrKhsFyfZUilDarf9DraegMMB8GA1UdIwQY
MBaAFKuc/RV0QfaUKN0fY2HKT0rkLLOKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTV6OUZYUkI5cFFvM1I5alljcFBTdVFzczRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi83ZDMxNGUtNDJjZC00MmNlLTk4NWUt
OTU0ZjI2OTEzZjQzLzEvQ09zUkdzcUd3WEo5bFNLVU5xdF8wT3RwNkF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi83ZDMxNGUtNDJjZC00MmNlLTk4NWUtOTU0ZjI2OTEzZjQz
LzEvcTV6OUZYUkI5cFFvM1I5alljcFBTdVFzczRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwn38MA0G
CSqGSIb3DQEBCwUAA4IBAQA0AW1Sne0w8uo3Hf6Np5DKMkQGE+UdqTaTSifs9vqr
KK3e1bwW1tGIQf9Q9jY647KGXqSc7/eKQ2c4zU7gE3r5eE8Aw+VDeM5MiNwXyWw9
uJuTah6O28mA32mijj4JQ8LezCmiNkRvt0OJKOT5g9ykmfm234TMx7JOrNgYk1Vk
+RgOUYNkgKSawHuvEvNqT4Wgniztp1hilVSEaHZUhkt9dE08jFA0w3BxxA+WQB6n
O7s4BW/UpMCAelW4fDhUR5EV+1Wmaq74pfq+9PhGZY93HexamG24XuqfAUBEW1UM
uDKewKyt5ZPqxQ7HdFQONDM6VMhRwmjAoTowt7pVFB65
-----END CERTIFICATE-----