Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/4b6ef4-38ee-4c06-8cb6-76982493ea1a/1/H412dFhpULtmjw9nq96ZzXLHVyc.roa
File:                     H412dFhpULtmjw9nq96ZzXLHVyc.roa (raw, json)
Hash identifier:          uDe4a41iWG66UKXhgc+CadzXPkPzpEahBptzcEzltrU=
Subject key identifier:   1F:8D:76:74:58:69:50:BB:66:8F:0F:67:AB:DE:99:CD:72:C7:57:27
Certificate issuer:       /CN=290bcc50a9a33ba5651efd1afe40b6fdb02556f0
Certificate serial:       018CC5DC54BBF124AEBC025C7094F6389C2A
Authority key identifier: 29:0B:CC:50:A9:A3:3B:A5:65:1E:FD:1A:FE:40:B6:FD:B0:25:56:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQvMUKmjO6VlHv0a_kC2_bAlVvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/4b6ef4-38ee-4c06-8cb6-76982493ea1a/1/H412dFhpULtmjw9nq96ZzXLHVyc.roa
Signing time:             Mon 01 Jan 2024 16:30:00 +0000
ROA not before:           Mon 01 Jan 2024 16:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49066
IP address blocks:        95.215.136.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/4b6ef4-38ee-4c06-8cb6-76982493ea1a/1/KQvMUKmjO6VlHv0a_kC2_bAlVvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/4b6ef4-38ee-4c06-8cb6-76982493ea1a/1/KQvMUKmjO6VlHv0a_kC2_bAlVvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQvMUKmjO6VlHv0a_kC2_bAlVvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:54:bb:f1:24:ae:bc:02:5c:70:94:f6:38:9c:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=290bcc50a9a33ba5651efd1afe40b6fdb02556f0
        Validity
            Not Before: Jan  1 16:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f8d7674586950bb668f0f67abde99cd72c75727
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:07:11:c1:2a:d1:83:ca:7e:a9:64:6d:bf:49:
                    7a:8d:7a:3c:34:f2:35:ba:79:25:97:19:1a:54:a9:
                    0b:8c:4f:bf:6b:eb:c2:12:85:9b:8a:d8:c1:5a:4a:
                    34:31:08:8e:f1:a8:3e:b8:c9:33:bc:6b:97:e9:65:
                    02:f6:4b:04:c9:86:0d:5f:4f:0b:40:d2:17:15:d8:
                    65:27:fb:6f:07:a0:62:a1:4b:96:1e:96:3e:32:60:
                    0d:c0:fa:12:ec:1a:1b:9b:c7:5c:c3:74:75:81:30:
                    09:04:84:66:fa:2d:c4:c2:1b:6a:2c:e0:65:a4:e9:
                    fa:a8:79:6a:df:5e:a9:ec:9b:66:bf:99:31:a2:f3:
                    24:76:41:1e:33:c3:9e:4e:12:c9:c2:3a:d2:77:9f:
                    db:23:d0:82:8f:2a:b3:a8:16:da:a0:9c:df:fc:35:
                    2e:b9:39:6d:94:0b:e1:83:7d:d7:dc:67:b2:75:25:
                    65:e9:71:19:9f:14:c3:29:aa:55:21:18:0b:0b:97:
                    4a:b6:f3:4c:57:81:6c:46:3b:60:19:9f:65:31:37:
                    31:b8:47:f9:f7:48:79:62:6f:e5:19:9b:18:60:e2:
                    a0:c5:9f:6c:ad:37:4b:cf:7e:08:33:c9:d5:bc:f5:
                    6d:7d:7a:c8:c0:54:d4:92:fe:ed:a7:16:91:28:50:
                    49:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:8D:76:74:58:69:50:BB:66:8F:0F:67:AB:DE:99:CD:72:C7:57:27
            X509v3 Authority Key Identifier:
                keyid:29:0B:CC:50:A9:A3:3B:A5:65:1E:FD:1A:FE:40:B6:FD:B0:25:56:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQvMUKmjO6VlHv0a_kC2_bAlVvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/4b6ef4-38ee-4c06-8cb6-76982493ea1a/1/H412dFhpULtmjw9nq96ZzXLHVyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/4b6ef4-38ee-4c06-8cb6-76982493ea1a/1/KQvMUKmjO6VlHv0a_kC2_bAlVvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:93:c3:58:63:40:ff:36:72:cb:e2:20:ee:99:c3:f8:d8:cf:
         a1:f2:ba:68:f2:a5:98:98:17:48:b8:e9:e7:85:6d:e4:b4:d9:
         f7:4c:ed:35:bc:70:c8:d2:fa:6d:9d:df:57:b7:63:57:9e:c8:
         55:2b:c5:49:a4:8f:b7:0e:59:64:53:c8:b4:df:78:35:ef:8a:
         9a:44:81:36:c9:e2:3d:e4:5c:c2:96:79:8b:8b:47:54:93:d7:
         5e:f4:43:c3:ea:85:e2:c7:ac:52:9f:0c:b7:67:df:0f:01:38:
         60:6e:37:15:8c:e3:5c:6a:1d:2b:4f:cc:22:62:94:e1:20:07:
         e6:99:ba:c4:5e:64:c0:44:e8:67:62:a7:dc:05:cb:3b:65:7c:
         33:50:d0:9c:f6:13:37:c6:ae:4a:26:1d:a5:2d:4a:a9:d1:75:
         f7:1e:0e:de:83:3c:9e:5f:13:b2:3b:9d:b1:7a:e9:a8:0e:8b:
         3e:4f:3e:f7:e5:cf:f8:ac:8a:7c:f8:50:73:29:f5:7b:37:62:
         c4:72:58:0b:53:21:31:5c:ef:2d:d0:d0:80:11:1d:90:40:7e:
         b6:d8:1a:19:a3:cd:c8:3f:d3:70:a3:ab:0b:98:7f:b5:49:f0:
         4d:4b:95:38:a1:b7:c2:c8:b5:2c:73:2d:65:90:95:d2:f0:69:
         80:23:8d:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3FS78SSuvAJccJT2OJwqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MGJjYzUwYTlhMzNiYTU2NTFlZmQxYWZlNDBiNmZkYjAy
NTU2ZjAwHhcNMjQwMTAxMTYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjhkNzY3NDU4Njk1MGJiNjY4ZjBmNjdhYmRlOTljZDcyYzc1NzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowcRwSrRg8p+qWRtv0l6jXo8NPI1
unkllxkaVKkLjE+/a+vCEoWbitjBWko0MQiO8ag+uMkzvGuX6WUC9ksEyYYNX08L
QNIXFdhlJ/tvB6BioUuWHpY+MmANwPoS7Bobm8dcw3R1gTAJBIRm+i3EwhtqLOBl
pOn6qHlq316p7Jtmv5kxovMkdkEeM8OeThLJwjrSd5/bI9CCjyqzqBbaoJzf/DUu
uTltlAvhg33X3GeydSVl6XEZnxTDKapVIRgLC5dKtvNMV4FsRjtgGZ9lMTcxuEf5
90h5Ym/lGZsYYOKgxZ9srTdLz34IM8nVvPVtfXrIwFTUkv7tpxaRKFBJBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+NdnRYaVC7Zo8PZ6vemc1yx1cnMB8GA1UdIwQY
MBaAFCkLzFCpozulZR79Gv5Atv2wJVbwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1F2TVVLbWpPNlZsSHYwYV9rQzJfYkFsVnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi80YjZlZjQtMzhlZS00YzA2LThjYjYt
NzY5ODI0OTNlYTFhLzEvSDQxMmRGaHBVTHRtanc5bnE5Nlp6WExIVnljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi80YjZlZjQtMzhlZS00YzA2LThjYjYtNzY5ODI0OTNlYTFh
LzEvS1F2TVVLbWpPNlZsSHYwYV9rQzJfYkFsVnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX9eIMA0G
CSqGSIb3DQEBCwUAA4IBAQCKk8NYY0D/NnLL4iDumcP42M+h8rpo8qWYmBdIuOnn
hW3ktNn3TO01vHDI0vptnd9Xt2NXnshVK8VJpI+3DllkU8i033g174qaRIE2yeI9
5FzClnmLi0dUk9de9EPD6oXix6xSnwy3Z98PAThgbjcVjONcah0rT8wiYpThIAfm
mbrEXmTAROhnYqfcBcs7ZXwzUNCc9hM3xq5KJh2lLUqp0XX3Hg7egzyeXxOyO52x
eumoDos+Tz735c/4rIp8+FBzKfV7N2LEclgLUyExXO8t0NCAER2QQH622BoZo83I
P9Nwo6sLmH+1SfBNS5U4obfCyLUscy1lkJXS8GmAI42t
-----END CERTIFICATE-----