Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/Ab-hwLaFaR6x6Ki_0J7S5OvATP8.roa
File:                     Ab-hwLaFaR6x6Ki_0J7S5OvATP8.roa (raw, json)
Hash identifier:          52s14RZmC4RAzhOXGD5lBt3z6Zhtac+TkSTGYNZjRns=
Subject key identifier:   01:BF:A1:C0:B6:85:69:1E:B1:E8:A8:BF:D0:9E:D2:E4:EB:C0:4C:FF
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC7951E7B89D98409D11953922FBD207F
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/Ab-hwLaFaR6x6Ki_0J7S5OvATP8.roa
Signing time:             Tue 02 Jan 2024 00:31:27 +0000
ROA not before:           Tue 02 Jan 2024 00:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49392
IP address blocks:        194.165.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:1e:7b:89:d9:84:09:d1:19:53:92:2f:bd:20:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01bfa1c0b685691eb1e8a8bfd09ed2e4ebc04cff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:24:af:9a:5c:ab:97:72:e1:de:81:12:ce:9c:
                    48:0b:3e:75:4b:3b:50:14:f3:fe:05:bb:44:bf:55:
                    dd:5f:f2:b0:3c:8e:a5:66:1d:20:d3:16:23:4d:61:
                    dd:26:79:b6:e9:c3:70:22:12:77:2b:fb:e1:71:50:
                    d1:65:d8:af:4c:d5:56:5b:c3:11:65:d2:79:61:25:
                    bd:ab:1f:a5:3a:c2:c3:36:76:52:ed:70:47:ef:66:
                    48:72:e4:80:5d:44:ed:2b:cc:11:f2:8d:df:7b:ef:
                    dd:a8:74:29:61:aa:f1:f6:e7:9d:43:93:15:b2:ea:
                    36:c6:30:f9:00:f6:d7:2c:31:52:d2:1e:c9:2f:1d:
                    1d:de:02:9f:68:9a:94:7a:9c:91:16:35:98:83:35:
                    7d:2f:27:8a:f6:db:d9:36:6a:6f:22:f4:eb:3f:a8:
                    a5:9c:b5:54:a7:5b:1e:68:38:53:e3:53:9f:2b:25:
                    1d:56:f4:16:11:f2:5c:bd:52:85:fd:fc:90:eb:69:
                    24:2a:65:ca:d1:6c:fb:1e:03:2c:5d:70:4b:4a:2a:
                    cf:fe:33:9a:74:52:14:41:ee:92:ca:f2:3e:ac:70:
                    8d:84:49:2f:50:e7:ac:7e:c0:e6:2b:99:b4:cd:db:
                    1c:45:54:74:85:e5:f7:f4:0e:12:88:f8:c7:33:2d:
                    6e:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:BF:A1:C0:B6:85:69:1E:B1:E8:A8:BF:D0:9E:D2:E4:EB:C0:4C:FF
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/Ab-hwLaFaR6x6Ki_0J7S5OvATP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.165.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:7f:07:a9:eb:be:74:1f:17:b4:ec:f5:4c:1b:f7:9a:c7:1c:
         cb:af:6a:d8:3d:08:92:43:09:e5:70:80:bd:fc:8e:ba:c0:50:
         b5:dd:fd:b4:02:45:60:ad:2c:bd:b7:7b:8a:43:3e:c8:e9:a8:
         d7:9e:cf:d3:52:08:d7:55:c1:5c:fa:cf:73:73:6d:01:f5:a3:
         e4:d1:a0:db:83:61:98:8f:47:e3:6f:fc:50:49:1d:ba:79:69:
         a7:16:34:ea:7f:b4:95:95:2e:f2:02:2e:6a:23:df:ed:d0:58:
         fa:f2:7b:d4:76:4b:97:c0:e4:2a:da:50:46:77:fd:d2:35:34:
         a8:25:98:71:c9:ef:2b:59:fa:ee:87:cb:9e:03:de:fb:25:1f:
         b6:f2:82:81:1d:d1:b7:a4:9c:82:ce:e9:e3:dd:3e:2b:f7:55:
         8c:b1:92:cb:f0:d4:f9:f0:07:c7:b4:2f:3d:c8:4f:06:52:11:
         ed:80:16:39:58:82:e9:46:c3:f6:83:da:cf:d3:be:79:f4:72:
         4c:a2:9d:14:7c:cd:62:65:f7:8f:a6:e9:35:e7:e6:6e:eb:df:
         4b:ce:69:f9:97:71:51:95:bb:05:da:12:8b:ad:ed:17:4e:5e:
         52:ca:96:24:35:4b:d7:3b:1d:6f:a8:b7:b3:00:74:7f:d7:90:
         3f:48:f7:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlR57idmECdEZU5IvvSB/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWJmYTFjMGI2ODU2OTFlYjFlOGE4YmZkMDllZDJlNGViYzA0Y2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjySvmlyrl3Lh3oESzpxICz51SztQ
FPP+BbtEv1XdX/KwPI6lZh0g0xYjTWHdJnm26cNwIhJ3K/vhcVDRZdivTNVWW8MR
ZdJ5YSW9qx+lOsLDNnZS7XBH72ZIcuSAXUTtK8wR8o3fe+/dqHQpYarx9uedQ5MV
suo2xjD5APbXLDFS0h7JLx0d3gKfaJqUepyRFjWYgzV9LyeK9tvZNmpvIvTrP6il
nLVUp1seaDhT41OfKyUdVvQWEfJcvVKF/fyQ62kkKmXK0Wz7HgMsXXBLSirP/jOa
dFIUQe6SyvI+rHCNhEkvUOesfsDmK5m0zdscRVR0heX39A4SiPjHMy1uQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAG/ocC2hWkeseiov9Ce0uTrwEz/MB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvQWItaHdMYUZhUjZ4NktpXzBKN1M1T3ZBVFA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqUDMA0G
CSqGSIb3DQEBCwUAA4IBAQC2fwep6750Hxe07PVMG/eaxxzLr2rYPQiSQwnlcIC9
/I66wFC13f20AkVgrSy9t3uKQz7I6ajXns/TUgjXVcFc+s9zc20B9aPk0aDbg2GY
j0fjb/xQSR26eWmnFjTqf7SVlS7yAi5qI9/t0Fj68nvUdkuXwOQq2lBGd/3SNTSo
JZhxye8rWfruh8ueA977JR+28oKBHdG3pJyCzunj3T4r91WMsZLL8NT58AfHtC89
yE8GUhHtgBY5WILpRsP2g9rP07559HJMop0UfM1iZfePpuk15+Zu699Lzmn5l3FR
lbsF2hKLre0XTl5SypYkNUvXOx1vqLezAHR/15A/SPdS
-----END CERTIFICATE-----