Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/vdPwP43Y89xpeR_A_VW0iZVIdMk.roa
File:                     vdPwP43Y89xpeR_A_VW0iZVIdMk.roa (raw, json)
Hash identifier:          GbcIqWrKTwCXctoj7oFpAL1k+DIj5GD9NzsUKZD9+tQ=
Subject key identifier:   BD:D3:F0:3F:8D:D8:F3:DC:69:79:1F:C0:FD:55:B4:89:95:48:74:C9
Certificate issuer:       /CN=7e1167886da81524431bbf2efb0572914b686ebc
Certificate serial:       01917F7A3B49F9344CF3C67D809F645D0748
Authority key identifier: 7E:11:67:88:6D:A8:15:24:43:1B:BF:2E:FB:05:72:91:4B:68:6E:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fhFniG2oFSRDG78u-wVykUtobrw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/vdPwP43Y89xpeR_A_VW0iZVIdMk.roa
Signing time:             Fri 23 Aug 2024 13:43:22 +0000
ROA not before:           Fri 23 Aug 2024 13:43:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203
IP address blocks:        195.160.148.0/24 maxlen: 24
                          195.160.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/fhFniG2oFSRDG78u-wVykUtobrw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/fhFniG2oFSRDG78u-wVykUtobrw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fhFniG2oFSRDG78u-wVykUtobrw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7f:7a:3b:49:f9:34:4c:f3:c6:7d:80:9f:64:5d:07:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e1167886da81524431bbf2efb0572914b686ebc
        Validity
            Not Before: Aug 23 13:43:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdd3f03f8dd8f3dc69791fc0fd55b489954874c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:63:7f:19:05:e0:57:36:8e:11:f7:84:df:da:
                    57:5e:ba:cd:ef:13:a4:49:f3:9b:c6:10:5d:88:34:
                    0f:ed:45:71:27:13:a4:2a:52:87:cb:35:9c:f6:c7:
                    6f:10:6e:22:6a:a1:dd:46:e8:89:f5:38:02:e4:db:
                    1c:bd:e3:56:d1:df:59:2c:37:8e:ed:0e:9c:5a:e0:
                    df:6f:59:2a:2d:63:e7:04:9a:07:fb:51:2e:61:7d:
                    b7:ed:2b:6e:41:65:b6:91:d3:06:4b:91:47:c0:aa:
                    36:24:d2:6f:8a:f8:05:21:64:4a:d8:25:4e:2a:23:
                    56:3a:f6:49:b7:cb:ca:80:af:33:bc:15:30:f7:9e:
                    57:34:03:ee:7f:5a:2a:91:8a:04:0c:78:6d:d3:91:
                    d2:e6:b1:09:32:c3:c7:7f:d0:dd:05:dc:83:50:fd:
                    fb:b5:9a:e4:12:c0:0a:9a:a4:01:db:a5:fc:de:08:
                    00:44:33:f9:9a:c4:a7:de:57:ce:5b:f6:69:34:dd:
                    6f:ca:c1:fa:b8:2e:ca:20:44:0e:a1:65:23:3b:a1:
                    70:06:71:a1:9f:35:63:a9:5c:ff:7e:6b:74:cb:f4:
                    ab:21:72:1c:d6:1d:e2:3e:d2:0e:ac:9b:fc:56:a6:
                    66:cd:1e:76:a0:ad:a9:89:1c:fe:b4:5f:ca:37:71:
                    ff:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:D3:F0:3F:8D:D8:F3:DC:69:79:1F:C0:FD:55:B4:89:95:48:74:C9
            X509v3 Authority Key Identifier:
                keyid:7E:11:67:88:6D:A8:15:24:43:1B:BF:2E:FB:05:72:91:4B:68:6E:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fhFniG2oFSRDG78u-wVykUtobrw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/vdPwP43Y89xpeR_A_VW0iZVIdMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/fhFniG2oFSRDG78u-wVykUtobrw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.160.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:ae:d6:67:12:b7:74:e7:4e:78:6e:09:5a:db:ad:de:c3:89:
         8f:3c:b9:bb:ef:d8:23:c7:29:22:b4:07:82:5d:80:e8:d8:70:
         79:19:d8:6c:f7:99:53:f6:f2:d4:23:9b:f6:34:ff:13:a8:84:
         27:9d:70:bc:05:b0:51:a7:e5:4a:c9:f3:b5:b8:71:d7:3a:06:
         01:79:21:f5:ab:e0:98:01:75:ba:6b:ab:96:e2:31:58:fa:bd:
         b9:dc:b3:6e:7f:65:01:cd:00:93:e5:30:c9:fc:d6:ca:04:50:
         c9:a4:08:21:03:cd:33:1b:ef:42:d1:62:4c:cb:b2:4a:a8:41:
         39:7c:f9:60:98:82:4d:08:16:59:7e:6a:c6:3b:c5:74:b9:45:
         81:0a:0f:3d:87:82:f2:7c:d4:6d:8e:37:22:45:a9:84:7c:02:
         f3:78:ac:fa:08:80:1a:80:47:a6:53:d5:c7:72:88:20:a8:4a:
         a3:a7:5d:aa:5d:0b:be:64:60:a0:51:4d:5c:6d:39:d1:dd:9c:
         70:44:84:e0:9a:58:c8:fb:55:ce:26:6a:b7:78:02:4a:37:a1:
         ce:e2:62:31:78:fe:06:ec:6b:34:64:2f:7b:65:e6:af:c8:29:
         25:a9:22:35:3f:21:e4:5b:5c:42:8c:71:70:b1:2f:c4:66:dd:
         17:46:70:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF/ejtJ+TRM88Z9gJ9kXQdIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMTE2Nzg4NmRhODE1MjQ0MzFiYmYyZWZiMDU3MjkxNGI2
ODZlYmMwHhcNMjQwODIzMTM0MzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGQzZjAzZjhkZDhmM2RjNjk3OTFmYzBmZDU1YjQ4OTk1NDg3NGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGN/GQXgVzaOEfeE39pXXrrN7xOk
SfObxhBdiDQP7UVxJxOkKlKHyzWc9sdvEG4iaqHdRuiJ9TgC5NscveNW0d9ZLDeO
7Q6cWuDfb1kqLWPnBJoH+1EuYX237StuQWW2kdMGS5FHwKo2JNJvivgFIWRK2CVO
KiNWOvZJt8vKgK8zvBUw955XNAPuf1oqkYoEDHht05HS5rEJMsPHf9DdBdyDUP37
tZrkEsAKmqQB26X83ggARDP5msSn3lfOW/ZpNN1vysH6uC7KIEQOoWUjO6FwBnGh
nzVjqVz/fmt0y/SrIXIc1h3iPtIOrJv8VqZmzR52oK2piRz+tF/KN3H/6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL3T8D+N2PPcaXkfwP1VtImVSHTJMB8GA1UdIwQY
MBaAFH4RZ4htqBUkQxu/LvsFcpFLaG68MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmhGbmlHMm9GU1JERzc4dS13VnlrVXRvYnJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9mOTJjZDctNjQ2Yy00NDFiLWFlNDYt
OWIyODJjNjQzMjU2LzEvdmRQd1A0M1k4OXhwZVJfQV9WVzBpWlZJZE1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9mOTJjZDctNjQ2Yy00NDFiLWFlNDYtOWIyODJjNjQzMjU2
LzEvZmhGbmlHMm9GU1JERzc4dS13VnlrVXRvYnJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw6CUMA0G
CSqGSIb3DQEBCwUAA4IBAQABrtZnErd05054bgla263ew4mPPLm779gjxykitAeC
XYDo2HB5Gdhs95lT9vLUI5v2NP8TqIQnnXC8BbBRp+VKyfO1uHHXOgYBeSH1q+CY
AXW6a6uW4jFY+r253LNuf2UBzQCT5TDJ/NbKBFDJpAghA80zG+9C0WJMy7JKqEE5
fPlgmIJNCBZZfmrGO8V0uUWBCg89h4LyfNRtjjciRamEfALzeKz6CIAagEemU9XH
coggqEqjp12qXQu+ZGCgUU1cbTnR3ZxwRITgmljI+1XOJmq3eAJKN6HO4mIxeP4G
7Gs0ZC97ZeavyCklqSI1PyHkW1xCjHFwsS/EZt0XRnDG
-----END CERTIFICATE-----