Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/448453-3285-4fb7-ac8a-69b52244d90a/1/1-orETLw273-PTPRrVmjZn8bIKlY.roa
File:                     1-orETLw273-PTPRrVmjZn8bIKlY.roa (raw, json)
Hash identifier:          2+zlzz6Armq92wXfNn9RVbrpZgIjQ85nHVRFNp6TMk4=
Subject key identifier:   FA:8A:C4:4C:BC:36:EF:7F:8F:4C:F4:6B:56:68:D9:9F:C6:C8:2A:56
Certificate issuer:       /CN=f92c47f54075a373d8e0c11697aec90244376de3
Certificate serial:       018CC26D34EA0C13EE972085EA188C38C906
Authority key identifier: F9:2C:47:F5:40:75:A3:73:D8:E0:C1:16:97:AE:C9:02:44:37:6D:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-SxH9UB1o3PY4MEWl67JAkQ3beM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/448453-3285-4fb7-ac8a-69b52244d90a/1/1-orETLw273-PTPRrVmjZn8bIKlY.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42295
IP address blocks:        195.191.34.0/23 maxlen: 23
                          2001:67c:530::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/448453-3285-4fb7-ac8a-69b52244d90a/1/1-SxH9UB1o3PY4MEWl67JAkQ3beM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/448453-3285-4fb7-ac8a-69b52244d90a/1/1-SxH9UB1o3PY4MEWl67JAkQ3beM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-SxH9UB1o3PY4MEWl67JAkQ3beM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:34:ea:0c:13:ee:97:20:85:ea:18:8c:38:c9:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f92c47f54075a373d8e0c11697aec90244376de3
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa8ac44cbc36ef7f8f4cf46b5668d99fc6c82a56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:36:f1:ff:25:38:10:79:3c:17:8f:5a:f6:b6:
                    66:7b:a4:d8:c6:e6:77:1d:e4:cc:1b:1b:86:17:45:
                    a3:03:6c:82:21:4c:c1:ff:55:03:88:c4:9b:38:f6:
                    97:98:95:76:81:fa:26:73:4f:c3:0a:30:de:ed:72:
                    69:24:b6:0a:0d:eb:63:00:ab:63:1f:dc:93:54:78:
                    30:50:50:6c:03:29:43:55:8d:4d:ab:24:1f:53:8e:
                    34:96:24:0f:71:26:25:d8:d4:bd:23:37:6d:d3:3c:
                    89:95:c6:1a:b9:63:3d:1d:dc:85:aa:ba:5e:a4:de:
                    e7:0c:02:e8:ab:d2:d7:92:d2:fc:8b:99:78:73:87:
                    9d:ac:16:91:96:f7:7a:30:67:d1:88:00:eb:fe:fb:
                    00:75:25:15:70:99:54:c2:94:26:fd:2c:3d:32:a3:
                    bf:f1:86:e9:40:1d:3a:0c:65:a4:50:07:08:17:a7:
                    89:de:6b:66:2b:bd:3c:67:bc:13:30:f5:70:7f:d3:
                    2f:6a:8c:bf:1b:2d:ed:ed:14:37:b7:27:c3:d2:70:
                    f3:53:12:9d:4c:bf:f7:ef:b3:a7:97:9a:70:0e:6b:
                    ef:5e:a8:4c:fe:33:72:00:0e:0b:d5:ad:34:bb:e1:
                    4e:ec:cf:f3:96:df:df:63:92:70:bc:ed:28:83:c4:
                    d0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:8A:C4:4C:BC:36:EF:7F:8F:4C:F4:6B:56:68:D9:9F:C6:C8:2A:56
            X509v3 Authority Key Identifier:
                keyid:F9:2C:47:F5:40:75:A3:73:D8:E0:C1:16:97:AE:C9:02:44:37:6D:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-SxH9UB1o3PY4MEWl67JAkQ3beM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/448453-3285-4fb7-ac8a-69b52244d90a/1/1-orETLw273-PTPRrVmjZn8bIKlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/448453-3285-4fb7-ac8a-69b52244d90a/1/1-SxH9UB1o3PY4MEWl67JAkQ3beM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.34.0/23
                IPv6:
                  2001:67c:530::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:3a:5b:80:7e:b5:08:dd:2f:b9:31:b4:4c:6a:23:b1:ff:e4:
         38:08:01:e5:77:a6:fd:3e:36:cb:21:35:c3:04:df:b5:ef:c5:
         44:5e:1f:49:ff:aa:11:cf:eb:86:e6:d2:f3:e4:e0:e4:4d:1c:
         19:2c:cc:78:bf:af:f5:6b:6f:86:bc:65:f8:28:dc:38:f8:68:
         31:ec:cf:d8:97:f5:ad:bf:d2:42:07:92:14:41:a5:a4:5e:e3:
         af:9e:5c:5d:f0:b7:ac:eb:cb:f9:8f:fa:32:2e:6b:33:f9:ae:
         46:c2:1a:11:3c:e3:28:b0:44:91:5c:ff:43:1d:86:be:e8:a9:
         5a:eb:a0:70:77:ff:b1:90:d0:3e:29:85:54:cd:c1:86:f7:9b:
         77:11:52:51:1a:5f:d0:38:e8:b3:20:24:76:04:6a:e4:a0:47:
         51:67:8e:5e:96:ff:15:1a:72:75:36:8f:f8:ad:56:c0:39:4d:
         09:07:53:a6:6f:ac:79:64:30:49:41:44:0b:92:b2:7b:a0:b5:
         b8:17:e7:c8:f9:2b:51:35:ca:5f:d7:ad:0e:67:f5:95:07:ef:
         91:3a:44:0d:e1:51:f0:64:c8:d4:ad:72:0d:96:18:04:3f:24:
         97:b3:06:f0:c8:9d:ac:81:6a:e0:92:d9:5c:85:7d:70:93:ae:
         27:d5:22:14
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzCbTTqDBPulyCF6hiMOMkGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5MmM0N2Y1NDA3NWEzNzNkOGUwYzExNjk3YWVjOTAyNDQz
NzZkZTMwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYThhYzQ0Y2JjMzZlZjdmOGY0Y2Y0NmI1NjY4ZDk5ZmM2YzgyYTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzbx/yU4EHk8F49a9rZme6TYxuZ3
HeTMGxuGF0WjA2yCIUzB/1UDiMSbOPaXmJV2gfomc0/DCjDe7XJpJLYKDetjAKtj
H9yTVHgwUFBsAylDVY1NqyQfU440liQPcSYl2NS9Izdt0zyJlcYauWM9HdyFqrpe
pN7nDALoq9LXktL8i5l4c4edrBaRlvd6MGfRiADr/vsAdSUVcJlUwpQm/Sw9MqO/
8YbpQB06DGWkUAcIF6eJ3mtmK708Z7wTMPVwf9Mvaoy/Gy3t7RQ3tyfD0nDzUxKd
TL/377Onl5pwDmvvXqhM/jNyAA4L1a00u+FO7M/zlt/fY5JwvO0og8TQzQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFPqKxEy8Nu9/j0z0a1Zo2Z/GyCpWMB8GA1UdIwQY
MBaAFPksR/VAdaNz2ODBFpeuyQJEN23jMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1TeEg5VUIxbzNQWTRNRVdsNjdKQWtRM2JlTS5jZXIw
gY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWMvNDQ4NDUzLTMyODUtNGZiNy1hYzhh
LTY5YjUyMjQ0ZDkwYS8xLzEtb3JFVEx3MjczLVBUUFJyVm1qWm44YklLbFkucm9h
MIGCBgNVHR8EezB5MHegdaBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3Np
dG9yeS9ERUZBVUxUL2VjLzQ0ODQ1My0zMjg1LTRmYjctYWM4YS02OWI1MjI0NGQ5
MGEvMS8xLVN4SDlVQjFvM1BZNE1FV2w2N0pBa1EzYmVNLmNybDAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw78i
MA8EAgACMAkDBwAgAQZ8BTAwDQYJKoZIhvcNAQELBQADggEBAEM6W4B+tQjdL7kx
tExqI7H/5DgIAeV3pv0+NsshNcME37XvxUReH0n/qhHP64bm0vPk4ORNHBkszHi/
r/Vrb4a8Zfgo3Dj4aDHsz9iX9a2/0kIHkhRBpaRe46+eXF3wt6zry/mP+jIuazP5
rkbCGhE84yiwRJFc/0Mdhr7oqVrroHB3/7GQ0D4phVTNwYb3m3cRUlEaX9A46LMg
JHYEauSgR1Fnjl6W/xUacnU2j/itVsA5TQkHU6ZvrHlkMElBRAuSsnugtbgX58j5
K1E1yl/XrQ5n9ZUH75E6RA3hUfBkyNStcg2WGAQ/JJezBvDInayBauCS2VyFfXCT
rifVIhQ=
-----END CERTIFICATE-----