Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/nInFVFRhH5sAuHK_PhqQlWuo1rw.roa
File:                     nInFVFRhH5sAuHK_PhqQlWuo1rw.roa (raw, json)
Hash identifier:          VZAQVheT98LYfgsrw/ucX9uUkuj6XpQyeIgrxMvEccA=
Subject key identifier:   9C:89:C5:54:54:61:1F:9B:00:B8:72:BF:3E:1A:90:95:6B:A8:D6:BC
Certificate issuer:       /CN=6a798f0fe4f4dffdfed2c8e62d235430f49377cd
Certificate serial:       018CC56E30F73BB616F00DFC200AE93388F9
Authority key identifier: 6A:79:8F:0F:E4:F4:DF:FD:FE:D2:C8:E6:2D:23:54:30:F4:93:77:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/anmPD-T03_3-0sjmLSNUMPSTd80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/nInFVFRhH5sAuHK_PhqQlWuo1rw.roa
Signing time:             Mon 01 Jan 2024 14:29:42 +0000
ROA not before:           Mon 01 Jan 2024 14:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63018
IP address blocks:        195.137.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/anmPD-T03_3-0sjmLSNUMPSTd80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/anmPD-T03_3-0sjmLSNUMPSTd80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/anmPD-T03_3-0sjmLSNUMPSTd80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 05:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:30:f7:3b:b6:16:f0:0d:fc:20:0a:e9:33:88:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a798f0fe4f4dffdfed2c8e62d235430f49377cd
        Validity
            Not Before: Jan  1 14:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c89c55454611f9b00b872bf3e1a90956ba8d6bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:b5:4b:a7:84:62:b3:d1:1f:23:73:20:cb:67:
                    19:e4:4d:9c:a7:da:ad:1d:94:e9:9a:8a:3b:e1:b8:
                    41:98:46:79:70:73:e3:5d:72:45:d2:3c:ca:fa:fd:
                    89:8e:23:93:af:e0:56:c7:6c:1d:ce:18:74:3b:61:
                    d3:4a:7a:33:b8:85:82:bb:c3:50:f2:bd:2c:cc:5f:
                    f5:3d:11:6f:d0:e8:75:5e:c6:63:05:80:b2:5f:3e:
                    1e:cc:3a:01:f9:2e:9f:fc:8d:4e:ed:5b:5f:d2:72:
                    2a:36:8d:69:a2:d0:01:d7:f1:c1:1c:67:d3:00:be:
                    01:f9:21:dc:05:3f:50:f8:24:c6:87:61:ff:9e:33:
                    1f:16:5e:9f:2f:2d:c7:33:93:02:4e:dd:38:2f:11:
                    a1:93:c7:cc:8b:fd:99:3d:2b:d0:30:ea:88:c4:0c:
                    84:de:94:5a:22:0a:ec:07:75:ba:e4:62:d3:f8:41:
                    69:33:e3:19:7b:44:9b:f3:2c:c4:34:22:a3:6a:e4:
                    21:f6:7d:a5:56:87:bb:a6:66:3e:20:5c:91:1f:02:
                    73:c4:21:d4:53:d1:a2:30:e5:bd:a7:99:07:af:17:
                    9a:81:63:3f:9d:39:fa:dd:42:c5:f3:2c:4e:49:b8:
                    c0:ab:32:52:10:b0:01:57:88:ee:b3:50:76:80:cb:
                    22:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:89:C5:54:54:61:1F:9B:00:B8:72:BF:3E:1A:90:95:6B:A8:D6:BC
            X509v3 Authority Key Identifier:
                keyid:6A:79:8F:0F:E4:F4:DF:FD:FE:D2:C8:E6:2D:23:54:30:F4:93:77:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/anmPD-T03_3-0sjmLSNUMPSTd80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/nInFVFRhH5sAuHK_PhqQlWuo1rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/anmPD-T03_3-0sjmLSNUMPSTd80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.137.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:58:5b:40:2d:78:29:19:39:d7:49:85:30:fd:00:24:f3:5b:
         a1:d3:5b:71:8b:e3:da:66:74:8f:e5:63:2e:e4:05:f0:fa:14:
         88:e7:60:49:2c:91:15:d4:1f:ad:84:1f:42:38:59:b5:02:7e:
         2b:d6:3e:4b:b8:b9:c7:ab:b0:5c:e0:f9:1d:7c:67:79:ac:31:
         14:2f:b9:4f:82:a7:ef:67:ce:62:0e:d1:cc:17:de:97:f7:32:
         cd:f8:b3:ba:2f:94:cb:df:b7:fc:fc:74:23:7d:f8:7f:44:b6:
         9c:33:15:c9:4c:28:3b:59:60:b4:82:b5:1c:f2:83:14:00:0a:
         e3:33:70:67:00:fc:79:c7:93:a9:ac:ac:bc:ee:60:56:d7:8b:
         96:50:01:62:c6:23:6d:33:b4:cd:b9:60:88:50:6d:58:5f:f8:
         fa:52:28:ed:19:24:17:13:d7:6a:94:77:0e:56:eb:e1:49:42:
         a4:bc:ab:40:02:4d:47:6a:c3:fa:2f:44:fb:4c:a3:23:48:e9:
         8a:14:8a:8d:fd:ea:60:e5:14:29:c8:0d:c6:97:b1:2e:6a:47:
         d9:be:40:cf:98:bf:cd:63:c8:fe:78:2d:c4:6b:e2:37:68:e0:
         51:5a:10:d3:02:ac:c4:e7:1b:98:74:fe:a0:d5:2c:99:00:bc:
         0a:13:fc:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbjD3O7YW8A38IArpM4j5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNzk4ZjBmZTRmNGRmZmRmZWQyYzhlNjJkMjM1NDMwZjQ5
Mzc3Y2QwHhcNMjQwMTAxMTQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yzg5YzU1NDU0NjExZjliMDBiODcyYmYzZTFhOTA5NTZiYThkNmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgLVLp4Ris9EfI3Mgy2cZ5E2cp9qt
HZTpmoo74bhBmEZ5cHPjXXJF0jzK+v2JjiOTr+BWx2wdzhh0O2HTSnozuIWCu8NQ
8r0szF/1PRFv0Oh1XsZjBYCyXz4ezDoB+S6f/I1O7Vtf0nIqNo1potAB1/HBHGfT
AL4B+SHcBT9Q+CTGh2H/njMfFl6fLy3HM5MCTt04LxGhk8fMi/2ZPSvQMOqIxAyE
3pRaIgrsB3W65GLT+EFpM+MZe0Sb8yzENCKjauQh9n2lVoe7pmY+IFyRHwJzxCHU
U9GiMOW9p5kHrxeagWM/nTn63ULF8yxOSbjAqzJSELABV4jus1B2gMsiuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJyJxVRUYR+bALhyvz4akJVrqNa8MB8GA1UdIwQY
MBaAFGp5jw/k9N/9/tLI5i0jVDD0k3fNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYW5tUEQtVDAzXzMtMHNqbUxTTlVNUFNUZDgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC83Yjc4MjUtYTBmNy00ZjViLTljMjMt
NzdjZjgxMDQxMDgzLzEvbkluRlZGUmhINXNBdUhLX1BocVFsV3VvMXJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC83Yjc4MjUtYTBmNy00ZjViLTljMjMtNzdjZjgxMDQxMDgz
LzEvYW5tUEQtVDAzXzMtMHNqbUxTTlVNUFNUZDgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4ncMA0G
CSqGSIb3DQEBCwUAA4IBAQCYWFtALXgpGTnXSYUw/QAk81uh01txi+PaZnSP5WMu
5AXw+hSI52BJLJEV1B+thB9COFm1An4r1j5LuLnHq7Bc4PkdfGd5rDEUL7lPgqfv
Z85iDtHMF96X9zLN+LO6L5TL37f8/HQjffh/RLacMxXJTCg7WWC0grUc8oMUAArj
M3BnAPx5x5OprKy87mBW14uWUAFixiNtM7TNuWCIUG1YX/j6UijtGSQXE9dqlHcO
VuvhSUKkvKtAAk1HasP6L0T7TKMjSOmKFIqN/epg5RQpyA3Gl7EuakfZvkDPmL/N
Y8j+eC3Ea+I3aOBRWhDTAqzE5xuYdP6g1SyZALwKE/zu
-----END CERTIFICATE-----