Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/3d18dc-73c6-4c6f-8c28-5a57234ddb76/1/ikPvgfmRonY95ui2X0FfojcCyL4.roa
File:                     ikPvgfmRonY95ui2X0FfojcCyL4.roa (raw, json)
Hash identifier:          3clSd3ai40eHXSkUroiFEkgBMSZtngrup/uxyBpqHkk=
Subject key identifier:   8A:43:EF:81:F9:91:A2:76:3D:E6:E8:B6:5F:41:5F:A2:37:02:C8:BE
Certificate issuer:       /CN=cd434fd859223ae76e8d78648a937295e8ecd79a
Certificate serial:       018DD5664EF8E4F0D51C3D751B2DF777AF6A
Authority key identifier: CD:43:4F:D8:59:22:3A:E7:6E:8D:78:64:8A:93:72:95:E8:EC:D7:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zUNP2FkiOudujXhkipNylejs15o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/3d18dc-73c6-4c6f-8c28-5a57234ddb76/1/ikPvgfmRonY95ui2X0FfojcCyL4.roa
Signing time:             Fri 23 Feb 2024 09:57:48 +0000
ROA not before:           Fri 23 Feb 2024 09:57:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44299
IP address blocks:        194.48.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/3d18dc-73c6-4c6f-8c28-5a57234ddb76/1/zUNP2FkiOudujXhkipNylejs15o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/3d18dc-73c6-4c6f-8c28-5a57234ddb76/1/zUNP2FkiOudujXhkipNylejs15o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zUNP2FkiOudujXhkipNylejs15o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d5:66:4e:f8:e4:f0:d5:1c:3d:75:1b:2d:f7:77:af:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd434fd859223ae76e8d78648a937295e8ecd79a
        Validity
            Not Before: Feb 23 09:57:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a43ef81f991a2763de6e8b65f415fa23702c8be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:95:da:71:d2:bd:16:e4:93:06:32:87:1b:ae:
                    bc:08:3b:14:3e:b4:4f:95:f1:71:55:3c:85:f7:97:
                    6b:ac:07:3f:89:92:3d:d3:06:a1:a7:74:95:99:c5:
                    fe:37:32:b0:69:b9:80:41:af:95:b0:65:77:96:95:
                    de:c2:b6:87:dd:f4:17:0c:65:e6:7b:63:af:34:c4:
                    30:cc:e1:ba:47:3c:ca:ba:b1:73:f5:0c:94:99:80:
                    f1:83:3f:07:ee:d2:2a:e3:32:84:16:8e:73:06:e2:
                    67:27:16:a5:ca:40:5e:e2:99:1b:3e:c7:5c:09:7c:
                    02:9a:0d:7c:28:c1:37:4a:fb:26:11:13:f4:d0:be:
                    a1:d1:31:5d:be:62:61:5b:ac:7f:e5:15:5d:41:a6:
                    cb:39:8c:47:96:4e:f3:c1:5f:fc:52:68:e0:34:19:
                    94:55:68:a7:6b:03:6c:f9:2c:23:44:5b:78:4f:70:
                    30:a9:4a:4d:1a:1f:dd:b8:f8:f4:2f:e7:3e:53:43:
                    ee:1d:ef:cb:fd:b7:f1:84:d3:88:e4:e8:d9:b8:fb:
                    8d:ac:63:3e:b9:9d:e5:f4:c6:ed:66:b9:e1:07:d2:
                    58:15:87:77:b8:ff:7b:ae:ab:b8:82:93:4f:ab:39:
                    62:ff:6f:55:7d:60:c8:39:06:0c:8c:6b:9e:74:b7:
                    65:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:43:EF:81:F9:91:A2:76:3D:E6:E8:B6:5F:41:5F:A2:37:02:C8:BE
            X509v3 Authority Key Identifier:
                keyid:CD:43:4F:D8:59:22:3A:E7:6E:8D:78:64:8A:93:72:95:E8:EC:D7:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zUNP2FkiOudujXhkipNylejs15o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/3d18dc-73c6-4c6f-8c28-5a57234ddb76/1/ikPvgfmRonY95ui2X0FfojcCyL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/3d18dc-73c6-4c6f-8c28-5a57234ddb76/1/zUNP2FkiOudujXhkipNylejs15o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.48.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:91:2a:09:34:5c:84:97:c0:82:bd:22:72:2b:8a:81:93:91:
         26:4d:4d:93:cb:05:be:cd:3c:a9:41:84:52:24:be:dd:84:07:
         59:99:aa:be:6e:3d:af:0b:19:5d:b8:57:b4:95:62:62:ec:f8:
         4b:8c:2a:2d:46:3c:ce:bc:95:68:fd:e3:bf:39:a0:82:d6:a1:
         3c:77:7e:ad:55:8e:10:63:ef:fa:33:ca:a3:7e:25:0b:25:d9:
         b7:f5:0c:ed:67:e4:f0:70:26:5e:73:50:3c:9c:6f:1c:5f:4d:
         a7:60:d8:22:1c:0c:3f:2d:01:53:27:5e:b7:64:84:69:9e:3c:
         62:9f:aa:ef:da:74:a5:2b:55:f3:d5:27:81:38:96:4c:17:d4:
         59:50:87:b3:dd:f7:e8:3b:6e:1c:53:d4:0a:7c:70:c5:04:f3:
         eb:09:c5:56:54:20:71:63:9c:b9:6d:b3:a8:11:06:bf:dc:80:
         e9:75:f5:19:ef:55:67:02:39:49:31:88:8a:59:e1:45:0e:d2:
         33:9d:5d:6f:fa:77:04:e5:14:2b:ec:45:ee:d2:d3:ce:67:72:
         b9:ec:58:6a:50:05:34:aa:57:22:89:3a:82:3e:11:6f:ec:b2:
         ff:76:fc:ae:7c:e9:39:36:15:77:17:de:16:e6:2d:41:e2:e7:
         91:65:fe:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3VZk745PDVHD11Gy33d69qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNDM0ZmQ4NTkyMjNhZTc2ZThkNzg2NDhhOTM3Mjk1ZThl
Y2Q3OWEwHhcNMjQwMjIzMDk1NzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTQzZWY4MWY5OTFhMjc2M2RlNmU4YjY1ZjQxNWZhMjM3MDJjOGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJXacdK9FuSTBjKHG668CDsUPrRP
lfFxVTyF95drrAc/iZI90wahp3SVmcX+NzKwabmAQa+VsGV3lpXewraH3fQXDGXm
e2OvNMQwzOG6RzzKurFz9QyUmYDxgz8H7tIq4zKEFo5zBuJnJxalykBe4pkbPsdc
CXwCmg18KME3SvsmERP00L6h0TFdvmJhW6x/5RVdQabLOYxHlk7zwV/8UmjgNBmU
VWinawNs+SwjRFt4T3AwqUpNGh/duPj0L+c+U0PuHe/L/bfxhNOI5OjZuPuNrGM+
uZ3l9MbtZrnhB9JYFYd3uP97rqu4gpNPqzli/29VfWDIOQYMjGuedLdluwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIpD74H5kaJ2Pebotl9BX6I3Asi+MB8GA1UdIwQY
MBaAFM1DT9hZIjrnbo14ZIqTcpXo7NeaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelVOUDJGa2lPdWR1alhoa2lwTnlsZWpzMTVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8zZDE4ZGMtNzNjNi00YzZmLThjMjgt
NWE1NzIzNGRkYjc2LzEvaWtQdmdmbVJvblk5NXVpMlgwRmZvamNDeUw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8zZDE4ZGMtNzNjNi00YzZmLThjMjgtNWE1NzIzNGRkYjc2
LzEvelVOUDJGa2lPdWR1alhoa2lwTnlsZWpzMTVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjCZMA0G
CSqGSIb3DQEBCwUAA4IBAQB/kSoJNFyEl8CCvSJyK4qBk5EmTU2TywW+zTypQYRS
JL7dhAdZmaq+bj2vCxlduFe0lWJi7PhLjCotRjzOvJVo/eO/OaCC1qE8d36tVY4Q
Y+/6M8qjfiULJdm39QztZ+TwcCZec1A8nG8cX02nYNgiHAw/LQFTJ163ZIRpnjxi
n6rv2nSlK1Xz1SeBOJZMF9RZUIez3ffoO24cU9QKfHDFBPPrCcVWVCBxY5y5bbOo
EQa/3IDpdfUZ71VnAjlJMYiKWeFFDtIznV1v+ncE5RQr7EXu0tPOZ3K57FhqUAU0
qlciiTqCPhFv7LL/dvyufOk5NhV3F94W5i1B4ueRZf5f
-----END CERTIFICATE-----