Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/12274e-316b-4f3c-8e6c-dcfeb3f10c86/1/SXnLGFVuYmFTb4J5wZRMf8OD7y8.roa
File:                     SXnLGFVuYmFTb4J5wZRMf8OD7y8.roa (raw, json)
Hash identifier:          q2I1JegyR3p5/3Ju5fsO7sfwT0SnjQOWthHFWFSnlQc=
Subject key identifier:   49:79:CB:18:55:6E:62:61:53:6F:82:79:C1:94:4C:7F:C3:83:EF:2F
Certificate issuer:       /CN=292edce09f112ab2d3ffaf4cb2a38eaf1c1af92e
Certificate serial:       018CC5007C5211D3708DCEC6C522D0532F24
Authority key identifier: 29:2E:DC:E0:9F:11:2A:B2:D3:FF:AF:4C:B2:A3:8E:AF:1C:1A:F9:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KS7c4J8RKrLT_69MsqOOrxwa-S4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/12274e-316b-4f3c-8e6c-dcfeb3f10c86/1/SXnLGFVuYmFTb4J5wZRMf8OD7y8.roa
Signing time:             Mon 01 Jan 2024 12:29:52 +0000
ROA not before:           Mon 01 Jan 2024 12:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        195.60.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/12274e-316b-4f3c-8e6c-dcfeb3f10c86/1/KS7c4J8RKrLT_69MsqOOrxwa-S4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/12274e-316b-4f3c-8e6c-dcfeb3f10c86/1/KS7c4J8RKrLT_69MsqOOrxwa-S4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KS7c4J8RKrLT_69MsqOOrxwa-S4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:7c:52:11:d3:70:8d:ce:c6:c5:22:d0:53:2f:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=292edce09f112ab2d3ffaf4cb2a38eaf1c1af92e
        Validity
            Not Before: Jan  1 12:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4979cb18556e6261536f8279c1944c7fc383ef2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:e5:d0:6a:5e:c1:09:d4:95:be:60:c2:29:e7:
                    82:b9:ab:1d:7b:6c:c9:ea:11:bf:17:7a:79:93:e0:
                    19:79:1e:3b:43:9f:dc:09:15:8d:e4:35:1e:94:c4:
                    ce:c5:e1:63:c7:09:e8:d8:27:3b:8b:c7:74:4d:3f:
                    16:31:c1:a3:32:01:60:fc:54:82:9d:2a:4a:8d:6c:
                    3a:63:bd:19:a9:f9:07:57:65:d6:fa:1f:97:00:aa:
                    ed:a9:f6:6a:08:85:24:56:51:03:67:b8:76:02:26:
                    bc:13:b9:8e:70:73:61:05:81:03:77:fd:be:31:af:
                    3f:a1:f5:c1:70:a8:a4:aa:12:e9:00:03:9d:5c:29:
                    f6:ba:87:b4:8b:75:a0:34:98:52:e4:51:8d:94:56:
                    97:d5:41:3d:12:b1:81:14:b7:90:cf:e1:16:73:3a:
                    ef:01:fe:3a:98:9e:e7:c7:22:8f:0f:f3:c8:6d:b3:
                    ea:e0:83:d8:39:18:e8:8c:bf:80:df:33:09:30:41:
                    a4:fd:0b:d1:14:9a:fe:3f:25:fc:aa:35:b9:14:90:
                    c4:77:af:a2:45:ce:68:d8:a9:f7:7c:ea:47:c7:fc:
                    2d:f4:75:d6:91:cf:d9:65:3a:2b:5c:97:42:85:4e:
                    d9:c7:71:c1:9e:e9:4e:e3:4f:f7:1c:98:dc:02:a8:
                    97:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:79:CB:18:55:6E:62:61:53:6F:82:79:C1:94:4C:7F:C3:83:EF:2F
            X509v3 Authority Key Identifier:
                keyid:29:2E:DC:E0:9F:11:2A:B2:D3:FF:AF:4C:B2:A3:8E:AF:1C:1A:F9:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KS7c4J8RKrLT_69MsqOOrxwa-S4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/12274e-316b-4f3c-8e6c-dcfeb3f10c86/1/SXnLGFVuYmFTb4J5wZRMf8OD7y8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/12274e-316b-4f3c-8e6c-dcfeb3f10c86/1/KS7c4J8RKrLT_69MsqOOrxwa-S4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:53:a0:b7:59:31:1c:bf:bc:d5:01:6a:13:ad:40:93:67:cf:
         b1:3c:3a:04:35:a2:7f:d6:b1:c0:b9:08:9f:0f:6d:3c:27:8f:
         5a:c2:1f:af:34:df:46:4d:dc:00:83:b7:48:44:f5:bd:b9:dc:
         f2:e2:82:11:06:08:13:ec:74:36:e4:d3:c6:a2:cb:f0:1a:2b:
         c0:13:e8:6c:2a:d5:20:a5:cd:85:61:82:57:f8:00:4d:4d:41:
         ea:42:e6:69:ab:25:91:3a:40:cb:44:f8:e8:26:49:75:51:59:
         a1:77:0e:18:68:a8:b3:75:ec:9c:6b:99:fe:8c:b8:53:53:9f:
         09:1c:82:c4:33:89:ec:52:f4:84:a5:70:85:41:52:70:6f:4e:
         5f:c5:fe:8f:0a:16:13:f9:cd:91:cb:39:c3:78:77:ed:3a:67:
         10:16:a2:06:59:b7:2f:1e:88:1f:cc:0e:b3:b9:e7:b9:32:26:
         e6:19:5e:d8:c3:20:5b:96:cd:f8:fb:97:58:f0:01:5b:36:82:
         7b:8d:51:46:62:b6:a1:42:de:0f:f3:4e:29:ef:7d:3a:fb:b6:
         47:76:8c:a8:c7:f0:b5:0a:15:50:0b:cf:69:7e:65:21:5b:ac:
         07:93:4b:25:bd:a2:79:05:e0:85:d1:e3:9e:57:db:c8:80:5b:
         aa:c4:5a:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAHxSEdNwjc7GxSLQUy8kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MmVkY2UwOWYxMTJhYjJkM2ZmYWY0Y2IyYTM4ZWFmMWMx
YWY5MmUwHhcNMjQwMTAxMTIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTc5Y2IxODU1NmU2MjYxNTM2ZjgyNzljMTk0NGM3ZmMzODNlZjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAheXQal7BCdSVvmDCKeeCuasde2zJ
6hG/F3p5k+AZeR47Q5/cCRWN5DUelMTOxeFjxwno2Cc7i8d0TT8WMcGjMgFg/FSC
nSpKjWw6Y70ZqfkHV2XW+h+XAKrtqfZqCIUkVlEDZ7h2Aia8E7mOcHNhBYEDd/2+
Ma8/ofXBcKikqhLpAAOdXCn2uoe0i3WgNJhS5FGNlFaX1UE9ErGBFLeQz+EWczrv
Af46mJ7nxyKPD/PIbbPq4IPYORjojL+A3zMJMEGk/QvRFJr+PyX8qjW5FJDEd6+i
Rc5o2Kn3fOpHx/wt9HXWkc/ZZTorXJdChU7Zx3HBnulO40/3HJjcAqiX5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEl5yxhVbmJhU2+CecGUTH/Dg+8vMB8GA1UdIwQY
MBaAFCku3OCfESqy0/+vTLKjjq8cGvkuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1M3YzRKOFJLckxUXzY5TXNxT09yeHdhLVM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8xMjI3NGUtMzE2Yi00ZjNjLThlNmMt
ZGNmZWIzZjEwYzg2LzEvU1huTEdGVnVZbUZUYjRKNXdaUk1mOE9EN3k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8xMjI3NGUtMzE2Yi00ZjNjLThlNmMtZGNmZWIzZjEwYzg2
LzEvS1M3YzRKOFJLckxUXzY5TXNxT09yeHdhLVM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzxWMA0G
CSqGSIb3DQEBCwUAA4IBAQCTU6C3WTEcv7zVAWoTrUCTZ8+xPDoENaJ/1rHAuQif
D208J49awh+vNN9GTdwAg7dIRPW9udzy4oIRBggT7HQ25NPGosvwGivAE+hsKtUg
pc2FYYJX+ABNTUHqQuZpqyWROkDLRPjoJkl1UVmhdw4YaKizdeyca5n+jLhTU58J
HILEM4nsUvSEpXCFQVJwb05fxf6PChYT+c2RyznDeHftOmcQFqIGWbcvHogfzA6z
uee5MibmGV7YwyBbls34+5dY8AFbNoJ7jVFGYrahQt4P804p7306+7ZHdoyox/C1
ChVQC89pfmUhW6wHk0slvaJ5BeCF0eOeV9vIgFuqxFru
-----END CERTIFICATE-----