Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/M1mfcX2zm4szZWiHxXdn5ovyCxI.roa
File:                     M1mfcX2zm4szZWiHxXdn5ovyCxI.roa (raw, json)
Hash identifier:          XdB2M4tA3sK2ZjnC6QcVyMDwSg82nB5a3yMMrcy65G8=
Subject key identifier:   33:59:9F:71:7D:B3:9B:8B:33:65:68:87:C5:77:67:E6:8B:F2:0B:12
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018F1AC01680C97C4578454C49A5EEECD389
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/M1mfcX2zm4szZWiHxXdn5ovyCxI.roa
Signing time:             Fri 26 Apr 2024 14:12:27 +0000
ROA not before:           Fri 26 Apr 2024 14:12:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204496
IP address blocks:        178.34.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1a:c0:16:80:c9:7c:45:78:45:4c:49:a5:ee:ec:d3:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Apr 26 14:12:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33599f717db39b8b33656887c57767e68bf20b12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:e7:34:3a:4f:32:ac:5e:1c:fd:27:d5:ea:ca:
                    25:54:da:a1:9a:01:1a:77:6d:90:77:94:d3:8e:5c:
                    c5:ab:6b:6b:c3:cf:b4:6c:32:b8:e5:9a:55:95:33:
                    7e:25:83:74:4f:90:c7:e5:40:56:a3:30:0b:84:c4:
                    68:0d:90:0b:57:ca:b8:f8:1b:dd:cf:e3:93:02:80:
                    04:76:a3:21:59:92:3a:99:dd:f5:de:f4:fc:49:91:
                    41:eb:95:9d:97:46:7e:99:ef:78:3c:45:8a:d5:a3:
                    90:6a:6e:3d:22:a2:87:2b:22:29:aa:3e:17:50:53:
                    60:a1:b0:18:46:03:9b:f7:6e:62:dd:ae:bb:0a:7c:
                    26:d7:34:77:1a:9f:3d:ba:38:33:ae:95:c6:6c:dc:
                    23:cd:18:2d:bf:2a:c5:aa:75:32:b7:6c:f1:bd:7d:
                    76:27:3c:e0:c0:c6:cb:58:33:30:dc:5a:e8:4b:ac:
                    e7:ff:56:52:54:19:e0:99:89:ff:ed:be:28:57:57:
                    c3:bb:55:8e:10:e4:bb:03:38:4e:0b:83:41:3c:e2:
                    15:fb:e4:89:98:d0:15:60:98:bb:62:9a:c2:2a:85:
                    c5:32:55:38:11:f7:b0:b1:68:c2:33:51:1d:fb:a4:
                    be:a5:14:ed:be:e4:1c:f3:5d:d3:45:7b:0d:e9:63:
                    90:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:59:9F:71:7D:B3:9B:8B:33:65:68:87:C5:77:67:E6:8B:F2:0B:12
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/M1mfcX2zm4szZWiHxXdn5ovyCxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.34.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:6b:b5:5e:ac:29:8a:1a:4f:3b:80:81:9f:4b:29:e4:8f:4e:
         5d:77:d1:55:c7:19:b9:c1:79:14:b3:aa:0f:0b:66:7a:42:32:
         75:13:a1:db:3f:19:9c:5a:f0:56:2c:a7:1a:aa:eb:56:af:17:
         65:f9:51:7a:68:1a:52:bf:bb:61:23:90:da:2e:0f:16:03:c6:
         95:da:c9:23:f0:a3:a3:00:79:2c:a3:16:55:a4:b0:ae:9b:95:
         7f:00:81:ac:0d:b0:c7:2c:8c:1d:2c:49:25:64:dc:00:bd:3b:
         23:42:28:94:47:78:18:67:fa:16:d4:4f:db:ef:7f:ec:b8:ec:
         a1:4a:70:52:80:1b:0d:0f:4a:84:d6:7c:c8:50:2c:5e:13:0e:
         de:65:d1:4c:7f:1e:66:be:80:03:e7:6d:eb:e7:a3:74:9b:13:
         db:72:53:c1:69:d2:7d:be:f4:df:e6:b9:10:23:15:23:b4:5c:
         85:4e:d7:7a:d5:b5:de:1f:71:8f:db:fe:8c:fa:7a:2f:ce:7e:
         11:3c:74:8b:c0:0c:e2:eb:51:c3:72:19:30:e0:a8:35:b0:ba:
         4a:88:97:f5:d3:77:60:28:86:99:5d:d5:55:b1:3d:51:57:61:
         3a:f0:1a:fb:10:d0:db:ef:0f:45:af:65:aa:42:15:71:7d:14:
         90:e5:3b:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8awBaAyXxFeEVMSaXu7NOJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwNDI2MTQxMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzU5OWY3MTdkYjM5YjhiMzM2NTY4ODdjNTc3NjdlNjhiZjIwYjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+c0Ok8yrF4c/SfV6solVNqhmgEa
d22Qd5TTjlzFq2trw8+0bDK45ZpVlTN+JYN0T5DH5UBWozALhMRoDZALV8q4+Bvd
z+OTAoAEdqMhWZI6md313vT8SZFB65Wdl0Z+me94PEWK1aOQam49IqKHKyIpqj4X
UFNgobAYRgOb925i3a67Cnwm1zR3Gp89ujgzrpXGbNwjzRgtvyrFqnUyt2zxvX12
JzzgwMbLWDMw3FroS6zn/1ZSVBngmYn/7b4oV1fDu1WOEOS7AzhOC4NBPOIV++SJ
mNAVYJi7YprCKoXFMlU4EfewsWjCM1Ed+6S+pRTtvuQc813TRXsN6WOQXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDNZn3F9s5uLM2Voh8V3Z+aL8gsSMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvTTFtZmNYMnptNHN6WldpSHhYZG41b3Z5Q3hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsiJfMA0G
CSqGSIb3DQEBCwUAA4IBAQBfa7VerCmKGk87gIGfSynkj05dd9FVxxm5wXkUs6oP
C2Z6QjJ1E6HbPxmcWvBWLKcaqutWrxdl+VF6aBpSv7thI5DaLg8WA8aV2skj8KOj
AHksoxZVpLCum5V/AIGsDbDHLIwdLEklZNwAvTsjQiiUR3gYZ/oW1E/b73/suOyh
SnBSgBsND0qE1nzIUCxeEw7eZdFMfx5mvoAD523r56N0mxPbclPBadJ9vvTf5rkQ
IxUjtFyFTtd61bXeH3GP2/6M+novzn4RPHSLwAzi61HDchkw4Kg1sLpKiJf103dg
KIaZXdVVsT1RV2E68Br7ENDb7w9Fr2WqQhVxfRSQ5Tuo
-----END CERTIFICATE-----