Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/0osE71JmSyTOrMjVGenTeuuKgxc.roa
File:                     0osE71JmSyTOrMjVGenTeuuKgxc.roa (raw, json)
Hash identifier:          UGjSCNUeoS6yxQkVPV9djeHdodqKhk2oR4iDlFAUeY0=
Subject key identifier:   D2:8B:04:EF:52:66:4B:24:CE:AC:C8:D5:19:E9:D3:7A:EB:8A:83:17
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       019155FA1AA7DDE4EA28028B060CB0CC6DC7
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/0osE71JmSyTOrMjVGenTeuuKgxc.roa
Signing time:             Thu 15 Aug 2024 12:18:59 +0000
ROA not before:           Thu 15 Aug 2024 12:18:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44341
IP address blocks:        195.211.160.0/24 maxlen: 24
                          195.211.161.0/24 maxlen: 24
                          195.211.162.0/24 maxlen: 24
                          195.211.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:55:fa:1a:a7:dd:e4:ea:28:02:8b:06:0c:b0:cc:6d:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Aug 15 12:18:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d28b04ef52664b24ceacc8d519e9d37aeb8a8317
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e3:6e:d2:b6:bd:07:3b:f8:9a:12:16:96:7e:
                    99:18:67:92:ce:ef:77:74:9d:3c:bc:97:8f:9c:c4:
                    6f:08:7a:f4:4d:15:df:0a:fe:52:78:01:50:a0:54:
                    f7:fb:c7:9d:73:cd:7a:1e:47:02:9f:d1:71:c6:b9:
                    98:98:84:9b:84:df:64:e2:7a:0f:1a:2c:35:12:71:
                    ec:4e:38:05:41:ee:ac:1c:02:d4:f8:1a:e1:d5:fe:
                    56:ee:a9:20:2a:23:22:24:c1:64:ca:a2:71:02:7c:
                    86:76:5b:41:17:45:f1:63:03:a4:03:08:4a:d2:92:
                    c4:cb:aa:8d:3a:b0:3d:7d:0a:10:d9:8a:82:1c:6c:
                    0c:a5:92:44:8f:ab:65:02:9c:d6:f7:d6:5e:95:96:
                    1c:20:4d:4b:d1:51:d2:1d:8f:ed:47:1d:a8:3d:0c:
                    d4:1a:41:c4:7c:05:32:5c:25:41:ef:b6:1d:6d:42:
                    03:b2:3a:5c:4c:32:69:66:8f:41:3d:d4:29:b2:01:
                    2e:da:02:ed:37:b5:0c:80:f5:7e:0a:7b:61:46:cd:
                    e4:60:20:c6:b6:27:0a:b0:60:de:88:37:e7:1e:7d:
                    7a:a7:25:6b:fe:a4:99:c5:3a:b1:41:c0:a2:ac:1e:
                    6c:9c:e6:17:fa:fe:a3:78:b3:46:47:66:58:f4:79:
                    12:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:8B:04:EF:52:66:4B:24:CE:AC:C8:D5:19:E9:D3:7A:EB:8A:83:17
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/0osE71JmSyTOrMjVGenTeuuKgxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.211.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:41:1a:a6:3b:c9:6c:8a:7a:6b:3f:03:3b:d8:1d:cb:f1:c9:
         2a:2e:30:ed:8f:15:67:54:6b:12:90:53:26:83:3c:f8:c3:a6:
         ce:2a:cf:14:2c:38:8a:92:13:1a:48:a2:a6:74:a2:af:67:21:
         a9:f5:66:72:bc:e0:f0:66:30:fe:b6:e0:81:f1:d5:53:a5:ce:
         a7:c4:84:bf:ec:02:cb:e7:8f:dd:86:a1:35:b1:0f:cf:b4:b1:
         06:47:6b:af:be:24:ed:b9:97:f4:f3:4f:f3:79:0e:32:45:2f:
         d3:01:bb:63:12:16:ff:02:24:90:2b:22:21:2a:09:25:de:df:
         20:0e:b2:d5:3f:88:92:d9:31:64:97:d4:ff:ca:a2:cc:c0:ff:
         24:2a:dd:2a:5a:eb:c1:dc:46:78:b1:9e:91:54:45:f9:43:16:
         70:0a:e2:d2:48:e0:0e:08:b2:10:8b:e1:4b:6f:c7:eb:72:45:
         50:8f:a0:d4:28:c6:f1:84:f6:71:a3:16:c9:da:5a:ab:00:58:
         b0:fb:70:5c:88:7f:30:01:cf:74:36:44:6a:78:fa:3b:75:a3:
         0f:6f:5f:c5:de:bc:bf:b7:69:c2:65:84:45:ee:c6:04:e1:3f:
         68:15:8e:cc:b8:e7:0d:1f:6a:ed:15:3d:4d:86:87:a4:4b:c2:
         73:15:d7:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFV+hqn3eTqKAKLBgywzG3HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjQwODE1MTIxODU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjhiMDRlZjUyNjY0YjI0Y2VhY2M4ZDUxOWU5ZDM3YWViOGE4MzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+Nu0ra9Bzv4mhIWln6ZGGeSzu93
dJ08vJePnMRvCHr0TRXfCv5SeAFQoFT3+8edc816HkcCn9FxxrmYmISbhN9k4noP
Giw1EnHsTjgFQe6sHALU+Brh1f5W7qkgKiMiJMFkyqJxAnyGdltBF0XxYwOkAwhK
0pLEy6qNOrA9fQoQ2YqCHGwMpZJEj6tlApzW99ZelZYcIE1L0VHSHY/tRx2oPQzU
GkHEfAUyXCVB77YdbUIDsjpcTDJpZo9BPdQpsgEu2gLtN7UMgPV+CnthRs3kYCDG
ticKsGDeiDfnHn16pyVr/qSZxTqxQcCirB5snOYX+v6jeLNGR2ZY9HkS5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNKLBO9SZkskzqzI1Rnp03rrioMXMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvMG9zRTcxSm1TeVRPck1qVkdlblRldXVLZ3hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw9OgMA0G
CSqGSIb3DQEBCwUAA4IBAQA2QRqmO8lsinprPwM72B3L8ckqLjDtjxVnVGsSkFMm
gzz4w6bOKs8ULDiKkhMaSKKmdKKvZyGp9WZyvODwZjD+tuCB8dVTpc6nxIS/7ALL
54/dhqE1sQ/PtLEGR2uvviTtuZf080/zeQ4yRS/TAbtjEhb/AiSQKyIhKgkl3t8g
DrLVP4iS2TFkl9T/yqLMwP8kKt0qWuvB3EZ4sZ6RVEX5QxZwCuLSSOAOCLIQi+FL
b8frckVQj6DUKMbxhPZxoxbJ2lqrAFiw+3BciH8wAc90NkRqePo7daMPb1/F3ry/
t2nCZYRF7sYE4T9oFY7MuOcNH2rtFT1NhoekS8JzFdf6
-----END CERTIFICATE-----