Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/fOkselXafJPSrFI6eG2P4Lqbeh0.roa
File:                     fOkselXafJPSrFI6eG2P4Lqbeh0.roa (raw, json)
Hash identifier:          DjozkUwfF2K6LLQDw69raDeQ8EZlqcQ4bgR+srU6hkI=
Subject key identifier:   7C:E9:2C:7A:55:DA:7C:93:D2:AC:52:3A:78:6D:8F:E0:BA:9B:7A:1D
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       01912CBD42D3D8CF72B419A99CFF85C47D93
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/fOkselXafJPSrFI6eG2P4Lqbeh0.roa
Signing time:             Wed 07 Aug 2024 12:08:06 +0000
ROA not before:           Wed 07 Aug 2024 12:08:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210817
IP address blocks:        37.148.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:2c:bd:42:d3:d8:cf:72:b4:19:a9:9c:ff:85:c4:7d:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Aug  7 12:08:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ce92c7a55da7c93d2ac523a786d8fe0ba9b7a1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:9d:1b:d3:01:a4:fb:af:06:33:70:03:32:d0:
                    9d:68:4e:ec:74:51:1c:9b:1d:fc:01:22:91:5f:4f:
                    c4:20:94:a9:d5:cc:e7:fa:8f:ee:03:af:12:94:2d:
                    52:c4:21:5e:f1:43:29:10:ad:08:d2:2f:fb:ba:aa:
                    04:86:92:60:54:e9:40:4c:c3:ef:06:a1:d8:87:a9:
                    86:09:6b:8d:41:96:8f:50:06:63:99:1d:fd:c3:e1:
                    22:3f:b4:d7:88:49:2c:0a:96:ac:cc:5b:d5:47:48:
                    cc:35:75:b7:4c:2e:c3:a7:b3:ea:4e:8b:f9:10:dc:
                    ce:4a:59:2c:af:ee:bf:d5:76:3c:20:b1:f7:c8:5e:
                    9e:75:c1:01:ae:35:94:ce:21:6a:c0:0f:f8:0b:dd:
                    8f:5f:d1:5c:25:fc:8f:8f:e1:15:72:ed:b7:f8:7e:
                    99:c7:77:e0:cc:48:34:f0:cd:e1:8d:c3:ce:e6:a0:
                    4b:d3:85:e5:bf:4f:d1:56:55:4d:a6:3c:cc:28:d7:
                    a8:69:56:96:fc:cd:3c:3f:f5:0e:8d:11:c1:c6:f8:
                    fc:55:0d:e0:de:7b:e3:db:dd:3a:78:c0:cd:26:7b:
                    fe:30:60:16:66:65:d1:ae:83:3a:e3:eb:95:dc:80:
                    aa:7c:8d:ee:b2:5d:2e:14:04:df:f5:a1:cb:74:eb:
                    63:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:E9:2C:7A:55:DA:7C:93:D2:AC:52:3A:78:6D:8F:E0:BA:9B:7A:1D
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/fOkselXafJPSrFI6eG2P4Lqbeh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.148.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:ba:3c:49:7e:f6:26:e9:2a:58:7e:0e:a2:2d:59:90:c5:75:
         43:11:60:c5:20:94:64:77:f8:29:94:83:e0:b0:f1:ef:88:0d:
         3d:9d:bb:72:60:0d:20:34:ea:fd:e0:5e:cc:e8:97:5c:2c:50:
         5d:88:85:2e:69:ea:cf:6f:1a:b6:0b:97:54:fb:0b:f4:78:66:
         13:6c:4c:5c:3d:a0:57:f9:e5:d4:a8:c5:87:3c:ac:96:26:18:
         49:f0:63:9f:cb:0c:00:6c:ae:0e:15:90:00:d6:d0:10:b9:4f:
         0d:30:bf:a3:89:17:74:86:9e:62:af:2d:dc:5e:f8:79:ee:93:
         5e:f1:89:80:10:e4:8c:b2:b0:81:2f:04:a5:d2:ac:68:c0:6d:
         b3:52:84:f3:3e:b0:0d:77:9a:19:2e:f3:0e:2c:b0:f2:6b:e2:
         ee:72:9f:93:35:a3:6e:bb:6a:05:9c:24:08:fe:1b:00:a0:9a:
         02:7c:ee:ec:32:c1:67:c9:fa:3d:bd:d4:e6:ed:a2:09:d9:e6:
         7b:b3:dc:3d:a5:33:1d:70:ff:ea:b3:ed:ae:30:56:d7:13:8c:
         25:2e:ab:68:59:d6:1b:17:2e:9b:84:ea:62:fb:56:ad:1d:7d:
         3a:6c:aa:17:ea:19:ed:a1:b4:c5:2c:f6:27:43:11:f0:41:06:
         66:a1:34:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEsvULT2M9ytBmpnP+FxH2TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwODA3MTIwODA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2U5MmM3YTU1ZGE3YzkzZDJhYzUyM2E3ODZkOGZlMGJhOWI3YTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApp0b0wGk+68GM3ADMtCdaE7sdFEc
mx38ASKRX0/EIJSp1czn+o/uA68SlC1SxCFe8UMpEK0I0i/7uqoEhpJgVOlATMPv
BqHYh6mGCWuNQZaPUAZjmR39w+EiP7TXiEksCpaszFvVR0jMNXW3TC7Dp7PqTov5
ENzOSlksr+6/1XY8ILH3yF6edcEBrjWUziFqwA/4C92PX9FcJfyPj+EVcu23+H6Z
x3fgzEg08M3hjcPO5qBL04Xlv0/RVlVNpjzMKNeoaVaW/M08P/UOjRHBxvj8VQ3g
3nvj2906eMDNJnv+MGAWZmXRroM64+uV3ICqfI3usl0uFATf9aHLdOtjuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHzpLHpV2nyT0qxSOnhtj+C6m3odMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvZk9rc2VsWGFmSlBTckZJNmVHMlA0THFiZWgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZSsMA0G
CSqGSIb3DQEBCwUAA4IBAQBLujxJfvYm6SpYfg6iLVmQxXVDEWDFIJRkd/gplIPg
sPHviA09nbtyYA0gNOr94F7M6JdcLFBdiIUuaerPbxq2C5dU+wv0eGYTbExcPaBX
+eXUqMWHPKyWJhhJ8GOfywwAbK4OFZAA1tAQuU8NML+jiRd0hp5iry3cXvh57pNe
8YmAEOSMsrCBLwSl0qxowG2zUoTzPrANd5oZLvMOLLDya+Lucp+TNaNuu2oFnCQI
/hsAoJoCfO7sMsFnyfo9vdTm7aIJ2eZ7s9w9pTMdcP/qs+2uMFbXE4wlLqtoWdYb
Fy6bhOpi+1atHX06bKoX6hntobTFLPYnQxHwQQZmoTTX
-----END CERTIFICATE-----