Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/9hd9pdjjhxf4B04nn9ngolfb1xU.roa
File:                     9hd9pdjjhxf4B04nn9ngolfb1xU.roa (raw, json)
Hash identifier:          CCQe4+3ZrPBL9AjgBNjkN3HMyWwOhlCrWLS+W8B86G4=
Subject key identifier:   F6:17:7D:A5:D8:E3:87:17:F8:07:4E:27:9F:D9:E0:A2:57:DB:D7:15
Certificate issuer:       /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial:       018CC5DC5A92CA1067E41A4E1E3D354E05E8
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/9hd9pdjjhxf4B04nn9ngolfb1xU.roa
Signing time:             Mon 01 Jan 2024 16:30:01 +0000
ROA not before:           Mon 01 Jan 2024 16:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4787
IP address blocks:        163.171.67.0/24 maxlen: 24
                          148.253.254.0/24 maxlen: 24
                          148.253.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 10:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:5a:92:ca:10:67:e4:1a:4e:1e:3d:35:4e:05:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
        Validity
            Not Before: Jan  1 16:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6177da5d8e38717f8074e279fd9e0a257dbd715
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:3c:33:0d:a7:56:2b:e6:06:f7:40:21:03:33:
                    5e:6a:b5:77:69:75:26:55:ee:ea:46:d7:45:44:67:
                    8f:96:c5:b0:c5:89:a9:8e:4b:08:dd:4a:b0:85:9b:
                    56:78:a0:c8:6a:91:41:b0:41:f1:ee:29:92:68:fd:
                    ad:f9:02:35:f9:39:9d:90:39:c4:73:75:cb:8f:9a:
                    a5:da:ce:d2:58:68:a4:3f:f4:df:e5:59:6b:bb:cb:
                    6f:85:6a:0d:d9:b6:ce:1b:14:14:3c:3c:0d:5e:72:
                    6c:2e:65:e8:c8:8b:6e:0c:e6:9e:2d:91:f1:29:ee:
                    69:34:c8:d3:96:b0:b3:7e:c9:c9:f1:0b:3d:36:15:
                    ab:eb:91:9f:0e:63:8f:58:3c:08:a4:3a:ce:1d:fc:
                    d0:3f:dd:2d:dd:dd:ef:07:1f:9a:5d:c0:9c:2c:6c:
                    92:b8:e0:6b:08:1d:e7:07:4d:3b:79:38:21:53:71:
                    c4:30:23:c0:75:d6:fc:14:1a:80:3d:91:fd:fb:87:
                    d0:31:4a:17:95:a0:fb:df:07:15:a9:10:59:3f:60:
                    fa:df:8e:70:1d:31:f0:e1:a1:ac:e8:3f:f1:32:e0:
                    e4:15:13:82:ea:db:ce:46:76:1d:89:0b:5d:db:ba:
                    81:ea:6f:ed:5c:e6:15:e4:e1:3a:d0:96:3a:e5:30:
                    0f:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:17:7D:A5:D8:E3:87:17:F8:07:4E:27:9F:D9:E0:A2:57:DB:D7:15
            X509v3 Authority Key Identifier:
                keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/9hd9pdjjhxf4B04nn9ngolfb1xU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.253.254.0/23
                  163.171.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:b3:9e:0e:c8:d7:44:ef:0c:84:e2:51:d2:85:b2:77:2c:68:
         e7:e2:79:3a:8c:4c:c6:9a:fe:55:16:1c:bf:2a:44:4a:e3:0d:
         70:d3:b2:96:87:69:59:f7:d2:e9:d5:62:67:d7:5a:c6:31:43:
         b8:15:6b:39:6d:f4:83:54:74:bd:25:9b:08:c2:a5:c2:61:93:
         ef:57:7f:c6:52:1f:3c:7b:7d:ac:7d:be:d0:82:73:9d:64:da:
         7b:f7:25:e1:cf:74:66:21:c4:be:22:96:c2:b2:7b:e4:8d:e9:
         76:49:e6:ab:1e:4e:b4:a6:62:25:58:30:31:db:41:8b:5a:14:
         ed:05:d5:36:d3:72:85:d2:b4:78:6b:00:65:69:c5:20:d5:a1:
         5d:77:6c:8b:9f:c6:a1:6f:a9:5d:7f:b0:8e:83:fd:4c:77:85:
         f2:53:6c:23:7e:b7:8c:f3:89:cc:80:2f:5c:5e:a5:b4:09:b7:
         15:d9:79:69:79:f4:72:6f:5e:4f:b9:5a:50:c9:9a:d8:89:5d:
         af:09:aa:d5:a5:16:a8:54:8f:39:8e:46:d3:4d:db:11:e4:dd:
         c2:46:e0:71:09:26:dc:b3:cd:b4:a0:e6:06:90:46:ae:25:47:
         7f:0d:cb:a4:56:99:4a:d6:64:30:2c:c4:f1:85:fd:ed:f8:89:
         05:93:40:a7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3FqSyhBn5BpOHj01TgXoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjQwMTAxMTYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjE3N2RhNWQ4ZTM4NzE3ZjgwNzRlMjc5ZmQ5ZTBhMjU3ZGJkNzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTwzDadWK+YG90AhAzNearV3aXUm
Ve7qRtdFRGePlsWwxYmpjksI3UqwhZtWeKDIapFBsEHx7imSaP2t+QI1+TmdkDnE
c3XLj5ql2s7SWGikP/Tf5Vlru8tvhWoN2bbOGxQUPDwNXnJsLmXoyItuDOaeLZHx
Ke5pNMjTlrCzfsnJ8Qs9NhWr65GfDmOPWDwIpDrOHfzQP90t3d3vBx+aXcCcLGyS
uOBrCB3nB007eTghU3HEMCPAddb8FBqAPZH9+4fQMUoXlaD73wcVqRBZP2D6345w
HTHw4aGs6D/xMuDkFROC6tvORnYdiQtd27qB6m/tXOYV5OE60JY65TAP6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPYXfaXY44cX+AdOJ5/Z4KJX29cVMB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvOWhkOXBkampoeGY0QjA0bm45bmdvbGZiMXhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBlP3+AwQA
o6tDMA0GCSqGSIb3DQEBCwUAA4IBAQAKs54OyNdE7wyE4lHShbJ3LGjn4nk6jEzG
mv5VFhy/KkRK4w1w07KWh2lZ99Lp1WJn11rGMUO4FWs5bfSDVHS9JZsIwqXCYZPv
V3/GUh88e32sfb7QgnOdZNp79yXhz3RmIcS+IpbCsnvkjel2SearHk60pmIlWDAx
20GLWhTtBdU203KF0rR4awBlacUg1aFdd2yLn8ahb6ldf7COg/1Md4XyU2wjfreM
84nMgC9cXqW0CbcV2XlpefRyb15PuVpQyZrYiV2vCarVpRaoVI85jkbTTdsR5N3C
RuBxCSbcs820oOYGkEauJUd/DcukVplK1mQwLMTxhf3t+IkFk0Cn
-----END CERTIFICATE-----