Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/souJ8C993718HHq8B2qYvQlwZGw.roa
File:                     souJ8C993718HHq8B2qYvQlwZGw.roa (raw, json)
Hash identifier:          m4MoQrmKFJcurTBT6zmHKk3hibii3uhEV0vFN8IHOfk=
Subject key identifier:   B2:8B:89:F0:2F:7D:DF:BD:7C:1C:7A:BC:07:6A:98:BD:09:70:64:6C
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A766437772510A2BBEED7E480E37E
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/souJ8C993718HHq8B2qYvQlwZGw.roa
Signing time:             Mon 01 Jan 2024 18:30:17 +0000
ROA not before:           Mon 01 Jan 2024 18:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42938
IP address blocks:        37.230.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 04:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:76:64:37:77:25:10:a2:bb:ee:d7:e4:80:e3:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b28b89f02f7ddfbd7c1c7abc076a98bd0970646c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b9:dd:18:1a:2e:3a:37:d4:ec:20:54:3a:71:
                    b8:78:16:80:10:ea:4e:a1:de:f6:02:97:64:a5:f4:
                    43:ff:97:68:63:24:51:b9:bf:d2:03:a1:25:aa:90:
                    ec:be:f6:9f:3b:79:af:bf:9c:fa:18:aa:7e:41:92:
                    72:28:2d:5d:88:b8:68:0c:36:f2:25:db:4a:ed:60:
                    be:02:db:9e:28:98:e9:e8:95:b4:2b:07:a8:8d:23:
                    b5:c1:a4:59:0d:7a:c3:cb:bb:70:30:c5:b2:3a:22:
                    f7:c7:3f:34:a4:65:b0:ba:f6:25:d4:7e:ab:80:43:
                    11:3f:60:67:6a:90:00:a7:6d:d5:fc:f1:6c:40:cd:
                    f2:1c:f4:64:df:79:c8:c0:65:f2:87:71:fa:39:47:
                    a3:07:4a:14:e8:40:6e:59:f5:41:0c:66:9a:55:86:
                    0f:e4:13:03:14:4b:a0:e4:6b:4f:1a:33:8b:d0:bd:
                    19:c6:4a:85:ab:f4:95:c9:18:79:0f:49:50:66:32:
                    12:08:4c:03:bc:cb:ca:77:c8:89:21:18:f8:95:68:
                    cc:87:45:84:da:bf:33:69:76:f9:d3:0a:09:2f:65:
                    d9:6a:aa:9d:28:0a:57:06:a3:92:44:c3:5f:8f:53:
                    f7:77:17:61:a3:8f:f4:ae:5f:ed:82:1c:d2:bb:37:
                    7b:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:8B:89:F0:2F:7D:DF:BD:7C:1C:7A:BC:07:6A:98:BD:09:70:64:6C
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/souJ8C993718HHq8B2qYvQlwZGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.230.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:ff:1d:62:ed:19:46:c0:d3:56:5f:f7:44:c3:80:3e:ae:3e:
         e1:78:e9:8d:02:6b:2e:5e:8c:43:39:6f:94:d6:a0:26:cd:b2:
         8d:c7:dc:10:85:38:47:2d:d2:ae:93:1a:95:36:3a:a6:c2:af:
         90:6a:c8:48:83:56:c2:03:96:05:2c:75:44:ec:ae:98:19:0f:
         0a:2e:c7:d3:25:83:f9:bd:ad:de:bc:70:0c:e6:f1:d5:9d:a1:
         65:64:f0:82:81:ce:a5:63:82:5e:ed:ce:e4:bd:27:30:c9:1f:
         73:6b:da:d5:3b:0b:d4:a8:d8:06:28:57:fa:ab:1f:0c:01:64:
         08:dc:fb:95:6b:d8:9c:7f:17:ce:a1:71:ea:29:e2:6f:b0:5d:
         24:a4:f8:8a:b6:dc:d7:cc:3d:04:68:c6:a0:69:d0:c1:c6:0f:
         0c:7b:58:12:ad:52:59:ba:f5:17:b0:32:e0:a4:70:7f:36:ad:
         09:4c:09:94:49:16:f3:6e:7a:f8:cf:28:51:5d:e1:b0:8b:75:
         5e:f3:f2:c6:5e:19:b5:04:e2:15:46:74:c4:e3:25:3c:00:3f:
         86:69:5b:d7:d6:bc:ba:68:9d:52:ea:47:b3:21:b0:3c:2f:2a:
         9a:82:1a:be:9f:16:c3:fa:0b:c1:fa:3e:c4:59:f1:6d:66:e9:
         46:c8:b7:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSnZkN3clEKK77tfkgON+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjhiODlmMDJmN2RkZmJkN2MxYzdhYmMwNzZhOThiZDA5NzA2NDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrndGBouOjfU7CBUOnG4eBaAEOpO
od72ApdkpfRD/5doYyRRub/SA6ElqpDsvvafO3mvv5z6GKp+QZJyKC1diLhoDDby
JdtK7WC+AtueKJjp6JW0KweojSO1waRZDXrDy7twMMWyOiL3xz80pGWwuvYl1H6r
gEMRP2BnapAAp23V/PFsQM3yHPRk33nIwGXyh3H6OUejB0oU6EBuWfVBDGaaVYYP
5BMDFEug5GtPGjOL0L0ZxkqFq/SVyRh5D0lQZjISCEwDvMvKd8iJIRj4lWjMh0WE
2r8zaXb50woJL2XZaqqdKApXBqOSRMNfj1P3dxdho4/0rl/tghzSuzd7JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLKLifAvfd+9fBx6vAdqmL0JcGRsMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvc291SjhDOTkzNzE4SEhxOEIycVl2UWx3Wkd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJeb3MA0G
CSqGSIb3DQEBCwUAA4IBAQAo/x1i7RlGwNNWX/dEw4A+rj7heOmNAmsuXoxDOW+U
1qAmzbKNx9wQhThHLdKukxqVNjqmwq+QashIg1bCA5YFLHVE7K6YGQ8KLsfTJYP5
va3evHAM5vHVnaFlZPCCgc6lY4Je7c7kvScwyR9za9rVOwvUqNgGKFf6qx8MAWQI
3PuVa9icfxfOoXHqKeJvsF0kpPiKttzXzD0EaMagadDBxg8Me1gSrVJZuvUXsDLg
pHB/Nq0JTAmUSRbzbnr4zyhRXeGwi3Ve8/LGXhm1BOIVRnTE4yU8AD+GaVvX1ry6
aJ1S6kezIbA8Lyqaghq+nxbD+gvB+j7EWfFtZulGyLcv
-----END CERTIFICATE-----