Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/5y0Gse_aiq1CFYHSpdd9xryk0dg.roa
File:                     5y0Gse_aiq1CFYHSpdd9xryk0dg.roa (raw, json)
Hash identifier:          x9Aj2FpSydUZgjwkZb0/1DV6HzmtxfeI/Do22M+GWdA=
Subject key identifier:   E7:2D:06:B1:EF:DA:8A:AD:42:15:81:D2:A5:D7:7D:C6:BC:A4:D1:D8
Certificate issuer:       /CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
Certificate serial:       018CC3B73C80E222E21E1EA5FCAE19F13169
Authority key identifier: B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/5y0Gse_aiq1CFYHSpdd9xryk0dg.roa
Signing time:             Mon 01 Jan 2024 06:30:14 +0000
ROA not before:           Mon 01 Jan 2024 06:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13099
IP address blocks:        37.32.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3c:80:e2:22:e2:1e:1e:a5:fc:ae:19:f1:31:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
        Validity
            Not Before: Jan  1 06:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e72d06b1efda8aad421581d2a5d77dc6bca4d1d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c0:22:ef:50:a1:77:4e:c4:e6:73:b4:c6:73:
                    d7:7c:e2:c1:24:c4:ba:d4:4d:19:4e:75:87:a0:34:
                    bd:1e:0e:4f:28:be:79:da:d2:7a:e5:91:ea:6f:40:
                    3f:3e:b7:b9:a7:57:ff:27:f2:95:7a:4a:6e:09:e6:
                    11:f8:9d:c1:f5:18:8e:a9:16:28:ad:2c:5c:3d:f5:
                    94:94:ac:25:66:31:e7:19:87:63:bf:7e:5c:37:58:
                    e4:87:e7:a8:3c:6c:dc:84:6c:c7:5f:cc:40:58:3d:
                    37:35:82:11:d8:1e:bf:1f:d7:38:f2:e1:fc:1e:bc:
                    85:46:d3:9a:46:19:68:1b:cc:b0:25:44:c8:93:d1:
                    a1:e2:58:7b:77:3e:15:b3:e1:91:8e:c5:fb:03:1e:
                    4e:cb:cc:a3:df:ff:aa:84:08:0b:af:d8:5d:ec:2e:
                    71:74:08:67:dd:c7:46:9f:c2:48:9b:5a:0f:f5:d7:
                    3d:06:9a:79:f6:a7:bb:c0:b4:51:59:cd:0e:75:25:
                    00:c3:5b:23:f3:c4:6b:2f:45:0e:2d:37:b1:47:2f:
                    a7:1c:5d:67:81:11:60:00:b4:ed:eb:db:51:4c:5a:
                    d1:7a:c9:b3:0b:a7:3f:c8:4f:4b:ec:24:3b:f7:de:
                    ab:1f:aa:da:ad:9a:b0:e8:dc:dc:56:7e:84:76:2e:
                    27:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:2D:06:B1:EF:DA:8A:AD:42:15:81:D2:A5:D7:7D:C6:BC:A4:D1:D8
            X509v3 Authority Key Identifier:
                keyid:B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/5y0Gse_aiq1CFYHSpdd9xryk0dg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:0c:73:37:04:75:24:79:a0:ab:a4:ad:53:c7:00:a4:dd:71:
         2b:2e:0a:44:84:5f:1d:d6:18:bc:58:cb:8d:11:81:ef:11:04:
         dc:99:5c:30:5b:b8:f3:36:3a:9e:1b:9f:df:2f:3b:3b:99:1f:
         e3:44:ce:2f:8b:13:e7:5a:3b:ef:bb:8a:fb:8c:ff:5d:99:49:
         d3:83:78:2c:94:f7:8d:5c:64:03:64:f0:1b:a6:3f:77:a5:dd:
         a8:64:64:c3:f4:6c:df:c2:fb:39:c5:dc:6e:46:75:7a:04:8f:
         41:f5:ed:ce:26:74:24:8b:fe:0b:6e:dc:52:dc:fe:5b:ee:fc:
         b2:c4:15:ab:c3:87:26:09:c8:70:9d:65:21:5d:22:b7:52:7f:
         bc:fa:56:91:a6:4f:18:90:43:06:bf:3c:cb:62:1b:36:7e:10:
         5f:c9:1f:e9:a8:6e:2f:97:b0:6d:aa:40:9b:f4:6b:5e:be:d2:
         8f:27:cb:5e:1a:6b:d0:01:67:66:7f:d9:9b:d6:ba:b9:c5:3d:
         df:e6:6b:50:98:e7:aa:a0:58:bd:20:7d:2e:f0:13:60:ac:ea:
         fc:22:a6:86:e8:cd:68:12:0b:fe:43:66:d7:de:8e:f8:2d:43:
         78:1f:cb:e7:cd:f8:f9:3d:77:33:6d:58:a3:c1:cb:7b:7d:7e:
         40:97:e6:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzyA4iLiHh6l/K4Z8TFpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZTgyYmExNzE1ZDZhZWFlNWIwMTAyNzI1ZmZlMGM4MzQ3
MzVkN2QwHhcNMjQwMTAxMDYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzJkMDZiMWVmZGE4YWFkNDIxNTgxZDJhNWQ3N2RjNmJjYTRkMWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcAi71Chd07E5nO0xnPXfOLBJMS6
1E0ZTnWHoDS9Hg5PKL552tJ65ZHqb0A/Pre5p1f/J/KVekpuCeYR+J3B9RiOqRYo
rSxcPfWUlKwlZjHnGYdjv35cN1jkh+eoPGzchGzHX8xAWD03NYIR2B6/H9c48uH8
HryFRtOaRhloG8ywJUTIk9Gh4lh7dz4Vs+GRjsX7Ax5Oy8yj3/+qhAgLr9hd7C5x
dAhn3cdGn8JIm1oP9dc9Bpp59qe7wLRRWc0OdSUAw1sj88RrL0UOLTexRy+nHF1n
gRFgALTt69tRTFrResmzC6c/yE9L7CQ7996rH6rarZqw6NzcVn6Edi4ncwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOctBrHv2oqtQhWB0qXXfca8pNHYMB8GA1UdIwQY
MBaAFLToK6FxXWrq5bAQJyX/4Mg0c119MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMt
YzdkMTk5MzBkNjZkLzEvNXkwR3NlX2FpcTFDRllIU3BkZDl4cnlrMGRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMtYzdkMTk5MzBkNjZk
LzEvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJSBLMA0G
CSqGSIb3DQEBCwUAA4IBAQBkDHM3BHUkeaCrpK1TxwCk3XErLgpEhF8d1hi8WMuN
EYHvEQTcmVwwW7jzNjqeG5/fLzs7mR/jRM4vixPnWjvvu4r7jP9dmUnTg3gslPeN
XGQDZPAbpj93pd2oZGTD9Gzfwvs5xdxuRnV6BI9B9e3OJnQki/4LbtxS3P5b7vyy
xBWrw4cmCchwnWUhXSK3Un+8+laRpk8YkEMGvzzLYhs2fhBfyR/pqG4vl7BtqkCb
9GtevtKPJ8teGmvQAWdmf9mb1rq5xT3f5mtQmOeqoFi9IH0u8BNgrOr8IqaG6M1o
Egv+Q2bX3o74LUN4H8vnzfj5PXczbVijwct7fX5Al+br
-----END CERTIFICATE-----