Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/f2c8a5-3b43-4baa-8a0e-4ff90d378642/1/dA0L5Y_8TwLrI8oP-k2Aemvk3AE.roa
File:                     dA0L5Y_8TwLrI8oP-k2Aemvk3AE.roa (raw, json)
Hash identifier:          s32mnLwatWDf3OgUlGArBmvotXGLTlPiSKvIiCI8qx4=
Subject key identifier:   74:0D:0B:E5:8F:FC:4F:02:EB:23:CA:0F:FA:4D:80:7A:6B:E4:DC:01
Certificate issuer:       /CN=533605742b7e122fcfb2aeba9fb10d6fca48e78e
Certificate serial:       018CC3B7238BB1998D8A85AA378D59E9D66B
Authority key identifier: 53:36:05:74:2B:7E:12:2F:CF:B2:AE:BA:9F:B1:0D:6F:CA:48:E7:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UzYFdCt-Ei_Psq66n7ENb8pI544.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/f2c8a5-3b43-4baa-8a0e-4ff90d378642/1/dA0L5Y_8TwLrI8oP-k2Aemvk3AE.roa
Signing time:             Mon 01 Jan 2024 06:30:08 +0000
ROA not before:           Mon 01 Jan 2024 06:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        147.122.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/f2c8a5-3b43-4baa-8a0e-4ff90d378642/1/UzYFdCt-Ei_Psq66n7ENb8pI544.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/f2c8a5-3b43-4baa-8a0e-4ff90d378642/1/UzYFdCt-Ei_Psq66n7ENb8pI544.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UzYFdCt-Ei_Psq66n7ENb8pI544.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:23:8b:b1:99:8d:8a:85:aa:37:8d:59:e9:d6:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=533605742b7e122fcfb2aeba9fb10d6fca48e78e
        Validity
            Not Before: Jan  1 06:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=740d0be58ffc4f02eb23ca0ffa4d807a6be4dc01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:c8:e9:0f:67:32:96:bb:5d:01:46:19:af:b2:
                    eb:85:6f:56:ae:14:4e:37:6d:70:05:99:17:5a:28:
                    dd:be:c0:88:77:b8:f5:ba:79:5c:0f:61:92:5d:cd:
                    94:74:c6:a3:eb:4c:02:db:7c:c3:1c:fb:c0:c3:57:
                    b3:1e:a1:0e:f3:b8:d9:07:34:d8:48:2b:58:2e:a9:
                    d7:c1:95:c4:8a:27:60:0c:5e:5d:42:91:ac:12:8c:
                    82:a3:5b:5c:81:e0:6e:b7:88:44:f4:16:4a:24:91:
                    63:7d:40:21:50:ea:a2:3d:1d:e4:5f:e3:7c:76:1e:
                    e0:9e:1c:57:36:3e:4b:c6:53:58:38:e4:a4:65:d9:
                    fc:f5:71:d4:5b:be:d1:20:3f:cf:1e:ec:73:93:75:
                    0a:05:fd:65:f4:89:4b:31:18:db:21:40:8a:ec:33:
                    47:59:c2:c4:12:8a:3e:11:a2:e9:00:6a:31:c8:4d:
                    a6:23:2c:27:17:90:92:a9:39:9c:03:ac:4f:19:ff:
                    0d:cc:a2:04:97:bc:2f:8b:44:34:0c:aa:81:d6:36:
                    6e:5a:06:64:9d:22:96:0e:71:a5:e8:e3:fd:c2:9c:
                    48:59:bb:d8:68:d4:90:02:06:fc:c2:b6:e6:04:09:
                    e7:e3:5b:c9:1e:8c:50:ec:06:60:13:d4:c0:9e:43:
                    4d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:0D:0B:E5:8F:FC:4F:02:EB:23:CA:0F:FA:4D:80:7A:6B:E4:DC:01
            X509v3 Authority Key Identifier:
                keyid:53:36:05:74:2B:7E:12:2F:CF:B2:AE:BA:9F:B1:0D:6F:CA:48:E7:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UzYFdCt-Ei_Psq66n7ENb8pI544.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/f2c8a5-3b43-4baa-8a0e-4ff90d378642/1/dA0L5Y_8TwLrI8oP-k2Aemvk3AE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/f2c8a5-3b43-4baa-8a0e-4ff90d378642/1/UzYFdCt-Ei_Psq66n7ENb8pI544.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.122.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         84:40:71:70:24:e4:a9:1a:83:f4:fa:7b:ef:e9:8c:37:32:f8:
         6a:ae:f4:e4:2d:ad:75:f2:01:01:32:1a:ac:9c:64:e6:92:64:
         51:5e:62:9d:65:91:e1:58:cc:39:9e:8b:b0:bc:78:ad:31:5a:
         06:35:35:94:dd:ab:43:30:5b:98:15:7d:dd:17:6d:39:11:ba:
         6c:2b:e8:8d:ad:35:f3:f9:49:ce:bb:39:bc:d0:42:1d:07:fe:
         35:0a:36:dd:5c:8e:93:e9:02:2b:8f:2a:d7:ac:9a:fb:16:ea:
         d7:07:11:f2:c2:0c:97:d0:81:70:ca:a2:a5:0e:48:55:c1:99:
         b2:cf:e9:82:98:fd:8a:cb:c4:f4:7b:48:19:40:ab:81:3c:45:
         00:ae:de:3e:1e:14:9b:eb:ff:a6:5e:2d:c9:75:0a:28:a2:de:
         5f:04:7c:29:39:56:e2:9a:86:5c:93:84:48:ef:ef:29:e6:37:
         b6:24:f3:83:55:f4:b8:db:76:e5:32:65:36:73:49:7f:e4:93:
         cf:6e:ea:a8:85:9f:69:d9:c9:22:49:29:86:d3:41:bf:34:2d:
         3d:6c:3e:ec:70:c9:2f:a0:73:b3:86:7d:7c:19:2a:4b:dc:60:
         08:92:31:1f:de:07:b7:8c:ab:94:00:2a:14:ca:11:52:a8:4b:
         b7:5d:3f:5a
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzDtyOLsZmNioWqN41Z6dZrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMzYwNTc0MmI3ZTEyMmZjZmIyYWViYTlmYjEwZDZmY2E0
OGU3OGUwHhcNMjQwMTAxMDYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDBkMGJlNThmZmM0ZjAyZWIyM2NhMGZmYTRkODA3YTZiZTRkYzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8jpD2cylrtdAUYZr7LrhW9WrhRO
N21wBZkXWijdvsCId7j1unlcD2GSXc2UdMaj60wC23zDHPvAw1ezHqEO87jZBzTY
SCtYLqnXwZXEiidgDF5dQpGsEoyCo1tcgeBut4hE9BZKJJFjfUAhUOqiPR3kX+N8
dh7gnhxXNj5LxlNYOOSkZdn89XHUW77RID/PHuxzk3UKBf1l9IlLMRjbIUCK7DNH
WcLEEoo+EaLpAGoxyE2mIywnF5CSqTmcA6xPGf8NzKIEl7wvi0Q0DKqB1jZuWgZk
nSKWDnGl6OP9wpxIWbvYaNSQAgb8wrbmBAnn41vJHoxQ7AZgE9TAnkNN6QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHQNC+WP/E8C6yPKD/pNgHpr5NwBMB8GA1UdIwQY
MBaAFFM2BXQrfhIvz7Kuup+xDW/KSOeOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXpZRmRDdC1FaV9Qc3E2Nm43RU5iOHBJNTQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9mMmM4YTUtM2I0My00YmFhLThhMGUt
NGZmOTBkMzc4NjQyLzEvZEEwTDVZXzhUd0xySThvUC1rMkFlbXZrM0FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9mMmM4YTUtM2I0My00YmFhLThhMGUtNGZmOTBkMzc4NjQy
LzEvVXpZRmRDdC1FaV9Qc3E2Nm43RU5iOHBJNTQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAk3owDQYJ
KoZIhvcNAQELBQADggEBAIRAcXAk5Kkag/T6e+/pjDcy+Gqu9OQtrXXyAQEyGqyc
ZOaSZFFeYp1lkeFYzDmei7C8eK0xWgY1NZTdq0MwW5gVfd0XbTkRumwr6I2tNfP5
Sc67ObzQQh0H/jUKNt1cjpPpAiuPKtesmvsW6tcHEfLCDJfQgXDKoqUOSFXBmbLP
6YKY/YrLxPR7SBlAq4E8RQCu3j4eFJvr/6ZeLcl1Ciii3l8EfCk5VuKahlyThEjv
7ynmN7Yk84NV9LjbduUyZTZzSX/kk89u6qiFn2nZySJJKYbTQb80LT1sPuxwyS+g
c7OGfXwZKkvcYAiSMR/eB7eMq5QAKhTKEVKoS7ddP1o=
-----END CERTIFICATE-----