Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/ROs8syCA3CaBxLKk3a8m8_U6MnY.roa
File:                     ROs8syCA3CaBxLKk3a8m8_U6MnY.roa (raw, json)
Hash identifier:          wMy7wMVUKcbtHSH+eB3/k/pWYvmIeS8cPT8hkkpIGzg=
Subject key identifier:   44:EB:3C:B3:20:80:DC:26:81:C4:B2:A4:DD:AF:26:F3:F5:3A:32:76
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649EEE5EE1E7151152AFC22244E969C
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/ROs8syCA3CaBxLKk3a8m8_U6MnY.roa
Signing time:             Mon 01 Jan 2024 18:29:43 +0000
ROA not before:           Mon 01 Jan 2024 18:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205526
IP address blocks:        213.169.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 15:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:ee:e5:ee:1e:71:51:15:2a:fc:22:24:4e:96:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44eb3cb32080dc2681c4b2a4ddaf26f3f53a3276
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:28:2e:06:2f:a2:a0:91:7c:2b:48:7c:a3:8b:
                    3f:3c:60:8f:ba:db:d1:72:5b:78:37:fd:7c:d9:3a:
                    71:e4:8a:26:75:9c:c0:01:55:01:65:26:b1:6d:03:
                    5e:18:f6:c3:0b:98:ed:0b:0d:cc:34:91:b3:20:28:
                    ed:a4:0d:96:66:6c:c9:1f:29:59:8e:df:70:bb:0f:
                    fa:8c:d3:f0:60:82:03:22:ff:72:3a:b0:06:bc:67:
                    b8:c1:99:91:af:e9:78:5f:d4:74:1e:28:48:cd:1e:
                    06:2b:90:5d:0e:15:f2:46:85:16:bf:96:81:bd:0e:
                    c3:15:5a:90:8b:fd:67:6a:e1:c5:28:2b:e3:08:d2:
                    81:44:58:c8:5c:83:62:37:b6:e8:08:4b:39:09:1b:
                    55:c0:44:ff:d5:e9:5c:14:c3:97:b1:d5:19:5f:14:
                    a2:6d:c6:b2:6b:6f:df:fb:42:65:93:62:b5:d0:67:
                    2f:37:ca:66:63:b9:87:c6:83:a0:e5:79:5d:3d:b8:
                    6f:e8:56:83:89:d6:69:aa:6f:8f:ba:4d:53:d1:ec:
                    60:c5:7c:17:51:9f:c4:7b:0d:75:64:cc:9f:bc:db:
                    38:4f:a9:4c:ee:e9:48:ff:19:60:1f:11:a1:03:d8:
                    f5:ab:22:cc:be:ab:a1:13:9f:58:1a:6e:ef:44:dc:
                    f5:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:EB:3C:B3:20:80:DC:26:81:C4:B2:A4:DD:AF:26:F3:F5:3A:32:76
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/ROs8syCA3CaBxLKk3a8m8_U6MnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.169.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:28:3c:70:d6:3d:a9:06:24:fc:6c:44:dc:58:6c:61:8d:72:
         9c:9d:45:33:da:a9:17:49:1c:31:ae:73:62:29:25:da:1b:b3:
         a0:0a:7c:29:44:df:b9:f2:74:96:4f:13:14:92:fe:47:fd:90:
         3a:12:fe:af:57:a3:8b:87:3a:62:e8:6c:ac:bf:f4:9f:d5:f8:
         bd:cb:53:bc:c2:7a:e8:bc:a8:ce:ef:0d:3c:5a:b4:1e:4f:d2:
         de:62:06:d7:63:90:ae:14:6f:e7:87:f2:ad:d6:79:65:94:41:
         85:c8:82:3a:44:e0:da:df:9c:a6:c7:2e:3b:74:01:b3:62:20:
         f5:86:81:3c:53:b8:72:a7:d5:01:02:03:83:d8:52:f6:ba:8b:
         65:02:f3:42:bb:a0:dd:79:7b:5e:c6:00:48:c7:9a:2e:49:f2:
         5f:48:f0:ba:1b:3b:96:24:b4:46:c0:5f:c4:1e:aa:84:3c:cf:
         c1:08:80:73:47:33:7b:f0:84:38:e8:49:a1:ec:e1:ac:e3:81:
         a3:7e:55:7f:22:ba:60:48:64:eb:37:c1:a8:aa:82:d3:86:e0:
         57:b2:89:df:e0:72:df:f8:eb:7e:8a:a0:89:f6:c5:01:75:12:
         37:77:8e:e3:fb:9d:07:1f:0c:ac:af:c6:b9:70:d7:1d:f2:27:
         20:9f:7a:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSe7l7h5xURUq/CIkTpacMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGViM2NiMzIwODBkYzI2ODFjNGIyYTRkZGFmMjZmM2Y1M2EzMjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiguBi+ioJF8K0h8o4s/PGCPutvR
clt4N/182Tpx5IomdZzAAVUBZSaxbQNeGPbDC5jtCw3MNJGzICjtpA2WZmzJHylZ
jt9wuw/6jNPwYIIDIv9yOrAGvGe4wZmRr+l4X9R0HihIzR4GK5BdDhXyRoUWv5aB
vQ7DFVqQi/1nauHFKCvjCNKBRFjIXINiN7boCEs5CRtVwET/1elcFMOXsdUZXxSi
bcaya2/f+0Jlk2K10GcvN8pmY7mHxoOg5XldPbhv6FaDidZpqm+Puk1T0exgxXwX
UZ/Eew11ZMyfvNs4T6lM7ulI/xlgHxGhA9j1qyLMvquhE59YGm7vRNz1tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFETrPLMggNwmgcSypN2vJvP1OjJ2MB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvUk9zOHN5Q0EzQ2FCeExLazNhOG04X1U2TW5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1aklMA0G
CSqGSIb3DQEBCwUAA4IBAQAhKDxw1j2pBiT8bETcWGxhjXKcnUUz2qkXSRwxrnNi
KSXaG7OgCnwpRN+58nSWTxMUkv5H/ZA6Ev6vV6OLhzpi6Gysv/Sf1fi9y1O8wnro
vKjO7w08WrQeT9LeYgbXY5CuFG/nh/Kt1nlllEGFyII6RODa35ymxy47dAGzYiD1
hoE8U7hyp9UBAgOD2FL2uotlAvNCu6DdeXtexgBIx5ouSfJfSPC6GzuWJLRGwF/E
HqqEPM/BCIBzRzN78IQ46Emh7OGs44GjflV/IrpgSGTrN8GoqoLThuBXsonf4HLf
+Ot+iqCJ9sUBdRI3d47j+50HHwysr8a5cNcd8icgn3pU
-----END CERTIFICATE-----