Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/FGSBcrEEyjDF8OXNCL8_-Ek5PI8.roa
File:                     FGSBcrEEyjDF8OXNCL8_-Ek5PI8.roa (raw, json)
Hash identifier:          UqT3yqHATuctGAlD085hPWxXvD4IJOuzlCOhc+lQg/c=
Subject key identifier:   14:64:81:72:B1:04:CA:30:C5:F0:E5:CD:08:BF:3F:F8:49:39:3C:8F
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018CC801221CF38929FE677E4FFCEFF8552C
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/FGSBcrEEyjDF8OXNCL8_-Ek5PI8.roa
Signing time:             Tue 02 Jan 2024 02:29:26 +0000
ROA not before:           Tue 02 Jan 2024 02:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        159.148.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 07:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:22:1c:f3:89:29:fe:67:7e:4f:fc:ef:f8:55:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 02:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14648172b104ca30c5f0e5cd08bf3ff849393c8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:5e:a8:17:c2:d8:27:45:da:57:21:25:45:a2:
                    13:76:ce:af:72:f9:d4:74:be:ab:a1:4f:ae:36:65:
                    c0:6b:11:55:7c:0f:87:e3:ef:2e:2f:93:ac:10:67:
                    90:92:a6:cd:f2:8c:2e:e9:c9:26:98:d5:92:96:d7:
                    df:9d:a6:04:d0:fe:47:72:72:21:9f:22:ed:8a:c8:
                    2d:ff:46:69:04:ff:6a:95:83:41:d2:ad:81:b1:82:
                    7c:83:db:d9:5b:fc:19:d8:98:e2:a7:99:8f:0d:bb:
                    d2:10:4f:d0:82:72:51:34:3d:ef:b7:24:13:8f:b8:
                    86:f0:2b:62:3a:5b:b9:1a:a2:2a:a4:b7:cc:64:03:
                    f8:54:a7:e8:6b:50:64:1e:17:05:cc:06:a4:e0:24:
                    f1:ec:ed:b7:c0:ce:2f:a3:3a:65:5a:50:c9:7d:ba:
                    91:a1:03:54:85:19:9c:3b:59:b4:67:23:32:2a:d5:
                    50:95:87:67:78:0c:27:c1:8b:5f:87:e5:44:f0:75:
                    18:e2:b1:6a:8c:dd:99:e5:66:4d:cb:5f:09:86:c5:
                    ca:bd:e6:72:86:29:27:6a:60:53:2e:dc:96:0b:41:
                    38:7f:57:c3:2e:7f:2d:9a:78:ee:6f:4f:28:0a:38:
                    b3:95:3b:b2:c2:5c:2d:4f:8b:51:3d:f7:b9:6f:bf:
                    48:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:64:81:72:B1:04:CA:30:C5:F0:E5:CD:08:BF:3F:F8:49:39:3C:8F
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/FGSBcrEEyjDF8OXNCL8_-Ek5PI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:22:07:c4:65:10:06:ef:3d:1f:88:e9:0b:2b:d6:49:4c:9f:
         34:d5:ef:71:ed:69:db:ce:33:99:fd:29:6d:b3:d7:88:74:99:
         df:49:79:ab:18:82:3a:9c:97:7e:10:66:64:b7:cd:27:f1:bc:
         fb:93:3a:9f:36:6c:6e:ed:78:c1:e6:74:d7:cb:38:9c:d3:18:
         8f:2f:57:3c:66:27:37:29:bb:9d:2c:a0:f2:50:34:6d:7e:df:
         fa:7d:4b:5b:a7:bd:31:ca:65:3a:81:59:a1:f2:b9:e4:8e:0a:
         fc:ac:61:95:88:28:ec:29:ff:ce:48:af:fe:89:3c:a1:1c:98:
         d7:d0:bf:e2:cc:59:04:99:01:95:55:d5:5b:6d:2e:4a:23:e7:
         e5:cc:1b:c0:80:f0:9f:7e:ad:b1:6b:81:90:bd:43:8b:ee:eb:
         a0:1c:f7:a7:d3:04:03:db:f5:38:8c:fc:e0:0a:27:32:06:fd:
         9c:8f:f7:db:93:93:93:f7:7e:33:99:b1:61:35:2f:bf:2d:5c:
         55:30:19:f6:cc:9b:b5:b4:b5:73:86:ff:b7:38:c7:9c:a7:f5:
         fe:bd:a9:18:21:0b:ff:22:d8:54:a4:07:91:12:a7:21:de:08:
         b2:e6:c3:5d:19:08:0b:e4:79:92:49:35:4d:93:85:78:26:ce:
         46:eb:d6:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASIc84kp/md+T/zv+FUsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMTAyMDIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDY0ODE3MmIxMDRjYTMwYzVmMGU1Y2QwOGJmM2ZmODQ5MzkzYzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4V6oF8LYJ0XaVyElRaITds6vcvnU
dL6roU+uNmXAaxFVfA+H4+8uL5OsEGeQkqbN8owu6ckmmNWSltffnaYE0P5HcnIh
nyLtisgt/0ZpBP9qlYNB0q2BsYJ8g9vZW/wZ2Jjip5mPDbvSEE/QgnJRND3vtyQT
j7iG8CtiOlu5GqIqpLfMZAP4VKfoa1BkHhcFzAak4CTx7O23wM4vozplWlDJfbqR
oQNUhRmcO1m0ZyMyKtVQlYdneAwnwYtfh+VE8HUY4rFqjN2Z5WZNy18JhsXKveZy
hiknamBTLtyWC0E4f1fDLn8tmnjub08oCjizlTuywlwtT4tRPfe5b79I8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRkgXKxBMowxfDlzQi/P/hJOTyPMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvRkdTQmNyRUV5akRGOE9YTkNMOF8tRWs1UEk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn5SJMA0G
CSqGSIb3DQEBCwUAA4IBAQCYIgfEZRAG7z0fiOkLK9ZJTJ801e9x7WnbzjOZ/Slt
s9eIdJnfSXmrGII6nJd+EGZkt80n8bz7kzqfNmxu7XjB5nTXyzic0xiPL1c8Zic3
KbudLKDyUDRtft/6fUtbp70xymU6gVmh8rnkjgr8rGGViCjsKf/OSK/+iTyhHJjX
0L/izFkEmQGVVdVbbS5KI+flzBvAgPCffq2xa4GQvUOL7uugHPen0wQD2/U4jPzg
CicyBv2cj/fbk5OT934zmbFhNS+/LVxVMBn2zJu1tLVzhv+3OMecp/X+vakYIQv/
IthUpAeREqch3giy5sNdGQgL5HmSSTVNk4V4Js5G69bo
-----END CERTIFICATE-----