Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/bZh796gc4xEgolI27eiCvNriJ6U.roa
File:                     bZh796gc4xEgolI27eiCvNriJ6U.roa (raw, json)
Hash identifier:          t7E1CPYB3ez9y66vunlFRZRpKnB+CYvuDFZJleKLuac=
Subject key identifier:   6D:98:7B:F7:A8:1C:E3:11:20:A2:52:36:ED:E8:82:BC:DA:E2:27:A5
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018CC794DD10C9C09C65C8B4987EE3CAD810
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/bZh796gc4xEgolI27eiCvNriJ6U.roa
Signing time:             Tue 02 Jan 2024 00:31:10 +0000
ROA not before:           Tue 02 Jan 2024 00:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399641
IP address blocks:        37.140.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:38:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:dd:10:c9:c0:9c:65:c8:b4:98:7e:e3:ca:d8:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan  2 00:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d987bf7a81ce31120a25236ede882bcdae227a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:a6:e7:c5:0e:3b:6f:ee:73:a1:70:bb:13:63:
                    67:9d:95:d0:7d:a0:44:53:40:d3:8b:b8:f4:0f:ab:
                    fc:25:cc:12:3a:44:cb:1d:40:4b:74:1b:2f:d8:d7:
                    95:bd:d8:7d:94:4f:31:da:0a:5e:df:93:2b:83:b8:
                    68:42:e1:aa:0f:b3:3a:56:76:1d:00:93:bb:36:69:
                    70:35:dd:3e:84:6c:f1:e6:b5:c2:5c:45:79:55:e8:
                    c2:32:3a:ad:4b:49:fb:cb:7b:98:28:a2:9e:7c:cb:
                    7e:40:3a:e0:31:3d:27:f9:17:d9:3b:7e:fb:79:21:
                    f9:c1:82:8c:2b:68:86:ac:43:2e:1a:6e:c6:65:bb:
                    a0:a7:81:41:71:df:2b:25:83:4d:1d:14:d8:c9:47:
                    34:08:6d:ce:15:ca:08:fb:a7:92:49:ca:7d:cb:16:
                    ef:89:74:ac:78:2a:fe:23:35:1e:13:79:b0:e6:a8:
                    55:df:3f:d1:d9:79:da:3a:26:fd:61:25:1d:02:63:
                    de:ab:32:86:6c:b9:06:88:91:a2:fa:7c:da:96:fc:
                    42:99:f0:88:31:f8:cd:b0:85:26:a1:51:7a:e5:61:
                    cc:bf:c7:4a:18:c2:6d:20:56:ec:a5:eb:05:75:1e:
                    ee:1c:3f:5b:60:c7:66:71:fe:e9:3d:b7:54:a7:77:
                    68:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:98:7B:F7:A8:1C:E3:11:20:A2:52:36:ED:E8:82:BC:DA:E2:27:A5
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/bZh796gc4xEgolI27eiCvNriJ6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.140.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:da:a2:93:20:ad:84:b6:a5:52:75:98:16:3a:fa:34:26:5f:
         6a:76:0a:3c:cf:47:9c:a9:f8:16:c6:44:04:3d:d6:27:ce:f6:
         5e:55:8a:c3:ca:8e:5d:60:29:2c:00:a5:1f:82:ff:e3:4e:f3:
         0d:46:07:9f:03:de:0c:96:9d:c7:d9:a2:2a:53:be:38:6f:e6:
         74:e9:b2:04:68:ba:f8:8b:8c:d4:4f:58:c8:28:e7:a5:2c:3d:
         8f:61:3e:84:89:1d:62:7c:b3:d0:e6:b9:eb:b4:85:63:b1:54:
         87:91:10:ef:c8:68:32:af:bc:e5:f6:82:f7:f9:51:ed:6e:68:
         1b:01:da:76:03:2c:f1:25:85:f8:fd:79:09:92:b1:ea:74:33:
         6f:38:4c:20:51:47:e9:af:2a:23:27:6b:28:09:29:85:19:e0:
         45:0d:80:7a:ae:b0:d5:fe:c3:08:6f:03:2f:08:74:0e:db:38:
         e5:a6:46:47:46:6e:b7:af:c2:b3:1e:3d:07:56:57:b0:ad:08:
         10:18:ac:4f:4e:5a:7b:33:04:f9:64:52:2e:33:9e:62:12:43:
         38:a2:e0:53:3c:72:ee:0b:56:32:76:d7:8d:4e:d8:ef:f7:81:
         1d:04:80:67:88:21:98:7c:18:80:32:c6:a2:4a:0e:ec:47:f1:
         d2:6e:c7:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlN0QycCcZci0mH7jytgQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwMTAyMDAzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDk4N2JmN2E4MWNlMzExMjBhMjUyMzZlZGU4ODJiY2RhZTIyN2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+6bnxQ47b+5zoXC7E2NnnZXQfaBE
U0DTi7j0D6v8JcwSOkTLHUBLdBsv2NeVvdh9lE8x2gpe35Mrg7hoQuGqD7M6VnYd
AJO7NmlwNd0+hGzx5rXCXEV5VejCMjqtS0n7y3uYKKKefMt+QDrgMT0n+RfZO377
eSH5wYKMK2iGrEMuGm7GZbugp4FBcd8rJYNNHRTYyUc0CG3OFcoI+6eSScp9yxbv
iXSseCr+IzUeE3mw5qhV3z/R2XnaOib9YSUdAmPeqzKGbLkGiJGi+nzalvxCmfCI
MfjNsIUmoVF65WHMv8dKGMJtIFbspesFdR7uHD9bYMdmcf7pPbdUp3doUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2Ye/eoHOMRIKJSNu3ogrza4ielMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvYlpoNzk2Z2M0eEVnb2xJMjdlaUN2TnJpSjZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJYz6MA0G
CSqGSIb3DQEBCwUAA4IBAQCJ2qKTIK2EtqVSdZgWOvo0Jl9qdgo8z0ecqfgWxkQE
PdYnzvZeVYrDyo5dYCksAKUfgv/jTvMNRgefA94Mlp3H2aIqU744b+Z06bIEaLr4
i4zUT1jIKOelLD2PYT6EiR1ifLPQ5rnrtIVjsVSHkRDvyGgyr7zl9oL3+VHtbmgb
Adp2AyzxJYX4/XkJkrHqdDNvOEwgUUfpryojJ2soCSmFGeBFDYB6rrDV/sMIbwMv
CHQO2zjlpkZHRm63r8KzHj0HVlewrQgQGKxPTlp7MwT5ZFIuM55iEkM4ouBTPHLu
C1YydteNTtjv94EdBIBniCGYfBiAMsaiSg7sR/HSbsfH
-----END CERTIFICATE-----