Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/OS4hbHmokII-BxrIpZJQVDCgqsA.roa
File:                     OS4hbHmokII-BxrIpZJQVDCgqsA.roa (raw, json)
Hash identifier:          ohHglCBEKAJBGONx3K1dOiQcj/1vjaOuRJSrPv6I/7I=
Subject key identifier:   39:2E:21:6C:79:A8:90:82:3E:07:1A:C8:A5:92:50:54:30:A0:AA:C0
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       018CC80136F29F66D98EA3D3C594573FE391
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/OS4hbHmokII-BxrIpZJQVDCgqsA.roa
Signing time:             Tue 02 Jan 2024 02:29:31 +0000
ROA not before:           Tue 02 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34088
IP address blocks:        92.204.152.0/21 maxlen: 21
                          151.106.32.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:36:f2:9f:66:d9:8e:a3:d3:c5:94:57:3f:e3:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=392e216c79a890823e071ac8a592505430a0aac0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d4:e2:65:ae:71:bf:71:4b:d6:1a:9f:7b:75:
                    9a:39:08:2c:57:ca:86:93:a8:1a:c0:a3:10:49:55:
                    26:7b:6e:a8:14:b9:b3:1c:56:f5:4c:d0:c1:53:35:
                    21:6d:86:e0:5d:d6:00:30:bd:91:f7:06:2b:2f:2a:
                    79:77:14:e5:d7:02:85:37:f3:56:3b:f6:b4:de:b6:
                    ae:8d:2b:0c:52:7b:6f:3f:5f:1f:90:1c:2b:b6:28:
                    97:fc:2c:e3:2f:7b:38:b6:31:4c:dc:10:16:a7:fb:
                    28:da:cb:17:c5:f3:60:ad:84:9b:59:15:6c:26:f1:
                    99:84:06:ff:c0:de:0c:a9:34:30:e6:36:e0:46:b8:
                    b5:f4:26:c1:4f:02:11:9e:20:c0:de:ed:c2:a5:68:
                    94:bf:08:c9:ec:a2:48:92:95:9c:ad:85:0e:7b:66:
                    9a:32:f6:a9:3c:02:43:45:73:6b:46:99:60:48:86:
                    3e:0b:3b:0d:02:0b:fb:e0:2c:6f:58:7d:cf:59:f5:
                    87:7e:85:71:39:4d:5c:e9:48:eb:af:c1:19:3f:bf:
                    e5:33:33:98:b4:91:63:f1:8b:52:af:81:33:1b:12:
                    80:fe:95:37:51:bd:35:b4:96:e2:bb:9d:f6:7c:cf:
                    02:07:50:d7:f2:38:32:a3:00:0c:cb:a7:de:3c:33:
                    b2:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:2E:21:6C:79:A8:90:82:3E:07:1A:C8:A5:92:50:54:30:A0:AA:C0
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/OS4hbHmokII-BxrIpZJQVDCgqsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.204.152.0/21
                  151.106.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         28:90:43:9d:ab:27:be:ca:a5:ab:8a:67:52:09:b5:4c:ca:f8:
         91:52:c5:52:c7:6a:f9:e0:82:08:ee:30:ba:be:1c:b4:b7:fc:
         8b:85:7d:58:f0:25:9d:a1:37:8a:c2:96:52:d9:d5:04:e5:1c:
         8c:08:f5:11:b1:77:bb:79:e0:9d:8b:93:3c:3c:68:3d:ad:e3:
         4a:d6:40:15:4e:40:54:14:a3:c9:35:ab:4e:66:75:1d:c4:fa:
         3e:77:49:8a:59:2b:87:81:26:a5:0a:a2:c6:7e:3e:cb:42:40:
         ae:df:da:33:54:4c:81:18:06:51:02:11:9b:6e:c9:91:6f:e6:
         4a:53:33:14:25:5f:83:ab:1c:bf:57:74:f4:c8:b0:86:34:b8:
         a2:1c:0c:3f:5e:11:ac:f0:0f:4f:3a:46:4f:d8:1a:7d:c5:e1:
         3a:0f:e9:d1:10:18:a0:ea:34:dd:f6:ea:ba:92:1c:14:78:dc:
         5f:0b:8f:41:b6:ed:3b:d0:6f:04:b3:5c:a9:7d:c8:2e:f9:d8:
         73:7e:f0:d9:92:ad:a5:9f:e8:b9:ac:e4:d4:02:c5:6e:54:58:
         15:6a:7c:91:5c:13:49:a9:41:f4:bc:a9:c2:94:01:cc:4b:05:
         49:1f:c3:cb:f4:87:1b:b2:1b:fd:3f:4f:36:ab:80:4e:d0:47:
         fd:ec:9e:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIATbyn2bZjqPTxZRXP+ORMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjQwMTAyMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTJlMjE2Yzc5YTg5MDgyM2UwNzFhYzhhNTkyNTA1NDMwYTBhYWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztTiZa5xv3FL1hqfe3WaOQgsV8qG
k6gawKMQSVUme26oFLmzHFb1TNDBUzUhbYbgXdYAML2R9wYrLyp5dxTl1wKFN/NW
O/a03raujSsMUntvP18fkBwrtiiX/CzjL3s4tjFM3BAWp/so2ssXxfNgrYSbWRVs
JvGZhAb/wN4MqTQw5jbgRri19CbBTwIRniDA3u3CpWiUvwjJ7KJIkpWcrYUOe2aa
MvapPAJDRXNrRplgSIY+CzsNAgv74CxvWH3PWfWHfoVxOU1c6Ujrr8EZP7/lMzOY
tJFj8YtSr4EzGxKA/pU3Ub01tJbiu532fM8CB1DX8jgyowAMy6fePDOy9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDkuIWx5qJCCPgcayKWSUFQwoKrAMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvT1M0aGJIbW9rSUktQnhySXBaSlFWRENncXNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDXMyYAwQE
l2ogMA0GCSqGSIb3DQEBCwUAA4IBAQAokEOdqye+yqWrimdSCbVMyviRUsVSx2r5
4III7jC6vhy0t/yLhX1Y8CWdoTeKwpZS2dUE5RyMCPURsXe7eeCdi5M8PGg9reNK
1kAVTkBUFKPJNatOZnUdxPo+d0mKWSuHgSalCqLGfj7LQkCu39ozVEyBGAZRAhGb
bsmRb+ZKUzMUJV+Dqxy/V3T0yLCGNLiiHAw/XhGs8A9POkZP2Bp9xeE6D+nREBig
6jTd9uq6khwUeNxfC49Btu070G8Es1ypfcgu+dhzfvDZkq2ln+i5rOTUAsVuVFgV
anyRXBNJqUH0vKnClAHMSwVJH8PL9Icbshv9P082q4BO0Ef97J4D
-----END CERTIFICATE-----