Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/0a131e-37c6-45cb-9682-0b0c12b22bf9/1/aPOdZP8TeWsJ0p0Yn7txQd1tC2Q.roa
File:                     aPOdZP8TeWsJ0p0Yn7txQd1tC2Q.roa (raw, json)
Hash identifier:          8s9qZKbR3130uE5Jxt0KA6SbFc9E5ZvaTQnz7fwiiyg=
Subject key identifier:   68:F3:9D:64:FF:13:79:6B:09:D2:9D:18:9F:BB:71:41:DD:6D:0B:64
Certificate issuer:       /CN=4ca509b35011ed71663952ba0e0c3c38457f9d07
Certificate serial:       018CC7258F52603B19D51F799B27E4D28427
Authority key identifier: 4C:A5:09:B3:50:11:ED:71:66:39:52:BA:0E:0C:3C:38:45:7F:9D:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TKUJs1AR7XFmOVK6Dgw8OEV_nQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/0a131e-37c6-45cb-9682-0b0c12b22bf9/1/aPOdZP8TeWsJ0p0Yn7txQd1tC2Q.roa
Signing time:             Mon 01 Jan 2024 22:29:36 +0000
ROA not before:           Mon 01 Jan 2024 22:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        150.217.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/0a131e-37c6-45cb-9682-0b0c12b22bf9/1/TKUJs1AR7XFmOVK6Dgw8OEV_nQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/0a131e-37c6-45cb-9682-0b0c12b22bf9/1/TKUJs1AR7XFmOVK6Dgw8OEV_nQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TKUJs1AR7XFmOVK6Dgw8OEV_nQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:8f:52:60:3b:19:d5:1f:79:9b:27:e4:d2:84:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ca509b35011ed71663952ba0e0c3c38457f9d07
        Validity
            Not Before: Jan  1 22:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68f39d64ff13796b09d29d189fbb7141dd6d0b64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:f4:fe:39:13:0a:a5:2f:57:49:ad:53:6f:7f:
                    e0:70:76:8a:85:ee:6a:2d:f6:d8:ef:e8:43:ac:4a:
                    f7:05:c1:8e:46:e6:35:0c:2f:eb:05:63:af:9f:fd:
                    39:95:97:10:07:31:d7:8c:d0:fe:d0:81:7c:80:84:
                    83:97:70:6a:dc:81:24:e2:85:3c:4d:fb:a0:5c:77:
                    09:7f:7a:29:fa:19:23:c4:e5:94:7d:d0:ad:cf:64:
                    3d:65:b2:51:b8:e6:56:b7:81:4a:18:fc:12:53:0c:
                    8b:00:a4:a9:cd:df:9c:f8:c2:ac:a5:64:76:7c:6e:
                    85:d5:94:de:4c:c4:28:8e:a4:e1:01:5f:a1:20:e6:
                    1d:23:e7:35:9c:de:48:c0:b5:da:4e:86:89:4d:26:
                    a1:15:b8:32:01:97:27:e1:76:15:a0:5a:5c:02:b9:
                    5e:41:0e:6b:96:1b:6e:46:c2:e7:25:29:6b:df:7a:
                    b0:9f:1b:5f:62:7f:0f:fa:c9:61:83:36:93:25:07:
                    c5:37:1f:ff:b7:1c:8f:41:4f:a1:07:11:50:f5:ba:
                    7e:2f:f3:d4:aa:0c:23:86:d0:8d:d8:b8:8f:ab:0e:
                    f3:0f:7f:52:a6:09:0e:29:31:75:1e:5c:74:ee:d1:
                    81:4a:89:eb:c0:58:af:ab:f5:30:55:c2:7c:ac:e9:
                    96:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:F3:9D:64:FF:13:79:6B:09:D2:9D:18:9F:BB:71:41:DD:6D:0B:64
            X509v3 Authority Key Identifier:
                keyid:4C:A5:09:B3:50:11:ED:71:66:39:52:BA:0E:0C:3C:38:45:7F:9D:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TKUJs1AR7XFmOVK6Dgw8OEV_nQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0a131e-37c6-45cb-9682-0b0c12b22bf9/1/aPOdZP8TeWsJ0p0Yn7txQd1tC2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0a131e-37c6-45cb-9682-0b0c12b22bf9/1/TKUJs1AR7XFmOVK6Dgw8OEV_nQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.217.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         98:27:da:18:0e:dd:29:c0:27:09:35:90:2b:99:fa:04:19:63:
         de:3e:34:5a:14:34:1a:79:fd:c6:de:bf:84:d2:26:e5:7b:1d:
         29:02:cc:13:7f:d1:aa:ff:df:39:9f:39:eb:c8:56:11:8c:e4:
         d2:81:5a:3e:6c:d1:75:12:7b:b0:b0:b4:19:9e:b6:2d:17:9c:
         81:5b:ec:12:d3:03:c6:7a:e6:33:a1:b3:63:75:01:3b:c7:8b:
         a8:1e:77:91:1e:3d:16:49:d7:e8:f6:16:60:b0:91:64:9f:d6:
         65:81:cb:c6:ba:eb:fa:89:d9:d8:fb:08:ed:a8:b0:7d:a9:11:
         7e:0f:59:b3:0b:7d:ec:ee:d1:74:56:cc:1d:42:7b:a4:87:73:
         3d:84:41:c8:90:c0:32:b4:95:f4:d5:22:53:fd:6b:2d:ad:d4:
         07:39:3f:98:93:c2:c2:4a:25:6e:a4:a6:3b:51:95:87:cf:78:
         34:b3:e1:0a:a4:19:64:9d:62:4c:b9:b7:9f:8b:35:36:08:7a:
         f2:47:85:e8:9b:5a:6c:21:90:59:5b:ba:16:d3:0a:49:c3:50:
         dc:d0:c3:08:41:d7:33:e5:01:09:96:ed:9a:47:c5:68:31:61:
         39:db:15:51:9a:6a:64:f6:70:e5:c4:0a:2e:c8:8c:df:0e:c2:
         58:6f:17:1f
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzHJY9SYDsZ1R95myfk0oQnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYTUwOWIzNTAxMWVkNzE2NjM5NTJiYTBlMGMzYzM4NDU3
ZjlkMDcwHhcNMjQwMTAxMjIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGYzOWQ2NGZmMTM3OTZiMDlkMjlkMTg5ZmJiNzE0MWRkNmQwYjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifT+ORMKpS9XSa1Tb3/gcHaKhe5q
LfbY7+hDrEr3BcGORuY1DC/rBWOvn/05lZcQBzHXjND+0IF8gISDl3Bq3IEk4oU8
TfugXHcJf3op+hkjxOWUfdCtz2Q9ZbJRuOZWt4FKGPwSUwyLAKSpzd+c+MKspWR2
fG6F1ZTeTMQojqThAV+hIOYdI+c1nN5IwLXaToaJTSahFbgyAZcn4XYVoFpcArle
QQ5rlhtuRsLnJSlr33qwnxtfYn8P+slhgzaTJQfFNx//txyPQU+hBxFQ9bp+L/PU
qgwjhtCN2LiPqw7zD39SpgkOKTF1Hlx07tGBSonrwFivq/UwVcJ8rOmW1wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFGjznWT/E3lrCdKdGJ+7cUHdbQtkMB8GA1UdIwQY
MBaAFEylCbNQEe1xZjlSug4MPDhFf50HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEtVSnMxQVI3WEZtT1ZLNkRndzhPRVZfblFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wYTEzMWUtMzdjNi00NWNiLTk2ODIt
MGIwYzEyYjIyYmY5LzEvYVBPZFpQOFRlV3NKMHAwWW43dHhRZDF0QzJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wYTEzMWUtMzdjNi00NWNiLTk2ODItMGIwYzEyYjIyYmY5
LzEvVEtVSnMxQVI3WEZtT1ZLNkRndzhPRVZfblFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAltkwDQYJ
KoZIhvcNAQELBQADggEBAJgn2hgO3SnAJwk1kCuZ+gQZY94+NFoUNBp5/cbev4TS
JuV7HSkCzBN/0ar/3zmfOevIVhGM5NKBWj5s0XUSe7CwtBmeti0XnIFb7BLTA8Z6
5jOhs2N1ATvHi6ged5EePRZJ1+j2FmCwkWSf1mWBy8a66/qJ2dj7CO2osH2pEX4P
WbMLfezu0XRWzB1Ce6SHcz2EQciQwDK0lfTVIlP9ay2t1Ac5P5iTwsJKJW6kpjtR
lYfPeDSz4QqkGWSdYky5t5+LNTYIevJHheibWmwhkFlbuhbTCknDUNzQwwhB1zPl
AQmW7ZpHxWgxYTnbFVGaamT2cOXECi7IjN8OwlhvFx8=
-----END CERTIFICATE-----