Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/mOEUmr-CvGtTNY8R9GBBehrPIU8.roa
File:                     mOEUmr-CvGtTNY8R9GBBehrPIU8.roa (raw, json)
Hash identifier:          iHFJGDu0qC8S/AeDYojtNJYVyAUHS65JyPi6Lf9CUt4=
Subject key identifier:   98:E1:14:9A:BF:82:BC:6B:53:35:8F:11:F4:60:41:7A:1A:CF:21:4F
Certificate issuer:       /CN=7cd6c0236ff4d6050906957ffd380b3879e6ed6e
Certificate serial:       018CCA2857561F3A29BCCFEDFBC3EAA7DB27
Authority key identifier: 7C:D6:C0:23:6F:F4:D6:05:09:06:95:7F:FD:38:0B:38:79:E6:ED:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fNbAI2_01gUJBpV__TgLOHnm7W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/mOEUmr-CvGtTNY8R9GBBehrPIU8.roa
Signing time:             Tue 02 Jan 2024 12:31:30 +0000
ROA not before:           Tue 02 Jan 2024 12:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        194.54.157.0/24 maxlen: 24
                          194.54.156.0/24 maxlen: 24
                          194.54.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/fNbAI2_01gUJBpV__TgLOHnm7W4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/fNbAI2_01gUJBpV__TgLOHnm7W4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fNbAI2_01gUJBpV__TgLOHnm7W4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:04:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:57:56:1f:3a:29:bc:cf:ed:fb:c3:ea:a7:db:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7cd6c0236ff4d6050906957ffd380b3879e6ed6e
        Validity
            Not Before: Jan  2 12:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98e1149abf82bc6b53358f11f460417a1acf214f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:69:5e:81:91:12:84:cb:c5:9a:00:c4:2e:00:
                    b6:3c:32:d0:89:ac:5c:ff:39:49:57:fb:3a:1b:5f:
                    c8:18:7a:4d:83:8a:d0:b5:7d:18:da:41:e5:ea:19:
                    11:4d:fa:f1:bc:4b:37:f5:77:15:64:0c:f1:23:4a:
                    30:c0:0c:e8:0b:eb:db:88:cc:9c:c5:da:59:ca:6c:
                    f3:29:1a:42:15:e4:72:96:56:a4:18:07:9a:c1:e3:
                    22:2d:0d:12:0b:7d:5d:2f:35:8b:6b:46:8b:7e:9d:
                    b6:b8:1f:99:40:0f:36:c0:bf:52:29:97:31:07:2c:
                    33:1d:a7:6e:22:0f:4f:64:ad:5d:15:d8:19:a9:0a:
                    a7:27:4a:b6:81:80:8f:e9:57:94:55:f2:47:ff:d7:
                    cc:6f:e8:05:b7:fb:fb:38:2f:da:be:8a:f5:15:7f:
                    b3:67:98:f6:f2:2e:63:6f:b5:8a:cd:2f:d7:03:56:
                    00:b2:27:11:20:fa:f6:de:ec:ae:46:5f:8f:29:03:
                    03:c8:e2:8c:fb:51:da:a7:0e:c7:e9:3e:13:c4:9a:
                    85:94:e8:95:67:43:0f:63:f6:a0:00:ce:0b:ac:64:
                    45:b5:25:23:2c:0c:e7:5d:9d:55:dd:a1:d5:9e:c7:
                    5a:e2:a1:b0:4d:e2:80:7b:50:e2:ac:3d:00:2b:ff:
                    f8:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:E1:14:9A:BF:82:BC:6B:53:35:8F:11:F4:60:41:7A:1A:CF:21:4F
            X509v3 Authority Key Identifier:
                keyid:7C:D6:C0:23:6F:F4:D6:05:09:06:95:7F:FD:38:0B:38:79:E6:ED:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fNbAI2_01gUJBpV__TgLOHnm7W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/mOEUmr-CvGtTNY8R9GBBehrPIU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/fNbAI2_01gUJBpV__TgLOHnm7W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.54.156.0-194.54.158.255

    Signature Algorithm: sha256WithRSAEncryption
         21:a8:2e:92:c4:2b:4c:25:4d:6f:89:2d:51:3e:e2:70:b4:70:
         47:64:c6:c1:37:f8:b9:b2:2e:d2:c2:14:81:23:91:b9:ea:c9:
         48:ac:43:db:75:41:24:9d:34:b0:3d:40:02:75:26:3f:bb:da:
         28:1b:53:3f:32:47:f8:4c:0b:1d:0b:cd:04:de:05:19:17:c7:
         0e:3f:13:58:d6:e9:b2:e2:dc:d8:0a:ee:82:e0:dd:bb:a6:f3:
         47:3f:92:2c:22:c3:91:78:dc:5b:a3:e3:c4:d5:c3:0c:9b:11:
         4e:ec:f3:7a:59:be:0a:3b:20:3b:6d:51:5d:72:28:9d:c2:cd:
         96:ec:b3:7c:8b:88:87:01:af:38:7e:ff:4f:5b:78:10:be:ed:
         26:10:42:27:00:c9:07:f5:d9:d9:fc:83:89:11:ce:74:f6:28:
         e3:b1:7e:88:dc:68:68:64:df:f9:79:88:d6:a9:e3:db:7d:60:
         26:44:20:86:4a:07:83:ac:af:99:cd:6d:0a:dd:f2:28:21:be:
         a7:be:6a:54:de:66:92:c0:05:38:07:fb:6c:98:25:24:8a:e5:
         42:e5:5a:24:5f:3b:3c:e6:b6:db:7b:4e:8d:c1:8e:56:d8:cd:
         2b:3f:db:aa:09:f6:29:b4:cc:38:3f:78:7e:59:b5:eb:50:c4:
         9b:e9:2c:64
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzKKFdWHzopvM/t+8Pqp9snMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjZDZjMDIzNmZmNGQ2MDUwOTA2OTU3ZmZkMzgwYjM4Nzll
NmVkNmUwHhcNMjQwMTAyMTIzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGUxMTQ5YWJmODJiYzZiNTMzNThmMTFmNDYwNDE3YTFhY2YyMTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmlegZEShMvFmgDELgC2PDLQiaxc
/zlJV/s6G1/IGHpNg4rQtX0Y2kHl6hkRTfrxvEs39XcVZAzxI0owwAzoC+vbiMyc
xdpZymzzKRpCFeRyllakGAeaweMiLQ0SC31dLzWLa0aLfp22uB+ZQA82wL9SKZcx
BywzHaduIg9PZK1dFdgZqQqnJ0q2gYCP6VeUVfJH/9fMb+gFt/v7OC/avor1FX+z
Z5j28i5jb7WKzS/XA1YAsicRIPr23uyuRl+PKQMDyOKM+1Hapw7H6T4TxJqFlOiV
Z0MPY/agAM4LrGRFtSUjLAznXZ1V3aHVnsda4qGwTeKAe1DirD0AK//41wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJjhFJq/grxrUzWPEfRgQXoazyFPMB8GA1UdIwQY
MBaAFHzWwCNv9NYFCQaVf/04Czh55u1uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZk5iQUkyXzAxZ1VKQnBWX19UZ0xPSG5tN1c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wZWU3OGItODE1Yy00OTk1LTgyZTEt
YzgwYzI4OGViZWVhLzEvbU9FVW1yLUN2R3RUTlk4UjlHQkJlaHJQSVU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wZWU3OGItODE1Yy00OTk1LTgyZTEtYzgwYzI4OGViZWVh
LzEvZk5iQUkyXzAxZ1VKQnBWX19UZ0xPSG5tN1c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBALCNpwD
BADCNp4wDQYJKoZIhvcNAQELBQADggEBACGoLpLEK0wlTW+JLVE+4nC0cEdkxsE3
+LmyLtLCFIEjkbnqyUisQ9t1QSSdNLA9QAJ1Jj+72igbUz8yR/hMCx0LzQTeBRkX
xw4/E1jW6bLi3NgK7oLg3bum80c/kiwiw5F43Fuj48TVwwybEU7s83pZvgo7IDtt
UV1yKJ3CzZbss3yLiIcBrzh+/09beBC+7SYQQicAyQf12dn8g4kRznT2KOOxfojc
aGhk3/l5iNap49t9YCZEIIZKB4Osr5nNbQrd8ighvqe+alTeZpLABTgH+2yYJSSK
5ULlWiRfOzzmttt7To3BjlbYzSs/26oJ9im0zDg/eH5ZtetQxJvpLGQ=
-----END CERTIFICATE-----