Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/908a94-daa8-4c6b-ab24-499ef16e2082/1/ALSRg8pHT9u_93r_fJVSsqQjSPE.roa
File:                     ALSRg8pHT9u_93r_fJVSsqQjSPE.roa (raw, json)
Hash identifier:          W4TNbGCYeUuGKl3himkN70u1ThFa+NDAHTAmlENIc6U=
Subject key identifier:   00:B4:91:83:CA:47:4F:DB:BF:F7:7A:FF:7C:95:52:B2:A4:23:48:F1
Certificate issuer:       /CN=68b0ba75fce55721c30637589be3d34fa259c2b5
Certificate serial:       018ED207727024E400E3538F08B7D0FA9849
Authority key identifier: 68:B0:BA:75:FC:E5:57:21:C3:06:37:58:9B:E3:D3:4F:A2:59:C2:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aLC6dfzlVyHDBjdYm-PTT6JZwrU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/908a94-daa8-4c6b-ab24-499ef16e2082/1/ALSRg8pHT9u_93r_fJVSsqQjSPE.roa
Signing time:             Fri 12 Apr 2024 11:18:07 +0000
ROA not before:           Fri 12 Apr 2024 11:18:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57677
IP address blocks:        37.46.152.0/21 maxlen: 21
                          37.46.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/908a94-daa8-4c6b-ab24-499ef16e2082/1/aLC6dfzlVyHDBjdYm-PTT6JZwrU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/908a94-daa8-4c6b-ab24-499ef16e2082/1/aLC6dfzlVyHDBjdYm-PTT6JZwrU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aLC6dfzlVyHDBjdYm-PTT6JZwrU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d2:07:72:70:24:e4:00:e3:53:8f:08:b7:d0:fa:98:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68b0ba75fce55721c30637589be3d34fa259c2b5
        Validity
            Not Before: Apr 12 11:18:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00b49183ca474fdbbff77aff7c9552b2a42348f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:2f:85:18:59:53:8a:4a:90:88:b7:98:57:0b:
                    38:45:a9:36:cc:86:46:9d:fc:56:8a:81:f5:7f:94:
                    ce:02:97:8d:06:7a:f7:98:7a:68:52:33:75:89:19:
                    32:73:fc:ba:72:7b:a7:12:fc:2b:f4:7d:b6:10:cf:
                    14:00:a9:67:37:05:d1:60:c4:b6:2f:2c:18:e8:e2:
                    dc:2f:41:1e:24:d3:e4:6a:3d:4b:05:76:bc:89:f7:
                    d4:30:ce:1f:c5:8f:aa:e5:13:f6:b4:b4:36:2b:0b:
                    77:41:1a:66:95:f2:c7:77:78:65:c7:02:ca:a0:a5:
                    77:39:fb:f9:49:ae:69:13:01:95:31:56:8b:8a:e3:
                    40:9a:85:1a:f6:ac:7d:44:61:fd:8f:a9:98:4f:cf:
                    71:90:ec:1b:ea:d1:ce:86:33:e1:8e:d1:67:60:0f:
                    70:77:1d:97:0e:07:37:37:92:93:45:74:a8:64:a6:
                    55:c7:51:17:9c:69:ed:8a:c3:09:85:65:64:44:42:
                    bb:af:b9:2d:39:16:26:ee:34:d1:80:03:84:69:54:
                    7a:f2:05:bf:1f:37:be:63:9c:5f:7d:ed:0e:8d:de:
                    05:bc:e0:ba:0e:51:41:46:d0:4b:30:7e:bf:af:45:
                    46:14:dd:34:25:0f:07:85:71:6e:bc:9d:ee:89:cb:
                    15:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:B4:91:83:CA:47:4F:DB:BF:F7:7A:FF:7C:95:52:B2:A4:23:48:F1
            X509v3 Authority Key Identifier:
                keyid:68:B0:BA:75:FC:E5:57:21:C3:06:37:58:9B:E3:D3:4F:A2:59:C2:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aLC6dfzlVyHDBjdYm-PTT6JZwrU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/908a94-daa8-4c6b-ab24-499ef16e2082/1/ALSRg8pHT9u_93r_fJVSsqQjSPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/908a94-daa8-4c6b-ab24-499ef16e2082/1/aLC6dfzlVyHDBjdYm-PTT6JZwrU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.46.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         72:1a:7b:6d:ac:b6:a9:1e:8f:5d:83:06:67:ba:67:38:08:ab:
         06:a4:7f:10:4f:7f:43:fb:cb:94:83:46:58:bc:ce:20:a5:30:
         4d:6b:98:a4:99:08:79:c8:22:76:d3:71:dd:68:b1:5c:62:7d:
         a3:32:0a:b3:be:d0:24:85:c2:50:f6:ec:69:db:1f:75:cb:f2:
         ee:3b:c8:45:ef:f5:08:44:7a:60:79:f3:ee:43:ac:28:21:80:
         be:38:c6:88:33:ee:16:f2:77:12:98:05:59:73:68:e7:e8:93:
         7d:df:82:2f:9b:03:7f:a4:1c:2b:fb:bc:5e:44:4a:f3:11:24:
         9f:37:d1:59:ab:3b:54:55:cd:f8:75:52:1d:86:e1:41:81:f5:
         fd:02:a5:69:65:63:9b:56:09:c0:96:dd:39:51:53:76:05:38:
         12:34:3f:26:8e:8b:a1:a5:cb:35:90:db:06:35:3f:2e:c9:16:
         1e:76:2c:48:2f:0a:66:9d:25:44:53:17:80:42:91:df:0c:cf:
         5c:86:00:3f:52:23:be:95:62:e2:d8:d7:18:34:fc:2f:b4:c2:
         94:c9:05:41:8c:06:74:7a:d3:54:8a:85:74:8d:a3:3b:f4:f1:
         ff:2a:ae:b9:07:09:1b:12:c1:04:3d:67:03:cd:ea:1b:4d:c7:
         ee:c9:78:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7SB3JwJOQA41OPCLfQ+phJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YjBiYTc1ZmNlNTU3MjFjMzA2Mzc1ODliZTNkMzRmYTI1
OWMyYjUwHhcNMjQwNDEyMTExODA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGI0OTE4M2NhNDc0ZmRiYmZmNzdhZmY3Yzk1NTJiMmE0MjM0OGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnS+FGFlTikqQiLeYVws4Rak2zIZG
nfxWioH1f5TOApeNBnr3mHpoUjN1iRkyc/y6cnunEvwr9H22EM8UAKlnNwXRYMS2
LywY6OLcL0EeJNPkaj1LBXa8iffUMM4fxY+q5RP2tLQ2Kwt3QRpmlfLHd3hlxwLK
oKV3Ofv5Sa5pEwGVMVaLiuNAmoUa9qx9RGH9j6mYT89xkOwb6tHOhjPhjtFnYA9w
dx2XDgc3N5KTRXSoZKZVx1EXnGntisMJhWVkREK7r7ktORYm7jTRgAOEaVR68gW/
Hze+Y5xffe0Ojd4FvOC6DlFBRtBLMH6/r0VGFN00JQ8HhXFuvJ3uicsV9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAC0kYPKR0/bv/d6/3yVUrKkI0jxMB8GA1UdIwQY
MBaAFGiwunX85VchwwY3WJvj00+iWcK1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUxDNmRmemxWeUhEQmpkWW0tUFRUNkpad3JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy85MDhhOTQtZGFhOC00YzZiLWFiMjQt
NDk5ZWYxNmUyMDgyLzEvQUxTUmc4cEhUOXVfOTNyX2ZKVlNzcVFqU1BFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy85MDhhOTQtZGFhOC00YzZiLWFiMjQtNDk5ZWYxNmUyMDgy
LzEvYUxDNmRmemxWeUhEQmpkWW0tUFRUNkpad3JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDJS6YMA0G
CSqGSIb3DQEBCwUAA4IBAQByGnttrLapHo9dgwZnumc4CKsGpH8QT39D+8uUg0ZY
vM4gpTBNa5ikmQh5yCJ203HdaLFcYn2jMgqzvtAkhcJQ9uxp2x91y/LuO8hF7/UI
RHpgefPuQ6woIYC+OMaIM+4W8ncSmAVZc2jn6JN934IvmwN/pBwr+7xeRErzESSf
N9FZqztUVc34dVIdhuFBgfX9AqVpZWObVgnAlt05UVN2BTgSND8mjouhpcs1kNsG
NT8uyRYedixILwpmnSVEUxeAQpHfDM9chgA/UiO+lWLi2NcYNPwvtMKUyQVBjAZ0
etNUioV0jaM79PH/Kq65BwkbEsEEPWcDzeobTcfuyXhT
-----END CERTIFICATE-----