Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/fOZIQv5k5rh2_C-4fLRQO0s4p0I.roa
File:                     fOZIQv5k5rh2_C-4fLRQO0s4p0I.roa (raw, json)
Hash identifier:          Rhe7ISQrWmCDYfiE3+rQ966MDWE9NCvtX/NFJWqANXg=
Subject key identifier:   7C:E6:48:42:FE:64:E6:B8:76:FC:2F:B8:7C:B4:50:3B:4B:38:A7:42
Certificate issuer:       /CN=87be093097097c4457ff5aa3e5893c8c15432612
Certificate serial:       018CC8DF82450A2E316BB1B49086E445211C
Authority key identifier: 87:BE:09:30:97:09:7C:44:57:FF:5A:A3:E5:89:3C:8C:15:43:26:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h74JMJcJfERX_1qj5Yk8jBVDJhI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/fOZIQv5k5rh2_C-4fLRQO0s4p0I.roa
Signing time:             Tue 02 Jan 2024 06:32:20 +0000
ROA not before:           Tue 02 Jan 2024 06:32:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137409
IP address blocks:        37.153.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/h74JMJcJfERX_1qj5Yk8jBVDJhI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/h74JMJcJfERX_1qj5Yk8jBVDJhI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h74JMJcJfERX_1qj5Yk8jBVDJhI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:82:45:0a:2e:31:6b:b1:b4:90:86:e4:45:21:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87be093097097c4457ff5aa3e5893c8c15432612
        Validity
            Not Before: Jan  2 06:32:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ce64842fe64e6b876fc2fb87cb4503b4b38a742
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:1d:74:9b:67:df:5a:86:79:91:da:c1:37:3e:
                    0c:1b:cc:22:4f:78:4c:ad:8e:22:fd:e4:fb:2d:0b:
                    e9:65:8e:3f:b0:eb:8f:d0:ee:56:03:2e:46:0d:73:
                    a6:30:5d:3a:08:a4:fc:91:60:61:69:54:cb:13:87:
                    c4:47:bf:c4:a2:4c:ee:df:91:99:1d:4d:c6:c2:a1:
                    91:0c:5e:10:9c:cd:d1:45:5e:4d:e3:10:c5:3a:fe:
                    20:b9:b7:c9:20:c0:cc:f8:af:07:57:dd:09:63:3d:
                    02:47:f1:cb:45:db:30:16:cb:85:cb:b8:00:92:00:
                    2f:59:67:f9:a3:ab:29:d2:be:41:ef:33:07:06:a6:
                    bf:6b:7d:0c:7b:72:f9:02:0e:a9:f9:01:db:87:44:
                    bb:a8:8b:ae:bb:e9:00:9e:06:a2:a0:d2:82:d1:9b:
                    44:69:17:83:c4:bd:10:15:b7:b2:12:99:db:a0:45:
                    61:61:28:38:67:1a:dd:dd:40:58:26:a3:bd:91:91:
                    26:8d:7f:e0:9e:c8:c3:5c:ed:89:50:54:3c:f3:66:
                    4d:2b:6b:16:39:a6:99:c1:1a:e0:e6:e9:6c:9b:f0:
                    b5:8d:3d:0a:04:7d:83:54:5e:3f:2a:22:e7:c4:8b:
                    b5:e5:f7:21:7a:e8:79:e1:2c:3d:95:67:ad:fd:0c:
                    50:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:E6:48:42:FE:64:E6:B8:76:FC:2F:B8:7C:B4:50:3B:4B:38:A7:42
            X509v3 Authority Key Identifier:
                keyid:87:BE:09:30:97:09:7C:44:57:FF:5A:A3:E5:89:3C:8C:15:43:26:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h74JMJcJfERX_1qj5Yk8jBVDJhI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/fOZIQv5k5rh2_C-4fLRQO0s4p0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/cc8f4a-4c02-404b-8d93-2cde65f3112a/1/h74JMJcJfERX_1qj5Yk8jBVDJhI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:4b:dc:f7:a9:04:ce:ea:88:d9:e7:e8:86:a2:df:25:d3:3b:
         ad:57:f1:3b:ba:62:fb:7b:bc:96:f4:20:38:7e:04:d7:bc:e3:
         d2:75:c9:bc:11:d4:42:38:19:c4:32:b6:d2:3a:a5:a5:9c:d7:
         a3:8f:1a:86:39:25:45:f0:ec:9d:2e:5a:13:66:30:b7:62:89:
         98:8f:c2:c2:46:e6:4e:34:24:b3:e1:6f:4c:b5:99:b5:b0:94:
         2b:eb:2e:a4:62:85:55:89:7c:d0:a6:a8:15:e8:be:bd:4b:86:
         41:bf:17:97:25:ab:90:fa:ab:37:04:8b:b4:ce:90:1c:63:b5:
         e1:f4:6b:33:b1:61:38:f3:cf:7f:d6:21:c7:8c:75:25:57:09:
         06:a2:e6:16:22:17:c5:89:5b:89:12:c6:0e:87:2c:a3:b5:38:
         5c:4e:7b:15:9f:00:35:a1:96:63:d0:84:02:df:c4:3d:2e:d7:
         16:3b:90:bf:d1:b3:fc:33:a7:63:0b:1a:44:3c:dd:9e:e3:8d:
         ca:75:3a:ed:0a:4b:86:55:35:fd:e6:a7:d7:a5:f7:12:55:d8:
         4e:81:17:b8:39:db:cb:eb:65:46:48:ae:f3:2c:f4:35:92:1e:
         4d:f3:a3:4e:80:2c:a8:45:30:18:3a:ab:01:20:61:44:a2:e0:
         32:55:a9:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI34JFCi4xa7G0kIbkRSEcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3YmUwOTMwOTcwOTdjNDQ1N2ZmNWFhM2U1ODkzYzhjMTU0
MzI2MTIwHhcNMjQwMTAyMDYzMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2U2NDg0MmZlNjRlNmI4NzZmYzJmYjg3Y2I0NTAzYjRiMzhhNzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlx10m2ffWoZ5kdrBNz4MG8wiT3hM
rY4i/eT7LQvpZY4/sOuP0O5WAy5GDXOmMF06CKT8kWBhaVTLE4fER7/Eokzu35GZ
HU3GwqGRDF4QnM3RRV5N4xDFOv4gubfJIMDM+K8HV90JYz0CR/HLRdswFsuFy7gA
kgAvWWf5o6sp0r5B7zMHBqa/a30Me3L5Ag6p+QHbh0S7qIuuu+kAngaioNKC0ZtE
aReDxL0QFbeyEpnboEVhYSg4Zxrd3UBYJqO9kZEmjX/gnsjDXO2JUFQ882ZNK2sW
OaaZwRrg5ulsm/C1jT0KBH2DVF4/KiLnxIu15fcheuh54Sw9lWet/QxQ1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHzmSEL+ZOa4dvwvuHy0UDtLOKdCMB8GA1UdIwQY
MBaAFIe+CTCXCXxEV/9ao+WJPIwVQyYSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDc0Sk1KY0pmRVJYXzFxajVZazhqQlZESmhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jYzhmNGEtNGMwMi00MDRiLThkOTMt
MmNkZTY1ZjMxMTJhLzEvZk9aSVF2NWs1cmgyX0MtNGZMUlFPMHM0cDBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jYzhmNGEtNGMwMi00MDRiLThkOTMtMmNkZTY1ZjMxMTJh
LzEvaDc0Sk1KY0pmRVJYXzFxajVZazhqQlZESmhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZmdMA0G
CSqGSIb3DQEBCwUAA4IBAQBvS9z3qQTO6ojZ5+iGot8l0zutV/E7umL7e7yW9CA4
fgTXvOPSdcm8EdRCOBnEMrbSOqWlnNejjxqGOSVF8OydLloTZjC3YomYj8LCRuZO
NCSz4W9MtZm1sJQr6y6kYoVViXzQpqgV6L69S4ZBvxeXJauQ+qs3BIu0zpAcY7Xh
9GszsWE4889/1iHHjHUlVwkGouYWIhfFiVuJEsYOhyyjtThcTnsVnwA1oZZj0IQC
38Q9LtcWO5C/0bP8M6djCxpEPN2e443KdTrtCkuGVTX95qfXpfcSVdhOgRe4OdvL
62VGSK7zLPQ1kh5N86NOgCyoRTAYOqsBIGFEouAyVamR
-----END CERTIFICATE-----