Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/ntS5QWZMyT3euso27tCJsPmJ1io.roa
File:                     ntS5QWZMyT3euso27tCJsPmJ1io.roa (raw, json)
Hash identifier:          fKEWJtgL3dPh50MyJrLV2LJVvw4oAxrqmpdELcISdjk=
Subject key identifier:   9E:D4:B9:41:66:4C:C9:3D:DE:BA:CA:36:EE:D0:89:B0:F9:89:D6:2A
Certificate issuer:       /CN=aeb66ec5e8f2405f6f8d486e73fb82b8de0dee0f
Certificate serial:       018CC348F03D442E4D75345AD49F738979C7
Authority key identifier: AE:B6:6E:C5:E8:F2:40:5F:6F:8D:48:6E:73:FB:82:B8:DE:0D:EE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/ntS5QWZMyT3euso27tCJsPmJ1io.roa
Signing time:             Mon 01 Jan 2024 04:29:46 +0000
ROA not before:           Mon 01 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399578
IP address blocks:        78.143.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 08:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f0:3d:44:2e:4d:75:34:5a:d4:9f:73:89:79:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aeb66ec5e8f2405f6f8d486e73fb82b8de0dee0f
        Validity
            Not Before: Jan  1 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ed4b941664cc93ddebaca36eed089b0f989d62a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:27:15:22:d6:11:b8:2b:8b:12:84:d6:d1:54:
                    f9:56:8b:c7:7b:00:45:b6:46:de:b0:b8:90:bc:9d:
                    4e:b1:00:c9:dc:71:b2:1e:49:4a:18:bc:92:63:8e:
                    82:9e:3c:60:a3:a3:ba:2b:7b:59:18:d6:42:26:ab:
                    21:b5:eb:53:3c:91:03:30:60:5f:46:c4:81:31:09:
                    92:17:16:b0:ec:9f:cd:f0:cd:ac:01:d7:da:41:7b:
                    9e:d6:59:9f:16:bf:4a:ab:cb:15:2d:55:6e:11:2e:
                    85:03:c6:98:b9:87:88:c4:7a:6c:c0:ad:eb:13:be:
                    f3:c2:1c:e0:d0:9e:6a:4c:1c:8d:0a:6d:ee:fa:0a:
                    75:96:7b:02:f1:a9:81:cc:b6:a7:9a:d9:2f:7e:88:
                    8e:6b:4b:f0:ed:27:03:81:7d:59:4a:0e:4c:07:a8:
                    a2:c1:c0:cb:b8:f6:c3:25:7e:34:14:10:07:67:f1:
                    85:02:3a:6b:a1:d7:fd:e5:9b:d9:82:89:aa:de:82:
                    8c:60:9d:41:39:5a:f5:b8:0a:cd:08:02:de:d8:da:
                    02:94:4f:7c:d5:fa:64:d4:7c:bb:2a:d0:cb:64:4b:
                    2c:a6:70:35:2b:93:14:f1:28:68:26:43:12:df:c3:
                    d2:5b:82:26:25:10:eb:a9:85:46:f1:06:b8:fe:fc:
                    9a:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:D4:B9:41:66:4C:C9:3D:DE:BA:CA:36:EE:D0:89:B0:F9:89:D6:2A
            X509v3 Authority Key Identifier:
                keyid:AE:B6:6E:C5:E8:F2:40:5F:6F:8D:48:6E:73:FB:82:B8:DE:0D:EE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/ntS5QWZMyT3euso27tCJsPmJ1io.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.143.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:2e:cb:f1:fa:2c:fc:cd:2d:e7:ff:45:76:93:8d:10:ee:ab:
         ac:fc:24:65:f4:f4:0b:1a:73:dd:91:96:51:24:1b:11:c0:13:
         de:20:dd:0a:3c:6c:f6:1c:51:ec:70:87:c2:32:d1:b9:aa:bf:
         b9:40:17:49:89:ae:54:97:cb:7b:42:5f:2f:16:dc:36:c5:f0:
         06:ec:23:c4:b3:38:82:3f:70:96:c4:06:6d:42:b0:0d:fb:0b:
         28:23:26:dd:b0:c7:97:15:bb:85:b4:74:77:2c:c1:ee:dc:b5:
         6d:6c:70:e6:90:0a:b1:f0:b0:a6:26:5a:67:f1:9e:22:f0:be:
         06:e1:50:ed:f6:b5:4e:ff:44:ad:f9:cc:d1:9a:bf:5d:2b:ce:
         f2:55:e2:b5:ed:e1:fc:9f:43:7a:03:ed:eb:9f:d4:b4:6b:14:
         b6:6b:a3:dc:38:5f:d0:6f:bb:65:f9:c8:53:c8:8f:6e:ff:0a:
         68:de:6e:2c:b1:f0:86:ab:97:c9:88:bc:6d:ec:ed:ed:89:18:
         aa:5b:cc:e0:47:40:84:a1:f3:c3:54:d4:20:f4:f6:a1:d2:54:
         97:4f:63:a0:da:38:72:74:8f:19:44:f5:ca:0b:c2:1d:d0:9b:
         62:ab:d8:9a:c6:b5:c5:90:23:4a:fe:5e:2b:40:0d:02:9e:42:
         6a:59:39:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPA9RC5NdTRa1J9ziXnHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYjY2ZWM1ZThmMjQwNWY2ZjhkNDg2ZTczZmI4MmI4ZGUw
ZGVlMGYwHhcNMjQwMTAxMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWQ0Yjk0MTY2NGNjOTNkZGViYWNhMzZlZWQwODliMGY5ODlkNjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxycVItYRuCuLEoTW0VT5VovHewBF
tkbesLiQvJ1OsQDJ3HGyHklKGLySY46Cnjxgo6O6K3tZGNZCJqshtetTPJEDMGBf
RsSBMQmSFxaw7J/N8M2sAdfaQXue1lmfFr9Kq8sVLVVuES6FA8aYuYeIxHpswK3r
E77zwhzg0J5qTByNCm3u+gp1lnsC8amBzLanmtkvfoiOa0vw7ScDgX1ZSg5MB6ii
wcDLuPbDJX40FBAHZ/GFAjprodf95ZvZgomq3oKMYJ1BOVr1uArNCALe2NoClE98
1fpk1Hy7KtDLZEsspnA1K5MU8ShoJkMS38PSW4ImJRDrqYVG8Qa4/vyaSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ7UuUFmTMk93rrKNu7QibD5idYqMB8GA1UdIwQY
MBaAFK62bsXo8kBfb41IbnP7grjeDe4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnJadXhlanlRRjl2alVodWNfdUN1TjRON2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi8xNTM3ODgtMTRiNy00NTUxLTlhZGUt
NmFlYTkwNTdjODAwLzEvbnRTNVFXWk15VDNldXNvMjd0Q0pzUG1KMWlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi8xNTM3ODgtMTRiNy00NTUxLTlhZGUtNmFlYTkwNTdjODAw
LzEvcnJadXhlanlRRjl2alVodWNfdUN1TjRON2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATo/yMA0G
CSqGSIb3DQEBCwUAA4IBAQBJLsvx+iz8zS3n/0V2k40Q7qus/CRl9PQLGnPdkZZR
JBsRwBPeIN0KPGz2HFHscIfCMtG5qr+5QBdJia5Ul8t7Ql8vFtw2xfAG7CPEsziC
P3CWxAZtQrAN+wsoIybdsMeXFbuFtHR3LMHu3LVtbHDmkAqx8LCmJlpn8Z4i8L4G
4VDt9rVO/0St+czRmr9dK87yVeK17eH8n0N6A+3rn9S0axS2a6PcOF/Qb7tl+chT
yI9u/wpo3m4ssfCGq5fJiLxt7O3tiRiqW8zgR0CEofPDVNQg9Pah0lSXT2Og2jhy
dI8ZRPXKC8Id0Jtiq9iaxrXFkCNK/l4rQA0CnkJqWTmi
-----END CERTIFICATE-----