Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/216802-e8f9-4cbc-9d65-b9252cf2cc47/1/BLIB8VyElxLmsc3fva2OmbG1L2E.roa
File:                     BLIB8VyElxLmsc3fva2OmbG1L2E.roa (raw, json)
Hash identifier:          z1kiG8mfbUKmnRlb7b+rHihCmWgQ7mFfgAnKjc70ACM=
Subject key identifier:   04:B2:01:F1:5C:84:97:12:E6:B1:CD:DF:BD:AD:8E:99:B1:B5:2F:61
Certificate issuer:       /CN=e46e9ab47ca91fa132565860bcdd9a107ba032e4
Certificate serial:       018CC49338A240DD221019FD7EFB32F834BB
Authority key identifier: E4:6E:9A:B4:7C:A9:1F:A1:32:56:58:60:BC:DD:9A:10:7B:A0:32:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5G6atHypH6EyVlhgvN2aEHugMuQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/216802-e8f9-4cbc-9d65-b9252cf2cc47/1/BLIB8VyElxLmsc3fva2OmbG1L2E.roa
Signing time:             Mon 01 Jan 2024 10:30:31 +0000
ROA not before:           Mon 01 Jan 2024 10:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        194.145.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/216802-e8f9-4cbc-9d65-b9252cf2cc47/1/5G6atHypH6EyVlhgvN2aEHugMuQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/216802-e8f9-4cbc-9d65-b9252cf2cc47/1/5G6atHypH6EyVlhgvN2aEHugMuQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5G6atHypH6EyVlhgvN2aEHugMuQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:38:a2:40:dd:22:10:19:fd:7e:fb:32:f8:34:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e46e9ab47ca91fa132565860bcdd9a107ba032e4
        Validity
            Not Before: Jan  1 10:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04b201f15c849712e6b1cddfbdad8e99b1b52f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:35:ba:1e:b4:f0:44:1f:ca:e2:e8:e7:64:3c:
                    02:c2:1d:53:6a:b6:fc:e4:75:72:1b:a4:08:44:4a:
                    10:df:4a:04:74:a9:cb:21:b7:eb:dd:7d:23:d0:84:
                    e1:1e:dd:3c:cc:cc:b9:d3:a9:72:95:08:91:75:29:
                    a6:6c:8e:02:52:0e:61:2e:2d:24:c6:2a:23:33:ad:
                    83:f7:a8:3c:c1:9e:66:f7:3c:20:c1:5b:e5:b9:95:
                    45:59:e2:85:f6:0f:45:99:d3:39:f4:1c:d9:cd:5b:
                    c3:62:6f:be:b3:6c:c4:6a:e1:3d:3d:da:da:5a:bb:
                    48:12:93:ce:6d:62:40:c0:05:c6:e3:a4:fd:be:87:
                    e1:8e:1d:a5:24:4f:c5:67:df:cf:10:27:4b:c0:ea:
                    b4:a6:8e:14:55:76:50:31:85:75:9a:4a:cd:cd:8a:
                    52:37:f0:46:c3:a0:a1:3d:7e:20:93:5b:9f:f8:f5:
                    92:0c:e6:10:a1:28:b8:98:8a:c6:10:41:c3:2d:f4:
                    67:c1:c3:bb:dd:0b:6f:ad:c8:6e:a6:2e:d4:84:4c:
                    5b:db:40:38:71:ba:9f:ca:23:1b:75:50:a3:ff:ac:
                    80:ca:b9:b4:a7:d2:b8:ae:5e:06:ac:8d:5b:2e:eb:
                    5f:84:cd:50:ca:e4:a2:c1:30:de:eb:0d:db:3d:2b:
                    66:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:B2:01:F1:5C:84:97:12:E6:B1:CD:DF:BD:AD:8E:99:B1:B5:2F:61
            X509v3 Authority Key Identifier:
                keyid:E4:6E:9A:B4:7C:A9:1F:A1:32:56:58:60:BC:DD:9A:10:7B:A0:32:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5G6atHypH6EyVlhgvN2aEHugMuQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/216802-e8f9-4cbc-9d65-b9252cf2cc47/1/BLIB8VyElxLmsc3fva2OmbG1L2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/216802-e8f9-4cbc-9d65-b9252cf2cc47/1/5G6atHypH6EyVlhgvN2aEHugMuQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.145.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:72:cd:e1:7b:11:de:1a:4b:e0:7c:76:af:66:ed:2d:a4:b3:
         5b:e5:16:bd:51:79:73:00:ad:4b:5f:2c:4e:25:76:6a:29:27:
         ff:3f:a4:28:4e:93:32:75:0c:36:79:31:00:4c:7a:8c:e2:32:
         9d:9d:9f:1c:ac:6e:c2:db:9b:e9:80:65:01:5a:fd:56:80:e4:
         43:5e:b5:b6:e7:db:c2:2a:35:94:fe:e9:94:db:16:7d:41:92:
         a7:44:2f:49:d1:fc:36:89:85:13:7f:32:91:eb:6f:3a:a1:7e:
         1b:1f:30:4a:7c:73:49:3d:4d:91:c3:65:d9:23:54:24:a8:c0:
         40:2d:cd:b8:9b:28:52:1f:f2:d5:76:eb:3d:4d:e9:36:57:4c:
         e2:c7:30:02:ef:59:c1:15:23:9f:ab:e9:f0:9b:98:4d:e0:14:
         e5:12:6d:d4:60:ed:b1:bb:91:e1:fe:47:10:3d:f4:a8:36:27:
         bd:fa:b8:c7:0b:45:57:11:15:1a:11:c5:6e:79:a2:b2:5e:5f:
         fe:e7:e2:f2:b0:14:75:91:f5:98:5c:47:5b:78:52:76:d2:69:
         11:46:12:d4:dc:93:f1:74:a2:43:4b:35:9c:d1:fe:98:f6:1b:
         29:f0:d4:0b:1d:46:b3:f9:2e:53:3c:2b:c8:25:75:87:3c:5d:
         b3:8d:b9:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkziiQN0iEBn9fvsy+DS7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0NmU5YWI0N2NhOTFmYTEzMjU2NTg2MGJjZGQ5YTEwN2Jh
MDMyZTQwHhcNMjQwMTAxMTAzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGIyMDFmMTVjODQ5NzEyZTZiMWNkZGZiZGFkOGU5OWIxYjUyZjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzW6HrTwRB/K4ujnZDwCwh1Tarb8
5HVyG6QIREoQ30oEdKnLIbfr3X0j0IThHt08zMy506lylQiRdSmmbI4CUg5hLi0k
xiojM62D96g8wZ5m9zwgwVvluZVFWeKF9g9FmdM59BzZzVvDYm++s2zEauE9Pdra
WrtIEpPObWJAwAXG46T9vofhjh2lJE/FZ9/PECdLwOq0po4UVXZQMYV1mkrNzYpS
N/BGw6ChPX4gk1uf+PWSDOYQoSi4mIrGEEHDLfRnwcO73Qtvrchupi7UhExb20A4
cbqfyiMbdVCj/6yAyrm0p9K4rl4GrI1bLutfhM1QyuSiwTDe6w3bPStmzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASyAfFchJcS5rHN372tjpmxtS9hMB8GA1UdIwQY
MBaAFORumrR8qR+hMlZYYLzdmhB7oDLkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUc2YXRIeXBINkV5VmxoZ3ZOMmFFSHVnTXVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8yMTY4MDItZThmOS00Y2JjLTlkNjUt
YjkyNTJjZjJjYzQ3LzEvQkxJQjhWeUVseExtc2MzZnZhMk9tYkcxTDJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8yMTY4MDItZThmOS00Y2JjLTlkNjUtYjkyNTJjZjJjYzQ3
LzEvNUc2YXRIeXBINkV5VmxoZ3ZOMmFFSHVnTXVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpGdMA0G
CSqGSIb3DQEBCwUAA4IBAQB4cs3hexHeGkvgfHavZu0tpLNb5Ra9UXlzAK1LXyxO
JXZqKSf/P6QoTpMydQw2eTEATHqM4jKdnZ8crG7C25vpgGUBWv1WgORDXrW259vC
KjWU/umU2xZ9QZKnRC9J0fw2iYUTfzKR6286oX4bHzBKfHNJPU2Rw2XZI1QkqMBA
Lc24myhSH/LVdus9Tek2V0zixzAC71nBFSOfq+nwm5hN4BTlEm3UYO2xu5Hh/kcQ
PfSoNie9+rjHC0VXERUaEcVueaKyXl/+5+LysBR1kfWYXEdbeFJ20mkRRhLU3JPx
dKJDSzWc0f6Y9hsp8NQLHUaz+S5TPCvIJXWHPF2zjbm7
-----END CERTIFICATE-----