Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/N-pxVr-Eg8BJGg7qNtiIv7ulCko.roa
File:                     N-pxVr-Eg8BJGg7qNtiIv7ulCko.roa (raw, json)
Hash identifier:          1OC2tUWTc53GB0PUSMR++vNwSUkHUEIVLdfdKWpzHhI=
Subject key identifier:   37:EA:71:56:BF:84:83:C0:49:1A:0E:EA:36:D8:88:BF:BB:A5:0A:4A
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       018CC79455BD0938E31A8C862ED022B244C6
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/N-pxVr-Eg8BJGg7qNtiIv7ulCko.roa
Signing time:             Tue 02 Jan 2024 00:30:36 +0000
ROA not before:           Tue 02 Jan 2024 00:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62196
IP address blocks:        2.189.176.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:55:bd:09:38:e3:1a:8c:86:2e:d0:22:b2:44:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 00:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37ea7156bf8483c0491a0eea36d888bfbba50a4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:c8:4f:99:8d:0a:50:79:98:13:94:47:0f:27:
                    fd:9a:b7:ab:08:3c:2a:c5:b8:d4:e4:08:79:d4:ab:
                    9d:d2:13:75:b1:f1:13:01:dd:27:fa:6a:40:9e:e4:
                    91:0c:92:bf:a0:6c:35:b1:36:7b:56:da:f1:f8:5d:
                    16:fc:20:40:63:da:ef:f5:ca:16:62:7e:e4:e9:bf:
                    f2:f8:64:4a:ed:16:78:f4:59:47:4e:c3:61:68:92:
                    4d:4a:17:42:c4:88:15:da:14:7b:ab:c3:86:28:bd:
                    10:89:8e:2d:be:a6:70:87:55:89:03:8c:13:d4:d6:
                    46:d8:41:f3:cb:b3:6d:97:68:3c:f5:2c:a5:67:60:
                    f3:70:33:24:92:7f:82:08:2e:1d:6c:a9:5b:50:85:
                    e7:27:20:7c:ff:ae:31:c3:d9:99:c1:84:ca:bf:a8:
                    8b:eb:79:2b:ca:ea:36:6f:d9:b0:b3:18:c2:cf:d8:
                    f1:cc:95:15:57:65:42:15:cb:34:2e:a1:1d:2d:66:
                    ab:51:05:ba:72:d7:bb:ff:5f:97:21:8c:c5:0c:71:
                    7b:fa:fe:20:f0:1f:a8:75:d1:4b:6b:1e:8c:ee:ef:
                    8a:11:02:ef:b5:7d:72:28:c4:98:3c:4a:70:94:11:
                    99:6e:a8:ca:46:96:a5:9d:61:b1:10:60:be:8d:62:
                    52:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:EA:71:56:BF:84:83:C0:49:1A:0E:EA:36:D8:88:BF:BB:A5:0A:4A
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/N-pxVr-Eg8BJGg7qNtiIv7ulCko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.189.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         06:43:7f:5c:3d:79:54:b7:aa:a1:4f:d7:8d:9f:ca:d5:f4:c9:
         85:f7:bb:44:a7:90:78:9c:5a:5b:d4:58:c4:33:7e:0e:cf:99:
         bc:18:03:cb:aa:c6:56:78:b9:c3:ba:b2:e2:f4:41:9e:eb:f5:
         63:ad:6a:5a:50:36:a6:7e:34:e0:78:9f:89:a6:1c:35:80:52:
         fd:b7:b6:8b:09:24:ad:31:9e:7e:ce:c2:f9:6a:7b:72:2f:a9:
         c9:e2:c6:af:dc:7c:07:bc:68:b4:34:24:d0:18:0a:af:4b:3b:
         2f:f9:18:22:e3:47:f5:a9:fb:e8:19:a4:1d:56:be:d9:97:2f:
         d6:d2:5b:bc:e5:7d:36:bf:30:1a:84:d2:93:30:5a:4a:5d:0f:
         d0:11:0a:01:f7:75:61:5d:66:df:32:9a:10:17:85:14:3b:23:
         5b:71:8a:81:bd:88:59:1e:10:36:fd:d7:ca:93:82:4e:28:95:
         a8:f4:9b:57:25:0e:6e:b5:21:f6:3e:f8:2a:c7:6f:81:1d:af:
         5d:f3:bd:f1:9a:55:08:27:b7:c9:46:3f:61:34:6b:64:5a:9e:
         3a:84:f3:ba:d7:30:70:c3:b7:ed:5e:22:2c:a3:b8:a9:ff:d7:
         5b:fe:e5:bb:20:26:b5:11:49:84:7c:af:11:3f:e1:2e:5a:7a:
         35:5d:a2:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlFW9CTjjGoyGLtAiskTGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjQwMTAyMDAzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2VhNzE1NmJmODQ4M2MwNDkxYTBlZWEzNmQ4ODhiZmJiYTUwYTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAishPmY0KUHmYE5RHDyf9mrerCDwq
xbjU5Ah51Kud0hN1sfETAd0n+mpAnuSRDJK/oGw1sTZ7Vtrx+F0W/CBAY9rv9coW
Yn7k6b/y+GRK7RZ49FlHTsNhaJJNShdCxIgV2hR7q8OGKL0QiY4tvqZwh1WJA4wT
1NZG2EHzy7Ntl2g89SylZ2DzcDMkkn+CCC4dbKlbUIXnJyB8/64xw9mZwYTKv6iL
63kryuo2b9mwsxjCz9jxzJUVV2VCFcs0LqEdLWarUQW6cte7/1+XIYzFDHF7+v4g
8B+oddFLax6M7u+KEQLvtX1yKMSYPEpwlBGZbqjKRpalnWGxEGC+jWJSywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDfqcVa/hIPASRoO6jbYiL+7pQpKMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvTi1weFZyLUVnOEJKR2c3cU50aUl2N3VsQ2tvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDAr2wMA0G
CSqGSIb3DQEBCwUAA4IBAQAGQ39cPXlUt6qhT9eNn8rV9MmF97tEp5B4nFpb1FjE
M34Oz5m8GAPLqsZWeLnDurLi9EGe6/VjrWpaUDamfjTgeJ+Jphw1gFL9t7aLCSSt
MZ5+zsL5antyL6nJ4sav3HwHvGi0NCTQGAqvSzsv+Rgi40f1qfvoGaQdVr7Zly/W
0lu85X02vzAahNKTMFpKXQ/QEQoB93VhXWbfMpoQF4UUOyNbcYqBvYhZHhA2/dfK
k4JOKJWo9JtXJQ5utSH2Pvgqx2+BHa9d873xmlUIJ7fJRj9hNGtkWp46hPO61zBw
w7ftXiIso7ip/9db/uW7ICa1EUmEfK8RP+EuWno1XaIK
-----END CERTIFICATE-----