Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/Igs5TdqaUw4wOhzpa63_yAyEf4M.roa
File:                     Igs5TdqaUw4wOhzpa63_yAyEf4M.roa (raw, json)
Hash identifier:          d5PM42NDgeUJBLw1Q/+VlhShMcZYD0tyxc1F1JEd3yo=
Subject key identifier:   22:0B:39:4D:DA:9A:53:0E:30:3A:1C:E9:6B:AD:FF:C8:0C:84:7F:83
Certificate issuer:       /CN=e8a851ddae5a64cc38825395be9a507da95ab7cf
Certificate serial:       018CC9BB2EAE0E3A7D82B2229A7B79168696
Authority key identifier: E8:A8:51:DD:AE:5A:64:CC:38:82:53:95:BE:9A:50:7D:A9:5A:B7:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/Igs5TdqaUw4wOhzpa63_yAyEf4M.roa
Signing time:             Tue 02 Jan 2024 10:32:16 +0000
ROA not before:           Tue 02 Jan 2024 10:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202447
IP address blocks:        147.236.118.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:2e:ae:0e:3a:7d:82:b2:22:9a:7b:79:16:86:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8a851ddae5a64cc38825395be9a507da95ab7cf
        Validity
            Not Before: Jan  2 10:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=220b394dda9a530e303a1ce96badffc80c847f83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:8b:73:1d:71:21:c8:0d:db:28:4e:cc:e8:56:
                    84:d5:57:fc:7a:05:19:8f:b9:38:66:01:f0:52:af:
                    91:13:ac:57:ec:6f:98:0e:33:82:6d:ed:bd:ef:5a:
                    6f:4a:66:e9:fa:29:6b:69:5a:67:5a:8f:9b:96:3b:
                    4c:55:b3:0d:ea:a5:72:d9:8b:0f:9e:68:bf:1c:12:
                    c4:bf:c7:d7:76:9a:92:42:96:47:18:71:75:e5:f0:
                    94:0e:6e:f6:c7:96:b2:72:33:ba:e0:12:92:c9:e3:
                    19:6d:79:81:cc:4a:59:c1:67:59:51:96:78:84:b0:
                    5e:f7:14:70:90:a4:27:28:24:1f:2b:45:87:28:13:
                    cb:ed:2f:ba:68:0b:00:aa:78:11:67:01:ce:a5:14:
                    92:95:28:41:a3:f9:50:06:48:b8:0c:76:38:bf:79:
                    22:82:91:e2:3c:1f:f4:d1:f4:31:e6:9f:a6:6f:b7:
                    97:33:64:c7:3a:99:cc:80:76:4b:e8:bd:96:ec:d7:
                    0a:3b:36:ec:a9:84:37:f7:26:24:e2:29:5f:70:38:
                    08:c6:f7:11:4e:01:47:57:75:b2:bc:42:3f:59:ca:
                    a3:82:65:4a:d9:12:bb:a6:3f:53:5c:21:f8:5b:16:
                    b3:c7:07:27:d6:b0:c7:de:f5:b4:e6:8b:30:d1:e7:
                    ed:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:0B:39:4D:DA:9A:53:0E:30:3A:1C:E9:6B:AD:FF:C8:0C:84:7F:83
            X509v3 Authority Key Identifier:
                keyid:E8:A8:51:DD:AE:5A:64:CC:38:82:53:95:BE:9A:50:7D:A9:5A:B7:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/Igs5TdqaUw4wOhzpa63_yAyEf4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.236.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:51:52:cd:e4:52:87:41:23:37:37:97:14:18:08:61:c8:6d:
         77:b5:ad:08:4f:10:60:ed:24:8b:f2:65:93:85:5f:a3:61:48:
         bb:b8:20:e8:9d:f3:bd:42:08:cb:f2:1d:39:61:5c:61:0b:9a:
         56:15:e6:20:89:35:9e:f4:15:0f:f9:fa:e8:d5:d7:ed:1e:19:
         63:bd:b2:e0:54:97:63:db:06:66:cc:c2:f4:bf:07:e3:49:ca:
         b8:5d:b4:58:ee:b9:18:99:f6:8e:b5:20:3e:91:ca:fe:03:85:
         50:24:9a:d0:a2:d6:81:27:80:02:b9:5d:e4:ef:21:57:cd:8f:
         a7:46:44:ff:11:9a:f1:dd:00:cf:64:f4:f7:a3:0e:fa:d6:d1:
         19:fd:a3:2d:2e:5e:b6:f4:64:88:d0:f7:fe:12:ba:43:39:c4:
         f6:91:7f:47:3b:c6:74:84:6e:8d:40:12:9e:fa:61:71:d8:2f:
         d5:a4:54:96:97:cf:a5:2e:64:02:44:2d:19:59:55:dc:cd:43:
         59:ab:2d:3d:5d:bb:b1:1c:27:74:08:54:57:9a:36:bd:a1:3d:
         30:ea:cc:fb:2f:0e:25:22:98:20:16:58:89:02:a4:3d:29:61:
         e3:52:26:e4:71:bc:80:1f:32:9f:4b:87:49:74:86:85:0c:05:
         c9:fa:7e:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuy6uDjp9grIimnt5FoaWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YTg1MWRkYWU1YTY0Y2MzODgyNTM5NWJlOWE1MDdkYTk1
YWI3Y2YwHhcNMjQwMTAyMTAzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjBiMzk0ZGRhOWE1MzBlMzAzYTFjZTk2YmFkZmZjODBjODQ3ZjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtItzHXEhyA3bKE7M6FaE1Vf8egUZ
j7k4ZgHwUq+RE6xX7G+YDjOCbe2971pvSmbp+ilraVpnWo+bljtMVbMN6qVy2YsP
nmi/HBLEv8fXdpqSQpZHGHF15fCUDm72x5aycjO64BKSyeMZbXmBzEpZwWdZUZZ4
hLBe9xRwkKQnKCQfK0WHKBPL7S+6aAsAqngRZwHOpRSSlShBo/lQBki4DHY4v3ki
gpHiPB/00fQx5p+mb7eXM2THOpnMgHZL6L2W7NcKOzbsqYQ39yYk4ilfcDgIxvcR
TgFHV3WyvEI/WcqjgmVK2RK7pj9TXCH4Wxazxwcn1rDH3vW05osw0eft8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCILOU3amlMOMDoc6Wut/8gMhH+DMB8GA1UdIwQY
MBaAFOioUd2uWmTMOIJTlb6aUH2pWrfPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNktoUjNhNWFaTXc0Z2xPVnZwcFFmYWxhdDg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8zNjM4ZDctM2VjMy00NTk1LWE2MzEt
MTEwYzg3OGRjZDI5LzEvSWdzNVRkcWFVdzR3T2h6cGE2M195QXlFZjRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8zNjM4ZDctM2VjMy00NTk1LWE2MzEtMTEwYzg3OGRjZDI5
LzEvNktoUjNhNWFaTXc0Z2xPVnZwcFFmYWxhdDg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBk+x2MA0G
CSqGSIb3DQEBCwUAA4IBAQBUUVLN5FKHQSM3N5cUGAhhyG13ta0ITxBg7SSL8mWT
hV+jYUi7uCDonfO9QgjL8h05YVxhC5pWFeYgiTWe9BUP+fro1dftHhljvbLgVJdj
2wZmzML0vwfjScq4XbRY7rkYmfaOtSA+kcr+A4VQJJrQotaBJ4ACuV3k7yFXzY+n
RkT/EZrx3QDPZPT3ow761tEZ/aMtLl629GSI0Pf+ErpDOcT2kX9HO8Z0hG6NQBKe
+mFx2C/VpFSWl8+lLmQCRC0ZWVXczUNZqy09XbuxHCd0CFRXmja9oT0w6sz7Lw4l
IpggFliJAqQ9KWHjUibkcbyAHzKfS4dJdIaFDAXJ+n4o
-----END CERTIFICATE-----