Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/7f765d-d07e-4a66-92a5-7a94c7c36217/1/Y34UvuzGHVn74JlMjR9mij0J_ZI.roa
File:                     Y34UvuzGHVn74JlMjR9mij0J_ZI.roa (raw, json)
Hash identifier:          Hj/FjB07FtGoGCvdQBlvGTW1jCsfWBGe3HmnzW7s7VU=
Subject key identifier:   63:7E:14:BE:EC:C6:1D:59:FB:E0:99:4C:8D:1F:66:8A:3D:09:FD:92
Certificate issuer:       /CN=b3e60d38bb37794e72e87e6870d071f2a7dd3e57
Certificate serial:       018CC8DE0BA1289859376447B157A5636335
Authority key identifier: B3:E6:0D:38:BB:37:79:4E:72:E8:7E:68:70:D0:71:F2:A7:DD:3E:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s-YNOLs3eU5y6H5ocNBx8qfdPlc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/7f765d-d07e-4a66-92a5-7a94c7c36217/1/Y34UvuzGHVn74JlMjR9mij0J_ZI.roa
Signing time:             Tue 02 Jan 2024 06:30:44 +0000
ROA not before:           Tue 02 Jan 2024 06:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42326
IP address blocks:        158.146.129.0/24 maxlen: 24
                          158.146.128.0/24 maxlen: 24
                          158.146.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/7f765d-d07e-4a66-92a5-7a94c7c36217/1/s-YNOLs3eU5y6H5ocNBx8qfdPlc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/7f765d-d07e-4a66-92a5-7a94c7c36217/1/s-YNOLs3eU5y6H5ocNBx8qfdPlc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s-YNOLs3eU5y6H5ocNBx8qfdPlc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:0b:a1:28:98:59:37:64:47:b1:57:a5:63:63:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3e60d38bb37794e72e87e6870d071f2a7dd3e57
        Validity
            Not Before: Jan  2 06:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=637e14beecc61d59fbe0994c8d1f668a3d09fd92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c6:96:b8:fe:33:c6:b8:77:c7:b8:31:13:fb:
                    a4:20:1c:65:d6:37:8f:ad:7a:6d:1e:53:6e:13:bd:
                    e4:43:2f:a8:e2:ca:98:5c:4d:c0:41:6e:16:bb:df:
                    3c:9c:6d:54:bf:58:88:aa:64:ec:43:c8:11:2d:d8:
                    e2:ef:93:2c:4f:8f:7b:bf:ac:9c:f4:93:7a:57:c6:
                    a3:e2:0a:29:0d:e4:dd:d0:b5:68:75:bb:e2:19:18:
                    66:42:f0:f3:41:b7:39:80:a9:67:af:da:7c:fa:8b:
                    77:74:bd:ee:64:84:fa:d3:5a:69:ba:09:67:5c:73:
                    2e:cb:49:db:a5:09:58:f4:4e:47:ef:77:22:99:11:
                    45:4c:50:f8:c1:cb:fd:c6:cd:c3:39:05:18:10:10:
                    60:1e:05:73:9c:c4:04:7f:9e:68:b4:53:44:99:55:
                    81:c9:02:5e:44:9e:fe:0b:a6:a7:cb:37:07:79:2e:
                    63:3d:f8:98:ef:ea:ad:6f:96:7c:ce:d3:61:37:b9:
                    d3:39:e4:e9:de:79:6f:f6:5a:f3:19:e8:32:0f:86:
                    fe:5c:65:30:8d:5f:4a:a4:c8:bf:42:14:30:0a:78:
                    d8:54:6d:1b:d6:10:17:1f:9a:7c:57:62:99:ea:5d:
                    c2:42:78:e3:b9:7d:ac:67:be:8b:99:d1:53:a8:c5:
                    ff:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:7E:14:BE:EC:C6:1D:59:FB:E0:99:4C:8D:1F:66:8A:3D:09:FD:92
            X509v3 Authority Key Identifier:
                keyid:B3:E6:0D:38:BB:37:79:4E:72:E8:7E:68:70:D0:71:F2:A7:DD:3E:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s-YNOLs3eU5y6H5ocNBx8qfdPlc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/7f765d-d07e-4a66-92a5-7a94c7c36217/1/Y34UvuzGHVn74JlMjR9mij0J_ZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/7f765d-d07e-4a66-92a5-7a94c7c36217/1/s-YNOLs3eU5y6H5ocNBx8qfdPlc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.146.128.0/23
                  158.146.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:c3:7c:d0:30:d0:b7:1c:ad:70:23:87:6e:54:a2:07:28:a2:
         8e:a4:67:b8:8d:94:85:92:42:de:7a:8f:52:e8:af:0f:f7:0a:
         d1:55:1c:51:c4:f3:4d:fe:db:04:15:c6:9b:af:2d:d6:99:ab:
         f9:82:cd:d0:4e:db:e1:fe:d0:d5:27:e8:f1:c6:50:97:66:52:
         fc:31:8c:37:d8:59:b3:3d:d7:ce:21:5d:39:05:01:eb:d6:71:
         b8:f7:96:a4:64:37:2f:6f:81:7f:00:4b:60:dd:22:9c:b8:c8:
         f3:85:70:31:2e:75:da:48:dd:d5:98:06:c4:7e:05:9e:dd:15:
         22:37:e0:38:6d:47:d8:51:5d:f2:f2:41:1f:f6:ca:36:63:d7:
         31:f0:58:60:0f:3a:3e:b6:ba:e1:15:de:a1:75:e5:9b:04:ab:
         ae:33:59:b7:b3:ee:4d:ab:32:41:65:b3:7d:f1:ee:a2:5e:c3:
         0a:6e:8b:19:50:14:9e:3d:7b:d9:7b:54:d5:51:e8:52:fd:22:
         89:91:cb:8d:41:ad:ff:07:b8:48:8b:15:c2:cc:5c:16:09:ac:
         c5:43:7a:8f:c5:0f:26:04:a1:a7:c6:59:df:b8:53:a7:42:2e:
         c6:b2:60:f6:71:4e:b2:21:ee:a3:53:61:0d:c2:28:85:ee:f1:
         db:57:21:e9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3guhKJhZN2RHsVelY2M1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZTYwZDM4YmIzNzc5NGU3MmU4N2U2ODcwZDA3MWYyYTdk
ZDNlNTcwHhcNMjQwMTAyMDYzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzdlMTRiZWVjYzYxZDU5ZmJlMDk5NGM4ZDFmNjY4YTNkMDlmZDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsaWuP4zxrh3x7gxE/ukIBxl1jeP
rXptHlNuE73kQy+o4sqYXE3AQW4Wu988nG1Uv1iIqmTsQ8gRLdji75MsT497v6yc
9JN6V8aj4gopDeTd0LVodbviGRhmQvDzQbc5gKlnr9p8+ot3dL3uZIT601ppugln
XHMuy0nbpQlY9E5H73cimRFFTFD4wcv9xs3DOQUYEBBgHgVznMQEf55otFNEmVWB
yQJeRJ7+C6anyzcHeS5jPfiY7+qtb5Z8ztNhN7nTOeTp3nlv9lrzGegyD4b+XGUw
jV9KpMi/QhQwCnjYVG0b1hAXH5p8V2KZ6l3CQnjjuX2sZ76LmdFTqMX/iQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGN+FL7sxh1Z++CZTI0fZoo9Cf2SMB8GA1UdIwQY
MBaAFLPmDTi7N3lOcuh+aHDQcfKn3T5XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcy1ZTk9MczNlVTV5Nkg1b2NOQng4cWZkUGxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC83Zjc2NWQtZDA3ZS00YTY2LTkyYTUt
N2E5NGM3YzM2MjE3LzEvWTM0VXZ1ekdIVm43NEpsTWpSOW1pajBKX1pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC83Zjc2NWQtZDA3ZS00YTY2LTkyYTUtN2E5NGM3YzM2MjE3
LzEvcy1ZTk9MczNlVTV5Nkg1b2NOQng4cWZkUGxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBnpKAAwQA
npKJMA0GCSqGSIb3DQEBCwUAA4IBAQA0w3zQMNC3HK1wI4duVKIHKKKOpGe4jZSF
kkLeeo9S6K8P9wrRVRxRxPNN/tsEFcabry3Wmav5gs3QTtvh/tDVJ+jxxlCXZlL8
MYw32FmzPdfOIV05BQHr1nG495akZDcvb4F/AEtg3SKcuMjzhXAxLnXaSN3VmAbE
fgWe3RUiN+A4bUfYUV3y8kEf9so2Y9cx8FhgDzo+trrhFd6hdeWbBKuuM1m3s+5N
qzJBZbN98e6iXsMKbosZUBSePXvZe1TVUehS/SKJkcuNQa3/B7hIixXCzFwWCazF
Q3qPxQ8mBKGnxlnfuFOnQi7GsmD2cU6yIe6jU2ENwiiF7vHbVyHp
-----END CERTIFICATE-----