Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/7f765d-d07e-4a66-92a5-7a94c7c36217/1/h2dLY13-umH-t1DUwP1_o-Th3Xc.roa
File:                     h2dLY13-umH-t1DUwP1_o-Th3Xc.roa (raw, json)
Hash identifier:          jgV5fAYcJ/+JV/6/7jLxhEk8NWfHM9uyKvOrC7kjgLA=
Subject key identifier:   87:67:4B:63:5D:FE:BA:61:FE:B7:50:D4:C0:FD:7F:A3:E4:E1:DD:77
Certificate issuer:       /CN=b3e60d38bb37794e72e87e6870d071f2a7dd3e57
Certificate serial:       018CC8DE0B03A809557E61CA5F9EEBB72729
Authority key identifier: B3:E6:0D:38:BB:37:79:4E:72:E8:7E:68:70:D0:71:F2:A7:DD:3E:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s-YNOLs3eU5y6H5ocNBx8qfdPlc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/7f765d-d07e-4a66-92a5-7a94c7c36217/1/h2dLY13-umH-t1DUwP1_o-Th3Xc.roa
Signing time:             Tue 02 Jan 2024 06:30:44 +0000
ROA not before:           Tue 02 Jan 2024 06:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3257
IP address blocks:        158.146.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/7f765d-d07e-4a66-92a5-7a94c7c36217/1/s-YNOLs3eU5y6H5ocNBx8qfdPlc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/7f765d-d07e-4a66-92a5-7a94c7c36217/1/s-YNOLs3eU5y6H5ocNBx8qfdPlc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s-YNOLs3eU5y6H5ocNBx8qfdPlc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:0b:03:a8:09:55:7e:61:ca:5f:9e:eb:b7:27:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3e60d38bb37794e72e87e6870d071f2a7dd3e57
        Validity
            Not Before: Jan  2 06:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87674b635dfeba61feb750d4c0fd7fa3e4e1dd77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:d3:68:c5:ef:65:87:1b:da:4a:2e:d9:ef:eb:
                    23:81:17:2b:22:93:21:79:67:9a:d8:46:01:80:1a:
                    9b:50:ef:ba:45:23:aa:7c:29:36:b0:13:7e:e7:9e:
                    bc:b1:d1:74:9c:67:a4:56:04:a2:82:62:25:7a:0f:
                    c4:b9:a5:77:a5:af:51:76:b4:f9:68:d2:ad:88:b1:
                    05:c0:1e:a0:82:f2:21:24:76:10:79:b7:e2:9d:97:
                    0b:3a:ef:b4:49:cb:58:36:74:3e:da:fd:35:9f:49:
                    7f:6b:ea:67:e2:8a:02:51:35:f8:a1:97:ec:c6:94:
                    0b:de:45:91:76:08:e9:61:8c:2b:7c:87:02:e8:e5:
                    c8:a0:ff:c4:a5:d3:4f:49:5e:ed:54:d2:75:4f:04:
                    d3:56:e5:a9:9d:6a:fa:9b:14:17:04:df:9c:ef:05:
                    fd:49:c1:91:9a:f0:94:0e:d1:7f:2e:86:3d:c3:ac:
                    1e:9c:d1:d4:e7:58:b7:e7:ce:02:d9:d5:23:90:9d:
                    2c:e4:65:3c:fc:e3:29:a1:0f:6e:ad:32:5c:d2:78:
                    e7:7f:f4:70:34:12:1d:9e:3e:a3:60:ac:71:1e:95:
                    94:84:67:77:ca:54:26:7f:14:2d:64:d8:e9:68:42:
                    2b:db:9f:95:6b:f6:4e:e6:90:99:73:94:b9:ec:43:
                    db:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:67:4B:63:5D:FE:BA:61:FE:B7:50:D4:C0:FD:7F:A3:E4:E1:DD:77
            X509v3 Authority Key Identifier:
                keyid:B3:E6:0D:38:BB:37:79:4E:72:E8:7E:68:70:D0:71:F2:A7:DD:3E:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s-YNOLs3eU5y6H5ocNBx8qfdPlc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/7f765d-d07e-4a66-92a5-7a94c7c36217/1/h2dLY13-umH-t1DUwP1_o-Th3Xc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/7f765d-d07e-4a66-92a5-7a94c7c36217/1/s-YNOLs3eU5y6H5ocNBx8qfdPlc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.146.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:15:fd:d5:c8:63:23:72:02:74:ac:3a:fd:50:d3:01:55:b2:
         1a:cd:4e:c2:a9:70:0a:f9:bc:03:2f:df:2a:1e:d7:93:ea:65:
         70:d0:35:67:d0:75:8d:52:d2:c8:82:65:91:eb:95:28:52:8a:
         cb:fd:82:8f:10:f8:35:d3:ba:04:9f:9c:36:a5:74:a0:9c:83:
         59:2d:c7:13:f9:a3:f6:9e:88:4c:be:21:27:be:13:f8:d9:2a:
         c8:0e:b3:6e:aa:65:0d:15:f5:38:e1:4c:5c:e1:b9:27:ee:f2:
         6c:04:1b:c4:59:c0:f2:a4:b1:ee:46:ea:53:ab:d7:18:ff:ae:
         10:0d:c1:f7:e6:9d:97:65:3c:bf:6d:76:6e:0c:7e:b4:e7:01:
         7f:c7:ea:50:0d:cb:2f:0e:76:9c:88:99:01:28:4e:cd:84:b9:
         85:1d:87:d6:fb:4b:cd:44:b4:39:9b:04:3d:b1:10:5e:9d:d4:
         ab:e5:b4:92:95:47:f2:44:95:39:4b:9a:95:98:75:9b:14:3e:
         ba:96:36:33:00:70:8f:f7:6b:48:b7:02:45:2f:5e:d4:1e:4d:
         21:a5:11:d5:bc:81:30:30:ef:d7:1a:44:b0:79:41:49:fe:d4:
         aa:2d:b3:d0:1c:c4:75:3b:78:3b:dd:03:51:2a:4a:d7:7f:29:
         48:ee:ec:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3gsDqAlVfmHKX57rtycpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZTYwZDM4YmIzNzc5NGU3MmU4N2U2ODcwZDA3MWYyYTdk
ZDNlNTcwHhcNMjQwMTAyMDYzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzY3NGI2MzVkZmViYTYxZmViNzUwZDRjMGZkN2ZhM2U0ZTFkZDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNNoxe9lhxvaSi7Z7+sjgRcrIpMh
eWea2EYBgBqbUO+6RSOqfCk2sBN+5568sdF0nGekVgSigmIleg/EuaV3pa9RdrT5
aNKtiLEFwB6ggvIhJHYQebfinZcLOu+0SctYNnQ+2v01n0l/a+pn4ooCUTX4oZfs
xpQL3kWRdgjpYYwrfIcC6OXIoP/EpdNPSV7tVNJ1TwTTVuWpnWr6mxQXBN+c7wX9
ScGRmvCUDtF/LoY9w6wenNHU51i3584C2dUjkJ0s5GU8/OMpoQ9urTJc0njnf/Rw
NBIdnj6jYKxxHpWUhGd3ylQmfxQtZNjpaEIr25+Va/ZO5pCZc5S57EPb4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIdnS2Nd/rph/rdQ1MD9f6Pk4d13MB8GA1UdIwQY
MBaAFLPmDTi7N3lOcuh+aHDQcfKn3T5XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcy1ZTk9MczNlVTV5Nkg1b2NOQng4cWZkUGxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC83Zjc2NWQtZDA3ZS00YTY2LTkyYTUt
N2E5NGM3YzM2MjE3LzEvaDJkTFkxMy11bUgtdDFEVXdQMV9vLVRoM1hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC83Zjc2NWQtZDA3ZS00YTY2LTkyYTUtN2E5NGM3YzM2MjE3
LzEvcy1ZTk9MczNlVTV5Nkg1b2NOQng4cWZkUGxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnpKJMA0G
CSqGSIb3DQEBCwUAA4IBAQBlFf3VyGMjcgJ0rDr9UNMBVbIazU7CqXAK+bwDL98q
HteT6mVw0DVn0HWNUtLIgmWR65UoUorL/YKPEPg107oEn5w2pXSgnINZLccT+aP2
nohMviEnvhP42SrIDrNuqmUNFfU44Uxc4bkn7vJsBBvEWcDypLHuRupTq9cY/64Q
DcH35p2XZTy/bXZuDH605wF/x+pQDcsvDnaciJkBKE7NhLmFHYfW+0vNRLQ5mwQ9
sRBendSr5bSSlUfyRJU5S5qVmHWbFD66ljYzAHCP92tItwJFL17UHk0hpRHVvIEw
MO/XGkSweUFJ/tSqLbPQHMR1O3g73QNRKkrXfylI7uyv
-----END CERTIFICATE-----