Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/2B_1g_OKbYC4rH7yh_nmXu9-Np4.roa
File:                     2B_1g_OKbYC4rH7yh_nmXu9-Np4.roa (raw, json)
Hash identifier:          jRmudV35iXS7u+QLYHxaStVUT/8rSgW+tGQm269CQiU=
Subject key identifier:   D8:1F:F5:83:F3:8A:6D:80:B8:AC:7E:F2:87:F9:E6:5E:EF:7E:36:9E
Certificate issuer:       /CN=b8d251c4bfd526da062d4ce2af56b6e46e925117
Certificate serial:       018CC7947474AAB179EC09A7B53FD258221B
Authority key identifier: B8:D2:51:C4:BF:D5:26:DA:06:2D:4C:E2:AF:56:B6:E4:6E:92:51:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uNJRxL_VJtoGLUzir1a25G6SURc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/2B_1g_OKbYC4rH7yh_nmXu9-Np4.roa
Signing time:             Tue 02 Jan 2024 00:30:44 +0000
ROA not before:           Tue 02 Jan 2024 00:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     378
IP address blocks:        132.74.0.0/16 maxlen: 16
                          132.74.0.0/15 maxlen: 15
                          132.75.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/uNJRxL_VJtoGLUzir1a25G6SURc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/uNJRxL_VJtoGLUzir1a25G6SURc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uNJRxL_VJtoGLUzir1a25G6SURc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:74:74:aa:b1:79:ec:09:a7:b5:3f:d2:58:22:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8d251c4bfd526da062d4ce2af56b6e46e925117
        Validity
            Not Before: Jan  2 00:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d81ff583f38a6d80b8ac7ef287f9e65eef7e369e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:45:0d:bd:66:47:7b:c2:df:b2:6a:84:c4:c5:
                    7c:bc:39:9f:0e:85:01:a7:0b:10:bb:ba:56:09:1e:
                    32:a7:34:86:01:97:f5:0f:2b:bc:2c:74:eb:84:18:
                    e4:47:4b:18:63:c3:a5:95:0e:33:a9:40:54:5b:35:
                    c3:62:cd:fe:d1:7c:3e:19:08:82:81:52:e6:f3:9f:
                    5e:82:18:e7:16:c7:e4:5e:1f:47:61:cb:21:92:5c:
                    9e:f1:b8:46:30:b3:b7:da:6e:79:2d:d9:50:3a:a5:
                    7c:05:dc:d8:8f:03:ff:e6:e3:50:93:1e:ec:4d:8c:
                    1f:34:37:fd:ae:91:50:10:d9:6d:36:2a:bd:b1:5c:
                    10:55:2b:47:86:1a:09:88:9d:e4:ba:bb:31:65:31:
                    93:af:44:bd:41:74:c0:e6:66:58:45:aa:88:f3:61:
                    5e:0e:85:cb:a4:73:6b:08:7e:23:0b:fd:1d:8e:c0:
                    aa:f5:2a:de:18:57:ae:cc:f9:e1:ec:0c:0c:0c:dd:
                    05:68:06:03:9a:74:07:a7:63:e5:65:c3:59:0e:74:
                    26:08:98:33:50:29:34:3f:a4:71:22:76:b0:05:3a:
                    fe:86:a4:a3:01:e9:9b:0a:17:a3:05:b5:d8:1e:29:
                    e5:91:70:0d:0f:04:a3:d7:96:81:1d:58:82:dd:da:
                    3c:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:1F:F5:83:F3:8A:6D:80:B8:AC:7E:F2:87:F9:E6:5E:EF:7E:36:9E
            X509v3 Authority Key Identifier:
                keyid:B8:D2:51:C4:BF:D5:26:DA:06:2D:4C:E2:AF:56:B6:E4:6E:92:51:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uNJRxL_VJtoGLUzir1a25G6SURc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/2B_1g_OKbYC4rH7yh_nmXu9-Np4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/uNJRxL_VJtoGLUzir1a25G6SURc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.74.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         62:c2:f9:5e:8d:ce:ac:a4:14:e9:7b:ac:75:ff:12:22:44:7b:
         4d:3d:5b:1d:a5:02:a5:5b:1a:3b:4c:15:c6:a9:8c:02:85:47:
         54:d0:e4:42:fc:34:77:23:e7:c9:ec:03:d2:46:af:d8:4c:6b:
         43:6a:9d:19:f9:83:16:cb:19:1d:9a:c2:2c:8b:fc:92:46:a4:
         b7:eb:d3:3c:6d:e9:73:9e:92:13:4a:ac:83:b4:fa:28:2d:5e:
         1a:ac:95:1f:78:f0:20:54:cb:0a:48:d9:dd:8b:e6:d7:bc:70:
         d5:13:3a:31:b9:15:60:b9:2e:0c:e6:0b:fe:49:42:d9:10:09:
         9f:be:9b:32:82:71:0f:b1:94:66:26:2f:5d:9e:08:ba:88:ea:
         71:e1:fd:cb:e2:33:f1:36:13:52:29:f6:7e:91:7a:2b:a8:89:
         63:e8:cb:66:96:69:f2:7e:9f:b2:d7:03:2d:ed:34:b4:f1:9b:
         2c:3b:db:44:ea:6c:28:18:12:00:89:ac:36:c1:cb:d5:6c:8f:
         e9:23:cc:3b:40:73:2e:32:d4:16:6f:a1:a3:72:f8:5d:64:1c:
         bb:15:ee:ad:aa:d9:59:18:d3:ee:89:b9:63:d2:6b:fd:b9:5a:
         10:8d:29:4a:07:ed:fc:4f:8b:f6:51:e8:6c:13:0b:43:b5:f2:
         bf:c9:1b:83
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzHlHR0qrF57AmntT/SWCIbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4ZDI1MWM0YmZkNTI2ZGEwNjJkNGNlMmFmNTZiNmU0NmU5
MjUxMTcwHhcNMjQwMTAyMDAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODFmZjU4M2YzOGE2ZDgwYjhhYzdlZjI4N2Y5ZTY1ZWVmN2UzNjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEUNvWZHe8LfsmqExMV8vDmfDoUB
pwsQu7pWCR4ypzSGAZf1Dyu8LHTrhBjkR0sYY8OllQ4zqUBUWzXDYs3+0Xw+GQiC
gVLm859eghjnFsfkXh9HYcshklye8bhGMLO32m55LdlQOqV8BdzYjwP/5uNQkx7s
TYwfNDf9rpFQENltNiq9sVwQVStHhhoJiJ3kursxZTGTr0S9QXTA5mZYRaqI82Fe
DoXLpHNrCH4jC/0djsCq9SreGFeuzPnh7AwMDN0FaAYDmnQHp2PlZcNZDnQmCJgz
UCk0P6RxInawBTr+hqSjAembChejBbXYHinlkXANDwSj15aBHViC3do87wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFNgf9YPzim2AuKx+8of55l7vfjaeMB8GA1UdIwQY
MBaAFLjSUcS/1SbaBi1M4q9WtuRuklEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU5KUnhMX1ZKdG9HTFV6aXIxYTI1RzZTVVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi82MjE5NDEtZjUzYy00NDhmLWJkMzAt
NDJiM2Q2OGI1Njc2LzEvMkJfMWdfT0tiWUM0ckg3eWhfbm1YdTktTnA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi82MjE5NDEtZjUzYy00NDhmLWJkMzAtNDJiM2Q2OGI1Njc2
LzEvdU5KUnhMX1ZKdG9HTFV6aXIxYTI1RzZTVVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBhEowDQYJ
KoZIhvcNAQELBQADggEBAGLC+V6NzqykFOl7rHX/EiJEe009Wx2lAqVbGjtMFcap
jAKFR1TQ5EL8NHcj58nsA9JGr9hMa0NqnRn5gxbLGR2awiyL/JJGpLfr0zxt6XOe
khNKrIO0+igtXhqslR948CBUywpI2d2L5te8cNUTOjG5FWC5LgzmC/5JQtkQCZ++
mzKCcQ+xlGYmL12eCLqI6nHh/cviM/E2E1Ip9n6ReiuoiWPoy2aWafJ+n7LXAy3t
NLTxmyw720TqbCgYEgCJrDbBy9Vsj+kjzDtAcy4y1BZvoaNy+F1kHLsV7q2q2VkY
0+6JuWPSa/25WhCNKUoH7fxPi/ZR6GwTC0O18r/JG4M=
-----END CERTIFICATE-----