Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/87702a-3af6-46c7-a123-a2e24f980b3f/1/Lq5jenOAHkD5ODAX-u-RTzyq9pk.roa
File:                     Lq5jenOAHkD5ODAX-u-RTzyq9pk.roa (raw, json)
Hash identifier:          H/Y9g2zpPLwumOub0xf0xLU7Nc0pyv0X4vFSJfyHZbU=
Subject key identifier:   2E:AE:63:7A:73:80:1E:40:F9:38:30:17:FA:EF:91:4F:3C:AA:F6:99
Certificate issuer:       /CN=0b1870c96ef09723811fb89250eea6eba963c0df
Certificate serial:       018CC56E084D9A1F20982507ED564CA6E68D
Authority key identifier: 0B:18:70:C9:6E:F0:97:23:81:1F:B8:92:50:EE:A6:EB:A9:63:C0:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CxhwyW7wlyOBH7iSUO6m66ljwN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/87702a-3af6-46c7-a123-a2e24f980b3f/1/Lq5jenOAHkD5ODAX-u-RTzyq9pk.roa
Signing time:             Mon 01 Jan 2024 14:29:31 +0000
ROA not before:           Mon 01 Jan 2024 14:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35280
IP address blocks:        132.64.0.0/16 maxlen: 16
                          132.65.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/87702a-3af6-46c7-a123-a2e24f980b3f/1/CxhwyW7wlyOBH7iSUO6m66ljwN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/87702a-3af6-46c7-a123-a2e24f980b3f/1/CxhwyW7wlyOBH7iSUO6m66ljwN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CxhwyW7wlyOBH7iSUO6m66ljwN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:08:4d:9a:1f:20:98:25:07:ed:56:4c:a6:e6:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b1870c96ef09723811fb89250eea6eba963c0df
        Validity
            Not Before: Jan  1 14:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2eae637a73801e40f9383017faef914f3caaf699
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:66:26:9a:c5:5b:6f:f3:37:4f:f4:a6:63:a3:
                    ea:c7:2b:bb:8d:97:fe:35:ac:d2:4b:55:b8:73:0f:
                    7f:59:3c:8c:01:c1:ea:e9:63:fc:a4:c3:55:1b:75:
                    60:83:4b:07:7e:41:0a:c6:65:04:f4:24:17:eb:48:
                    95:fd:61:ce:8a:c2:30:cb:49:56:6e:59:f2:47:66:
                    73:5f:83:0b:5f:d8:74:28:5e:12:b7:bc:1b:4d:52:
                    fb:3b:e8:04:16:53:4d:e7:dd:bd:1b:33:0d:c6:03:
                    5a:90:51:bb:41:bb:39:28:9f:c2:ba:1f:a4:d1:b9:
                    d4:1a:a1:ac:ce:cd:09:70:cd:77:b2:75:18:45:1a:
                    01:64:ab:52:bf:94:d8:7c:53:b1:b1:a1:44:40:51:
                    9d:8e:62:1a:ce:92:5a:eb:c0:b0:c3:9c:d4:e4:87:
                    43:3e:cc:d6:42:fd:b1:2a:12:09:53:28:a2:c0:b5:
                    38:2b:7d:59:39:55:45:64:e7:5f:26:69:48:47:3c:
                    b6:a7:19:a8:75:58:67:a1:7c:67:8e:7d:31:eb:df:
                    83:23:d6:6e:0e:77:3d:be:42:f7:64:33:f6:ec:ba:
                    a6:c7:ad:18:e7:e7:e7:f5:5d:a2:e6:0b:f1:1f:08:
                    b5:fc:40:be:4c:fa:71:5d:9a:84:f3:68:b5:e1:2f:
                    cc:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:AE:63:7A:73:80:1E:40:F9:38:30:17:FA:EF:91:4F:3C:AA:F6:99
            X509v3 Authority Key Identifier:
                keyid:0B:18:70:C9:6E:F0:97:23:81:1F:B8:92:50:EE:A6:EB:A9:63:C0:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CxhwyW7wlyOBH7iSUO6m66ljwN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/87702a-3af6-46c7-a123-a2e24f980b3f/1/Lq5jenOAHkD5ODAX-u-RTzyq9pk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/87702a-3af6-46c7-a123-a2e24f980b3f/1/CxhwyW7wlyOBH7iSUO6m66ljwN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.64.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         23:55:c2:5d:bd:46:2a:29:42:f4:77:89:23:e6:54:56:45:b8:
         a2:97:15:68:5f:d6:2b:4a:21:ca:2d:62:82:c2:f3:68:4a:3f:
         78:bb:95:32:80:dd:a6:35:54:80:f2:b5:3d:fc:a8:26:30:7e:
         4c:43:ef:44:4d:e7:7a:88:8c:de:66:7d:00:89:e1:d2:7a:b7:
         32:cf:7b:fa:4b:25:6a:26:17:2a:91:b6:4c:a7:84:ba:33:f8:
         6c:2b:2c:63:37:8a:cd:99:37:3c:cc:6b:c3:ce:90:78:80:44:
         41:b6:89:1a:41:f6:eb:2c:84:57:65:33:fd:d0:fd:73:e1:27:
         67:93:bd:06:97:a8:78:ca:27:8f:06:a2:e9:0d:f1:95:1f:3b:
         16:83:b0:d7:33:fe:82:d4:f1:91:95:ca:0c:dd:d5:b9:42:44:
         a4:21:e1:b5:fe:5d:87:e2:31:ef:89:d6:a2:ce:1f:bc:99:e0:
         8c:a8:b3:cc:a8:51:2e:e1:28:ed:b0:18:40:21:25:dc:0c:69:
         e9:45:5c:f7:ec:6f:4b:ac:b9:30:f2:c7:5e:d9:0d:e9:b6:df:
         41:d4:22:88:2e:5a:77:38:90:6c:8d:ff:b6:0c:4e:b9:90:ed:
         8a:32:e2:f1:7d:46:40:c9:93:73:5a:96:96:a7:51:20:c8:4e:
         0b:d0:5d:18
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzFbghNmh8gmCUH7VZMpuaNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMTg3MGM5NmVmMDk3MjM4MTFmYjg5MjUwZWVhNmViYTk2
M2MwZGYwHhcNMjQwMTAxMTQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWFlNjM3YTczODAxZTQwZjkzODMwMTdmYWVmOTE0ZjNjYWFmNjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymYmmsVbb/M3T/SmY6Pqxyu7jZf+
NazSS1W4cw9/WTyMAcHq6WP8pMNVG3Vgg0sHfkEKxmUE9CQX60iV/WHOisIwy0lW
blnyR2ZzX4MLX9h0KF4St7wbTVL7O+gEFlNN5929GzMNxgNakFG7Qbs5KJ/Cuh+k
0bnUGqGszs0JcM13snUYRRoBZKtSv5TYfFOxsaFEQFGdjmIazpJa68Cww5zU5IdD
PszWQv2xKhIJUyiiwLU4K31ZOVVFZOdfJmlIRzy2pxmodVhnoXxnjn0x69+DI9Zu
Dnc9vkL3ZDP27Lqmx60Y5+fn9V2i5gvxHwi1/EC+TPpxXZqE82i14S/MbwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFC6uY3pzgB5A+TgwF/rvkU88qvaZMB8GA1UdIwQY
MBaAFAsYcMlu8JcjgR+4klDupuupY8DfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3hod3lXN3dseU9CSDdpU1VPNm02Nmxqd044LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny84NzcwMmEtM2FmNi00NmM3LWExMjMt
YTJlMjRmOTgwYjNmLzEvTHE1amVuT0FIa0Q1T0RBWC11LVJUenlxOXBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny84NzcwMmEtM2FmNi00NmM3LWExMjMtYTJlMjRmOTgwYjNm
LzEvQ3hod3lXN3dseU9CSDdpU1VPNm02Nmxqd044LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBhEAwDQYJ
KoZIhvcNAQELBQADggEBACNVwl29RiopQvR3iSPmVFZFuKKXFWhf1itKIcotYoLC
82hKP3i7lTKA3aY1VIDytT38qCYwfkxD70RN53qIjN5mfQCJ4dJ6tzLPe/pLJWom
FyqRtkynhLoz+GwrLGM3is2ZNzzMa8POkHiAREG2iRpB9usshFdlM/3Q/XPhJ2eT
vQaXqHjKJ48GoukN8ZUfOxaDsNcz/oLU8ZGVygzd1blCRKQh4bX+XYfiMe+J1qLO
H7yZ4Iyos8yoUS7hKO2wGEAhJdwMaelFXPfsb0usuTDyx17ZDem230HUIoguWnc4
kGyN/7YMTrmQ7Yoy4vF9RkDJk3NalpanUSDITgvQXRg=
-----END CERTIFICATE-----