Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/aHbcmc6uBg89uq9OyjD5yOd8bh8.roa
File:                     aHbcmc6uBg89uq9OyjD5yOd8bh8.roa (raw, json)
Hash identifier:          UPmExfz5vrxi5Gcz7Tz8jTcEfBXLwj2ETUMznzRZu8Y=
Subject key identifier:   68:76:DC:99:CE:AE:06:0F:3D:BA:AF:4E:CA:30:F9:C8:E7:7C:6E:1F
Certificate issuer:       /CN=e801f23ce821c264d67727536ec183537594c5f2
Certificate serial:       018CC4936C869A34593A73C1197AAE83B71F
Authority key identifier: E8:01:F2:3C:E8:21:C2:64:D6:77:27:53:6E:C1:83:53:75:94:C5:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/aHbcmc6uBg89uq9OyjD5yOd8bh8.roa
Signing time:             Mon 01 Jan 2024 10:30:45 +0000
ROA not before:           Mon 01 Jan 2024 10:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49858
IP address blocks:        37.156.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 10:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6c:86:9a:34:59:3a:73:c1:19:7a:ae:83:b7:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e801f23ce821c264d67727536ec183537594c5f2
        Validity
            Not Before: Jan  1 10:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6876dc99ceae060f3dbaaf4eca30f9c8e77c6e1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:11:7c:d0:ca:e7:3d:d6:d7:1a:dd:8a:ce:87:
                    3a:d6:0e:c7:ea:63:45:5d:c7:61:ab:90:c1:78:52:
                    0a:b6:ff:cd:6a:52:00:ae:47:30:03:ed:20:e4:73:
                    26:cf:a5:3d:91:49:e1:d4:68:1a:30:66:b6:16:cb:
                    c9:80:e3:4f:f8:71:0a:39:cd:b7:3a:74:5b:dc:ff:
                    f2:e0:ae:a0:4b:82:96:78:d9:76:97:ab:d0:1c:9c:
                    82:e7:13:90:34:d5:dd:42:36:92:4e:1e:0a:4a:c2:
                    22:0d:8b:82:1b:74:79:e8:de:1e:b1:0e:7e:e2:bb:
                    d9:22:e1:83:26:88:f6:07:aa:b9:f8:70:6d:ff:d2:
                    29:04:02:3e:59:43:f6:09:53:ad:16:b9:ba:d7:a0:
                    8f:17:e5:83:90:93:5a:3a:1a:94:e2:e8:24:5c:15:
                    30:0c:4a:2d:61:ca:3d:50:a6:07:c8:8d:dd:0b:72:
                    db:a5:67:fb:ae:cd:51:4a:6b:af:5b:99:15:fb:81:
                    4d:28:c4:77:24:7a:0b:9c:fd:45:a1:c7:be:c3:a4:
                    ea:cb:71:49:9d:01:a3:79:ec:a3:70:3d:22:5f:e7:
                    2b:07:c2:54:18:5c:3d:36:41:c2:63:6f:ba:21:e8:
                    44:40:54:d7:76:d4:72:f8:5c:6c:36:f5:80:2f:7e:
                    d6:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:76:DC:99:CE:AE:06:0F:3D:BA:AF:4E:CA:30:F9:C8:E7:7C:6E:1F
            X509v3 Authority Key Identifier:
                keyid:E8:01:F2:3C:E8:21:C2:64:D6:77:27:53:6E:C1:83:53:75:94:C5:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/aHbcmc6uBg89uq9OyjD5yOd8bh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.156.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:b8:e0:e0:a2:91:95:b8:eb:31:77:d8:52:fe:45:b1:8e:2c:
         04:17:4f:98:94:18:80:e1:35:ae:bb:8b:77:49:d5:37:c5:4b:
         f9:2e:cd:78:20:99:51:4a:4c:5a:84:2e:e4:9d:60:18:6e:6d:
         ea:93:bf:76:d8:2c:dd:d5:f7:24:bb:15:4c:e1:72:64:c5:66:
         bf:48:a0:ff:37:57:e7:c3:24:dd:98:f9:0f:03:95:af:75:ec:
         a8:17:ae:78:df:16:6a:11:74:ab:67:60:64:5b:8a:ed:61:6e:
         f2:c9:11:e4:3c:cf:9b:23:26:ba:f6:a3:82:19:49:d0:3d:be:
         69:70:c9:67:fb:83:79:cb:1c:44:09:b0:93:17:4b:c1:75:38:
         c7:ba:02:b1:cc:98:cc:e8:41:bf:97:c7:5b:ae:b7:9c:87:a3:
         5a:4a:5c:d6:8c:f7:34:b0:02:94:78:97:77:97:5a:5d:31:6e:
         1b:e2:d4:6e:e0:71:af:82:61:56:00:1c:e3:6a:fd:2e:79:7c:
         28:1a:07:c8:b3:99:54:ac:51:95:15:29:09:5d:3b:e5:47:1b:
         5b:61:92:85:be:36:d9:73:90:ee:71:bb:ec:0e:f8:d3:71:51:
         10:1b:e3:c3:f4:db:24:5c:5c:09:5f:6a:08:5f:68:65:4f:5d:
         ae:76:6b:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk2yGmjRZOnPBGXqug7cfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MDFmMjNjZTgyMWMyNjRkNjc3Mjc1MzZlYzE4MzUzNzU5
NGM1ZjIwHhcNMjQwMTAxMTAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODc2ZGM5OWNlYWUwNjBmM2RiYWFmNGVjYTMwZjljOGU3N2M2ZTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRF80MrnPdbXGt2Kzoc61g7H6mNF
Xcdhq5DBeFIKtv/NalIArkcwA+0g5HMmz6U9kUnh1GgaMGa2FsvJgONP+HEKOc23
OnRb3P/y4K6gS4KWeNl2l6vQHJyC5xOQNNXdQjaSTh4KSsIiDYuCG3R56N4esQ5+
4rvZIuGDJoj2B6q5+HBt/9IpBAI+WUP2CVOtFrm616CPF+WDkJNaOhqU4ugkXBUw
DEotYco9UKYHyI3dC3LbpWf7rs1RSmuvW5kV+4FNKMR3JHoLnP1Foce+w6Tqy3FJ
nQGjeeyjcD0iX+crB8JUGFw9NkHCY2+6IehEQFTXdtRy+FxsNvWAL37WmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGh23JnOrgYPPbqvTsow+cjnfG4fMB8GA1UdIwQY
MBaAFOgB8jzoIcJk1ncnU27Bg1N1lMXyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkFIeVBPZ2h3bVRXZHlkVGJzR0RVM1dVeGZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9lYWI0ZDgtNmFmZC00ZjgxLWFiMTAt
NDY0ZWIxODNiNTY4LzEvYUhiY21jNnVCZzg5dXE5T3lqRDV5T2Q4Ymg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9lYWI0ZDgtNmFmZC00ZjgxLWFiMTAtNDY0ZWIxODNiNTY4
LzEvNkFIeVBPZ2h3bVRXZHlkVGJzR0RVM1dVeGZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZzCMA0G
CSqGSIb3DQEBCwUAA4IBAQBluODgopGVuOsxd9hS/kWxjiwEF0+YlBiA4TWuu4t3
SdU3xUv5Ls14IJlRSkxahC7knWAYbm3qk7922Czd1fckuxVM4XJkxWa/SKD/N1fn
wyTdmPkPA5WvdeyoF6543xZqEXSrZ2BkW4rtYW7yyRHkPM+bIya69qOCGUnQPb5p
cMln+4N5yxxECbCTF0vBdTjHugKxzJjM6EG/l8dbrrech6NaSlzWjPc0sAKUeJd3
l1pdMW4b4tRu4HGvgmFWABzjav0ueXwoGgfIs5lUrFGVFSkJXTvlRxtbYZKFvjbZ
c5DucbvsDvjTcVEQG+PD9NskXFwJX2oIX2hlT12udmvh
-----END CERTIFICATE-----