Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/FoTd1StUhY3fF6GGidf8gws14qY.roa
File:                     FoTd1StUhY3fF6GGidf8gws14qY.roa (raw, json)
Hash identifier:          kTuAEV84YJQcpwi0hypdgs8CL6O4yZrtuy7pjjDxSnk=
Subject key identifier:   16:84:DD:D5:2B:54:85:8D:DF:17:A1:86:89:D7:FC:83:0B:35:E2:A6
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018CC49342C55102ECA409BF7D899C098FDD
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/FoTd1StUhY3fF6GGidf8gws14qY.roa
Signing time:             Mon 01 Jan 2024 10:30:34 +0000
ROA not before:           Mon 01 Jan 2024 10:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216262
IP address blocks:        37.156.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:42:c5:51:02:ec:a4:09:bf:7d:89:9c:09:8f:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  1 10:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1684ddd52b54858ddf17a18689d7fc830b35e2a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a6:83:43:71:43:42:3b:ef:46:44:b1:2e:a3:
                    69:39:2a:43:60:17:f6:e8:d3:93:3c:a5:9c:e6:60:
                    55:8a:c1:be:60:da:e9:ae:d7:dc:4b:af:25:0b:f5:
                    37:2e:ce:80:b1:68:21:11:3d:c0:e9:1d:c0:3b:fc:
                    46:ea:5a:68:dc:84:18:8e:d2:3e:57:8a:59:06:dd:
                    5d:96:73:26:e4:5b:c7:de:30:90:68:7b:42:59:eb:
                    8d:c8:c1:ce:46:c0:0d:28:28:ae:3e:2e:d6:01:98:
                    8a:fd:90:63:62:0e:ee:94:42:c9:42:35:e2:2c:95:
                    ca:64:ca:07:76:80:90:db:00:e7:62:18:ff:cd:2e:
                    9e:73:cf:4b:e7:4e:b0:9f:60:d5:45:9e:88:34:47:
                    17:90:a1:05:59:fa:2f:47:6c:ba:85:5c:c1:24:b0:
                    04:62:4f:79:b7:d2:35:d4:90:fe:0d:ff:95:e3:dc:
                    3a:14:e4:e6:94:7d:85:b6:f3:94:06:83:28:04:d6:
                    92:0c:13:19:1c:1e:a7:58:df:1c:ac:6c:8e:2e:4c:
                    93:be:49:ce:0a:db:90:90:65:72:0d:d5:61:04:e5:
                    c6:1c:54:70:f0:d8:7d:0a:ce:a0:9a:7a:6d:87:76:
                    ed:de:d4:b2:77:a6:88:d7:7e:fd:01:c3:10:f4:aa:
                    cb:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:84:DD:D5:2B:54:85:8D:DF:17:A1:86:89:D7:FC:83:0B:35:E2:A6
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/FoTd1StUhY3fF6GGidf8gws14qY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.156.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:cb:94:99:a5:24:75:75:76:e2:59:56:78:6f:72:e0:f7:1f:
         c7:9c:59:c3:43:9a:95:ef:e6:62:4a:ca:65:7a:15:b5:44:ff:
         89:b9:06:8f:7a:38:d4:ca:6b:b2:9e:6c:88:fd:b8:58:ee:4e:
         b8:36:5f:73:9d:81:e8:07:38:76:9d:ee:52:c1:06:3c:3a:e3:
         97:63:96:f4:f1:ee:5f:e2:63:c6:0c:7d:0e:15:e4:18:9d:0d:
         50:4b:9a:38:41:5a:23:07:cb:15:d5:7c:22:15:58:6e:1a:68:
         79:f8:db:05:c9:41:ea:2c:51:f4:c2:84:f8:d9:cc:b4:6f:7b:
         cc:67:fe:48:f8:41:2f:d6:3e:5e:ad:d9:d7:9e:34:b5:0c:ac:
         6f:fb:4f:9f:1b:3b:2e:97:fd:31:f3:6e:bd:69:99:fb:1a:a7:
         f6:e2:a1:ce:ef:65:46:f1:9f:0e:4b:cf:59:13:bc:c9:5c:32:
         a4:7b:6e:43:a7:b4:7e:7f:38:83:74:50:3e:55:c2:44:5c:67:
         cb:39:28:a9:2e:ee:8f:ba:84:59:1a:87:35:fb:fe:0e:8d:52:
         3c:c9:c3:de:66:35:22:89:2f:6f:7c:af:28:8c:90:4f:99:f2:
         ba:c8:97:d9:61:64:11:d6:cf:61:3a:97:36:54:a1:d7:f7:fa:
         08:3b:69:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk0LFUQLspAm/fYmcCY/dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwMTAxMTAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjg0ZGRkNTJiNTQ4NThkZGYxN2ExODY4OWQ3ZmM4MzBiMzVlMmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6aDQ3FDQjvvRkSxLqNpOSpDYBf2
6NOTPKWc5mBVisG+YNrprtfcS68lC/U3Ls6AsWghET3A6R3AO/xG6lpo3IQYjtI+
V4pZBt1dlnMm5FvH3jCQaHtCWeuNyMHORsANKCiuPi7WAZiK/ZBjYg7ulELJQjXi
LJXKZMoHdoCQ2wDnYhj/zS6ec89L506wn2DVRZ6INEcXkKEFWfovR2y6hVzBJLAE
Yk95t9I11JD+Df+V49w6FOTmlH2FtvOUBoMoBNaSDBMZHB6nWN8crGyOLkyTvknO
CtuQkGVyDdVhBOXGHFRw8Nh9Cs6gmnpth3bt3tSyd6aI1379AcMQ9KrLUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBaE3dUrVIWN3xehhonX/IMLNeKmMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvRm9UZDFTdFVoWTNmRjZHR2lkZjhnd3MxNHFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZwFMA0G
CSqGSIb3DQEBCwUAA4IBAQBby5SZpSR1dXbiWVZ4b3Lg9x/HnFnDQ5qV7+ZiSspl
ehW1RP+JuQaPejjUymuynmyI/bhY7k64Nl9znYHoBzh2ne5SwQY8OuOXY5b08e5f
4mPGDH0OFeQYnQ1QS5o4QVojB8sV1XwiFVhuGmh5+NsFyUHqLFH0woT42cy0b3vM
Z/5I+EEv1j5erdnXnjS1DKxv+0+fGzsul/0x8269aZn7Gqf24qHO72VG8Z8OS89Z
E7zJXDKke25Dp7R+fziDdFA+VcJEXGfLOSipLu6PuoRZGoc1+/4OjVI8ycPeZjUi
iS9vfK8ojJBPmfK6yJfZYWQR1s9hOpc2VKHX9/oIO2l0
-----END CERTIFICATE-----