Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/_F8Yo60qFyiQUqOSYL3si25pr3s.roa
File:                     _F8Yo60qFyiQUqOSYL3si25pr3s.roa (raw, json)
Hash identifier:          GtgPuVToGRArwrjPka24NqmcGvS7vuG7tlbdT5ECBJo=
Subject key identifier:   FC:5F:18:A3:AD:2A:17:28:90:52:A3:92:60:BD:EC:8B:6E:69:AF:7B
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0191543C3DB47B4ACA669E53575C2DEDE30D
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/_F8Yo60qFyiQUqOSYL3si25pr3s.roa
Signing time:             Thu 15 Aug 2024 04:11:59 +0000
ROA not before:           Thu 15 Aug 2024 04:11:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209181
IP address blocks:        37.140.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:54:3c:3d:b4:7b:4a:ca:66:9e:53:57:5c:2d:ed:e3:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Aug 15 04:11:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc5f18a3ad2a17289052a39260bdec8b6e69af7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:16:70:15:1e:de:bc:84:9d:08:68:60:36:0c:
                    8e:de:7f:53:28:06:da:96:f6:b9:17:bb:fb:81:13:
                    7d:a6:1a:cd:4d:c2:d0:cb:13:16:c1:80:e0:ff:f0:
                    9c:22:d3:fb:5e:99:83:ae:5e:e6:eb:9b:78:4f:2c:
                    e4:78:e3:ee:36:b4:85:4e:5d:e4:b3:d9:80:16:13:
                    02:72:93:cd:15:20:ca:42:06:4c:20:84:66:61:85:
                    76:f9:46:f2:10:19:b9:cf:33:1b:ea:b0:44:c5:70:
                    47:9e:61:2a:b0:61:23:12:27:6a:64:31:c0:79:5b:
                    f9:68:0a:d7:db:53:e3:1c:e2:38:aa:5b:3f:83:92:
                    c2:d9:af:85:d0:32:a4:73:61:92:d0:9b:69:b7:8e:
                    49:80:9d:c5:1a:ee:5b:0a:67:64:0b:d2:ac:43:5b:
                    66:a5:7c:f6:46:4c:8e:eb:f1:b9:fc:f7:c2:c2:04:
                    2f:e1:c2:20:23:0b:49:00:d6:17:76:73:e5:52:aa:
                    1d:9e:af:22:52:c4:eb:3a:5d:0c:83:ba:20:c0:2f:
                    38:15:60:e3:ba:07:e2:19:32:85:b9:ba:e4:a6:28:
                    5c:0e:f3:3d:db:db:52:e9:47:b4:f0:33:25:ee:cf:
                    f7:93:87:2c:65:76:7b:9b:92:94:6a:2f:a8:c5:fc:
                    b5:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:5F:18:A3:AD:2A:17:28:90:52:A3:92:60:BD:EC:8B:6E:69:AF:7B
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/_F8Yo60qFyiQUqOSYL3si25pr3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.140.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:3a:38:a2:52:91:d4:7c:62:0e:28:3f:86:c7:cc:ba:de:d9:
         78:1e:cb:ba:2c:22:3f:96:27:5a:a3:df:31:6f:49:59:ed:af:
         02:ae:f4:dc:34:7f:26:2e:61:55:f8:6a:32:5f:aa:5d:25:73:
         1b:e0:d1:c2:1f:0e:ae:c7:46:3c:4e:bc:f6:32:cc:65:cb:d0:
         d3:88:d5:61:4e:61:54:b3:0f:9d:61:92:bd:0c:8e:83:b7:69:
         e4:97:aa:23:f3:24:62:46:ae:38:7b:d0:58:86:4c:13:42:01:
         d6:eb:fe:a9:79:c5:d7:38:88:4e:fa:a2:70:0b:cc:8a:3f:7d:
         e7:ec:dd:4f:45:b3:08:6f:43:86:84:76:4a:0d:74:60:90:15:
         f6:86:11:91:8b:f5:be:05:0c:33:46:63:a7:da:11:26:f4:11:
         d5:5c:a5:50:4a:60:f8:ec:d9:9d:ee:7d:7a:dc:d2:cf:59:27:
         37:d9:cb:99:9b:97:b6:f7:9a:22:ad:21:b1:27:02:23:2d:07:
         37:15:ad:b6:8a:04:26:59:77:73:b4:8a:2b:61:59:e0:e8:5d:
         30:84:3f:52:90:57:bc:3f:84:a7:f3:78:cb:12:64:95:c7:5d:
         5e:59:eb:06:2e:0a:0b:a9:eb:74:1a:9a:d7:c5:eb:df:0e:48:
         46:16:c4:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFUPD20e0rKZp5TV1wt7eMNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwODE1MDQxMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzVmMThhM2FkMmExNzI4OTA1MmEzOTI2MGJkZWM4YjZlNjlhZjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhZwFR7evISdCGhgNgyO3n9TKAba
lva5F7v7gRN9phrNTcLQyxMWwYDg//CcItP7XpmDrl7m65t4TyzkeOPuNrSFTl3k
s9mAFhMCcpPNFSDKQgZMIIRmYYV2+UbyEBm5zzMb6rBExXBHnmEqsGEjEidqZDHA
eVv5aArX21PjHOI4qls/g5LC2a+F0DKkc2GS0Jtpt45JgJ3FGu5bCmdkC9KsQ1tm
pXz2RkyO6/G5/PfCwgQv4cIgIwtJANYXdnPlUqodnq8iUsTrOl0Mg7ogwC84FWDj
ugfiGTKFubrkpihcDvM929tS6Ue08DMl7s/3k4csZXZ7m5KUai+oxfy1TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPxfGKOtKhcokFKjkmC97Ituaa97MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvX0Y4WW82MHFGeWlRVXFPU1lMM3NpMjVwcjNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJYz3MA0G
CSqGSIb3DQEBCwUAA4IBAQBkOjiiUpHUfGIOKD+Gx8y63tl4Hsu6LCI/lidao98x
b0lZ7a8CrvTcNH8mLmFV+GoyX6pdJXMb4NHCHw6ux0Y8Trz2Msxly9DTiNVhTmFU
sw+dYZK9DI6Dt2nkl6oj8yRiRq44e9BYhkwTQgHW6/6pecXXOIhO+qJwC8yKP33n
7N1PRbMIb0OGhHZKDXRgkBX2hhGRi/W+BQwzRmOn2hEm9BHVXKVQSmD47Nmd7n16
3NLPWSc32cuZm5e295oirSGxJwIjLQc3Fa22igQmWXdztIorYVng6F0whD9SkFe8
P4Sn83jLEmSVx11eWesGLgoLqet0GprXxevfDkhGFsQi
-----END CERTIFICATE-----