Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c15ddb-e1ef-4308-988d-aefa757e0c38/1/oTHeMrno_KHZeWSAlnOs11cGX4w.roa
File:                     oTHeMrno_KHZeWSAlnOs11cGX4w.roa (raw, json)
Hash identifier:          QKHqTO0nsOF8OEOCrpvSUfmZ1T+LKw6KL4pUnAWpD/E=
Subject key identifier:   A1:31:DE:32:B9:E8:FC:A1:D9:79:64:80:96:73:AC:D7:57:06:5F:8C
Certificate issuer:       /CN=9821e37eab6ef6326933e5fa3748d07d83026db0
Certificate serial:       018CC5DD28C03D7FF00E955CF9B04314C1AB
Authority key identifier: 98:21:E3:7E:AB:6E:F6:32:69:33:E5:FA:37:48:D0:7D:83:02:6D:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCHjfqtu9jJpM-X6N0jQfYMCbbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c15ddb-e1ef-4308-988d-aefa757e0c38/1/oTHeMrno_KHZeWSAlnOs11cGX4w.roa
Signing time:             Mon 01 Jan 2024 16:30:54 +0000
ROA not before:           Mon 01 Jan 2024 16:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35370
IP address blocks:        87.243.150.0/23 maxlen: 23
                          87.243.152.0/22 maxlen: 22
                          87.243.148.0/23 maxlen: 23
                          87.243.146.0/23 maxlen: 23
                          87.243.157.0/24 maxlen: 24
                          87.243.158.0/24 maxlen: 24
                          87.243.158.0/23 maxlen: 23
                          87.243.156.0/23 maxlen: 23
                          87.243.156.0/24 maxlen: 24
                          87.243.154.0/24 maxlen: 24
                          87.243.164.0/22 maxlen: 22
                          87.243.160.0/22 maxlen: 22
                          87.243.160.0/23 maxlen: 23
                          87.243.171.0/24 maxlen: 24
                          87.243.172.0/22 maxlen: 22
                          87.243.168.0/23 maxlen: 23
                          87.243.178.0/24 maxlen: 24
                          87.243.177.0/24 maxlen: 24
                          87.243.180.0/22 maxlen: 22
                          87.243.184.0/24 maxlen: 24
                          87.243.184.0/21 maxlen: 21
                          87.243.132.0/22 maxlen: 22
                          87.243.128.0/18 maxlen: 18
                          87.243.128.0/22 maxlen: 22
                          87.243.136.0/22 maxlen: 22
                          87.243.145.0/24 maxlen: 24
                          87.243.144.0/23 maxlen: 23
                          87.243.144.0/24 maxlen: 24
                          87.243.140.0/22 maxlen: 22
                          78.152.64.0/19 maxlen: 24
                          78.152.64.0/21 maxlen: 21
                          78.152.68.0/24 maxlen: 24
                          78.152.72.0/21 maxlen: 21
                          78.152.80.0/21 maxlen: 21
                          78.152.88.0/21 maxlen: 24
                          78.152.95.0/24 maxlen: 24
                          78.152.92.0/22 maxlen: 22
                          2a0b:9e03::/32 maxlen: 32
                          2a0b:9e00::/29 maxlen: 29
                          2a0b:9e01::/32 maxlen: 32
                          2a0b:9e04::/32 maxlen: 32
                          2a0b:9e07::/32 maxlen: 32
                          2a0b:9e00::/32 maxlen: 32
                          2a0b:9e06::/32 maxlen: 32
                          2a0b:9e05::/32 maxlen: 32
                          2a0b:9e02::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c15ddb-e1ef-4308-988d-aefa757e0c38/1/mCHjfqtu9jJpM-X6N0jQfYMCbbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c15ddb-e1ef-4308-988d-aefa757e0c38/1/mCHjfqtu9jJpM-X6N0jQfYMCbbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCHjfqtu9jJpM-X6N0jQfYMCbbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:28:c0:3d:7f:f0:0e:95:5c:f9:b0:43:14:c1:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9821e37eab6ef6326933e5fa3748d07d83026db0
        Validity
            Not Before: Jan  1 16:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a131de32b9e8fca1d97964809673acd757065f8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:2b:f3:b4:a8:12:11:c2:24:db:d5:11:01:57:
                    3d:60:1d:a7:5e:12:39:df:98:bc:eb:65:c9:f8:e5:
                    e3:0f:03:9b:0e:60:1e:fb:5f:e3:0a:f6:11:03:ec:
                    f7:3d:4c:98:62:df:ea:a3:c8:e9:be:07:0b:85:02:
                    51:e1:bf:06:43:a7:2b:65:a6:41:47:28:42:a8:00:
                    45:56:f5:68:a7:37:67:05:45:d3:42:30:a5:f8:e0:
                    1d:47:01:b2:3d:e4:a2:6c:b0:41:04:ba:14:34:39:
                    1b:cd:9b:9b:7e:e8:b7:1f:52:ff:9e:92:4f:96:90:
                    00:9b:f7:25:e4:f7:f9:a1:17:e8:3d:ab:41:ae:49:
                    40:0d:78:56:0b:3a:e5:23:fa:01:02:ac:83:0e:cd:
                    9c:af:be:97:00:2a:c0:ff:4c:69:0c:23:a3:63:88:
                    d1:b0:d5:0e:a1:23:15:1c:c2:d5:2f:16:80:b5:01:
                    10:0a:5e:9c:b4:28:16:ca:c9:43:22:99:b1:9d:e1:
                    5f:06:17:06:dc:00:04:a4:a1:22:f0:37:08:c1:20:
                    5a:f8:88:69:1b:9e:11:a7:13:38:51:1a:bd:de:b8:
                    fd:c5:3d:ec:63:ad:c1:12:90:6d:27:c2:5c:8c:6d:
                    02:dd:b3:29:b0:c4:ab:14:e6:cb:5c:fd:51:5a:97:
                    05:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:31:DE:32:B9:E8:FC:A1:D9:79:64:80:96:73:AC:D7:57:06:5F:8C
            X509v3 Authority Key Identifier:
                keyid:98:21:E3:7E:AB:6E:F6:32:69:33:E5:FA:37:48:D0:7D:83:02:6D:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCHjfqtu9jJpM-X6N0jQfYMCbbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c15ddb-e1ef-4308-988d-aefa757e0c38/1/oTHeMrno_KHZeWSAlnOs11cGX4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c15ddb-e1ef-4308-988d-aefa757e0c38/1/mCHjfqtu9jJpM-X6N0jQfYMCbbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.152.64.0/19
                  87.243.128.0/18
                IPv6:
                  2a0b:9e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:31:a6:92:80:76:24:68:3d:ef:f3:ad:cb:ea:55:c5:82:4e:
         b4:cc:a3:20:8c:3d:94:32:0a:fa:2e:69:ca:90:e9:df:dc:22:
         11:3e:78:43:60:62:98:08:7f:bd:d3:28:13:91:82:36:4f:71:
         ae:44:43:d5:ba:4e:63:9a:dc:ae:68:ae:d0:af:9d:2e:9c:67:
         1b:6e:d0:b7:d5:a6:b9:51:e6:d8:f4:62:11:a5:b2:a3:89:ac:
         67:d9:9b:82:1a:f3:93:1e:85:bd:b1:04:6c:ac:9d:f8:d4:90:
         d7:05:4b:13:af:91:96:5b:e6:e8:b3:48:12:1a:9b:00:bd:79:
         0c:3f:8f:05:40:b4:0d:31:b6:15:3b:b1:4c:ff:2b:a9:37:18:
         5e:15:f6:cc:83:2a:81:1c:9e:b2:c9:52:cf:7c:23:ec:07:f3:
         04:81:cb:63:2a:13:3f:27:cf:c5:6b:a8:aa:ce:de:b3:b3:4a:
         91:6d:4e:f0:af:4f:34:75:f5:00:96:bb:b4:f1:6a:52:b2:1c:
         70:65:95:e9:11:c5:48:01:61:8a:d0:63:58:ea:12:ca:a2:64:
         c9:26:06:9a:8c:e9:68:ed:af:96:b2:3b:76:fb:07:35:27:e4:
         0f:52:d0:6c:4a:b9:82:ee:fc:8d:f8:17:6e:7a:98:26:2a:45:
         0f:60:a2:b0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzF3SjAPX/wDpVc+bBDFMGrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MjFlMzdlYWI2ZWY2MzI2OTMzZTVmYTM3NDhkMDdkODMw
MjZkYjAwHhcNMjQwMTAxMTYzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTMxZGUzMmI5ZThmY2ExZDk3OTY0ODA5NjczYWNkNzU3MDY1ZjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SvztKgSEcIk29URAVc9YB2nXhI5
35i862XJ+OXjDwObDmAe+1/jCvYRA+z3PUyYYt/qo8jpvgcLhQJR4b8GQ6crZaZB
RyhCqABFVvVopzdnBUXTQjCl+OAdRwGyPeSibLBBBLoUNDkbzZubfui3H1L/npJP
lpAAm/cl5Pf5oRfoPatBrklADXhWCzrlI/oBAqyDDs2cr76XACrA/0xpDCOjY4jR
sNUOoSMVHMLVLxaAtQEQCl6ctCgWyslDIpmxneFfBhcG3AAEpKEi8DcIwSBa+Ihp
G54RpxM4URq93rj9xT3sY63BEpBtJ8JcjG0C3bMpsMSrFObLXP1RWpcFxwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKEx3jK56Pyh2XlkgJZzrNdXBl+MMB8GA1UdIwQY
MBaAFJgh436rbvYyaTPl+jdI0H2DAm2wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUNIamZxdHU5akpwTS1YNk4walFmWU1DYmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jMTVkZGItZTFlZi00MzA4LTk4OGQt
YWVmYTc1N2UwYzM4LzEvb1RIZU1ybm9fS0haZVdTQWxuT3MxMWNHWDR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jMTVkZGItZTFlZi00MzA4LTk4OGQtYWVmYTc1N2UwYzM4
LzEvbUNIamZxdHU5akpwTS1YNk4walFmWU1DYmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFTphAAwQG
V/OAMA0EAgACMAcDBQMqC54AMA0GCSqGSIb3DQEBCwUAA4IBAQBaMaaSgHYkaD3v
863L6lXFgk60zKMgjD2UMgr6LmnKkOnf3CIRPnhDYGKYCH+90ygTkYI2T3GuREPV
uk5jmtyuaK7Qr50unGcbbtC31aa5UebY9GIRpbKjiaxn2ZuCGvOTHoW9sQRsrJ34
1JDXBUsTr5GWW+bos0gSGpsAvXkMP48FQLQNMbYVO7FM/yupNxheFfbMgyqBHJ6y
yVLPfCPsB/MEgctjKhM/J8/Fa6iqzt6zs0qRbU7wr080dfUAlru08WpSshxwZZXp
EcVIAWGK0GNY6hLKomTJJgaajOlo7a+Wsjt2+wc1J+QPUtBsSrmC7vyN+Bduepgm
KkUPYKKw
-----END CERTIFICATE-----