Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/37Ma40sf-bcVCPVGvcKdCncPDrM.roa
File:                     37Ma40sf-bcVCPVGvcKdCncPDrM.roa (raw, json)
Hash identifier:          Ani6qT14FiQAiEaGYt6068UQIsGaAWq+tHMUGDheBGs=
Subject key identifier:   DF:B3:1A:E3:4B:1F:F9:B7:15:08:F5:46:BD:C2:9D:0A:77:0F:0E:B3
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801DB6BA0F6785579DDC25BAB7DC2E2
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/37Ma40sf-bcVCPVGvcKdCncPDrM.roa
Signing time:             Tue 02 Jan 2024 02:30:13 +0000
ROA not before:           Tue 02 Jan 2024 02:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57196
IP address blocks:        194.104.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:db:6b:a0:f6:78:55:79:dd:c2:5b:ab:7d:c2:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfb31ae34b1ff9b71508f546bdc29d0a770f0eb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:fd:31:c1:e8:d6:be:65:e9:9b:c4:52:6d:21:
                    a0:62:15:67:14:41:a9:cd:9f:c1:47:b4:0b:29:da:
                    c0:bd:c3:f9:ed:52:8d:6f:1e:cf:a8:43:d9:1f:2f:
                    46:b6:31:a3:48:05:31:e3:60:7e:6b:ac:bf:f5:7a:
                    a7:33:c5:1b:36:d1:cd:29:d4:43:6c:fa:60:51:0d:
                    05:53:c5:f0:ee:eb:3e:19:13:86:99:4d:91:3e:4f:
                    a3:aa:2d:a1:09:c7:50:d2:a6:f6:83:ef:0b:39:66:
                    a6:ad:f2:2f:80:a0:b5:a6:53:ed:7c:44:f2:cd:bd:
                    31:3e:05:31:59:54:2b:af:47:ae:f2:41:38:39:2b:
                    f1:f7:40:8b:78:86:6a:1d:ac:b3:3b:76:38:f8:e5:
                    c2:d0:78:23:ae:07:bc:da:d4:a1:4e:55:fa:87:80:
                    5d:18:ac:54:2d:58:11:55:31:5f:4f:9e:61:28:26:
                    99:02:cb:75:e8:f9:5f:d1:9a:79:ff:70:4b:46:51:
                    30:f0:89:83:db:1c:88:0c:d3:43:84:9b:0c:b8:dc:
                    85:24:02:56:d1:9d:90:f2:81:6b:6c:2a:95:19:97:
                    b7:ed:0f:04:a9:3a:f8:ae:31:6e:cb:c3:63:4d:43:
                    27:f8:24:0f:c0:65:67:f4:15:50:e4:bb:d4:22:d3:
                    26:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:B3:1A:E3:4B:1F:F9:B7:15:08:F5:46:BD:C2:9D:0A:77:0F:0E:B3
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/37Ma40sf-bcVCPVGvcKdCncPDrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:b8:91:46:1a:06:fe:09:07:00:46:cd:3f:dc:ff:f1:f4:de:
         8d:a6:b5:3d:7e:34:bd:3b:87:ff:1f:e0:6f:0e:16:9c:d1:f3:
         c2:c7:a5:e7:3a:83:64:80:f7:70:ab:6c:ff:16:19:75:e6:ac:
         a8:b1:79:1b:ae:4b:37:4a:c5:dc:3c:5d:70:85:94:20:b6:a8:
         43:9c:9a:ec:4b:54:3b:48:aa:7e:4e:80:61:83:95:52:d2:29:
         95:7f:f4:54:8d:4d:1d:d2:8d:95:d1:2e:1d:7d:0c:f8:2f:e8:
         ca:a2:e6:bd:f2:c5:10:98:3c:43:41:e9:e7:39:12:52:e4:67:
         50:8d:cc:8b:f1:0b:1a:2c:f0:60:d5:94:36:00:4c:a1:a4:d2:
         17:73:e6:f9:66:4a:99:a1:7d:ca:8f:7a:9e:0e:8f:ae:50:d1:
         a6:a2:84:c5:b2:41:f8:2b:d2:92:2c:a2:c6:54:26:9f:0c:4d:
         00:b4:7e:89:80:33:aa:7b:22:2a:4a:d0:f2:ba:90:10:51:6c:
         2e:67:11:19:65:96:fa:d1:3b:cf:9f:d0:a9:1b:c1:f7:a5:c8:
         70:d7:7d:15:c7:5c:93:a6:c1:62:64:ff:3b:1d:4e:7a:3b:c2:
         04:70:c1:e8:12:63:df:4c:f0:df:6d:86:40:ae:9f:92:9f:bb:
         07:52:31:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAdtroPZ4VXndwlurfcLiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmIzMWFlMzRiMWZmOWI3MTUwOGY1NDZiZGMyOWQwYTc3MGYwZWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuf0xwejWvmXpm8RSbSGgYhVnFEGp
zZ/BR7QLKdrAvcP57VKNbx7PqEPZHy9GtjGjSAUx42B+a6y/9XqnM8UbNtHNKdRD
bPpgUQ0FU8Xw7us+GROGmU2RPk+jqi2hCcdQ0qb2g+8LOWamrfIvgKC1plPtfETy
zb0xPgUxWVQrr0eu8kE4OSvx90CLeIZqHayzO3Y4+OXC0Hgjrge82tShTlX6h4Bd
GKxULVgRVTFfT55hKCaZAst16Plf0Zp5/3BLRlEw8ImD2xyIDNNDhJsMuNyFJAJW
0Z2Q8oFrbCqVGZe37Q8EqTr4rjFuy8NjTUMn+CQPwGVn9BVQ5LvUItMm3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN+zGuNLH/m3FQj1Rr3CnQp3Dw6zMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvMzdNYTQwc2YtYmNWQ1BWR3ZjS2RDbmNQRHJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmiYMA0G
CSqGSIb3DQEBCwUAA4IBAQB/uJFGGgb+CQcARs0/3P/x9N6NprU9fjS9O4f/H+Bv
Dhac0fPCx6XnOoNkgPdwq2z/Fhl15qyosXkbrks3SsXcPF1whZQgtqhDnJrsS1Q7
SKp+ToBhg5VS0imVf/RUjU0d0o2V0S4dfQz4L+jKoua98sUQmDxDQennORJS5GdQ
jcyL8QsaLPBg1ZQ2AEyhpNIXc+b5ZkqZoX3Kj3qeDo+uUNGmooTFskH4K9KSLKLG
VCafDE0AtH6JgDOqeyIqStDyupAQUWwuZxEZZZb60TvPn9CpG8H3pchw130Vx1yT
psFiZP87HU56O8IEcMHoEmPfTPDfbYZArp+Sn7sHUjG9
-----END CERTIFICATE-----