Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/APf-C-jpbEODqhNVaDUbPbopHdU.roa
File:                     APf-C-jpbEODqhNVaDUbPbopHdU.roa (raw, json)
Hash identifier:          Q3jHPVVPrkr2BsBIlj7CX900hVNTBVJ1EBCbK6ID+pE=
Subject key identifier:   00:F7:FE:0B:E8:E9:6C:43:83:AA:13:55:68:35:1B:3D:BA:29:1D:D5
Certificate issuer:       /CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
Certificate serial:       018CC7275E9B05B500C11FA98DCF27C9D94F
Authority key identifier: 0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/APf-C-jpbEODqhNVaDUbPbopHdU.roa
Signing time:             Mon 01 Jan 2024 22:31:35 +0000
ROA not before:           Mon 01 Jan 2024 22:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3549
IP address blocks:        192.109.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 01:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:5e:9b:05:b5:00:c1:1f:a9:8d:cf:27:c9:d9:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
        Validity
            Not Before: Jan  1 22:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00f7fe0be8e96c4383aa135568351b3dba291dd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ce:22:0d:ff:48:25:1d:c0:83:e9:2e:ea:41:
                    47:9b:78:4c:a2:cf:a7:fe:96:0f:47:d9:81:94:bc:
                    9a:4d:4a:71:10:10:82:07:b5:b3:79:f0:c1:c5:dd:
                    b0:0e:33:74:35:71:ba:23:06:d0:35:be:e6:ff:57:
                    c4:a1:bd:37:22:7c:2a:b7:9e:9d:b8:58:25:76:73:
                    2e:59:d0:ef:39:f9:06:01:d5:19:3c:35:33:16:4b:
                    21:a4:72:a2:ac:b5:2f:26:e8:80:af:1c:97:83:86:
                    57:62:73:88:d6:4b:04:9e:b6:83:02:38:d9:8f:77:
                    0a:1a:7c:f8:43:b7:52:5d:c5:a4:5e:b4:61:8c:30:
                    c6:c1:38:13:7d:01:7f:a4:17:83:7a:f2:93:4d:25:
                    6d:84:5a:bf:57:80:9e:d7:fc:8a:b5:56:81:fe:44:
                    e9:c4:8c:1a:f0:55:e7:c1:fb:04:b5:25:bc:00:9c:
                    67:3a:5b:88:b6:92:c4:ee:fb:14:35:25:c0:e3:19:
                    b0:50:3c:af:84:22:a4:e6:0c:13:2c:67:c4:6e:04:
                    7f:6a:5e:7e:44:b5:f9:25:95:94:a3:ce:59:57:07:
                    6d:3a:67:f8:7a:59:fe:bc:f1:19:cd:dc:69:a9:db:
                    d9:80:56:db:7e:ae:06:cf:51:8d:37:3b:83:5a:5d:
                    01:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:F7:FE:0B:E8:E9:6C:43:83:AA:13:55:68:35:1B:3D:BA:29:1D:D5
            X509v3 Authority Key Identifier:
                keyid:0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/APf-C-jpbEODqhNVaDUbPbopHdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:dd:58:e1:bf:39:35:71:3f:d7:db:a5:82:41:a6:ff:7a:6f:
         ba:1b:16:06:d4:b6:fe:77:ed:d3:20:7d:8e:40:f9:a3:5c:e1:
         2d:73:b9:67:b8:ee:1a:7e:db:5c:23:98:df:8f:10:6b:dc:0e:
         af:2c:05:19:1a:f8:f6:3a:f6:69:5b:f9:fb:e1:ab:ea:d9:c0:
         67:28:89:a3:f5:dc:f9:18:38:24:7d:b6:34:a4:8c:3e:71:57:
         63:cd:05:ce:87:3c:be:f5:c7:e2:4f:55:16:13:13:0d:9e:1e:
         28:18:53:60:d3:86:28:b2:3a:6b:03:ce:5b:7a:62:e7:0c:89:
         9c:b7:4a:2d:36:aa:e1:6f:55:9f:71:61:eb:3d:6d:9a:b3:7b:
         35:85:42:e1:fc:96:c8:dc:f9:e7:a7:ff:d0:52:36:b6:47:5e:
         c8:70:10:85:18:dc:29:f0:59:9c:00:f2:95:33:73:f7:93:69:
         7a:a0:e1:7c:4b:39:b4:8f:ef:9b:b0:ab:b0:d7:5b:ab:c7:8b:
         31:62:ac:bc:28:75:7f:b0:b1:67:1c:88:30:40:99:8d:b8:e1:
         44:fd:a4:ac:07:ff:dc:7d:4c:ca:f8:a1:0a:90:bd:1e:21:b7:
         ec:a3:24:80:51:22:34:13:22:bc:0c:bf:7b:53:0f:83:be:4e:
         5f:7e:02:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ16bBbUAwR+pjc8nydlPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzdkODA3ZDRmN2NkZDNlMGFmZTRhYmM4ZWU1YTg4MGM2
MDkwZjEwHhcNMjQwMTAxMjIzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGY3ZmUwYmU4ZTk2YzQzODNhYTEzNTU2ODM1MWIzZGJhMjkxZGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh84iDf9IJR3Ag+ku6kFHm3hMos+n
/pYPR9mBlLyaTUpxEBCCB7WzefDBxd2wDjN0NXG6IwbQNb7m/1fEob03Inwqt56d
uFgldnMuWdDvOfkGAdUZPDUzFkshpHKirLUvJuiArxyXg4ZXYnOI1ksEnraDAjjZ
j3cKGnz4Q7dSXcWkXrRhjDDGwTgTfQF/pBeDevKTTSVthFq/V4Ce1/yKtVaB/kTp
xIwa8FXnwfsEtSW8AJxnOluItpLE7vsUNSXA4xmwUDyvhCKk5gwTLGfEbgR/al5+
RLX5JZWUo85ZVwdtOmf4eln+vPEZzdxpqdvZgFbbfq4Gz1GNNzuDWl0BFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAD3/gvo6WxDg6oTVWg1Gz26KR3VMB8GA1UdIwQY
MBaAFAo32AfU983T4K/kq8juWogMYJDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjkt
ODAwZWRhMmNmYjM2LzEvQVBmLUMtanBiRU9EcWhOVmFEVWJQYm9wSGRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjktODAwZWRhMmNmYjM2
LzEvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG2UMA0G
CSqGSIb3DQEBCwUAA4IBAQCa3Vjhvzk1cT/X26WCQab/em+6GxYG1Lb+d+3TIH2O
QPmjXOEtc7lnuO4afttcI5jfjxBr3A6vLAUZGvj2OvZpW/n74avq2cBnKImj9dz5
GDgkfbY0pIw+cVdjzQXOhzy+9cfiT1UWExMNnh4oGFNg04YosjprA85bemLnDImc
t0otNqrhb1WfcWHrPW2as3s1hULh/JbI3Pnnp//QUja2R17IcBCFGNwp8FmcAPKV
M3P3k2l6oOF8Szm0j++bsKuw11urx4sxYqy8KHV/sLFnHIgwQJmNuOFE/aSsB//c
fUzK+KEKkL0eIbfsoySAUSI0EyK8DL97Uw+Dvk5ffgJt
-----END CERTIFICATE-----