Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/dff181-2b76-4ca2-96e4-6b158b22b48f/1/0B9IUJ5L1DoOZbWGXRJfdVXR-yk.roa
File:                     0B9IUJ5L1DoOZbWGXRJfdVXR-yk.roa (raw, json)
Hash identifier:          Y7omVQ/8HfQpnEc3+ARwGFr8/zem+LycMfAAdVO/5UM=
Subject key identifier:   D0:1F:48:50:9E:4B:D4:3A:0E:65:B5:86:5D:12:5F:75:55:D1:FB:29
Certificate issuer:       /CN=0314514897a0aa3ffbf45b48606124627f15e506
Certificate serial:       018CC94D4DCB7DEF82A5EFAA630EB30E23C2
Authority key identifier: 03:14:51:48:97:A0:AA:3F:FB:F4:5B:48:60:61:24:62:7F:15:E5:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AxRRSJegqj_79FtIYGEkYn8V5QY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/dff181-2b76-4ca2-96e4-6b158b22b48f/1/0B9IUJ5L1DoOZbWGXRJfdVXR-yk.roa
Signing time:             Tue 02 Jan 2024 08:32:15 +0000
ROA not before:           Tue 02 Jan 2024 08:32:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48854
IP address blocks:        37.140.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/dff181-2b76-4ca2-96e4-6b158b22b48f/1/AxRRSJegqj_79FtIYGEkYn8V5QY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/dff181-2b76-4ca2-96e4-6b158b22b48f/1/AxRRSJegqj_79FtIYGEkYn8V5QY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AxRRSJegqj_79FtIYGEkYn8V5QY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:4d:cb:7d:ef:82:a5:ef:aa:63:0e:b3:0e:23:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0314514897a0aa3ffbf45b48606124627f15e506
        Validity
            Not Before: Jan  2 08:32:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d01f48509e4bd43a0e65b5865d125f7555d1fb29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:a1:48:09:56:2d:96:b3:c4:a0:1e:1f:d4:80:
                    cd:29:c8:d1:f6:16:6e:90:71:11:4a:83:a8:fb:de:
                    7c:b6:1d:d2:02:e6:3a:0e:90:f1:c8:15:76:07:61:
                    8e:80:7a:0a:0d:bc:af:12:1f:40:6f:18:ca:9e:8a:
                    8c:17:74:a6:4a:dc:d2:ae:dc:2e:19:52:d3:b1:4e:
                    e9:a9:fd:52:66:4b:9f:16:68:50:61:50:56:92:15:
                    e8:2a:1e:80:66:de:3d:da:20:f3:fa:00:60:cd:cd:
                    23:f4:89:2a:f7:b0:aa:1d:e8:27:68:ae:6d:52:94:
                    3f:e5:dc:c9:d7:0b:b9:4f:a7:8e:e3:6d:1f:2c:97:
                    89:31:64:67:e5:2e:e3:b2:2e:ef:a8:e1:b1:98:46:
                    e7:54:b3:22:8a:75:37:d8:e6:f0:10:4a:4f:cc:ab:
                    01:4c:a9:79:a9:43:a0:a2:61:21:01:e4:5e:c9:a7:
                    20:84:1b:0a:ef:b5:a4:7e:69:07:c7:80:62:fc:0b:
                    9e:0d:8a:48:89:0b:f6:90:72:e6:7a:ce:cb:69:dd:
                    55:7a:7e:a1:0f:47:02:3a:47:0a:26:53:1d:e8:44:
                    22:45:0e:95:35:93:82:e0:99:f9:dd:41:8d:51:3b:
                    f7:02:1a:92:f5:b7:17:e5:c0:df:9d:59:13:80:4b:
                    d9:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:1F:48:50:9E:4B:D4:3A:0E:65:B5:86:5D:12:5F:75:55:D1:FB:29
            X509v3 Authority Key Identifier:
                keyid:03:14:51:48:97:A0:AA:3F:FB:F4:5B:48:60:61:24:62:7F:15:E5:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AxRRSJegqj_79FtIYGEkYn8V5QY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/dff181-2b76-4ca2-96e4-6b158b22b48f/1/0B9IUJ5L1DoOZbWGXRJfdVXR-yk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/dff181-2b76-4ca2-96e4-6b158b22b48f/1/AxRRSJegqj_79FtIYGEkYn8V5QY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.140.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:98:86:22:4c:e2:61:62:90:83:6a:53:60:f5:94:03:a1:c7:
         70:82:b3:ac:39:3a:b4:76:32:fd:bf:0b:da:e5:3d:bf:86:1b:
         e0:09:51:7c:10:74:41:9b:3e:f0:2b:49:35:0b:7f:3c:be:e3:
         3a:ef:da:b4:37:15:fb:38:f7:6d:22:ea:3d:59:9b:3f:ef:f2:
         24:d7:e2:42:7a:f9:7c:07:4d:89:f6:0e:d9:8e:05:01:f9:1d:
         48:df:5b:20:1c:95:9d:bd:0d:3e:9d:ff:bb:a2:81:33:e3:65:
         d6:95:ae:e2:fa:74:0f:38:69:18:b1:c8:f8:d0:c8:eb:f9:7f:
         d7:94:ea:d1:dd:e0:ba:1a:18:17:73:b9:84:5b:85:73:64:db:
         65:49:78:af:a8:0e:59:1b:02:26:c5:27:4b:48:3b:79:ca:33:
         79:95:c0:8f:f4:93:1b:05:55:23:cc:12:8c:73:b0:81:bd:ba:
         24:96:b7:af:52:4f:4a:0c:c0:81:7e:b9:14:2b:d4:2c:85:4f:
         3c:89:27:37:bb:cd:fa:6b:e3:96:3a:55:1d:f8:24:f2:eb:e6:
         5c:e8:11:11:76:2a:e0:cf:8d:12:c1:68:91:8e:aa:f7:0f:79:
         a4:32:f2:5b:0e:61:e4:d9:1e:30:a3:91:52:e5:2e:62:bb:ab:
         ac:ad:3a:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTU3Lfe+Cpe+qYw6zDiPCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzMTQ1MTQ4OTdhMGFhM2ZmYmY0NWI0ODYwNjEyNDYyN2Yx
NWU1MDYwHhcNMjQwMTAyMDgzMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDFmNDg1MDllNGJkNDNhMGU2NWI1ODY1ZDEyNWY3NTU1ZDFmYjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3KFICVYtlrPEoB4f1IDNKcjR9hZu
kHERSoOo+958th3SAuY6DpDxyBV2B2GOgHoKDbyvEh9AbxjKnoqMF3SmStzSrtwu
GVLTsU7pqf1SZkufFmhQYVBWkhXoKh6AZt492iDz+gBgzc0j9Ikq97CqHegnaK5t
UpQ/5dzJ1wu5T6eO420fLJeJMWRn5S7jsi7vqOGxmEbnVLMiinU32ObwEEpPzKsB
TKl5qUOgomEhAeReyacghBsK77WkfmkHx4Bi/AueDYpIiQv2kHLmes7Lad1Ven6h
D0cCOkcKJlMd6EQiRQ6VNZOC4Jn53UGNUTv3AhqS9bcX5cDfnVkTgEvZiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNAfSFCeS9Q6DmW1hl0SX3VV0fspMB8GA1UdIwQY
MBaAFAMUUUiXoKo/+/RbSGBhJGJ/FeUGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXhSUlNKZWdxal83OUZ0SVlHRWtZbjhWNVFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9kZmYxODEtMmI3Ni00Y2EyLTk2ZTQt
NmIxNThiMjJiNDhmLzEvMEI5SVVKNUwxRG9PWmJXR1hSSmZkVlhSLXlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9kZmYxODEtMmI3Ni00Y2EyLTk2ZTQtNmIxNThiMjJiNDhm
LzEvQXhSUlNKZWdxal83OUZ0SVlHRWtZbjhWNVFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJYzbMA0G
CSqGSIb3DQEBCwUAA4IBAQAjmIYiTOJhYpCDalNg9ZQDocdwgrOsOTq0djL9vwva
5T2/hhvgCVF8EHRBmz7wK0k1C388vuM679q0NxX7OPdtIuo9WZs/7/Ik1+JCevl8
B02J9g7ZjgUB+R1I31sgHJWdvQ0+nf+7ooEz42XWla7i+nQPOGkYscj40Mjr+X/X
lOrR3eC6GhgXc7mEW4VzZNtlSXivqA5ZGwImxSdLSDt5yjN5lcCP9JMbBVUjzBKM
c7CBvboklrevUk9KDMCBfrkUK9QshU88iSc3u836a+OWOlUd+CTy6+Zc6BERdirg
z40SwWiRjqr3D3mkMvJbDmHk2R4wo5FS5S5iu6usrTqo
-----END CERTIFICATE-----