Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/PYcNdz9g1UwzQ8kB4aPT5M_iTbs.roa
File:                     PYcNdz9g1UwzQ8kB4aPT5M_iTbs.roa (raw, json)
Hash identifier:          g0qUohTQ0pCO+gEI+IR6ctS+FPce5P7D8n79nxKY0HM=
Subject key identifier:   3D:87:0D:77:3F:60:D5:4C:33:43:C9:01:E1:A3:D3:E4:CF:E2:4D:BB
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       018CCA28772446E048D4A7C7B9142683679F
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/PYcNdz9g1UwzQ8kB4aPT5M_iTbs.roa
Signing time:             Tue 02 Jan 2024 12:31:38 +0000
ROA not before:           Tue 02 Jan 2024 12:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210818
IP address blocks:        37.32.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 14:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:77:24:46:e0:48:d4:a7:c7:b9:14:26:83:67:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jan  2 12:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d870d773f60d54c3343c901e1a3d3e4cfe24dbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d2:02:b4:e5:d2:0b:b3:1a:e7:56:09:d3:e7:
                    fd:b1:b0:2b:13:1c:3b:6b:83:5c:ed:23:03:3e:de:
                    b3:41:3b:c1:d0:49:a0:7c:32:fc:67:8d:31:07:e9:
                    0e:3d:92:4d:15:f7:2b:58:19:e1:b9:c3:1d:83:70:
                    8d:16:ae:f7:c7:d7:cc:b6:43:81:42:e0:27:5a:36:
                    3d:84:af:9d:fe:f5:38:f8:2a:fb:53:1f:33:31:87:
                    60:48:16:06:6e:11:12:01:4e:7c:a8:da:3c:7e:d0:
                    48:0a:81:f6:bd:7d:7b:de:1c:71:2c:db:92:c0:bb:
                    e2:c2:1b:3b:90:b9:8f:3b:55:b6:56:0f:11:52:35:
                    f9:74:0a:41:71:a7:86:4b:c7:9c:a7:db:da:4f:c6:
                    2e:17:96:4a:9f:91:74:01:bd:13:45:4a:d0:a9:d7:
                    9a:c6:d6:47:46:81:b2:5b:3e:d0:ec:45:8d:cf:d8:
                    cc:47:f9:3a:53:13:4a:18:b0:3f:51:e0:58:38:84:
                    aa:39:f5:b8:78:81:c9:dc:09:1f:cc:7e:77:de:42:
                    d1:6c:b9:0d:1f:ca:79:21:d7:04:f4:fc:fb:d2:42:
                    c1:7e:86:92:19:9a:69:71:1f:77:15:24:70:ab:2d:
                    1c:b5:f7:8d:6a:cb:c2:2d:6b:86:76:df:a5:f4:5c:
                    ef:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:87:0D:77:3F:60:D5:4C:33:43:C9:01:E1:A3:D3:E4:CF:E2:4D:BB
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/PYcNdz9g1UwzQ8kB4aPT5M_iTbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:be:8e:03:9e:6e:bf:ef:50:7e:05:bc:79:3e:b8:3c:61:f9:
         79:a4:e9:7e:b1:77:bd:b7:f3:de:89:f1:35:69:2a:99:09:8b:
         3b:63:fe:a3:c4:8b:85:c9:cf:70:c3:35:55:3e:f3:bc:7d:57:
         31:4b:4a:ab:7b:6d:62:0d:89:3d:9b:28:24:8d:65:df:9a:1f:
         5a:70:ad:bd:8e:ae:d6:e0:04:36:66:cf:a0:35:bd:8d:18:ae:
         c3:c2:d7:fa:a3:2b:1f:f8:ea:34:87:2c:2a:f3:40:d3:c3:c1:
         a0:2c:e1:9b:e9:72:02:c9:40:97:31:ee:54:5e:1d:f7:43:d5:
         13:4b:7b:0a:7c:a6:db:4b:1b:0f:3e:18:17:dd:48:69:85:d9:
         20:d3:63:c5:49:2e:6b:1e:43:ed:01:b1:05:99:72:9e:b3:5f:
         16:ba:d0:e0:16:dc:0f:77:6b:2d:93:5e:a4:df:fd:36:67:4b:
         ee:f2:46:a8:1a:ef:9d:d0:7b:7a:a5:21:98:b6:11:40:ce:6d:
         ef:5a:70:70:f3:3d:7c:54:5e:3e:bf:c4:88:04:25:b1:74:68:
         6c:f5:ca:02:7c:58:0a:ee:d8:e0:82:b4:d6:0d:5d:2b:06:35:
         f5:ae:61:f8:17:cf:27:08:96:a0:5d:78:b0:b2:45:0f:00:8f:
         b3:2e:1d:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKHckRuBI1KfHuRQmg2efMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjQwMTAyMTIzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDg3MGQ3NzNmNjBkNTRjMzM0M2M5MDFlMWEzZDNlNGNmZTI0ZGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNICtOXSC7Ma51YJ0+f9sbArExw7
a4Nc7SMDPt6zQTvB0EmgfDL8Z40xB+kOPZJNFfcrWBnhucMdg3CNFq73x9fMtkOB
QuAnWjY9hK+d/vU4+Cr7Ux8zMYdgSBYGbhESAU58qNo8ftBICoH2vX173hxxLNuS
wLviwhs7kLmPO1W2Vg8RUjX5dApBcaeGS8ecp9vaT8YuF5ZKn5F0Ab0TRUrQqdea
xtZHRoGyWz7Q7EWNz9jMR/k6UxNKGLA/UeBYOISqOfW4eIHJ3AkfzH533kLRbLkN
H8p5IdcE9Pz70kLBfoaSGZppcR93FSRwqy0ctfeNasvCLWuGdt+l9FzvjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD2HDXc/YNVMM0PJAeGj0+TP4k27MB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvUFljTmR6OWcxVXd6UThrQjRhUFQ1TV9pVGJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJSAuMA0G
CSqGSIb3DQEBCwUAA4IBAQCZvo4Dnm6/71B+Bbx5Prg8Yfl5pOl+sXe9t/PeifE1
aSqZCYs7Y/6jxIuFyc9wwzVVPvO8fVcxS0qre21iDYk9mygkjWXfmh9acK29jq7W
4AQ2Zs+gNb2NGK7Dwtf6oysf+Oo0hywq80DTw8GgLOGb6XICyUCXMe5UXh33Q9UT
S3sKfKbbSxsPPhgX3Uhphdkg02PFSS5rHkPtAbEFmXKes18WutDgFtwPd2stk16k
3/02Z0vu8kaoGu+d0Ht6pSGYthFAzm3vWnBw8z18VF4+v8SIBCWxdGhs9coCfFgK
7tjggrTWDV0rBjX1rmH4F88nCJagXXiwskUPAI+zLh01
-----END CERTIFICATE-----