Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/4f8e76-59e5-40d1-a13e-71f4c47f506e/1/pBsAB2gqMA6Ms37M0SF3E9JnjLA.roa
File:                     pBsAB2gqMA6Ms37M0SF3E9JnjLA.roa (raw, json)
Hash identifier:          dNc0In6ncsyI8L7SYCU1ztT/vSy4ebhTzOp4lOw9Fd0=
Subject key identifier:   A4:1B:00:07:68:2A:30:0E:8C:B3:7E:CC:D1:21:77:13:D2:67:8C:B0
Certificate issuer:       /CN=a8539f9355d3eb778b1bb8ee2723326011a1229b
Certificate serial:       018CC5DCD401FBF26E35CCA993258AB39D7E
Authority key identifier: A8:53:9F:93:55:D3:EB:77:8B:1B:B8:EE:27:23:32:60:11:A1:22:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qFOfk1XT63eLG7juJyMyYBGhIps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/4f8e76-59e5-40d1-a13e-71f4c47f506e/1/pBsAB2gqMA6Ms37M0SF3E9JnjLA.roa
Signing time:             Mon 01 Jan 2024 16:30:32 +0000
ROA not before:           Mon 01 Jan 2024 16:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     559
IP address blocks:        148.187.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/4f8e76-59e5-40d1-a13e-71f4c47f506e/1/qFOfk1XT63eLG7juJyMyYBGhIps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/4f8e76-59e5-40d1-a13e-71f4c47f506e/1/qFOfk1XT63eLG7juJyMyYBGhIps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qFOfk1XT63eLG7juJyMyYBGhIps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:d4:01:fb:f2:6e:35:cc:a9:93:25:8a:b3:9d:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8539f9355d3eb778b1bb8ee2723326011a1229b
        Validity
            Not Before: Jan  1 16:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a41b0007682a300e8cb37eccd1217713d2678cb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:20:8d:b0:32:78:0e:ec:e3:24:f0:bb:4a:b2:
                    dc:bc:64:1a:c8:fb:2f:bf:42:2a:d9:21:c3:51:88:
                    97:e9:cd:af:cb:02:bc:d9:ef:25:8b:2a:67:77:b4:
                    c1:6f:da:eb:ab:ee:01:84:83:37:1a:7c:ca:59:e2:
                    50:54:ff:e3:23:b7:a1:b5:3f:2f:85:c2:1b:de:12:
                    9b:37:e6:a3:c4:2a:cf:ae:c6:3c:7f:95:83:e0:d8:
                    7c:dd:95:4b:15:38:38:b0:44:6d:82:bf:5a:99:1f:
                    60:85:e3:94:ae:99:5c:5b:13:32:35:d2:b2:b3:74:
                    77:92:6d:f6:17:ca:e5:a6:70:13:2a:d0:4b:9e:a8:
                    d9:cb:e2:40:2f:32:67:a1:cc:c3:14:73:e6:d0:54:
                    3b:fb:db:fe:24:7a:bc:25:4f:70:af:10:af:b3:20:
                    a4:af:6e:d5:a2:bb:90:aa:a2:e8:0f:ea:f0:1f:04:
                    b6:d8:8d:af:79:1a:7a:87:30:cb:5a:11:cd:54:0b:
                    b9:cc:47:b8:50:40:2e:a4:1e:8d:80:4c:77:c1:05:
                    fd:b7:f9:f7:3d:f9:4b:9d:b5:46:ce:64:23:37:40:
                    00:eb:57:39:63:5d:bd:90:ce:2c:29:59:8a:5a:f2:
                    bc:23:e2:57:3d:3a:93:46:8b:ab:d1:4d:30:70:ae:
                    de:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:1B:00:07:68:2A:30:0E:8C:B3:7E:CC:D1:21:77:13:D2:67:8C:B0
            X509v3 Authority Key Identifier:
                keyid:A8:53:9F:93:55:D3:EB:77:8B:1B:B8:EE:27:23:32:60:11:A1:22:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qFOfk1XT63eLG7juJyMyYBGhIps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/4f8e76-59e5-40d1-a13e-71f4c47f506e/1/pBsAB2gqMA6Ms37M0SF3E9JnjLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/4f8e76-59e5-40d1-a13e-71f4c47f506e/1/qFOfk1XT63eLG7juJyMyYBGhIps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.187.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         45:10:84:1e:f3:c2:bd:d4:d4:d6:b1:56:e5:2a:01:2b:61:9e:
         68:e5:c2:f2:ae:b4:5b:6c:6f:7c:0f:54:be:84:6d:09:bc:f3:
         96:21:19:9c:85:18:f9:78:31:9f:d2:27:61:ee:cd:96:96:7b:
         fe:80:6e:f0:0d:c9:10:f9:7f:62:12:6b:23:d8:65:20:c9:3c:
         00:31:6c:f0:aa:c9:c3:3e:f6:3a:70:52:df:6e:45:68:33:19:
         a3:da:35:28:98:7f:5f:e0:b1:08:27:13:c7:65:bb:74:fd:77:
         ce:3f:c4:23:4c:9e:e4:78:01:57:09:a1:9e:6a:ab:55:67:17:
         82:e0:c1:b0:c1:6c:13:2c:b9:e1:0a:25:25:87:d1:ac:3e:98:
         7d:a5:65:12:2d:fc:4d:f4:59:c6:f4:6e:c4:fb:96:a9:84:f8:
         31:ed:cb:2d:25:0d:43:26:d1:9e:26:3a:f7:9b:a8:48:27:ae:
         58:58:29:09:e7:91:f6:7b:c1:8e:18:e5:75:c1:54:ab:ee:2d:
         44:fd:be:a2:7b:5c:52:26:ae:4f:9f:05:79:6f:5f:8f:4c:ad:
         33:69:2d:80:1a:07:f5:1d:d5:2b:99:8e:8f:b5:dc:f0:58:c3:
         1a:f0:99:5b:6b:07:7e:e7:62:ac:f5:9b:72:15:6f:db:af:12:
         65:5f:c4:2a
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzF3NQB+/JuNcypkyWKs51+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NTM5ZjkzNTVkM2ViNzc4YjFiYjhlZTI3MjMzMjYwMTFh
MTIyOWIwHhcNMjQwMTAxMTYzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDFiMDAwNzY4MmEzMDBlOGNiMzdlY2NkMTIxNzcxM2QyNjc4Y2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3yCNsDJ4DuzjJPC7SrLcvGQayPsv
v0Iq2SHDUYiX6c2vywK82e8liypnd7TBb9rrq+4BhIM3GnzKWeJQVP/jI7ehtT8v
hcIb3hKbN+ajxCrPrsY8f5WD4Nh83ZVLFTg4sERtgr9amR9gheOUrplcWxMyNdKy
s3R3km32F8rlpnATKtBLnqjZy+JALzJnoczDFHPm0FQ7+9v+JHq8JU9wrxCvsyCk
r27VoruQqqLoD+rwHwS22I2veRp6hzDLWhHNVAu5zEe4UEAupB6NgEx3wQX9t/n3
PflLnbVGzmQjN0AA61c5Y129kM4sKVmKWvK8I+JXPTqTRour0U0wcK7eHwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFKQbAAdoKjAOjLN+zNEhdxPSZ4ywMB8GA1UdIwQY
MBaAFKhTn5NV0+t3ixu47icjMmARoSKbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUZPZmsxWFQ2M2VMRzdqdUp5TXlZQkdoSXBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS80ZjhlNzYtNTllNS00MGQxLWExM2Ut
NzFmNGM0N2Y1MDZlLzEvcEJzQUIyZ3FNQTZNczM3TTBTRjNFOUpuakxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS80ZjhlNzYtNTllNS00MGQxLWExM2UtNzFmNGM0N2Y1MDZl
LzEvcUZPZmsxWFQ2M2VMRzdqdUp5TXlZQkdoSXBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAlLswDQYJ
KoZIhvcNAQELBQADggEBAEUQhB7zwr3U1NaxVuUqASthnmjlwvKutFtsb3wPVL6E
bQm885YhGZyFGPl4MZ/SJ2HuzZaWe/6AbvANyRD5f2ISayPYZSDJPAAxbPCqycM+
9jpwUt9uRWgzGaPaNSiYf1/gsQgnE8dlu3T9d84/xCNMnuR4AVcJoZ5qq1VnF4Lg
wbDBbBMsueEKJSWH0aw+mH2lZRIt/E30Wcb0bsT7lqmE+DHtyy0lDUMm0Z4mOveb
qEgnrlhYKQnnkfZ7wY4Y5XXBVKvuLUT9vqJ7XFImrk+fBXlvX49MrTNpLYAaB/Ud
1SuZjo+13PBYwxrwmVtrB37nYqz1m3IVb9uvEmVfxCo=
-----END CERTIFICATE-----