Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/bbNYn_3dr0oMc_BCykzivIyhyVw.roa
File:                     bbNYn_3dr0oMc_BCykzivIyhyVw.roa (raw, json)
Hash identifier:          4Pkf5HQP78AZbBdVgcvNsnsPMCZ7dj8JyJ4HCucUfAA=
Subject key identifier:   6D:B3:58:9F:FD:DD:AF:4A:0C:73:F0:42:CA:4C:E2:BC:8C:A1:C9:5C
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       018CC56EB2B40A070B6E657BD1B327997425
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/bbNYn_3dr0oMc_BCykzivIyhyVw.roa
Signing time:             Mon 01 Jan 2024 14:30:15 +0000
ROA not before:           Mon 01 Jan 2024 14:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     996
IP address blocks:        37.19.64.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:b2:b4:0a:07:0b:6e:65:7b:d1:b3:27:99:74:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Jan  1 14:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6db3589ffdddaf4a0c73f042ca4ce2bc8ca1c95c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:58:62:13:f7:11:a1:50:cc:d0:65:9d:99:b6:
                    ee:0c:ff:c8:58:25:67:91:1f:0b:68:55:66:e9:98:
                    7e:80:d8:61:9c:5b:90:8c:76:2b:e2:80:1c:ee:9c:
                    f5:ba:4d:0f:57:aa:6c:03:50:ca:3d:c1:29:e6:90:
                    a2:d0:d3:19:8a:8d:02:88:4d:47:24:6f:f8:86:19:
                    bb:9c:03:a0:89:97:7c:a7:77:2c:82:d1:f7:c6:fc:
                    2e:0d:ba:cb:ac:7e:28:79:ae:60:83:22:e4:70:79:
                    b4:bf:f2:e4:eb:79:e4:4d:5c:d9:a8:f2:a2:18:ab:
                    c6:23:12:18:3f:b3:b4:05:c5:3d:33:b5:dc:0c:4e:
                    2b:ef:4c:1c:6e:7a:f8:a9:23:79:b4:f3:cb:ad:43:
                    96:e9:a5:2b:8d:1f:e9:5d:ce:a2:c5:bf:cf:4b:17:
                    7d:d7:69:2c:01:9e:20:13:56:8f:87:b1:88:1d:5f:
                    2f:b5:48:96:66:aa:25:8b:3d:bb:f0:c3:7c:31:72:
                    4a:f2:71:74:dd:ca:31:4e:93:0b:fd:2f:db:23:11:
                    6b:df:b1:bf:47:ff:70:55:ae:94:2f:81:f4:92:d4:
                    96:2c:13:26:69:27:3d:bd:ec:84:23:bd:9f:cb:55:
                    3c:c1:58:f7:77:cb:5a:6b:1b:65:e8:4d:dd:72:f7:
                    18:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:B3:58:9F:FD:DD:AF:4A:0C:73:F0:42:CA:4C:E2:BC:8C:A1:C9:5C
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/bbNYn_3dr0oMc_BCykzivIyhyVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.19.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:ff:11:35:b0:71:37:5a:b3:32:8a:53:4f:25:8f:86:47:3b:
         25:d0:35:e1:e1:84:3b:58:44:33:35:da:44:9d:ad:ad:aa:ff:
         3a:cf:ec:63:df:47:f4:f3:d0:30:f3:b3:b4:b9:e0:12:06:ef:
         27:a9:59:04:15:71:12:f3:c3:12:94:57:9b:d4:df:a9:af:7a:
         d5:3a:94:18:ba:05:96:69:e7:94:ad:d9:e9:19:cf:c1:6d:6b:
         be:8c:e6:32:48:d3:7a:0d:8e:9b:98:07:3a:1b:b1:12:6c:27:
         40:31:79:65:61:6e:f0:5e:4c:5d:10:7f:06:c1:79:5d:9d:37:
         a8:f2:2b:e5:d0:75:a4:64:dc:b1:02:be:9f:d1:73:17:68:49:
         5e:c5:65:a4:6a:7c:b0:0b:07:23:53:c3:9a:00:4b:af:dd:35:
         69:f9:13:22:02:57:8f:07:13:90:ac:b7:b0:8b:74:5c:ce:2b:
         63:29:b0:7c:c6:78:d2:14:f8:2a:e1:1c:8b:60:c7:63:56:62:
         15:6c:74:04:ae:65:62:f3:d1:61:e9:fa:5a:6f:3a:42:fa:81:
         bf:7c:25:9f:78:6f:e5:8f:c4:b3:3c:17:84:71:aa:e7:45:09:
         55:b5:2d:7b:e2:95:66:c7:fc:d2:14:a2:ee:56:47:7c:3d:e0:
         5f:cf:46:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbrK0CgcLbmV70bMnmXQlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjQwMTAxMTQzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGIzNTg5ZmZkZGRhZjRhMGM3M2YwNDJjYTRjZTJiYzhjYTFjOTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlhiE/cRoVDM0GWdmbbuDP/IWCVn
kR8LaFVm6Zh+gNhhnFuQjHYr4oAc7pz1uk0PV6psA1DKPcEp5pCi0NMZio0CiE1H
JG/4hhm7nAOgiZd8p3csgtH3xvwuDbrLrH4oea5ggyLkcHm0v/Lk63nkTVzZqPKi
GKvGIxIYP7O0BcU9M7XcDE4r70wcbnr4qSN5tPPLrUOW6aUrjR/pXc6ixb/PSxd9
12ksAZ4gE1aPh7GIHV8vtUiWZqoliz278MN8MXJK8nF03coxTpML/S/bIxFr37G/
R/9wVa6UL4H0ktSWLBMmaSc9veyEI72fy1U8wVj3d8taaxtl6E3dcvcY1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2zWJ/93a9KDHPwQspM4ryMoclcMB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvYmJOWW5fM2RyMG9NY19CQ3lreml2SXloeVZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJRNAMA0G
CSqGSIb3DQEBCwUAA4IBAQA3/xE1sHE3WrMyilNPJY+GRzsl0DXh4YQ7WEQzNdpE
na2tqv86z+xj30f089Aw87O0ueASBu8nqVkEFXES88MSlFeb1N+pr3rVOpQYugWW
aeeUrdnpGc/BbWu+jOYySNN6DY6bmAc6G7ESbCdAMXllYW7wXkxdEH8GwXldnTeo
8ivl0HWkZNyxAr6f0XMXaElexWWkanywCwcjU8OaAEuv3TVp+RMiAlePBxOQrLew
i3RczitjKbB8xnjSFPgq4RyLYMdjVmIVbHQErmVi89Fh6fpabzpC+oG/fCWfeG/l
j8SzPBeEcarnRQlVtS174pVmx/zSFKLuVkd8PeBfz0Z2
-----END CERTIFICATE-----