Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ba12cd-2e7e-40dc-ae88-248b59c3696b/1/vH670xrkwvVR2VssahTVwwmvkRk.roa
File:                     vH670xrkwvVR2VssahTVwwmvkRk.roa (raw, json)
Hash identifier:          5BmtrUEcCIJ5XLm5vkceoHd9TwhztDPwd9yN95dlnmA=
Subject key identifier:   BC:7E:BB:D3:1A:E4:C2:F5:51:D9:5B:2C:6A:14:D5:C3:09:AF:91:19
Certificate issuer:       /CN=42c0959011627ddd0d057d731e8fa5a510296592
Certificate serial:       018CC3B73E96102232C538C45289186147B4
Authority key identifier: 42:C0:95:90:11:62:7D:DD:0D:05:7D:73:1E:8F:A5:A5:10:29:65:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QsCVkBFifd0NBX1zHo-lpRApZZI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ba12cd-2e7e-40dc-ae88-248b59c3696b/1/vH670xrkwvVR2VssahTVwwmvkRk.roa
Signing time:             Mon 01 Jan 2024 06:30:15 +0000
ROA not before:           Mon 01 Jan 2024 06:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        156.148.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ba12cd-2e7e-40dc-ae88-248b59c3696b/1/QsCVkBFifd0NBX1zHo-lpRApZZI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ba12cd-2e7e-40dc-ae88-248b59c3696b/1/QsCVkBFifd0NBX1zHo-lpRApZZI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QsCVkBFifd0NBX1zHo-lpRApZZI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3e:96:10:22:32:c5:38:c4:52:89:18:61:47:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42c0959011627ddd0d057d731e8fa5a510296592
        Validity
            Not Before: Jan  1 06:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc7ebbd31ae4c2f551d95b2c6a14d5c309af9119
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:05:b6:cf:82:8f:23:e3:cb:5c:6c:d3:5e:51:
                    eb:f9:d7:c0:58:7e:20:df:a1:80:cb:26:94:d9:52:
                    ed:6d:ad:55:4e:ed:34:b8:7d:40:8b:12:db:c4:88:
                    6c:e3:a1:69:10:98:6f:70:67:9b:41:b7:c1:fe:55:
                    ac:38:82:14:0d:64:88:bd:d0:ea:fa:a4:ff:7a:3f:
                    ef:54:9c:cd:74:86:7a:cd:e4:ed:4c:fc:ef:81:97:
                    68:fe:73:87:7f:62:71:9d:fe:58:cc:3e:59:a9:e2:
                    c4:42:5c:a9:d9:f3:fe:e0:6b:77:41:a6:58:90:f7:
                    d2:52:85:70:97:d3:c9:ac:1d:cf:a2:7c:dc:26:15:
                    4f:2a:5b:da:be:ee:9f:1b:11:86:0d:ae:5c:74:ac:
                    ab:b6:b0:12:b9:0d:32:50:d7:06:c7:0b:d9:68:bb:
                    d6:5a:4b:e0:ee:63:70:36:54:f6:61:9c:d1:f0:f4:
                    45:3a:1f:79:35:00:3b:1c:5b:87:c5:9f:17:29:62:
                    ac:ee:eb:ac:5c:66:50:f3:f3:6a:28:56:cd:6d:40:
                    b1:9c:8d:d2:07:0d:30:14:2d:93:00:fb:1c:2c:cd:
                    df:21:0f:31:4e:0d:dc:9f:1d:62:22:2a:ad:c4:64:
                    81:b4:99:47:34:49:e7:1f:3d:c1:ac:e8:c9:32:ea:
                    52:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:7E:BB:D3:1A:E4:C2:F5:51:D9:5B:2C:6A:14:D5:C3:09:AF:91:19
            X509v3 Authority Key Identifier:
                keyid:42:C0:95:90:11:62:7D:DD:0D:05:7D:73:1E:8F:A5:A5:10:29:65:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QsCVkBFifd0NBX1zHo-lpRApZZI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ba12cd-2e7e-40dc-ae88-248b59c3696b/1/vH670xrkwvVR2VssahTVwwmvkRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ba12cd-2e7e-40dc-ae88-248b59c3696b/1/QsCVkBFifd0NBX1zHo-lpRApZZI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.148.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         09:09:33:67:cf:9f:5e:ac:57:c4:fa:43:17:c0:ad:b6:e9:f7:
         83:f3:07:6d:d7:8a:55:dd:64:bd:06:d5:c5:89:47:ca:ac:19:
         17:d6:af:49:b4:96:47:a1:a8:41:06:93:e9:ed:59:4d:a8:46:
         a7:23:ad:44:8d:95:c3:4a:ff:25:24:30:44:66:e1:79:cf:07:
         c8:53:67:2c:01:23:ae:e3:5d:fe:10:48:ff:ac:3a:b6:00:50:
         f9:df:fa:c1:ed:4e:06:e2:39:37:2f:d9:df:50:f2:fe:ec:61:
         d3:ce:12:58:0d:fd:90:02:c1:10:6c:da:e9:28:52:47:39:82:
         9c:0d:00:b8:5d:46:77:37:ed:41:fa:46:20:11:0c:7d:c4:8b:
         3b:f7:f7:33:0d:97:89:4b:05:8f:ab:a2:89:b2:61:b4:45:bd:
         93:d3:0e:b9:52:6f:84:7c:4f:10:43:a1:fe:f6:fb:e4:4e:53:
         06:bc:24:05:ec:cb:9d:ff:3b:57:c4:62:c5:cf:78:10:2d:87:
         aa:bb:2c:0a:29:8a:0b:8a:dd:26:68:ca:6f:09:7d:a2:a3:5e:
         b1:f9:11:0e:5f:bc:ea:be:fe:83:7f:7f:31:ac:2e:de:90:a8:
         7e:6d:7e:17:e7:a2:c3:15:2a:e0:fc:87:84:b1:50:3b:3f:8c:
         a1:45:73:53
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzDtz6WECIyxTjEUokYYUe0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyYzA5NTkwMTE2MjdkZGQwZDA1N2Q3MzFlOGZhNWE1MTAy
OTY1OTIwHhcNMjQwMTAxMDYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzdlYmJkMzFhZTRjMmY1NTFkOTViMmM2YTE0ZDVjMzA5YWY5MTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQW2z4KPI+PLXGzTXlHr+dfAWH4g
36GAyyaU2VLtba1VTu00uH1AixLbxIhs46FpEJhvcGebQbfB/lWsOIIUDWSIvdDq
+qT/ej/vVJzNdIZ6zeTtTPzvgZdo/nOHf2Jxnf5YzD5ZqeLEQlyp2fP+4Gt3QaZY
kPfSUoVwl9PJrB3PonzcJhVPKlvavu6fGxGGDa5cdKyrtrASuQ0yUNcGxwvZaLvW
Wkvg7mNwNlT2YZzR8PRFOh95NQA7HFuHxZ8XKWKs7uusXGZQ8/NqKFbNbUCxnI3S
Bw0wFC2TAPscLM3fIQ8xTg3cnx1iIiqtxGSBtJlHNEnnHz3BrOjJMupSfwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLx+u9Ma5ML1UdlbLGoU1cMJr5EZMB8GA1UdIwQY
MBaAFELAlZARYn3dDQV9cx6PpaUQKWWSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXNDVmtCRmlmZDBOQlgxekhvLWxwUkFwWlpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9iYTEyY2QtMmU3ZS00MGRjLWFlODgt
MjQ4YjU5YzM2OTZiLzEvdkg2NzB4cmt3dlZSMlZzc2FoVFZ3d212a1JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9iYTEyY2QtMmU3ZS00MGRjLWFlODgtMjQ4YjU5YzM2OTZi
LzEvUXNDVmtCRmlmZDBOQlgxekhvLWxwUkFwWlpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAnJQwDQYJ
KoZIhvcNAQELBQADggEBAAkJM2fPn16sV8T6QxfArbbp94PzB23XilXdZL0G1cWJ
R8qsGRfWr0m0lkehqEEGk+ntWU2oRqcjrUSNlcNK/yUkMERm4XnPB8hTZywBI67j
Xf4QSP+sOrYAUPnf+sHtTgbiOTcv2d9Q8v7sYdPOElgN/ZACwRBs2ukoUkc5gpwN
ALhdRnc37UH6RiARDH3Eizv39zMNl4lLBY+roomyYbRFvZPTDrlSb4R8TxBDof72
++ROUwa8JAXsy53/O1fEYsXPeBAth6q7LAopiguK3SZoym8JfaKjXrH5EQ5fvOq+
/oN/fzGsLt6QqH5tfhfnosMVKuD8h4SxUDs/jKFFc1M=
-----END CERTIFICATE-----