Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/OIzQ-SLhPvyRCRHUsLgn1YxPOec.roa
File:                     OIzQ-SLhPvyRCRHUsLgn1YxPOec.roa (raw, json)
Hash identifier:          oz8sWE4xsHobbsiIrHV7j1uJxP4yIUwh9/Jw2+Bvfm4=
Subject key identifier:   38:8C:D0:F9:22:E1:3E:FC:91:09:11:D4:B0:B8:27:D5:8C:4F:39:E7
Certificate issuer:       /CN=598fa4201344d4107f792eee2566c62d65714e2d
Certificate serial:       018DF9F4D5386ABB9E9B8C33A4AF069F4A4D
Authority key identifier: 59:8F:A4:20:13:44:D4:10:7F:79:2E:EE:25:66:C6:2D:65:71:4E:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WY-kIBNE1BB_eS7uJWbGLWVxTi0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/OIzQ-SLhPvyRCRHUsLgn1YxPOec.roa
Signing time:             Fri 01 Mar 2024 12:19:48 +0000
ROA not before:           Fri 01 Mar 2024 12:19:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203324
IP address blocks:        217.61.137.0/24 maxlen: 24
                          217.61.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/WY-kIBNE1BB_eS7uJWbGLWVxTi0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/WY-kIBNE1BB_eS7uJWbGLWVxTi0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WY-kIBNE1BB_eS7uJWbGLWVxTi0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f9:f4:d5:38:6a:bb:9e:9b:8c:33:a4:af:06:9f:4a:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=598fa4201344d4107f792eee2566c62d65714e2d
        Validity
            Not Before: Mar  1 12:19:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=388cd0f922e13efc910911d4b0b827d58c4f39e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:fc:e3:13:d3:08:c6:b5:82:83:2f:10:14:16:
                    82:b6:e3:e6:c1:65:c7:08:e7:4c:22:26:ee:b2:6e:
                    df:c5:78:aa:b8:03:f3:23:1b:93:15:5d:4f:19:dd:
                    e5:ba:98:2b:65:39:96:de:cb:63:be:31:0f:f4:85:
                    72:8e:d4:52:13:13:3b:d4:f8:70:78:71:0e:e4:f3:
                    8a:dd:ce:a0:90:72:9f:5d:9e:58:30:5d:d8:76:f3:
                    e7:9f:12:97:16:fc:4a:d4:90:37:4b:37:e3:09:07:
                    31:80:ad:44:84:d2:b4:45:92:46:b6:20:f0:f4:32:
                    29:8d:18:97:6e:d8:7e:46:9c:c9:c7:2f:07:24:d1:
                    dc:d7:2b:8c:20:36:c3:64:79:e7:66:90:16:56:35:
                    e3:fd:c2:bd:26:95:63:6d:46:71:b5:a4:c6:80:52:
                    a1:49:5c:16:ad:bc:64:26:f0:fa:9b:00:b7:04:8e:
                    15:07:ce:4e:58:ed:23:8b:54:74:dd:5e:6a:a7:e0:
                    0a:7c:19:45:28:10:8f:53:a9:35:39:ac:2c:50:d2:
                    67:14:1d:b2:58:63:b9:9e:7f:ed:ed:f1:0d:2b:9c:
                    64:da:73:31:a3:7d:cd:03:38:75:0c:32:9e:aa:c9:
                    0e:c5:22:b0:19:ca:ed:1a:b9:90:87:04:e3:76:e9:
                    54:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:8C:D0:F9:22:E1:3E:FC:91:09:11:D4:B0:B8:27:D5:8C:4F:39:E7
            X509v3 Authority Key Identifier:
                keyid:59:8F:A4:20:13:44:D4:10:7F:79:2E:EE:25:66:C6:2D:65:71:4E:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WY-kIBNE1BB_eS7uJWbGLWVxTi0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/OIzQ-SLhPvyRCRHUsLgn1YxPOec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/WY-kIBNE1BB_eS7uJWbGLWVxTi0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.61.137.0-217.61.138.255

    Signature Algorithm: sha256WithRSAEncryption
         7f:99:79:53:3d:6b:b3:24:ed:3e:21:5a:9f:ce:f3:13:20:23:
         fc:9c:ac:f5:bb:f8:9a:6b:cb:19:24:03:63:95:ae:47:9b:95:
         4f:73:59:37:bb:0e:a4:79:b7:b3:31:ab:b0:11:d2:d2:65:f2:
         aa:e3:9a:62:89:fe:68:33:4d:0d:fc:16:9d:86:06:e5:03:c4:
         9c:ed:ed:9d:01:1a:a2:ef:ee:f7:02:83:1a:b4:2f:41:79:c7:
         68:66:97:0f:ef:27:a2:c6:ca:e0:17:bd:d9:60:51:32:59:25:
         20:b4:e8:fc:3c:5b:56:86:9b:38:fe:c8:dd:31:45:08:e7:5d:
         cd:a2:f2:1b:d6:fd:53:ef:25:6d:9b:a9:7c:42:6e:e4:79:c3:
         89:3f:e1:37:07:d8:97:23:43:1a:e0:88:86:ef:de:38:5c:db:
         ae:65:37:4b:c3:7c:ef:0b:3b:54:9e:01:e5:1c:b8:cd:2f:a1:
         35:82:7a:d8:d8:fc:39:8d:7d:fb:1a:f9:44:25:92:aa:05:0b:
         4a:90:e8:5b:3b:0f:47:59:f0:41:ce:4a:48:66:c5:26:71:6e:
         df:cb:fb:4f:29:0a:a3:97:91:50:d8:29:70:03:eb:59:43:8b:
         7a:95:d1:3e:54:b9:cd:a8:69:42:df:f5:65:90:5c:0b:0f:46:
         27:3a:2f:f3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY359NU4aruem4wzpK8Gn0pNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5OGZhNDIwMTM0NGQ0MTA3Zjc5MmVlZTI1NjZjNjJkNjU3
MTRlMmQwHhcNMjQwMzAxMTIxOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODhjZDBmOTIyZTEzZWZjOTEwOTExZDRiMGI4MjdkNThjNGYzOWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPzjE9MIxrWCgy8QFBaCtuPmwWXH
COdMIibusm7fxXiquAPzIxuTFV1PGd3lupgrZTmW3stjvjEP9IVyjtRSExM71Phw
eHEO5POK3c6gkHKfXZ5YMF3YdvPnnxKXFvxK1JA3SzfjCQcxgK1EhNK0RZJGtiDw
9DIpjRiXbth+RpzJxy8HJNHc1yuMIDbDZHnnZpAWVjXj/cK9JpVjbUZxtaTGgFKh
SVwWrbxkJvD6mwC3BI4VB85OWO0ji1R03V5qp+AKfBlFKBCPU6k1OawsUNJnFB2y
WGO5nn/t7fENK5xk2nMxo33NAzh1DDKeqskOxSKwGcrtGrmQhwTjdulUTwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDiM0Pki4T78kQkR1LC4J9WMTznnMB8GA1UdIwQY
MBaAFFmPpCATRNQQf3ku7iVmxi1lcU4tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1kta0lCTkUxQkJfZVM3dUpXYkdMV1Z4VGkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS84MzhlZjEtNzM5My00ZmJkLWI2N2It
NjY0YjhmMDNkMTgwLzEvT0l6US1TTGhQdnlSQ1JIVXNMZ24xWXhQT2VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS84MzhlZjEtNzM5My00ZmJkLWI2N2ItNjY0YjhmMDNkMTgw
LzEvV1kta0lCTkUxQkJfZVM3dUpXYkdMV1Z4VGkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADZPYkD
BADZPYowDQYJKoZIhvcNAQELBQADggEBAH+ZeVM9a7Mk7T4hWp/O8xMgI/ycrPW7
+JpryxkkA2OVrkeblU9zWTe7DqR5t7Mxq7AR0tJl8qrjmmKJ/mgzTQ38Fp2GBuUD
xJzt7Z0BGqLv7vcCgxq0L0F5x2hmlw/vJ6LGyuAXvdlgUTJZJSC06Pw8W1aGmzj+
yN0xRQjnXc2i8hvW/VPvJW2bqXxCbuR5w4k/4TcH2JcjQxrgiIbv3jhc265lN0vD
fO8LO1SeAeUcuM0voTWCetjY/DmNffsa+UQlkqoFC0qQ6Fs7D0dZ8EHOSkhmxSZx
bt/L+08pCqOXkVDYKXAD61lDi3qV0T5Uuc2oaULf9WWQXAsPRic6L/M=
-----END CERTIFICATE-----