Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/OW1rz88NsXts4xgAxqkwm39dacQ.roa
File:                     OW1rz88NsXts4xgAxqkwm39dacQ.roa (raw, json)
Hash identifier:          iFaY2RWJykzA2hkSRwPNGz27ajcZxCXe2ECudW0vunU=
Subject key identifier:   39:6D:6B:CF:CF:0D:B1:7B:6C:E3:18:00:C6:A9:30:9B:7F:5D:69:C4
Certificate issuer:       /CN=37518d180923a7f3c00653ec12bc702b95aab907
Certificate serial:       018CC348A8F9C1040B78003B05A73FDCC36D
Authority key identifier: 37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/OW1rz88NsXts4xgAxqkwm39dacQ.roa
Signing time:             Mon 01 Jan 2024 04:29:28 +0000
ROA not before:           Mon 01 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34478
IP address blocks:        194.27.148.0/24 maxlen: 24
                          193.140.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a8:f9:c1:04:0b:78:00:3b:05:a7:3f:dc:c3:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37518d180923a7f3c00653ec12bc702b95aab907
        Validity
            Not Before: Jan  1 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=396d6bcfcf0db17b6ce31800c6a9309b7f5d69c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:57:fe:2b:08:5a:5b:2a:30:38:a1:95:44:e7:
                    4c:e8:96:f5:12:ab:ef:ab:c1:b6:28:2d:ee:b3:7a:
                    81:3f:31:e9:4a:f8:4f:bf:06:29:d1:f7:e7:06:fe:
                    dc:6f:1c:70:c9:16:29:73:1d:c7:d0:30:3e:88:bf:
                    53:ae:a6:fd:b5:80:4c:1f:a6:ae:08:71:0e:6e:9c:
                    48:f2:e0:b9:d3:1e:8f:b9:b9:a0:0a:64:4f:5c:c6:
                    0e:38:c8:4c:ec:67:4f:6e:ba:2a:00:0f:f9:4d:cc:
                    00:41:ba:2e:7f:1c:5e:7e:96:ae:6a:4e:7c:a6:96:
                    ff:3b:e4:f4:e2:ab:3a:2c:b1:03:cd:2b:97:16:56:
                    b3:91:b2:03:1e:fe:04:bd:20:23:f5:93:df:c1:2a:
                    95:d0:b2:7b:39:20:eb:02:39:67:14:b8:5a:8a:6b:
                    22:f6:1f:c3:70:74:20:4c:fc:d7:b5:a9:fd:df:00:
                    68:85:c5:f3:8d:17:84:de:cc:be:fc:94:43:64:9c:
                    38:6d:9d:d7:bd:51:2a:7e:3f:f5:44:d9:7d:ac:c2:
                    4f:94:21:07:44:60:1a:dd:1d:a1:2f:ee:0a:31:ca:
                    7b:4d:ae:4a:da:1e:58:be:93:7f:29:d1:f9:6d:d9:
                    0f:a6:2d:dd:d7:82:c9:9b:31:46:ad:58:f1:0c:26:
                    06:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:6D:6B:CF:CF:0D:B1:7B:6C:E3:18:00:C6:A9:30:9B:7F:5D:69:C4
            X509v3 Authority Key Identifier:
                keyid:37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/OW1rz88NsXts4xgAxqkwm39dacQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.140.71.0/24
                  194.27.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:85:66:1c:92:7e:e5:34:fb:b4:8d:b6:26:06:25:7f:88:ff:
         1b:25:e0:a6:e1:b9:19:8f:6e:a7:ae:37:9c:ec:11:36:08:a2:
         11:39:f1:b4:24:ae:84:3a:2e:97:8e:32:bd:ae:f2:32:2f:67:
         39:d5:4f:b4:a3:88:67:3a:80:cf:96:aa:04:20:8b:aa:e3:f0:
         bf:b7:c0:eb:7c:ba:d3:d4:b3:7a:e0:95:0d:21:e7:af:aa:89:
         eb:88:7a:2a:18:39:45:8e:27:18:02:bc:de:16:36:e0:79:35:
         e7:95:52:d0:38:af:18:00:aa:bb:4f:11:1c:32:b9:ea:b1:98:
         71:86:0f:bc:3f:33:ca:b8:a8:8e:0b:60:4e:22:21:80:f9:51:
         1b:f5:ec:c1:2f:53:c8:9e:47:15:23:31:82:19:bf:d7:fd:fe:
         cb:48:da:1f:72:25:c1:bc:fe:11:15:47:ed:79:d7:55:12:50:
         3e:4f:4b:6d:d3:17:a0:da:8f:84:c7:70:43:e4:b5:6c:2d:59:
         88:54:21:bd:bb:b7:95:27:dd:7b:2d:96:1f:b1:98:6a:c2:18:
         d1:9b:7b:88:af:5d:bb:d2:c2:47:c8:b2:f5:3b:14:8f:9b:e6:
         59:93:6f:38:a0:9b:10:f4:09:ae:6a:2d:00:dd:a5:3b:7f:2f:
         2a:73:82:8a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSKj5wQQLeAA7Bac/3MNtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NTE4ZDE4MDkyM2E3ZjNjMDA2NTNlYzEyYmM3MDJiOTVh
YWI5MDcwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTZkNmJjZmNmMGRiMTdiNmNlMzE4MDBjNmE5MzA5YjdmNWQ2OWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFf+KwhaWyowOKGVROdM6Jb1Eqvv
q8G2KC3us3qBPzHpSvhPvwYp0ffnBv7cbxxwyRYpcx3H0DA+iL9Trqb9tYBMH6au
CHEObpxI8uC50x6PubmgCmRPXMYOOMhM7GdPbroqAA/5TcwAQboufxxefpauak58
ppb/O+T04qs6LLEDzSuXFlazkbIDHv4EvSAj9ZPfwSqV0LJ7OSDrAjlnFLhaimsi
9h/DcHQgTPzXtan93wBohcXzjReE3sy+/JRDZJw4bZ3XvVEqfj/1RNl9rMJPlCEH
RGAa3R2hL+4KMcp7Ta5K2h5YvpN/KdH5bdkPpi3d14LJmzFGrVjxDCYG9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDlta8/PDbF7bOMYAMapMJt/XWnEMB8GA1UdIwQY
MBaAFDdRjRgJI6fzwAZT7BK8cCuVqrkHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgt
NTk2NzE5MjBmYjYwLzEvT1cxcno4OE5zWHRzNHhnQXhxa3dtMzlkYWNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgtNTk2NzE5MjBmYjYw
LzEvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwYxHAwQA
whuUMA0GCSqGSIb3DQEBCwUAA4IBAQAxhWYckn7lNPu0jbYmBiV/iP8bJeCm4bkZ
j26nrjec7BE2CKIROfG0JK6EOi6XjjK9rvIyL2c51U+0o4hnOoDPlqoEIIuq4/C/
t8DrfLrT1LN64JUNIeevqonriHoqGDlFjicYArzeFjbgeTXnlVLQOK8YAKq7TxEc
MrnqsZhxhg+8PzPKuKiOC2BOIiGA+VEb9ezBL1PInkcVIzGCGb/X/f7LSNofciXB
vP4RFUfteddVElA+T0tt0xeg2o+Ex3BD5LVsLVmIVCG9u7eVJ917LZYfsZhqwhjR
m3uIr1270sJHyLL1OxSPm+ZZk284oJsQ9Amuai0A3aU7fy8qc4KK
-----END CERTIFICATE-----