Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/i81-UM4-AbOmptLGLOIhMeQkbo0.roa
File:                     i81-UM4-AbOmptLGLOIhMeQkbo0.roa (raw, json)
Hash identifier:          DksSrgC1UkFVNMbC2CEmYOi3oKinX9V8cyDJyApmrBY=
Subject key identifier:   8B:CD:7E:50:CE:3E:01:B3:A6:A6:D2:C6:2C:E2:21:31:E4:24:6E:8D
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       018CC7276EEEA2C26D14BA5FB6A03DCBCB95
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/i81-UM4-AbOmptLGLOIhMeQkbo0.roa
Signing time:             Mon 01 Jan 2024 22:31:39 +0000
ROA not before:           Mon 01 Jan 2024 22:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206937
IP address blocks:        157.25.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:6e:ee:a2:c2:6d:14:ba:5f:b6:a0:3d:cb:cb:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 22:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bcd7e50ce3e01b3a6a6d2c62ce22131e4246e8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:be:3c:70:b4:d7:24:6c:b7:bb:a0:88:a3:f9:
                    3e:1d:65:89:c2:87:23:c4:02:02:fe:a5:5f:5a:9c:
                    6d:cf:d6:21:f5:fe:11:b8:b9:3a:70:c1:32:71:c8:
                    3f:37:c9:a1:73:1c:18:2b:be:88:41:f6:76:e1:a0:
                    33:47:44:a3:1b:fb:df:18:07:ce:ac:58:37:92:1d:
                    1c:17:83:4c:2d:47:8d:6c:c4:77:ce:a0:3b:91:50:
                    8b:40:aa:60:37:60:8a:37:c4:ad:5a:b0:f5:86:48:
                    f3:bf:5b:40:04:1f:9f:5c:d9:45:0f:57:b7:7e:09:
                    2c:e5:11:c4:6a:d9:e1:c5:70:1b:7d:5d:5a:d8:78:
                    8b:90:3f:0b:c1:81:19:6b:3e:08:75:9b:37:76:ff:
                    70:5e:e8:4d:3a:07:75:2e:16:d1:4c:9b:1c:a3:88:
                    92:46:82:99:7f:69:ce:c6:19:a5:a0:05:5b:81:30:
                    c5:12:9c:bd:e6:0c:b2:b8:90:6a:74:a6:73:1b:f3:
                    04:c0:4b:63:47:05:5f:c3:7b:17:79:8e:ef:71:5f:
                    52:b0:41:30:57:e8:88:cb:e8:4c:02:32:dd:fc:b6:
                    c4:7d:a5:d1:47:bf:1f:50:01:61:2f:2a:67:9d:10:
                    96:98:06:b5:b4:bf:86:5f:72:0e:e5:dd:d2:00:18:
                    18:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:CD:7E:50:CE:3E:01:B3:A6:A6:D2:C6:2C:E2:21:31:E4:24:6E:8D
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/i81-UM4-AbOmptLGLOIhMeQkbo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.25.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:87:42:7f:9d:bc:df:84:d3:4c:e1:5b:01:15:3a:fe:df:30:
         50:44:5f:bd:13:30:ad:00:a0:0b:5c:24:ec:6a:02:5e:1a:b7:
         27:b3:b7:18:fe:a4:46:ee:19:a7:e5:bc:d6:ea:3f:da:99:96:
         e7:5a:99:d5:2d:77:9a:50:e3:09:32:cd:ca:8e:e7:de:ba:c9:
         9d:55:20:ab:b6:cd:51:c0:d6:6d:84:b7:20:fb:70:26:2b:6d:
         e4:41:e9:b0:78:9f:e6:1c:34:47:94:67:80:7f:ad:e7:57:f6:
         fe:93:59:31:d3:51:95:46:c1:c0:46:b2:3d:e4:4a:bd:13:dc:
         8f:cc:ab:92:84:43:b0:3a:38:a9:a8:e6:48:9c:65:bc:9e:5d:
         8f:1e:a9:f7:62:29:9e:71:a6:66:03:80:ab:fd:95:ce:eb:9a:
         f6:14:ff:4b:9f:f7:3f:e6:94:04:49:30:a3:a1:79:68:15:8a:
         ba:75:35:23:29:ab:83:ba:bd:e9:80:8a:4e:ca:66:dd:0f:ae:
         6b:32:a5:58:5c:98:73:aa:0a:60:53:32:fe:09:25:15:b7:d0:
         3e:a9:b9:7e:51:4c:d8:cc:c9:80:b6:12:12:b3:9f:46:9a:17:
         59:72:31:39:1c:1f:00:de:80:c4:47:a9:84:be:23:58:e4:b3:
         a5:61:10:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ27uosJtFLpftqA9y8uVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjQwMTAxMjIzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmNkN2U1MGNlM2UwMWIzYTZhNmQyYzYyY2UyMjEzMWU0MjQ2ZThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlr48cLTXJGy3u6CIo/k+HWWJwocj
xAIC/qVfWpxtz9Yh9f4RuLk6cMEyccg/N8mhcxwYK76IQfZ24aAzR0SjG/vfGAfO
rFg3kh0cF4NMLUeNbMR3zqA7kVCLQKpgN2CKN8StWrD1hkjzv1tABB+fXNlFD1e3
fgks5RHEatnhxXAbfV1a2HiLkD8LwYEZaz4IdZs3dv9wXuhNOgd1LhbRTJsco4iS
RoKZf2nOxhmloAVbgTDFEpy95gyyuJBqdKZzG/MEwEtjRwVfw3sXeY7vcV9SsEEw
V+iIy+hMAjLd/LbEfaXRR78fUAFhLypnnRCWmAa1tL+GX3IO5d3SABgYAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIvNflDOPgGzpqbSxiziITHkJG6NMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvaTgxLVVNNC1BYk9tcHRMR0xPSWhNZVFrYm8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnRmWMA0G
CSqGSIb3DQEBCwUAA4IBAQBMh0J/nbzfhNNM4VsBFTr+3zBQRF+9EzCtAKALXCTs
agJeGrcns7cY/qRG7hmn5bzW6j/amZbnWpnVLXeaUOMJMs3KjufeusmdVSCrts1R
wNZthLcg+3AmK23kQemweJ/mHDRHlGeAf63nV/b+k1kx01GVRsHARrI95Eq9E9yP
zKuShEOwOjipqOZInGW8nl2PHqn3YimecaZmA4Cr/ZXO65r2FP9Ln/c/5pQESTCj
oXloFYq6dTUjKauDur3pgIpOymbdD65rMqVYXJhzqgpgUzL+CSUVt9A+qbl+UUzY
zMmAthISs59GmhdZcjE5HB8A3oDER6mEviNY5LOlYRAU
-----END CERTIFICATE-----