Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ODH2hxl-s0M3f8s_tzFioVLMoSk.roa
File:                     ODH2hxl-s0M3f8s_tzFioVLMoSk.roa (raw, json)
Hash identifier:          g3CFC3EvltkFUbtzSNdzsiUpKMH1MDpZdCXFHCYvPFQ=
Subject key identifier:   38:31:F6:87:19:7E:B3:43:37:7F:CB:3F:B7:31:62:A1:52:CC:A1:29
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       0192F8390D9CF889ABB75E907967B68E9A42
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ODH2hxl-s0M3f8s_tzFioVLMoSk.roa
Signing time:             Mon 04 Nov 2024 17:29:01 +0000
ROA not before:           Mon 04 Nov 2024 17:29:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49791
IP address blocks:        150.241.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f8:39:0d:9c:f8:89:ab:b7:5e:90:79:67:b6:8e:9a:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Nov  4 17:29:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3831f687197eb343377fcb3fb73162a152cca129
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:fa:fe:b3:b1:b3:20:06:53:eb:ce:64:be:ff:
                    3e:39:dc:61:d0:23:fa:4f:15:1e:6f:9e:42:b0:91:
                    c7:57:0a:18:39:73:8e:f4:59:90:85:b2:d6:c8:34:
                    39:fb:d3:f6:a9:a9:7a:ec:c6:fd:48:3a:5f:a7:44:
                    5b:f6:de:65:2d:80:b2:d7:18:7a:fe:b6:b5:74:fe:
                    8f:e8:1a:0c:93:86:43:26:ae:25:ad:b8:b5:d6:f9:
                    9d:0a:fe:66:d9:39:49:ae:80:99:76:e4:ec:7c:69:
                    1e:ae:ab:cb:da:89:96:44:d3:a4:02:3c:27:b4:ce:
                    22:8d:96:25:9f:3a:7f:ed:2f:4c:20:12:ed:7d:f3:
                    25:d3:0e:e3:ae:fd:47:fe:98:0d:04:e6:d7:a7:cd:
                    62:8f:95:32:94:bd:54:13:ad:d4:4e:a9:27:1b:9f:
                    8f:e7:df:68:e8:b6:d1:75:8b:5b:58:c6:f2:32:43:
                    aa:91:a0:7f:b4:48:fc:8e:33:98:48:e4:4c:76:78:
                    b3:35:3a:aa:cb:04:6b:d2:78:94:1d:dc:6b:df:1c:
                    98:e4:8a:55:1c:07:3d:18:2c:db:09:8e:28:8e:db:
                    ab:38:3e:27:bd:dc:67:d0:99:39:0d:7b:9d:fe:ce:
                    2a:71:7d:a7:fd:34:c8:e6:8c:e2:51:2e:ab:a0:81:
                    87:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:31:F6:87:19:7E:B3:43:37:7F:CB:3F:B7:31:62:A1:52:CC:A1:29
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ODH2hxl-s0M3f8s_tzFioVLMoSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:97:64:53:c3:fe:7e:82:a7:64:dc:66:30:59:da:9b:9a:01:
         88:1b:18:18:6b:e1:7f:5b:91:db:fc:a5:5f:3d:73:bc:76:f9:
         1e:99:47:88:2c:65:eb:f5:85:4c:7d:5e:03:c5:d4:58:08:7a:
         20:c4:3f:7b:ee:52:b2:c8:f1:33:df:31:a2:d3:48:cb:d5:cc:
         82:b6:b3:be:d9:95:2f:2b:67:a0:aa:03:54:dd:bd:0e:54:8e:
         e8:be:36:ae:b4:0e:2c:3f:96:90:ba:f8:29:93:73:b8:6d:c3:
         24:56:4f:88:76:8a:64:1e:d5:03:62:ed:74:60:cb:f8:ce:b7:
         8d:63:f5:16:a1:1c:ed:6c:95:ed:68:42:4d:ef:98:56:68:22:
         24:d1:46:51:a5:fb:11:5d:16:af:06:cf:6e:09:f2:ba:11:3d:
         0e:2c:f6:e1:c9:c0:be:7b:5c:3f:f5:8e:41:6c:69:01:cf:56:
         f7:72:66:b6:d0:93:76:4f:90:8e:61:65:c3:55:49:71:80:51:
         9e:9c:63:27:40:07:f4:bd:bb:fd:89:8c:d6:2c:8d:90:8f:7e:
         48:2b:b9:2a:6d:2e:24:9d:c2:77:ac:3f:14:9f:e4:56:ad:ee:
         f5:5c:4d:e3:df:87:3f:88:33:74:b6:73:98:04:4f:2f:92:0a:
         15:7e:ea:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZL4OQ2c+Imrt16QeWe2jppCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjQxMTA0MTcyOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODMxZjY4NzE5N2ViMzQzMzc3ZmNiM2ZiNzMxNjJhMTUyY2NhMTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/r+s7GzIAZT685kvv8+Odxh0CP6
TxUeb55CsJHHVwoYOXOO9FmQhbLWyDQ5+9P2qal67Mb9SDpfp0Rb9t5lLYCy1xh6
/ra1dP6P6BoMk4ZDJq4lrbi11vmdCv5m2TlJroCZduTsfGkerqvL2omWRNOkAjwn
tM4ijZYlnzp/7S9MIBLtffMl0w7jrv1H/pgNBObXp81ij5UylL1UE63UTqknG5+P
599o6LbRdYtbWMbyMkOqkaB/tEj8jjOYSORMdnizNTqqywRr0niUHdxr3xyY5IpV
HAc9GCzbCY4ojturOD4nvdxn0Jk5DXud/s4qcX2n/TTI5oziUS6roIGHOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDgx9ocZfrNDN3/LP7cxYqFSzKEpMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvT0RIMmh4bC1zME0zZjhzX3R6RmlvVkxNb1NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlvF6MA0G
CSqGSIb3DQEBCwUAA4IBAQBFl2RTw/5+gqdk3GYwWdqbmgGIGxgYa+F/W5Hb/KVf
PXO8dvkemUeILGXr9YVMfV4DxdRYCHogxD977lKyyPEz3zGi00jL1cyCtrO+2ZUv
K2egqgNU3b0OVI7ovjautA4sP5aQuvgpk3O4bcMkVk+IdopkHtUDYu10YMv4zreN
Y/UWoRztbJXtaEJN75hWaCIk0UZRpfsRXRavBs9uCfK6ET0OLPbhycC+e1w/9Y5B
bGkBz1b3cma20JN2T5COYWXDVUlxgFGenGMnQAf0vbv9iYzWLI2Qj35IK7kqbS4k
ncJ3rD8Un+RWre71XE3j34c/iDN0tnOYBE8vkgoVfuo1
-----END CERTIFICATE-----