Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/upCJ80B1LznAzjDXxnVzxMD0OZw.roa
File:                     upCJ80B1LznAzjDXxnVzxMD0OZw.roa (raw, json)
Hash identifier:          XnAHAWPelWNRp+E5DciHSW3yVe3DEvU18gdryxaJkOM=
Subject key identifier:   BA:90:89:F3:40:75:2F:39:C0:CE:30:D7:C6:75:73:C4:C0:F4:39:9C
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       0192C0172BC15EB90B759418D2BC2357A247
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/upCJ80B1LznAzjDXxnVzxMD0OZw.roa
Signing time:             Thu 24 Oct 2024 19:53:16 +0000
ROA not before:           Thu 24 Oct 2024 19:53:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215590
IP address blocks:        150.241.106.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c0:17:2b:c1:5e:b9:0b:75:94:18:d2:bc:23:57:a2:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Oct 24 19:53:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba9089f340752f39c0ce30d7c67573c4c0f4399c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:05:f7:49:c4:df:f7:01:59:87:a8:c3:a6:a3:
                    72:6e:11:40:90:ad:14:49:c4:0f:f2:47:5b:12:9d:
                    7c:a6:c0:8c:5c:d1:e4:97:78:71:cf:ad:d5:bc:e5:
                    b6:7d:87:ad:8e:f4:22:0c:f6:71:62:54:81:89:ed:
                    b3:45:cb:d7:fa:0f:0d:55:54:a4:9b:bf:f2:97:54:
                    2c:5b:b5:47:b7:f8:e4:dc:cd:8b:78:cb:08:34:75:
                    5b:f9:9c:38:5a:07:9c:7b:cb:4b:72:35:19:f0:9a:
                    eb:2a:85:d7:78:1f:d1:52:88:37:0d:38:21:85:d9:
                    22:1f:78:9f:43:8c:57:4f:81:f2:b7:90:ec:e3:bd:
                    d4:53:31:26:16:3c:ea:85:8e:b0:81:18:32:cb:5f:
                    b6:78:c6:fa:85:ee:0a:0c:12:a1:38:b9:67:6b:85:
                    11:48:59:b1:da:16:df:e9:01:6a:1b:f4:64:2d:47:
                    a5:d0:30:76:3c:54:82:28:b3:5b:0a:6f:6e:ff:45:
                    f8:64:40:1a:ce:f6:e3:b4:c4:34:a2:19:1d:46:a1:
                    62:c9:a6:39:de:84:54:37:9e:dc:9f:08:a1:99:18:
                    df:e5:24:45:42:cf:4a:aa:e9:c0:44:64:1c:22:5c:
                    00:8e:76:87:36:ab:3f:34:a9:9b:54:1b:43:0d:74:
                    65:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:90:89:F3:40:75:2F:39:C0:CE:30:D7:C6:75:73:C4:C0:F4:39:9C
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/upCJ80B1LznAzjDXxnVzxMD0OZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.106.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:64:26:ed:1c:ff:e9:79:5c:34:86:40:3c:09:39:38:cc:46:
         41:ba:aa:8a:33:74:7f:b3:46:79:41:dc:f4:bf:bc:09:93:fb:
         c9:be:0b:b3:16:4f:6b:4d:29:1f:ae:9a:52:8a:67:ee:eb:82:
         e9:58:09:f1:7e:76:22:41:dc:73:f5:73:24:da:a1:b3:4c:5f:
         67:90:b7:c6:02:c1:17:f7:56:ad:e4:7b:06:d1:4a:64:fa:8c:
         69:a8:cb:01:22:d8:f8:ad:9d:b8:34:cd:75:32:d1:1f:f7:55:
         d8:76:64:58:7c:e9:fc:0b:c0:eb:29:af:8f:ee:90:77:14:03:
         98:58:6e:6d:b3:4b:0a:35:9f:e4:23:e8:c4:b7:be:64:77:51:
         4c:2b:02:60:fc:c3:68:0f:2b:cc:78:cc:f7:5d:99:c3:00:8d:
         47:bf:c3:57:4e:69:14:4a:0e:a0:14:1f:45:d8:9e:9e:31:5d:
         b0:8f:77:b4:5d:ed:b3:bc:c7:41:a9:56:7e:52:74:b0:ec:82:
         7a:b7:10:e0:5b:e6:e6:11:a2:20:1e:d4:59:d9:2b:2d:02:10:
         31:d2:d2:37:57:52:c8:8f:8d:41:d8:a6:9d:f5:1f:48:73:21:
         fc:95:b8:23:99:21:98:aa:62:9f:e6:e0:c2:72:4a:07:8d:29:
         7f:6f:5b:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLAFyvBXrkLdZQY0rwjV6JHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjQxMDI0MTk1MzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTkwODlmMzQwNzUyZjM5YzBjZTMwZDdjNjc1NzNjNGMwZjQzOTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3AX3ScTf9wFZh6jDpqNybhFAkK0U
ScQP8kdbEp18psCMXNHkl3hxz63VvOW2fYetjvQiDPZxYlSBie2zRcvX+g8NVVSk
m7/yl1QsW7VHt/jk3M2LeMsINHVb+Zw4Wgece8tLcjUZ8JrrKoXXeB/RUog3DTgh
hdkiH3ifQ4xXT4Hyt5Ds473UUzEmFjzqhY6wgRgyy1+2eMb6he4KDBKhOLlna4UR
SFmx2hbf6QFqG/RkLUel0DB2PFSCKLNbCm9u/0X4ZEAazvbjtMQ0ohkdRqFiyaY5
3oRUN57cnwihmRjf5SRFQs9KqunARGQcIlwAjnaHNqs/NKmbVBtDDXRljwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLqQifNAdS85wM4w18Z1c8TA9DmcMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvdXBDSjgwQjFMem5BempEWHhuVnp4TUQwT1p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBlvFqMA0G
CSqGSIb3DQEBCwUAA4IBAQAlZCbtHP/peVw0hkA8CTk4zEZBuqqKM3R/s0Z5Qdz0
v7wJk/vJvguzFk9rTSkfrppSimfu64LpWAnxfnYiQdxz9XMk2qGzTF9nkLfGAsEX
91at5HsG0Upk+oxpqMsBItj4rZ24NM11MtEf91XYdmRYfOn8C8DrKa+P7pB3FAOY
WG5ts0sKNZ/kI+jEt75kd1FMKwJg/MNoDyvMeMz3XZnDAI1Hv8NXTmkUSg6gFB9F
2J6eMV2wj3e0Xe2zvMdBqVZ+UnSw7IJ6txDgW+bmEaIgHtRZ2SstAhAx0tI3V1LI
j41B2Kad9R9IcyH8lbgjmSGYqmKf5uDCckoHjSl/b1uC
-----END CERTIFICATE-----