Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/08b59b-4fd3-4569-9b56-1e0cc5e158fa/1/OwFZcocb5WMDzw0fFISz1Tkfy6E.roa
File:                     OwFZcocb5WMDzw0fFISz1Tkfy6E.roa (raw, json)
Hash identifier:          ts08NJWE1XMXY/G5wA0nLhhai2bPkd24RT4miIKsIdg=
Subject key identifier:   3B:01:59:72:87:1B:E5:63:03:CF:0D:1F:14:84:B3:D5:39:1F:CB:A1
Certificate issuer:       /CN=943e827f66d5b3955fe6d73ba0f15fbaac8b5150
Certificate serial:       018CC3B6777E71DE0F9F9B00E7B2E9401EDA
Authority key identifier: 94:3E:82:7F:66:D5:B3:95:5F:E6:D7:3B:A0:F1:5F:BA:AC:8B:51:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lD6Cf2bVs5Vf5tc7oPFfuqyLUVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/08b59b-4fd3-4569-9b56-1e0cc5e158fa/1/OwFZcocb5WMDzw0fFISz1Tkfy6E.roa
Signing time:             Mon 01 Jan 2024 06:29:24 +0000
ROA not before:           Mon 01 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21212
IP address blocks:        185.153.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/08b59b-4fd3-4569-9b56-1e0cc5e158fa/1/lD6Cf2bVs5Vf5tc7oPFfuqyLUVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/08b59b-4fd3-4569-9b56-1e0cc5e158fa/1/lD6Cf2bVs5Vf5tc7oPFfuqyLUVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lD6Cf2bVs5Vf5tc7oPFfuqyLUVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:77:7e:71:de:0f:9f:9b:00:e7:b2:e9:40:1e:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=943e827f66d5b3955fe6d73ba0f15fbaac8b5150
        Validity
            Not Before: Jan  1 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b015972871be56303cf0d1f1484b3d5391fcba1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:2b:7b:6d:1a:03:f3:36:5f:69:70:36:61:39:
                    d4:2e:3f:2f:d8:f4:03:c7:44:99:3a:f9:74:da:d0:
                    cd:6b:e2:ef:bd:d3:2b:6b:21:cf:e8:0f:42:b9:c1:
                    1f:77:6e:16:da:96:03:44:67:3a:0d:57:82:7f:d2:
                    67:ac:eb:3c:35:9a:24:b7:4f:8a:c8:1a:28:8a:39:
                    2e:76:a5:44:ca:97:61:f3:d8:b0:52:3c:ec:ab:65:
                    7d:bb:3f:71:03:ee:ed:cb:96:04:6c:6c:e6:4d:36:
                    b1:9f:2d:9d:50:43:f9:8c:94:fc:f6:4e:dd:38:47:
                    08:ef:ca:d9:11:45:e9:ce:8e:f7:2a:eb:99:77:e4:
                    6c:e7:25:68:c0:04:0b:bb:52:8f:8d:9c:bf:48:26:
                    64:18:58:63:a1:60:c7:bd:e5:3c:a7:f9:cf:eb:66:
                    4b:7a:bc:f7:47:90:8b:86:ed:33:45:06:ad:75:89:
                    b3:64:94:71:bd:9b:b6:83:a4:70:ea:7c:f7:25:90:
                    e0:9c:e5:6f:16:31:da:a4:97:f7:b2:d2:81:2c:a4:
                    21:5f:6e:d4:a5:1b:bb:e2:fd:76:9b:13:5f:46:dc:
                    23:17:ca:6b:be:ae:8e:1e:ba:02:23:78:0e:6b:02:
                    fd:77:28:c5:bd:28:7e:8f:94:f5:2c:5d:3c:f8:7b:
                    49:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:01:59:72:87:1B:E5:63:03:CF:0D:1F:14:84:B3:D5:39:1F:CB:A1
            X509v3 Authority Key Identifier:
                keyid:94:3E:82:7F:66:D5:B3:95:5F:E6:D7:3B:A0:F1:5F:BA:AC:8B:51:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lD6Cf2bVs5Vf5tc7oPFfuqyLUVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/08b59b-4fd3-4569-9b56-1e0cc5e158fa/1/OwFZcocb5WMDzw0fFISz1Tkfy6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/08b59b-4fd3-4569-9b56-1e0cc5e158fa/1/lD6Cf2bVs5Vf5tc7oPFfuqyLUVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.153.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:be:34:3d:e0:b6:24:80:60:ce:68:09:e6:91:d1:d8:70:b1:
         5d:56:46:3e:7d:dd:92:d2:de:a3:8e:b0:24:2b:b7:a2:90:fe:
         61:23:05:68:8b:d6:f8:ad:02:16:eb:26:5b:1d:95:86:56:26:
         2b:7a:fc:5f:93:5c:37:35:8f:de:43:9f:b3:d2:06:8a:65:22:
         01:5c:19:be:9d:ef:ee:e1:29:41:45:01:fb:fb:38:06:a5:fd:
         d4:19:03:64:51:7b:db:88:04:6e:ea:4f:b2:8e:f0:5b:42:f3:
         0e:b2:e0:64:81:14:d3:6c:e4:c3:72:68:c8:ba:12:e6:fb:75:
         8d:0f:bd:6d:f2:21:44:84:0f:62:7a:f1:e0:4b:c3:57:53:a4:
         a4:77:fa:da:77:00:61:a4:db:e8:3e:ee:b0:4b:bb:a5:3e:09:
         ed:0d:34:05:20:8f:83:1e:b6:af:d8:9c:7a:6f:38:f4:08:b8:
         09:04:c0:ec:e0:6d:d1:fe:03:2b:0a:d5:65:65:53:7e:a2:14:
         19:26:6d:c3:d0:43:e0:96:9f:e7:cb:4e:4b:41:08:ff:4d:37:
         10:0e:c5:fe:10:bc:fa:8a:33:52:b2:66:a9:1f:4d:51:d3:bd:
         57:79:55:97:7f:ea:1c:c8:62:01:7a:bf:53:eb:7a:17:96:74:
         e7:2f:27:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtnd+cd4Pn5sA57LpQB7aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0M2U4MjdmNjZkNWIzOTU1ZmU2ZDczYmEwZjE1ZmJhYWM4
YjUxNTAwHhcNMjQwMTAxMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjAxNTk3Mjg3MWJlNTYzMDNjZjBkMWYxNDg0YjNkNTM5MWZjYmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCt7bRoD8zZfaXA2YTnULj8v2PQD
x0SZOvl02tDNa+LvvdMrayHP6A9CucEfd24W2pYDRGc6DVeCf9JnrOs8NZokt0+K
yBooijkudqVEypdh89iwUjzsq2V9uz9xA+7ty5YEbGzmTTaxny2dUEP5jJT89k7d
OEcI78rZEUXpzo73KuuZd+Rs5yVowAQLu1KPjZy/SCZkGFhjoWDHveU8p/nP62ZL
erz3R5CLhu0zRQatdYmzZJRxvZu2g6Rw6nz3JZDgnOVvFjHapJf3stKBLKQhX27U
pRu74v12mxNfRtwjF8prvq6OHroCI3gOawL9dyjFvSh+j5T1LF08+HtJAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDsBWXKHG+VjA88NHxSEs9U5H8uhMB8GA1UdIwQY
MBaAFJQ+gn9m1bOVX+bXO6DxX7qsi1FQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEQ2Q2YyYlZzNVZmNXRjN29QRmZ1cXlMVVZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8wOGI1OWItNGZkMy00NTY5LTliNTYt
MWUwY2M1ZTE1OGZhLzEvT3dGWmNvY2I1V01EencwZkZJU3oxVGtmeTZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8wOGI1OWItNGZkMy00NTY5LTliNTYtMWUwY2M1ZTE1OGZh
LzEvbEQ2Q2YyYlZzNVZmNXRjN29QRmZ1cXlMVVZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZmJMA0G
CSqGSIb3DQEBCwUAA4IBAQB1vjQ94LYkgGDOaAnmkdHYcLFdVkY+fd2S0t6jjrAk
K7eikP5hIwVoi9b4rQIW6yZbHZWGViYrevxfk1w3NY/eQ5+z0gaKZSIBXBm+ne/u
4SlBRQH7+zgGpf3UGQNkUXvbiARu6k+yjvBbQvMOsuBkgRTTbOTDcmjIuhLm+3WN
D71t8iFEhA9ievHgS8NXU6Skd/radwBhpNvoPu6wS7ulPgntDTQFII+DHrav2Jx6
bzj0CLgJBMDs4G3R/gMrCtVlZVN+ohQZJm3D0EPglp/ny05LQQj/TTcQDsX+ELz6
ijNSsmapH01R071XeVWXf+ocyGIBer9T63oXlnTnLydi
-----END CERTIFICATE-----