Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/24e327-7658-463c-8990-b1c9b789aaa9/1/MlQ8erQArbzDw4t7GS_Itj3jI6s.roa
File:                     MlQ8erQArbzDw4t7GS_Itj3jI6s.roa (raw, json)
Hash identifier:          9HYwfmdj1pDE7g5q4NPyVdJ5nogwlAmOXrWO5WxnTHQ=
Subject key identifier:   32:54:3C:7A:B4:00:AD:BC:C3:C3:8B:7B:19:2F:C8:B6:3D:E3:23:AB
Certificate issuer:       /CN=c7e8d959f1c9564a33f28fe44ab614b8f62b001b
Certificate serial:       018CC8715DCDEA3813B9EE8A749310069E51
Authority key identifier: C7:E8:D9:59:F1:C9:56:4A:33:F2:8F:E4:4A:B6:14:B8:F6:2B:00:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x-jZWfHJVkoz8o_kSrYUuPYrABs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/24e327-7658-463c-8990-b1c9b789aaa9/1/MlQ8erQArbzDw4t7GS_Itj3jI6s.roa
Signing time:             Tue 02 Jan 2024 04:32:01 +0000
ROA not before:           Tue 02 Jan 2024 04:32:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198594
IP address blocks:        37.60.24.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/24e327-7658-463c-8990-b1c9b789aaa9/1/x-jZWfHJVkoz8o_kSrYUuPYrABs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/24e327-7658-463c-8990-b1c9b789aaa9/1/x-jZWfHJVkoz8o_kSrYUuPYrABs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x-jZWfHJVkoz8o_kSrYUuPYrABs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:5d:cd:ea:38:13:b9:ee:8a:74:93:10:06:9e:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7e8d959f1c9564a33f28fe44ab614b8f62b001b
        Validity
            Not Before: Jan  2 04:32:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32543c7ab400adbcc3c38b7b192fc8b63de323ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e3:ea:37:ea:48:b3:72:44:07:3d:b4:a2:b7:
                    e7:c3:4f:96:05:47:0c:e3:b2:32:03:06:6b:38:ec:
                    da:dd:a7:99:3b:54:43:cf:e5:15:e9:1d:a8:02:05:
                    a2:4f:35:f2:52:a3:03:c9:bd:6b:86:f4:f9:29:ec:
                    e1:88:9d:8f:6b:47:81:9c:b7:2a:07:6f:7e:1e:e0:
                    e4:f5:c7:1b:13:44:6f:45:6a:37:a1:9f:cd:08:3d:
                    eb:d5:7e:2d:90:9a:98:03:80:7c:62:7a:f5:a2:b5:
                    10:b1:a1:1e:52:92:fd:80:e5:8c:03:39:47:07:66:
                    c8:60:25:e8:b9:f2:3c:0d:9f:bb:82:12:b1:32:64:
                    f2:09:06:3e:d4:bf:5e:a7:e7:2a:96:54:94:af:03:
                    ae:65:bf:58:84:70:f9:dd:cb:22:c7:1b:6c:bb:68:
                    af:3a:29:04:32:7d:a6:e4:7a:5d:5f:e1:ae:dd:ee:
                    5c:82:23:d8:22:1a:56:bf:10:c3:ba:ed:00:48:d9:
                    ce:96:c2:2f:cc:e1:e2:df:fc:44:12:68:35:7c:32:
                    c8:19:4a:2e:22:61:67:06:10:23:f4:2f:be:a6:9e:
                    ec:07:09:17:75:6f:0b:3f:3c:f7:02:25:62:66:22:
                    3e:8e:8c:48:1e:30:09:74:0d:31:91:87:4a:36:dc:
                    e2:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:54:3C:7A:B4:00:AD:BC:C3:C3:8B:7B:19:2F:C8:B6:3D:E3:23:AB
            X509v3 Authority Key Identifier:
                keyid:C7:E8:D9:59:F1:C9:56:4A:33:F2:8F:E4:4A:B6:14:B8:F6:2B:00:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x-jZWfHJVkoz8o_kSrYUuPYrABs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/24e327-7658-463c-8990-b1c9b789aaa9/1/MlQ8erQArbzDw4t7GS_Itj3jI6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/24e327-7658-463c-8990-b1c9b789aaa9/1/x-jZWfHJVkoz8o_kSrYUuPYrABs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.60.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         57:01:0a:44:d1:f4:dd:a9:de:b4:9a:17:3b:33:49:41:cd:02:
         13:4e:5b:c3:ea:5e:bd:e0:70:c7:6b:91:70:fc:6a:18:67:bc:
         dc:d0:8f:d9:25:69:df:96:74:df:4f:70:a5:84:9b:41:7b:3d:
         6e:09:80:62:c5:3d:c6:5f:7a:7b:37:50:dc:24:b8:33:3d:72:
         8c:5f:96:ce:f0:17:e4:2d:81:5a:15:1e:7f:aa:b2:fd:7e:30:
         08:12:6f:22:d5:16:20:67:cc:57:e6:86:83:80:ce:a0:fb:78:
         74:a5:c6:b2:3d:21:21:48:7f:da:0c:a2:db:29:ff:a9:9e:6a:
         6f:ca:79:85:bd:5a:01:95:87:d8:75:7b:6c:46:74:3b:39:f7:
         33:68:9e:6f:35:dd:d9:95:98:72:b1:9c:a4:e7:5f:a5:e8:24:
         fc:01:44:32:fe:14:75:37:58:51:9d:1a:3b:af:27:70:e1:7f:
         77:33:9b:43:e3:c8:8d:a4:5d:6f:e8:17:f1:dd:43:32:93:44:
         9f:80:a4:b5:36:2f:c1:11:72:29:9f:36:8d:f8:bc:67:53:59:
         e8:62:a1:bc:82:1b:71:e3:d4:e7:99:1c:ed:dd:0f:46:da:c3:
         35:68:2e:2e:07:ed:cb:95:80:9b:4d:a3:50:7c:d6:9f:64:dc:
         ef:19:1f:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcV3N6jgTue6KdJMQBp5RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ZThkOTU5ZjFjOTU2NGEzM2YyOGZlNDRhYjYxNGI4ZjYy
YjAwMWIwHhcNMjQwMTAyMDQzMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjU0M2M3YWI0MDBhZGJjYzNjMzhiN2IxOTJmYzhiNjNkZTMyM2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOPqN+pIs3JEBz20orfnw0+WBUcM
47IyAwZrOOza3aeZO1RDz+UV6R2oAgWiTzXyUqMDyb1rhvT5KezhiJ2Pa0eBnLcq
B29+HuDk9ccbE0RvRWo3oZ/NCD3r1X4tkJqYA4B8Ynr1orUQsaEeUpL9gOWMAzlH
B2bIYCXoufI8DZ+7ghKxMmTyCQY+1L9ep+cqllSUrwOuZb9YhHD53csixxtsu2iv
OikEMn2m5HpdX+Gu3e5cgiPYIhpWvxDDuu0ASNnOlsIvzOHi3/xEEmg1fDLIGUou
ImFnBhAj9C++pp7sBwkXdW8LPzz3AiViZiI+joxIHjAJdA0xkYdKNtzifwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJUPHq0AK28w8OLexkvyLY94yOrMB8GA1UdIwQY
MBaAFMfo2VnxyVZKM/KP5Eq2FLj2KwAbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveC1qWldmSEpWa296OG9fa1NyWVV1UFlyQUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8yNGUzMjctNzY1OC00NjNjLTg5OTAt
YjFjOWI3ODlhYWE5LzEvTWxROGVyUUFyYnpEdzR0N0dTX0l0ajNqSTZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8yNGUzMjctNzY1OC00NjNjLTg5OTAtYjFjOWI3ODlhYWE5
LzEveC1qWldmSEpWa296OG9fa1NyWVV1UFlyQUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDJTwYMA0G
CSqGSIb3DQEBCwUAA4IBAQBXAQpE0fTdqd60mhc7M0lBzQITTlvD6l694HDHa5Fw
/GoYZ7zc0I/ZJWnflnTfT3ClhJtBez1uCYBixT3GX3p7N1DcJLgzPXKMX5bO8Bfk
LYFaFR5/qrL9fjAIEm8i1RYgZ8xX5oaDgM6g+3h0pcayPSEhSH/aDKLbKf+pnmpv
ynmFvVoBlYfYdXtsRnQ7OfczaJ5vNd3ZlZhysZyk51+l6CT8AUQy/hR1N1hRnRo7
rydw4X93M5tD48iNpF1v6Bfx3UMyk0SfgKS1Ni/BEXIpnzaN+LxnU1noYqG8ghtx
49TnmRzt3Q9G2sM1aC4uB+3LlYCbTaNQfNafZNzvGR8h
-----END CERTIFICATE-----