Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/tYr47OESsNA3SFhYFvGQ_T5PG_g.roa
File:                     tYr47OESsNA3SFhYFvGQ_T5PG_g.roa (raw, json)
Hash identifier:          e82XMyooaQDPKRIghOS7zUe9/PFpc4Qc/VMynSEYQxw=
Subject key identifier:   B5:8A:F8:EC:E1:12:B0:D0:37:48:58:58:16:F1:90:FD:3E:4F:1B:F8
Certificate issuer:       /CN=0f6363d428b7915c108825f09706004b8ea3d4b5
Certificate serial:       018CC7935A0F24D3557344DBA3CBA7B6B066
Authority key identifier: 0F:63:63:D4:28:B7:91:5C:10:88:25:F0:97:06:00:4B:8E:A3:D4:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/tYr47OESsNA3SFhYFvGQ_T5PG_g.roa
Signing time:             Tue 02 Jan 2024 00:29:32 +0000
ROA not before:           Tue 02 Jan 2024 00:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9087
IP address blocks:        37.143.4.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:5a:0f:24:d3:55:73:44:db:a3:cb:a7:b6:b0:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f6363d428b7915c108825f09706004b8ea3d4b5
        Validity
            Not Before: Jan  2 00:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b58af8ece112b0d03748585816f190fd3e4f1bf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:67:c8:22:11:1e:46:33:a0:2c:cb:1f:b0:d4:
                    86:3b:89:60:ec:91:85:d5:fe:9a:15:52:75:ee:56:
                    ce:0c:b7:01:a0:da:39:67:43:9c:ab:28:f2:91:cc:
                    2d:7f:ec:61:fb:84:04:16:8d:04:37:9b:97:d0:0d:
                    00:67:8b:e6:7e:55:f4:90:b6:46:57:fb:3e:2c:2b:
                    42:e4:89:54:2b:4f:49:35:d6:c1:b0:f6:14:1c:28:
                    23:fd:65:a8:1b:90:ab:31:8a:a4:2b:47:55:1f:9b:
                    8c:38:70:86:29:40:4f:56:e6:ec:d6:06:45:be:6b:
                    8a:51:8a:4a:2d:5c:f0:4e:66:89:cc:0e:ac:90:75:
                    3f:b9:e2:e2:53:da:ab:c8:19:af:65:b7:ef:02:b7:
                    cd:e7:a4:cb:48:85:2a:03:04:ec:a0:62:b0:56:de:
                    4f:73:8a:6a:03:60:72:da:40:bf:cf:98:a0:6d:2a:
                    cd:d7:aa:d4:de:de:aa:ae:07:d5:e4:f2:ef:ca:f2:
                    f7:6e:16:55:e5:58:8e:30:3a:c0:43:93:21:4f:07:
                    87:1d:a9:df:5d:29:9f:84:46:f6:c4:88:24:b8:c1:
                    eb:1f:2d:4f:c0:4c:e4:4e:1c:2d:17:ab:17:2c:d0:
                    fd:20:02:0d:2b:30:eb:c3:4c:be:da:25:66:f5:be:
                    24:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:8A:F8:EC:E1:12:B0:D0:37:48:58:58:16:F1:90:FD:3E:4F:1B:F8
            X509v3 Authority Key Identifier:
                keyid:0F:63:63:D4:28:B7:91:5C:10:88:25:F0:97:06:00:4B:8E:A3:D4:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/tYr47OESsNA3SFhYFvGQ_T5PG_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cb:fa:f2:43:3e:5a:f3:3f:aa:1e:31:8e:7f:a4:4b:e9:69:b8:
         80:55:62:68:52:c0:3b:96:cb:c7:bf:d3:b2:4f:29:4f:f7:c3:
         5b:6f:45:0b:67:4f:a8:b7:77:9c:12:b9:dd:dc:d5:77:28:68:
         0c:9f:0d:fb:cb:0f:8d:da:72:81:1d:bd:ce:ac:d6:b7:4e:59:
         7c:9a:4c:ea:37:30:2b:03:37:02:44:42:c6:95:20:82:1d:da:
         14:08:88:3d:7e:84:c6:a1:3d:05:c0:01:22:aa:6f:c5:5e:f9:
         29:a5:7e:54:d8:7c:64:47:57:f3:1f:3d:4f:b3:21:b2:97:ae:
         a7:40:68:d4:a4:23:bc:89:88:8c:17:7c:b4:18:bf:99:41:84:
         d8:e3:cb:1d:6b:37:fa:b6:71:13:f6:b3:fc:36:23:16:b9:0d:
         18:90:f0:0b:73:0f:7c:4d:39:a7:71:59:8c:c9:3f:8b:e1:ed:
         2a:d8:c4:76:a0:a8:3b:3b:71:06:b7:ff:99:7d:35:ad:ce:56:
         9c:82:0e:63:0e:d9:f7:8b:cd:5f:f2:35:62:7c:6d:49:3c:5d:
         93:0a:2c:7f:58:de:f8:05:9f:00:26:70:fd:67:f1:f4:9b:53:
         08:4f:c2:c3:e7:66:44:64:46:d2:49:ca:98:7b:14:10:3c:62:
         c6:a0:45:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk1oPJNNVc0Tbo8untrBmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNjM2M2Q0MjhiNzkxNWMxMDg4MjVmMDk3MDYwMDRiOGVh
M2Q0YjUwHhcNMjQwMTAyMDAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNThhZjhlY2UxMTJiMGQwMzc0ODU4NTgxNmYxOTBmZDNlNGYxYmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGfIIhEeRjOgLMsfsNSGO4lg7JGF
1f6aFVJ17lbODLcBoNo5Z0Ocqyjykcwtf+xh+4QEFo0EN5uX0A0AZ4vmflX0kLZG
V/s+LCtC5IlUK09JNdbBsPYUHCgj/WWoG5CrMYqkK0dVH5uMOHCGKUBPVubs1gZF
vmuKUYpKLVzwTmaJzA6skHU/ueLiU9qryBmvZbfvArfN56TLSIUqAwTsoGKwVt5P
c4pqA2By2kC/z5igbSrN16rU3t6qrgfV5PLvyvL3bhZV5ViOMDrAQ5MhTweHHanf
XSmfhEb2xIgkuMHrHy1PwEzkThwtF6sXLND9IAINKzDrw0y+2iVm9b4khQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLWK+OzhErDQN0hYWBbxkP0+Txv4MB8GA1UdIwQY
MBaAFA9jY9Qot5FcEIgl8JcGAEuOo9S1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDJOajFDaTNrVndRaUNYd2x3WUFTNDZqMUxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy82YmVjYjAtMThmZC00YWRkLWJiNDEt
MmUxYzBhZjRmYWE0LzEvdFlyNDdPRVNzTkEzU0ZoWUZ2R1FfVDVQR19nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy82YmVjYjAtMThmZC00YWRkLWJiNDEtMmUxYzBhZjRmYWE0
LzEvRDJOajFDaTNrVndRaUNYd2x3WUFTNDZqMUxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJY8EMA0G
CSqGSIb3DQEBCwUAA4IBAQDL+vJDPlrzP6oeMY5/pEvpabiAVWJoUsA7lsvHv9Oy
TylP98Nbb0ULZ0+ot3ecErnd3NV3KGgMnw37yw+N2nKBHb3OrNa3Tll8mkzqNzAr
AzcCRELGlSCCHdoUCIg9foTGoT0FwAEiqm/FXvkppX5U2HxkR1fzHz1PsyGyl66n
QGjUpCO8iYiMF3y0GL+ZQYTY48sdazf6tnET9rP8NiMWuQ0YkPALcw98TTmncVmM
yT+L4e0q2MR2oKg7O3EGt/+ZfTWtzlacgg5jDtn3i81f8jVifG1JPF2TCix/WN74
BZ8AJnD9Z/H0m1MIT8LD52ZEZEbSScqYexQQPGLGoEWh
-----END CERTIFICATE-----