Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/55303a-f225-4a3f-825f-5dcd82def84f/1/uaaEtknuU7PLERJ8mruhR_GVFY4.roa
File:                     uaaEtknuU7PLERJ8mruhR_GVFY4.roa (raw, json)
Hash identifier:          aCUbTplcvpfkvAbH7hgg1t+8vZS/TkEAJy+b68YPgVE=
Subject key identifier:   B9:A6:84:B6:49:EE:53:B3:CB:11:12:7C:9A:BB:A1:47:F1:95:15:8E
Certificate issuer:       /CN=73fc89023eac74ab298563f99ddb71f6f15f9538
Certificate serial:       018CC5DC9A28329E6B8EB7A0B5ADBA8C7323
Authority key identifier: 73:FC:89:02:3E:AC:74:AB:29:85:63:F9:9D:DB:71:F6:F1:5F:95:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_yJAj6sdKsphWP5ndtx9vFflTg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/55303a-f225-4a3f-825f-5dcd82def84f/1/uaaEtknuU7PLERJ8mruhR_GVFY4.roa
Signing time:             Mon 01 Jan 2024 16:30:17 +0000
ROA not before:           Mon 01 Jan 2024 16:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201987
IP address blocks:        159.255.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/55303a-f225-4a3f-825f-5dcd82def84f/1/c_yJAj6sdKsphWP5ndtx9vFflTg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/55303a-f225-4a3f-825f-5dcd82def84f/1/c_yJAj6sdKsphWP5ndtx9vFflTg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c_yJAj6sdKsphWP5ndtx9vFflTg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:9a:28:32:9e:6b:8e:b7:a0:b5:ad:ba:8c:73:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73fc89023eac74ab298563f99ddb71f6f15f9538
        Validity
            Not Before: Jan  1 16:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9a684b649ee53b3cb11127c9abba147f195158e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:0f:a1:5f:76:04:c7:dd:3b:3d:87:bc:12:93:
                    3d:41:d2:a1:10:ef:27:98:7c:17:92:34:bc:60:bc:
                    c0:43:5f:61:be:6d:77:fc:6c:d2:dd:49:8c:b8:f4:
                    02:6f:95:ec:22:63:21:b2:b0:17:6c:85:4d:19:12:
                    58:c2:1f:d9:a6:93:ae:77:df:dd:2c:3a:fd:c1:ce:
                    9e:6f:be:bc:e4:d7:03:80:5f:50:af:7b:f6:5f:9e:
                    56:fa:4a:33:2d:36:5b:76:d9:59:4e:18:3f:14:bb:
                    50:ad:ca:44:1b:16:b1:b9:b8:85:2f:47:c9:1e:0e:
                    ba:d2:7e:9a:f7:52:03:16:a9:4b:60:15:cf:ad:84:
                    d5:e0:2a:c4:c1:0e:16:ce:9d:3f:e7:2f:74:59:ec:
                    5d:c2:ff:cb:de:73:1f:44:56:4e:04:b9:87:52:ff:
                    6b:25:63:11:ac:aa:ee:18:31:ca:55:96:32:69:7d:
                    0c:b5:e4:c3:a5:90:9b:7b:a6:ed:14:4d:4d:cc:ad:
                    fb:25:b3:a9:11:4c:0c:09:35:ed:2d:54:34:f1:a0:
                    79:df:f4:98:09:b8:6f:16:63:5b:f7:a5:a5:80:fd:
                    07:06:2a:5a:3a:b0:02:ad:33:dd:1c:7b:a7:b0:98:
                    58:41:22:d4:de:3a:db:9a:b0:7f:ef:28:37:89:79:
                    11:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:A6:84:B6:49:EE:53:B3:CB:11:12:7C:9A:BB:A1:47:F1:95:15:8E
            X509v3 Authority Key Identifier:
                keyid:73:FC:89:02:3E:AC:74:AB:29:85:63:F9:9D:DB:71:F6:F1:5F:95:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_yJAj6sdKsphWP5ndtx9vFflTg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/55303a-f225-4a3f-825f-5dcd82def84f/1/uaaEtknuU7PLERJ8mruhR_GVFY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/55303a-f225-4a3f-825f-5dcd82def84f/1/c_yJAj6sdKsphWP5ndtx9vFflTg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.255.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:2b:6c:ac:1f:3f:f3:13:b6:2e:6d:7f:9c:23:01:c6:f2:9e:
         9e:20:9a:89:ec:42:fb:23:4a:fa:65:24:d1:21:40:f5:61:2a:
         bb:e7:5d:18:63:bb:24:e3:e6:4e:ca:1d:61:4d:18:95:70:f5:
         bb:a4:69:f8:37:6c:6a:93:a1:28:e7:49:48:81:c8:b9:2f:13:
         af:11:88:4b:fa:c2:6a:7b:7e:18:f1:4f:de:c6:dd:d7:55:8e:
         d4:2b:9f:eb:05:22:7e:a1:71:a4:ed:3a:50:8c:2d:3e:1f:a8:
         18:bf:9a:af:13:f8:a2:1b:8c:dc:ee:fb:77:89:e5:ee:4d:62:
         16:31:23:77:d4:55:2f:c9:84:36:d8:d0:47:64:21:05:40:5d:
         58:6b:8b:28:86:4b:39:9f:40:79:64:4d:db:8b:b2:77:42:4b:
         0a:62:a4:92:9f:7f:ad:9a:c8:09:b6:64:5c:77:a1:ba:10:77:
         81:b8:91:cf:16:48:90:67:61:fe:16:ed:b1:9b:3b:4a:34:42:
         a2:75:3e:7c:3a:3c:03:e2:a5:ed:bd:85:b6:b8:c0:6e:11:0b:
         d8:26:51:78:91:75:a5:bf:78:a3:e2:eb:fa:e1:80:4b:a2:a1:
         bd:97:8e:6b:ac:da:cb:1b:11:ce:d4:80:56:57:f1:b3:32:46:
         04:10:7a:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3JooMp5rjregta26jHMjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZmM4OTAyM2VhYzc0YWIyOTg1NjNmOTlkZGI3MWY2ZjE1
Zjk1MzgwHhcNMjQwMTAxMTYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWE2ODRiNjQ5ZWU1M2IzY2IxMTEyN2M5YWJiYTE0N2YxOTUxNThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjg+hX3YEx907PYe8EpM9QdKhEO8n
mHwXkjS8YLzAQ19hvm13/GzS3UmMuPQCb5XsImMhsrAXbIVNGRJYwh/ZppOud9/d
LDr9wc6eb7685NcDgF9Qr3v2X55W+kozLTZbdtlZThg/FLtQrcpEGxaxubiFL0fJ
Hg660n6a91IDFqlLYBXPrYTV4CrEwQ4Wzp0/5y90Wexdwv/L3nMfRFZOBLmHUv9r
JWMRrKruGDHKVZYyaX0MteTDpZCbe6btFE1NzK37JbOpEUwMCTXtLVQ08aB53/SY
CbhvFmNb96WlgP0HBipaOrACrTPdHHunsJhYQSLU3jrbmrB/7yg3iXkRzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLmmhLZJ7lOzyxESfJq7oUfxlRWOMB8GA1UdIwQY
MBaAFHP8iQI+rHSrKYVj+Z3bcfbxX5U4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY195SkFqNnNkS3NwaFdQNW5kdHg5dkZmbFRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC81NTMwM2EtZjIyNS00YTNmLTgyNWYt
NWRjZDgyZGVmODRmLzEvdWFhRXRrbnVVN1BMRVJKOG1ydWhSX0dWRlk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC81NTMwM2EtZjIyNS00YTNmLTgyNWYtNWRjZDgyZGVmODRm
LzEvY195SkFqNnNkS3NwaFdQNW5kdHg5dkZmbFRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn/+UMA0G
CSqGSIb3DQEBCwUAA4IBAQA9K2ysHz/zE7YubX+cIwHG8p6eIJqJ7EL7I0r6ZSTR
IUD1YSq7510YY7sk4+ZOyh1hTRiVcPW7pGn4N2xqk6Eo50lIgci5LxOvEYhL+sJq
e34Y8U/ext3XVY7UK5/rBSJ+oXGk7TpQjC0+H6gYv5qvE/iiG4zc7vt3ieXuTWIW
MSN31FUvyYQ22NBHZCEFQF1Ya4sohks5n0B5ZE3bi7J3QksKYqSSn3+tmsgJtmRc
d6G6EHeBuJHPFkiQZ2H+Fu2xmztKNEKidT58OjwD4qXtvYW2uMBuEQvYJlF4kXWl
v3ij4uv64YBLoqG9l45rrNrLGxHO1IBWV/GzMkYEEHqZ
-----END CERTIFICATE-----