Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/U1eKmWYm-OPwdrEjvBh936w4zBk.roa
File:                     U1eKmWYm-OPwdrEjvBh936w4zBk.roa (raw, json)
Hash identifier:          u8yTS7QsRs27pU56GhAi9ZnkYPwilbnGyAX1liXbHjQ=
Subject key identifier:   53:57:8A:99:66:26:F8:E3:F0:76:B1:23:BC:18:7D:DF:AC:38:CC:19
Certificate issuer:       /CN=29db7ca4eee1e453d26fab99c8201adf894612be
Certificate serial:       018CC5DCA1CBAE8AD4F1D43827994DD1B7AC
Authority key identifier: 29:DB:7C:A4:EE:E1:E4:53:D2:6F:AB:99:C8:20:1A:DF:89:46:12:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kdt8pO7h5FPSb6uZyCAa34lGEr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/U1eKmWYm-OPwdrEjvBh936w4zBk.roa
Signing time:             Mon 01 Jan 2024 16:30:20 +0000
ROA not before:           Mon 01 Jan 2024 16:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207339
IP address blocks:        37.123.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/Kdt8pO7h5FPSb6uZyCAa34lGEr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/Kdt8pO7h5FPSb6uZyCAa34lGEr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kdt8pO7h5FPSb6uZyCAa34lGEr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:a1:cb:ae:8a:d4:f1:d4:38:27:99:4d:d1:b7:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29db7ca4eee1e453d26fab99c8201adf894612be
        Validity
            Not Before: Jan  1 16:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53578a996626f8e3f076b123bc187ddfac38cc19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:66:0f:e2:c6:e9:39:68:4a:5a:c0:0f:bc:5b:
                    8a:ae:1e:e0:6c:59:c9:fa:28:1d:58:7f:78:8c:c5:
                    de:dc:4d:37:7b:d6:13:7f:51:64:3a:69:c7:a1:8c:
                    a3:e8:30:21:87:21:e0:e3:68:6f:76:a8:70:16:ef:
                    7c:57:22:f8:3c:46:69:ba:d9:81:7b:96:4d:f9:10:
                    0a:fb:dd:ac:eb:c8:a7:c9:aa:18:b7:66:53:c4:c6:
                    90:9b:ba:72:50:4c:dc:fd:c4:4b:be:f3:c9:d1:b4:
                    95:19:b5:fc:c7:7d:eb:6e:85:dd:9b:7c:ef:b2:ce:
                    a6:7c:af:87:3f:1b:18:d3:2d:25:39:82:19:a3:cf:
                    02:53:96:86:f2:2e:35:ba:11:6b:ed:c4:b7:87:5f:
                    1a:64:5c:55:72:9e:cc:a5:26:92:d4:f9:df:3c:75:
                    bb:be:a0:74:77:8b:35:21:74:bd:fe:a4:05:2d:81:
                    c7:ec:44:b4:2f:67:d4:65:f8:05:c1:01:fd:bb:d4:
                    ed:a2:f9:ff:fe:b3:1d:35:56:c2:32:36:a0:9e:e7:
                    da:e0:62:e9:e1:e4:70:56:53:41:e8:c2:6b:f4:dc:
                    1f:3e:ce:73:3e:60:20:0b:d6:f0:58:fb:01:8e:db:
                    0f:06:70:30:db:48:cb:9c:76:d5:cb:d8:78:25:d4:
                    e9:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:57:8A:99:66:26:F8:E3:F0:76:B1:23:BC:18:7D:DF:AC:38:CC:19
            X509v3 Authority Key Identifier:
                keyid:29:DB:7C:A4:EE:E1:E4:53:D2:6F:AB:99:C8:20:1A:DF:89:46:12:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kdt8pO7h5FPSb6uZyCAa34lGEr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/U1eKmWYm-OPwdrEjvBh936w4zBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/Kdt8pO7h5FPSb6uZyCAa34lGEr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.123.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:2f:67:7d:ab:2d:d8:c2:f7:7f:cf:9d:74:c2:6b:1e:5e:17:
         cb:c4:8d:16:39:93:29:14:36:68:a6:85:f4:4f:fa:f4:60:38:
         66:c3:4b:52:8c:ca:b6:72:bf:8a:81:e6:e3:06:be:95:c4:33:
         3b:bb:09:c2:1d:c3:44:54:ad:90:3c:9e:ea:03:a0:a9:52:c7:
         9f:ba:b7:8e:cc:6c:14:a6:15:36:8c:92:77:2c:e7:37:6e:dd:
         eb:4d:56:58:b9:77:fd:cc:ec:a5:1f:ca:47:86:93:e8:84:06:
         73:92:ae:d7:54:58:cb:28:fa:73:73:f7:00:a6:f6:0f:6a:3f:
         2d:76:01:a7:0d:f5:2d:85:ed:c3:75:64:6c:78:9c:e5:3e:7e:
         36:ed:09:be:f7:7f:a2:fa:ff:e8:03:de:a3:c1:71:1d:87:73:
         06:67:81:b4:a7:5a:17:51:df:70:4f:08:49:0f:01:00:41:f6:
         be:21:30:4c:0c:f2:be:e9:3e:e7:4f:79:e7:65:62:22:b3:35:
         28:0b:a1:5e:8c:0a:e7:74:89:41:2d:76:d6:d8:16:c5:e1:9e:
         61:46:30:b6:c3:75:97:73:cb:b5:dc:73:a8:b8:33:aa:32:06:
         24:8e:de:7d:1b:90:3e:2d:73:72:46:73:4a:9c:4f:dd:dd:b3:
         ca:77:2e:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3KHLrorU8dQ4J5lN0besMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZGI3Y2E0ZWVlMWU0NTNkMjZmYWI5OWM4MjAxYWRmODk0
NjEyYmUwHhcNMjQwMTAxMTYzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzU3OGE5OTY2MjZmOGUzZjA3NmIxMjNiYzE4N2RkZmFjMzhjYzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmYP4sbpOWhKWsAPvFuKrh7gbFnJ
+igdWH94jMXe3E03e9YTf1FkOmnHoYyj6DAhhyHg42hvdqhwFu98VyL4PEZputmB
e5ZN+RAK+92s68inyaoYt2ZTxMaQm7pyUEzc/cRLvvPJ0bSVGbX8x33rboXdm3zv
ss6mfK+HPxsY0y0lOYIZo88CU5aG8i41uhFr7cS3h18aZFxVcp7MpSaS1PnfPHW7
vqB0d4s1IXS9/qQFLYHH7ES0L2fUZfgFwQH9u9Ttovn//rMdNVbCMjagnufa4GLp
4eRwVlNB6MJr9NwfPs5zPmAgC9bwWPsBjtsPBnAw20jLnHbVy9h4JdTpNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFNXiplmJvjj8HaxI7wYfd+sOMwZMB8GA1UdIwQY
MBaAFCnbfKTu4eRT0m+rmcggGt+JRhK+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2R0OHBPN2g1RlBTYjZ1WnlDQWEzNGxHRXI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy83ZjI5MGItODFjNy00MmI3LTk0N2Yt
ZDMzZmExNjA1YWUxLzEvVTFlS21XWW0tT1B3ZHJFanZCaDkzNnc0ekJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy83ZjI5MGItODFjNy00MmI3LTk0N2YtZDMzZmExNjA1YWUx
LzEvS2R0OHBPN2g1RlBTYjZ1WnlDQWEzNGxHRXI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJXv+MA0G
CSqGSIb3DQEBCwUAA4IBAQA8L2d9qy3Ywvd/z510wmseXhfLxI0WOZMpFDZopoX0
T/r0YDhmw0tSjMq2cr+KgebjBr6VxDM7uwnCHcNEVK2QPJ7qA6CpUsefureOzGwU
phU2jJJ3LOc3bt3rTVZYuXf9zOylH8pHhpPohAZzkq7XVFjLKPpzc/cApvYPaj8t
dgGnDfUthe3DdWRseJzlPn427Qm+93+i+v/oA96jwXEdh3MGZ4G0p1oXUd9wTwhJ
DwEAQfa+ITBMDPK+6T7nT3nnZWIiszUoC6FejArndIlBLXbW2BbF4Z5hRjC2w3WX
c8u13HOouDOqMgYkjt59G5A+LXNyRnNKnE/d3bPKdy7Y
-----END CERTIFICATE-----