Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/03f256-7401-4af4-97d0-ead1af8691ba/1/8biKB2vGMJbBGX3tgDBGmh72Ojg.roa
File:                     8biKB2vGMJbBGX3tgDBGmh72Ojg.roa (raw, json)
Hash identifier:          YbxuPjnf684l1nWNU/gBnzQbAVBcmVDQEqLtHqmYfMI=
Subject key identifier:   F1:B8:8A:07:6B:C6:30:96:C1:19:7D:ED:80:30:46:9A:1E:F6:3A:38
Certificate issuer:       /CN=9be0a611e0678b8d329ee550312b246e0dcf4698
Certificate serial:       018CC50112D92FB30C63BC59B1B90210EDBB
Authority key identifier: 9B:E0:A6:11:E0:67:8B:8D:32:9E:E5:50:31:2B:24:6E:0D:CF:46:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m-CmEeBni40ynuVQMSskbg3PRpg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/03f256-7401-4af4-97d0-ead1af8691ba/1/8biKB2vGMJbBGX3tgDBGmh72Ojg.roa
Signing time:             Mon 01 Jan 2024 12:30:31 +0000
ROA not before:           Mon 01 Jan 2024 12:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6744
IP address blocks:        150.140.0.0/17 maxlen: 17

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/03f256-7401-4af4-97d0-ead1af8691ba/1/m-CmEeBni40ynuVQMSskbg3PRpg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/03f256-7401-4af4-97d0-ead1af8691ba/1/m-CmEeBni40ynuVQMSskbg3PRpg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m-CmEeBni40ynuVQMSskbg3PRpg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:12:d9:2f:b3:0c:63:bc:59:b1:b9:02:10:ed:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9be0a611e0678b8d329ee550312b246e0dcf4698
        Validity
            Not Before: Jan  1 12:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1b88a076bc63096c1197ded8030469a1ef63a38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:4b:89:d1:a3:c6:04:6f:f0:f2:06:0d:98:fb:
                    8c:66:6b:6a:dc:d0:e9:5b:90:e7:94:70:19:3b:86:
                    d6:21:73:72:ec:95:5d:63:05:da:77:4e:85:e7:83:
                    24:e2:14:52:a0:30:2b:de:05:11:ab:cb:70:b1:74:
                    b1:f4:d0:c4:87:00:1d:1a:29:da:63:ec:fb:35:38:
                    57:3f:e4:f2:b7:94:a2:9b:fe:3a:cc:4e:e9:ec:9a:
                    70:c4:7b:35:c8:3b:1d:00:f4:e2:44:6c:77:37:12:
                    fc:4a:c5:da:b9:72:22:ed:71:f0:5e:57:d8:bf:8f:
                    a6:8b:1a:d6:47:35:78:ef:41:7b:a2:78:b7:76:57:
                    54:e8:c9:a1:30:03:67:56:1c:ee:28:dc:3c:09:fa:
                    e7:5a:d5:bf:f6:26:85:57:2f:d9:10:76:ee:b5:a8:
                    66:1a:20:64:b3:01:46:5c:bc:04:de:61:07:22:32:
                    d7:4b:2f:1a:f4:86:d3:0a:a6:95:bd:45:b9:ec:06:
                    5a:97:13:a0:a2:f7:e8:8e:6f:95:67:4d:a6:a3:62:
                    6a:98:c6:34:90:05:6e:d7:1d:ab:10:8d:5c:fa:e1:
                    2f:c7:fc:20:41:10:e3:25:8a:ab:3d:94:da:69:f6:
                    cd:c4:1c:0a:08:2b:c7:36:a4:09:32:07:d6:61:4b:
                    c4:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:B8:8A:07:6B:C6:30:96:C1:19:7D:ED:80:30:46:9A:1E:F6:3A:38
            X509v3 Authority Key Identifier:
                keyid:9B:E0:A6:11:E0:67:8B:8D:32:9E:E5:50:31:2B:24:6E:0D:CF:46:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m-CmEeBni40ynuVQMSskbg3PRpg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/03f256-7401-4af4-97d0-ead1af8691ba/1/8biKB2vGMJbBGX3tgDBGmh72Ojg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/03f256-7401-4af4-97d0-ead1af8691ba/1/m-CmEeBni40ynuVQMSskbg3PRpg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.140.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         90:79:18:52:9d:23:94:c5:80:ab:7e:6f:79:a5:b5:a3:62:a0:
         72:45:b3:1f:53:75:4c:9f:e3:05:08:98:02:b2:a7:24:fc:30:
         a3:3f:b1:09:ae:c3:ee:d9:1d:3e:58:b9:d8:10:50:bb:b7:02:
         91:f6:85:3a:ab:80:7e:a5:ec:72:a8:22:6d:b4:31:c9:3f:28:
         dc:3b:5a:8d:85:db:c5:6b:11:e1:f6:d0:ac:30:ec:9c:9a:59:
         08:e1:d2:31:e5:a7:63:30:01:23:06:ff:51:1d:e5:a5:d9:78:
         bf:58:eb:b7:1e:e9:94:ca:17:88:36:76:6a:33:96:c0:ea:89:
         2a:96:9b:8b:24:73:9e:a4:e7:da:cb:77:cd:23:ec:b2:a0:ee:
         f3:92:c5:b4:41:d0:6a:1c:40:5a:5e:11:cc:1a:78:f7:81:6e:
         e5:97:54:10:ec:aa:1c:37:fd:23:d7:57:45:26:e9:d4:37:c5:
         e3:d9:52:d0:37:fc:5f:9f:c2:d0:5d:66:b5:f0:37:fb:53:2a:
         66:74:cf:5e:6b:2f:9c:36:f1:25:81:80:57:6d:a3:a4:5c:d9:
         a4:76:61:0e:9b:49:a4:bc:b4:8c:bb:12:66:33:ca:9a:21:7e:
         27:b9:84:70:5c:a2:7a:98:c1:56:c4:59:79:6a:32:cb:63:c3:
         94:63:f5:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFARLZL7MMY7xZsbkCEO27MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZTBhNjExZTA2NzhiOGQzMjllZTU1MDMxMmIyNDZlMGRj
ZjQ2OTgwHhcNMjQwMTAxMTIzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWI4OGEwNzZiYzYzMDk2YzExOTdkZWQ4MDMwNDY5YTFlZjYzYTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEuJ0aPGBG/w8gYNmPuMZmtq3NDp
W5DnlHAZO4bWIXNy7JVdYwXad06F54Mk4hRSoDAr3gURq8twsXSx9NDEhwAdGina
Y+z7NThXP+Tyt5Sim/46zE7p7JpwxHs1yDsdAPTiRGx3NxL8SsXauXIi7XHwXlfY
v4+mixrWRzV470F7oni3dldU6MmhMANnVhzuKNw8CfrnWtW/9iaFVy/ZEHbutahm
GiBkswFGXLwE3mEHIjLXSy8a9IbTCqaVvUW57AZalxOgovfojm+VZ02mo2JqmMY0
kAVu1x2rEI1c+uEvx/wgQRDjJYqrPZTaafbNxBwKCCvHNqQJMgfWYUvEkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPG4igdrxjCWwRl97YAwRpoe9jo4MB8GA1UdIwQY
MBaAFJvgphHgZ4uNMp7lUDErJG4Nz0aYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbS1DbUVlQm5pNDB5bnVWUU1Tc2tiZzNQUnBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8wM2YyNTYtNzQwMS00YWY0LTk3ZDAt
ZWFkMWFmODY5MWJhLzEvOGJpS0IydkdNSmJCR1gzdGdEQkdtaDcyT2pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8wM2YyNTYtNzQwMS00YWY0LTk3ZDAtZWFkMWFmODY5MWJh
LzEvbS1DbUVlQm5pNDB5bnVWUU1Tc2tiZzNQUnBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHlowAMA0G
CSqGSIb3DQEBCwUAA4IBAQCQeRhSnSOUxYCrfm95pbWjYqByRbMfU3VMn+MFCJgC
sqck/DCjP7EJrsPu2R0+WLnYEFC7twKR9oU6q4B+pexyqCJttDHJPyjcO1qNhdvF
axHh9tCsMOycmlkI4dIx5adjMAEjBv9RHeWl2Xi/WOu3HumUyheINnZqM5bA6okq
lpuLJHOepOfay3fNI+yyoO7zksW0QdBqHEBaXhHMGnj3gW7ll1QQ7KocN/0j11dF
JunUN8Xj2VLQN/xfn8LQXWa18Df7UypmdM9eay+cNvElgYBXbaOkXNmkdmEOm0mk
vLSMuxJmM8qaIX4nuYRwXKJ6mMFWxFl5ajLLY8OUY/Xp
-----END CERTIFICATE-----