Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/50f08f-f907-44de-be94-05764c7edaa7/1/oeb9UBNR9XB41PZS5De6AK2-ch4.roa
File:                     oeb9UBNR9XB41PZS5De6AK2-ch4.roa (raw, json)
Hash identifier:          yvRTUZmjA37axeac03/0cLnrIOrYbuj3vfuCbXulDME=
Subject key identifier:   A1:E6:FD:50:13:51:F5:70:78:D4:F6:52:E4:37:BA:00:AD:BE:72:1E
Certificate issuer:       /CN=4ab6d7c468d092c921314d66473cfa53851cd686
Certificate serial:       018CC50116D2701F6C936105B9DD708038B1
Authority key identifier: 4A:B6:D7:C4:68:D0:92:C9:21:31:4D:66:47:3C:FA:53:85:1C:D6:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SrbXxGjQkskhMU1mRzz6U4Uc1oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/50f08f-f907-44de-be94-05764c7edaa7/1/oeb9UBNR9XB41PZS5De6AK2-ch4.roa
Signing time:             Mon 01 Jan 2024 12:30:32 +0000
ROA not before:           Mon 01 Jan 2024 12:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198279
IP address blocks:        185.55.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/50f08f-f907-44de-be94-05764c7edaa7/1/SrbXxGjQkskhMU1mRzz6U4Uc1oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/50f08f-f907-44de-be94-05764c7edaa7/1/SrbXxGjQkskhMU1mRzz6U4Uc1oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SrbXxGjQkskhMU1mRzz6U4Uc1oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:16:d2:70:1f:6c:93:61:05:b9:dd:70:80:38:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ab6d7c468d092c921314d66473cfa53851cd686
        Validity
            Not Before: Jan  1 12:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1e6fd501351f57078d4f652e437ba00adbe721e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:42:19:1d:d7:d8:2c:0c:8a:d8:8e:52:a6:51:
                    4c:3b:e5:6e:7b:98:c4:25:12:41:d2:d7:ca:69:c8:
                    96:77:80:23:61:c2:76:47:37:5b:37:6e:b6:81:ef:
                    80:16:7b:3f:06:de:d2:68:80:24:06:fa:bc:24:72:
                    31:74:80:d2:a9:80:93:fe:2d:d7:a7:f1:10:ad:87:
                    1d:8e:b4:ae:8f:af:dd:20:f4:f5:13:f7:f7:ed:4f:
                    85:50:66:9b:2a:9b:40:5a:2f:52:ab:32:c0:24:7c:
                    57:34:75:39:10:e8:99:11:ed:93:5b:d9:05:c1:6a:
                    1d:9f:10:e2:88:86:fa:29:95:de:ac:95:f6:bf:17:
                    73:3f:3c:40:35:6f:04:af:7f:18:bb:a0:2e:b0:38:
                    86:86:11:bf:7f:6c:ac:52:39:ff:f0:33:3e:7d:bc:
                    d6:52:4d:98:59:d2:7b:f3:c7:15:10:3e:85:be:c4:
                    60:8b:f2:fa:fa:8e:6c:b5:6b:02:18:8f:16:78:ec:
                    9b:a3:da:6d:55:2e:1a:46:a7:a7:a9:91:6e:67:ed:
                    87:74:3b:57:e7:8d:ae:10:da:13:5d:ff:e0:6a:34:
                    84:21:16:dc:47:b2:ca:08:1c:4d:a5:cd:09:c9:bb:
                    8c:53:55:0f:d4:ad:83:3a:f0:5f:0e:3b:46:1c:55:
                    fd:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:E6:FD:50:13:51:F5:70:78:D4:F6:52:E4:37:BA:00:AD:BE:72:1E
            X509v3 Authority Key Identifier:
                keyid:4A:B6:D7:C4:68:D0:92:C9:21:31:4D:66:47:3C:FA:53:85:1C:D6:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SrbXxGjQkskhMU1mRzz6U4Uc1oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/50f08f-f907-44de-be94-05764c7edaa7/1/oeb9UBNR9XB41PZS5De6AK2-ch4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/50f08f-f907-44de-be94-05764c7edaa7/1/SrbXxGjQkskhMU1mRzz6U4Uc1oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.55.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:01:48:de:2b:a6:72:0f:ab:ca:f9:ed:de:7b:b6:8a:85:af:
         fd:eb:8f:fc:a1:95:1f:9f:94:43:07:8c:59:71:43:32:65:ad:
         93:72:6f:39:67:ab:98:c0:c4:84:57:0e:53:e9:f3:d7:b0:cc:
         95:33:80:bc:23:cc:f6:f1:b6:f5:87:04:a8:b8:d7:25:5b:43:
         72:df:88:97:73:fe:53:4f:b3:49:05:a7:1d:99:66:36:a8:a0:
         38:0d:3b:e6:ea:4c:f5:b6:52:8b:1e:2d:3d:87:73:1e:7b:b7:
         97:75:4a:13:a0:3e:49:fe:49:f2:64:07:ec:49:de:3c:c5:75:
         da:c7:cf:98:d5:2f:37:73:b6:06:c9:06:8b:a9:01:53:0a:c6:
         8c:0c:27:f2:8b:77:23:c7:5e:51:f8:a4:2d:dc:ab:ca:41:92:
         1e:83:4c:26:d8:fa:33:9c:1d:01:4e:a5:b1:a6:38:24:0d:fd:
         c1:ef:de:1b:e4:f8:b6:32:10:5c:ad:f9:d3:05:a5:58:8c:35:
         6c:33:3c:58:5a:c5:5f:0e:34:f2:b3:5c:f1:6f:81:ff:63:f6:
         12:93:53:32:7c:70:2a:49:9a:84:7c:24:3c:fb:c4:66:b8:6b:
         75:b3:b6:11:7b:0a:cc:8a:ad:cc:4a:2f:b8:bb:5f:42:39:ef:
         0b:f0:f3:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFARbScB9sk2EFud1wgDixMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhYjZkN2M0NjhkMDkyYzkyMTMxNGQ2NjQ3M2NmYTUzODUx
Y2Q2ODYwHhcNMjQwMTAxMTIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWU2ZmQ1MDEzNTFmNTcwNzhkNGY2NTJlNDM3YmEwMGFkYmU3MjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UIZHdfYLAyK2I5SplFMO+Vue5jE
JRJB0tfKaciWd4AjYcJ2RzdbN262ge+AFns/Bt7SaIAkBvq8JHIxdIDSqYCT/i3X
p/EQrYcdjrSuj6/dIPT1E/f37U+FUGabKptAWi9SqzLAJHxXNHU5EOiZEe2TW9kF
wWodnxDiiIb6KZXerJX2vxdzPzxANW8Er38Yu6AusDiGhhG/f2ysUjn/8DM+fbzW
Uk2YWdJ788cVED6FvsRgi/L6+o5stWsCGI8WeOybo9ptVS4aRqenqZFuZ+2HdDtX
542uENoTXf/gajSEIRbcR7LKCBxNpc0JybuMU1UP1K2DOvBfDjtGHFX9nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKHm/VATUfVweNT2UuQ3ugCtvnIeMB8GA1UdIwQY
MBaAFEq218Ro0JLJITFNZkc8+lOFHNaGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3JiWHhHalFrc2toTVUxbVJ6ejZVNFVjMW9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy81MGYwOGYtZjkwNy00NGRlLWJlOTQt
MDU3NjRjN2VkYWE3LzEvb2ViOVVCTlI5WEI0MVBaUzVEZTZBSzItY2g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy81MGYwOGYtZjkwNy00NGRlLWJlOTQtMDU3NjRjN2VkYWE3
LzEvU3JiWHhHalFrc2toTVUxbVJ6ejZVNFVjMW9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTeWMA0G
CSqGSIb3DQEBCwUAA4IBAQBwAUjeK6ZyD6vK+e3ee7aKha/964/8oZUfn5RDB4xZ
cUMyZa2Tcm85Z6uYwMSEVw5T6fPXsMyVM4C8I8z28bb1hwSouNclW0Ny34iXc/5T
T7NJBacdmWY2qKA4DTvm6kz1tlKLHi09h3Mee7eXdUoToD5J/knyZAfsSd48xXXa
x8+Y1S83c7YGyQaLqQFTCsaMDCfyi3cjx15R+KQt3KvKQZIeg0wm2PoznB0BTqWx
pjgkDf3B794b5Pi2MhBcrfnTBaVYjDVsMzxYWsVfDjTys1zxb4H/Y/YSk1MyfHAq
SZqEfCQ8+8RmuGt1s7YRewrMiq3MSi+4u19COe8L8POL
-----END CERTIFICATE-----