Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/N8qBO070spV9Fc-nDFxzyK-Rrrc.roa
File:                     N8qBO070spV9Fc-nDFxzyK-Rrrc.roa (raw, json)
Hash identifier:          Tyu5rW2Yzovo8AkSm4gIxPG67RJM1g2Ifr/QHsIJYDU=
Subject key identifier:   37:CA:81:3B:4E:F4:B2:95:7D:15:CF:A7:0C:5C:73:C8:AF:91:AE:B7
Certificate issuer:       /CN=f6de346b5805327bbc9df5e49b16c997ea3a1254
Certificate serial:       018D63B9C979F59465BEB24405112430F031
Authority key identifier: F6:DE:34:6B:58:05:32:7B:BC:9D:F5:E4:9B:16:C9:97:EA:3A:12:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9t40a1gFMnu8nfXkmxbJl-o6ElQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/N8qBO070spV9Fc-nDFxzyK-Rrrc.roa
Signing time:             Thu 01 Feb 2024 08:12:16 +0000
ROA not before:           Thu 01 Feb 2024 08:12:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198139
IP address blocks:        185.195.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/9t40a1gFMnu8nfXkmxbJl-o6ElQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/9t40a1gFMnu8nfXkmxbJl-o6ElQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9t40a1gFMnu8nfXkmxbJl-o6ElQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:63:b9:c9:79:f5:94:65:be:b2:44:05:11:24:30:f0:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6de346b5805327bbc9df5e49b16c997ea3a1254
        Validity
            Not Before: Feb  1 08:12:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37ca813b4ef4b2957d15cfa70c5c73c8af91aeb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b7:cb:d3:10:a1:11:35:75:0b:a1:73:90:cb:
                    83:9a:39:c8:56:fe:bf:f2:f7:70:71:dc:54:b3:f1:
                    b9:28:b4:bd:cc:b7:06:a5:53:3c:dd:1e:32:0e:c2:
                    c0:98:4f:98:78:9d:f6:db:42:29:98:78:3d:5a:d4:
                    44:f6:a3:05:e8:a3:19:5f:2e:1d:a4:1e:2f:30:cf:
                    1d:3f:2f:46:7f:0b:06:16:46:0a:8a:63:7a:91:df:
                    df:2d:3f:e2:9c:7a:d2:9b:b5:2a:ae:4e:1c:14:be:
                    c6:b5:27:8e:ee:13:34:4d:72:a2:a4:7d:9b:55:01:
                    1c:c3:d8:a7:76:bd:13:ba:d7:26:33:56:a0:2c:4f:
                    2c:63:85:ea:9e:ef:93:f6:07:e0:df:77:38:21:7e:
                    1c:19:fa:e1:0e:8a:2e:8c:bf:cc:fa:b4:ca:20:ac:
                    9d:d8:6b:46:f3:ad:0e:10:52:94:c2:be:86:2e:41:
                    08:76:00:f2:d3:53:81:04:33:53:20:df:48:20:9c:
                    9a:77:14:a6:e8:b4:cd:0a:08:20:d1:c9:bc:77:3f:
                    80:11:b7:0c:e5:55:64:34:9f:93:11:cc:bc:0c:87:
                    f9:80:66:5b:e0:db:82:bb:bc:a8:5e:de:be:ee:7f:
                    ce:a8:83:c4:67:b4:ea:72:04:25:f9:4b:c7:ee:5d:
                    be:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:CA:81:3B:4E:F4:B2:95:7D:15:CF:A7:0C:5C:73:C8:AF:91:AE:B7
            X509v3 Authority Key Identifier:
                keyid:F6:DE:34:6B:58:05:32:7B:BC:9D:F5:E4:9B:16:C9:97:EA:3A:12:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9t40a1gFMnu8nfXkmxbJl-o6ElQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/N8qBO070spV9Fc-nDFxzyK-Rrrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/9t40a1gFMnu8nfXkmxbJl-o6ElQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:b1:a1:82:b0:9f:c1:19:3e:38:ce:e8:5a:d9:f3:26:5c:42:
         e1:b8:99:ad:e7:f8:9a:71:a5:88:a7:e1:07:e8:65:f8:b0:56:
         c8:73:2f:e6:9d:04:ea:3e:17:a6:cc:e6:4b:ed:7f:61:ac:10:
         80:fc:08:f0:33:c6:2f:b2:c6:bd:5d:63:88:cf:75:e0:ce:4a:
         93:34:6c:95:d0:9a:78:58:5b:f9:6c:05:79:f9:f7:32:17:27:
         11:6f:6b:f4:a0:9b:50:5b:8b:58:2a:0f:5f:a6:04:3a:ca:73:
         54:48:42:da:b2:dd:7e:93:ad:a3:d6:a1:79:22:12:03:7a:72:
         a5:fe:63:ea:9a:a4:23:85:7d:6f:d2:66:bf:a4:99:72:bd:c1:
         83:6b:6a:da:05:5e:a9:9a:42:cf:06:ca:54:1b:3b:a6:1d:fa:
         15:07:b5:2b:a9:81:b9:80:0a:b9:4a:02:72:40:42:dd:b3:1e:
         72:bb:84:b4:ec:34:e8:b2:55:63:2b:0d:b7:fe:62:18:26:59:
         cf:a4:e1:4a:62:6c:b6:72:0c:18:a3:01:26:54:2d:d7:fd:3a:
         72:fe:79:27:6f:24:b9:0d:05:8b:77:ae:9f:9f:68:23:82:ae:
         c8:ee:0c:f2:6c:84:cf:f8:92:5a:fd:a8:11:8a:dc:a2:06:1e:
         fa:99:05:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1jucl59ZRlvrJEBREkMPAxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2ZGUzNDZiNTgwNTMyN2JiYzlkZjVlNDliMTZjOTk3ZWEz
YTEyNTQwHhcNMjQwMjAxMDgxMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2NhODEzYjRlZjRiMjk1N2QxNWNmYTcwYzVjNzNjOGFmOTFhZWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrfL0xChETV1C6FzkMuDmjnIVv6/
8vdwcdxUs/G5KLS9zLcGpVM83R4yDsLAmE+YeJ3220IpmHg9WtRE9qMF6KMZXy4d
pB4vMM8dPy9GfwsGFkYKimN6kd/fLT/inHrSm7Uqrk4cFL7GtSeO7hM0TXKipH2b
VQEcw9indr0TutcmM1agLE8sY4Xqnu+T9gfg33c4IX4cGfrhDooujL/M+rTKIKyd
2GtG860OEFKUwr6GLkEIdgDy01OBBDNTIN9IIJyadxSm6LTNCggg0cm8dz+AEbcM
5VVkNJ+TEcy8DIf5gGZb4NuCu7yoXt6+7n/OqIPEZ7TqcgQl+UvH7l2+oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDfKgTtO9LKVfRXPpwxcc8ivka63MB8GA1UdIwQY
MBaAFPbeNGtYBTJ7vJ315JsWyZfqOhJUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXQ0MGExZ0ZNbnU4bmZYa214YkpsLW82RWxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8zYTg0NjQtMDcyNy00ZDFjLTg5MjUt
NzNhYjg1NjRiOWNhLzEvTjhxQk8wNzBzcFY5RmMtbkRGeHp5Sy1ScnJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8zYTg0NjQtMDcyNy00ZDFjLTg5MjUtNzNhYjg1NjRiOWNh
LzEvOXQ0MGExZ0ZNbnU4bmZYa214YkpsLW82RWxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucOUMA0G
CSqGSIb3DQEBCwUAA4IBAQBXsaGCsJ/BGT44zuha2fMmXELhuJmt5/iacaWIp+EH
6GX4sFbIcy/mnQTqPhemzOZL7X9hrBCA/AjwM8Yvssa9XWOIz3XgzkqTNGyV0Jp4
WFv5bAV5+fcyFycRb2v0oJtQW4tYKg9fpgQ6ynNUSELast1+k62j1qF5IhIDenKl
/mPqmqQjhX1v0ma/pJlyvcGDa2raBV6pmkLPBspUGzumHfoVB7UrqYG5gAq5SgJy
QELdsx5yu4S07DToslVjKw23/mIYJlnPpOFKYmy2cgwYowEmVC3X/Tpy/nknbyS5
DQWLd66fn2gjgq7I7gzybITP+JJa/agRityiBh76mQU7
-----END CERTIFICATE-----