Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/1JCW52nrIHjMMfc-RVAdo2qhwEM.roa
File:                     1JCW52nrIHjMMfc-RVAdo2qhwEM.roa (raw, json)
Hash identifier:          VV/OFxazXo/N1ziQct231frBpIs6oKonzYAzsVnSTwI=
Subject key identifier:   D4:90:96:E7:69:EB:20:78:CC:31:F7:3E:45:50:1D:A3:6A:A1:C0:43
Certificate issuer:       /CN=c089423af1be03027196d1f81df22992978cda6e
Certificate serial:       018CC64B77C0090B9EE6EAD27D9869F4AD0F
Authority key identifier: C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/1JCW52nrIHjMMfc-RVAdo2qhwEM.roa
Signing time:             Mon 01 Jan 2024 18:31:23 +0000
ROA not before:           Mon 01 Jan 2024 18:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134121
IP address blocks:        212.115.52.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 07:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:77:c0:09:0b:9e:e6:ea:d2:7d:98:69:f4:ad:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c089423af1be03027196d1f81df22992978cda6e
        Validity
            Not Before: Jan  1 18:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d49096e769eb2078cc31f73e45501da36aa1c043
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ac:0b:95:ea:24:f6:3f:04:0b:56:3a:71:6b:
                    18:c6:37:e7:81:96:12:1a:5d:9d:c4:21:d0:bb:ec:
                    04:53:42:89:a6:99:ce:fa:b2:cb:7c:0c:9f:3b:ff:
                    56:4f:ab:e6:bf:aa:7b:f7:a6:31:bc:85:90:3c:39:
                    8e:6a:41:28:90:59:32:52:2b:9a:1a:d4:30:46:fe:
                    9a:c2:c6:b0:90:77:e0:a2:31:96:3c:8e:43:5b:71:
                    f7:05:39:97:ee:d6:b1:6e:99:45:4c:00:46:a5:18:
                    8a:76:91:e5:68:8d:3b:a7:a7:65:c4:7a:ab:4a:36:
                    52:70:ea:cb:b9:22:6b:7b:f7:1a:49:6c:69:aa:db:
                    72:90:0d:dd:77:24:3a:31:eb:bb:7d:5f:41:41:12:
                    2d:2d:ff:7b:a5:f8:c5:ae:08:be:c9:a3:11:31:9f:
                    81:53:00:69:ad:b4:81:5c:bc:ae:66:57:a7:c4:2e:
                    b1:aa:6f:f7:60:7c:45:32:37:bb:c1:21:26:88:bd:
                    aa:f5:45:47:34:b3:29:7d:76:59:62:93:3c:0b:03:
                    bf:c2:5b:27:07:50:07:1d:f1:87:b0:58:c3:86:52:
                    16:b7:98:c3:cc:da:64:2d:12:6f:02:0b:ed:9d:11:
                    5b:b6:c9:d2:68:28:46:cf:9d:79:5c:c7:57:4b:0a:
                    74:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:90:96:E7:69:EB:20:78:CC:31:F7:3E:45:50:1D:A3:6A:A1:C0:43
            X509v3 Authority Key Identifier:
                keyid:C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/1JCW52nrIHjMMfc-RVAdo2qhwEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.115.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:e0:b0:de:92:b9:50:9a:9d:6b:df:87:08:83:70:cf:17:55:
         d3:b0:2d:3e:a2:f0:f7:67:f7:f5:02:aa:15:0c:d2:81:10:a4:
         f6:12:9f:0a:dd:c3:64:d0:a1:c0:e4:3d:58:ea:6f:e6:eb:99:
         16:1f:2b:21:46:c4:fa:8e:8d:7e:37:1e:ce:ce:72:35:80:8a:
         47:04:56:be:77:4f:e0:80:32:5b:57:10:5d:d5:4c:ca:4c:de:
         61:5a:6a:b4:71:cb:96:cb:88:82:90:67:b6:13:f3:2b:c9:a2:
         6a:55:6f:94:62:02:96:26:ce:d1:1e:94:f9:ee:11:dc:6c:5f:
         46:52:d2:17:79:e2:67:d3:f9:e0:35:b5:14:8b:32:4a:97:e8:
         08:d9:f2:c0:39:41:bf:26:5a:99:6a:f1:62:37:09:59:53:1b:
         d2:a1:13:00:15:19:b2:46:e8:9c:b9:8b:b2:17:61:52:2e:64:
         08:d5:48:ee:69:f3:f7:bf:46:a2:56:d2:a1:cd:c0:d8:bc:9d:
         bc:e2:92:65:f7:97:16:76:a2:8d:ff:55:fb:7d:88:6a:e8:5e:
         d5:89:65:28:ad:78:3e:df:39:7f:3c:15:1e:96:c5:9a:da:8d:
         9b:3c:05:e6:3d:e7:0b:d1:fd:09:66:66:b9:fd:c6:20:d3:fd:
         77:b0:6a:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS3fACQue5urSfZhp9K0PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwODk0MjNhZjFiZTAzMDI3MTk2ZDFmODFkZjIyOTkyOTc4
Y2RhNmUwHhcNMjQwMTAxMTgzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDkwOTZlNzY5ZWIyMDc4Y2MzMWY3M2U0NTUwMWRhMzZhYTFjMDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxawLleok9j8EC1Y6cWsYxjfngZYS
Gl2dxCHQu+wEU0KJppnO+rLLfAyfO/9WT6vmv6p796YxvIWQPDmOakEokFkyUiua
GtQwRv6awsawkHfgojGWPI5DW3H3BTmX7taxbplFTABGpRiKdpHlaI07p6dlxHqr
SjZScOrLuSJre/caSWxpqttykA3ddyQ6Meu7fV9BQRItLf97pfjFrgi+yaMRMZ+B
UwBprbSBXLyuZlenxC6xqm/3YHxFMje7wSEmiL2q9UVHNLMpfXZZYpM8CwO/wlsn
B1AHHfGHsFjDhlIWt5jDzNpkLRJvAgvtnRFbtsnSaChGz515XMdXSwp0TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNSQludp6yB4zDH3PkVQHaNqocBDMB8GA1UdIwQY
MBaAFMCJQjrxvgMCcZbR+B3yKZKXjNpuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgt
NjUzMzJiNDdmNWViLzEvMUpDVzUybnJJSGpNTWZjLVJWQWRvMnFod0VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgtNjUzMzJiNDdmNWVi
LzEvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1HM0MA0G
CSqGSIb3DQEBCwUAA4IBAQCZ4LDekrlQmp1r34cIg3DPF1XTsC0+ovD3Z/f1AqoV
DNKBEKT2Ep8K3cNk0KHA5D1Y6m/m65kWHyshRsT6jo1+Nx7OznI1gIpHBFa+d0/g
gDJbVxBd1UzKTN5hWmq0ccuWy4iCkGe2E/MryaJqVW+UYgKWJs7RHpT57hHcbF9G
UtIXeeJn0/ngNbUUizJKl+gI2fLAOUG/JlqZavFiNwlZUxvSoRMAFRmyRuicuYuy
F2FSLmQI1UjuafP3v0aiVtKhzcDYvJ284pJl95cWdqKN/1X7fYhq6F7ViWUorXg+
3zl/PBUelsWa2o2bPAXmPecL0f0JZma5/cYg0/13sGrr
-----END CERTIFICATE-----