Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/NAfRfva81hY6FSqL5hkQIDnD2UM.roa
File:                     NAfRfva81hY6FSqL5hkQIDnD2UM.roa (raw, json)
Hash identifier:          Eq0pMQ+d1ik5PtiFJawRtjpcy52BWGu+pMdtg0EEfx8=
Subject key identifier:   34:07:D1:7E:F6:BC:D6:16:3A:15:2A:8B:E6:19:10:20:39:C3:D9:43
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B80CE0CA7B02226FD7EE41C2BA8E5
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/NAfRfva81hY6FSqL5hkQIDnD2UM.roa
Signing time:             Mon 01 Jan 2024 18:31:26 +0000
ROA not before:           Mon 01 Jan 2024 18:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24985
IP address blocks:        217.30.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:80:ce:0c:a7:b0:22:26:fd:7e:e4:1c:2b:a8:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3407d17ef6bcd6163a152a8be619102039c3d943
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b7:c4:af:7d:e8:fd:39:12:5a:ad:6e:28:10:
                    4c:bc:db:03:65:69:35:2f:ac:b8:e3:5d:34:1d:2b:
                    11:23:59:d2:d2:06:e4:16:d5:72:27:e6:13:36:8a:
                    c6:63:1c:90:2a:42:62:a2:06:48:e7:92:55:68:3f:
                    c2:23:15:85:62:fe:33:2a:3c:2b:69:c8:d0:b3:9a:
                    7b:2a:c8:3b:cc:26:5f:a9:a3:f4:58:77:05:c6:60:
                    0d:82:cd:4d:0c:64:3a:cc:a5:6c:38:7a:0c:d1:2d:
                    2a:ff:06:fd:91:9c:da:2f:b9:57:80:5c:b8:9a:d9:
                    6d:0f:32:36:62:65:03:18:a1:de:f4:b9:68:00:2b:
                    ba:c2:09:58:ee:f9:80:04:31:96:43:79:4e:4a:fd:
                    f7:1f:13:a7:4a:5f:a3:b8:38:51:56:32:bf:e8:e4:
                    ea:93:46:99:f4:2f:83:84:91:45:a5:ee:1e:05:03:
                    da:0a:4c:7e:91:d3:29:d2:96:d6:77:03:f6:04:e8:
                    d1:52:9d:43:27:f1:49:77:c4:d3:9b:bd:b3:93:39:
                    18:52:fd:87:cb:31:1a:ea:6a:80:46:70:2d:6e:6e:
                    d1:d1:8d:3d:7b:1f:47:32:45:b8:1e:81:0e:c4:4f:
                    b3:ea:61:bc:54:b6:f0:ed:e0:99:f5:7b:09:58:a3:
                    88:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:07:D1:7E:F6:BC:D6:16:3A:15:2A:8B:E6:19:10:20:39:C3:D9:43
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/NAfRfva81hY6FSqL5hkQIDnD2UM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.30.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:57:f9:a3:e4:3b:43:3b:b5:97:d0:9f:7f:35:58:18:b2:b8:
         44:2d:a8:3e:a9:3b:19:bc:bf:d8:8f:c0:05:70:c2:b6:0c:e0:
         cc:8f:1b:af:42:f1:a7:a9:0a:e0:20:be:99:67:b6:d8:bb:7b:
         0a:c8:35:8a:c7:97:51:13:61:93:8b:d8:32:fc:07:06:f4:b7:
         60:00:3b:e4:0e:4f:37:01:b2:03:06:fc:79:ad:0f:75:14:6b:
         30:96:60:69:79:96:da:90:dd:1e:70:2e:57:c3:5f:5a:4b:f4:
         61:a9:44:6b:18:2e:19:f1:b1:1e:32:6a:3a:c1:b6:6e:25:72:
         ec:1a:31:14:5d:f4:bf:d2:d8:01:42:18:42:92:7b:d8:e9:4a:
         8b:e2:f1:18:42:51:59:fb:07:a6:af:88:35:8c:4b:ca:c7:4b:
         c5:46:36:df:82:2d:c7:fd:ae:4c:92:6b:71:af:d2:32:2e:85:
         45:2c:99:6b:7a:86:77:8e:25:e3:5b:33:b0:18:f9:5c:48:3f:
         6a:d5:05:d8:7d:1a:52:24:38:f9:94:f3:bf:b2:d5:d1:1a:d4:
         ee:95:df:0b:4a:ae:3a:67:a7:1c:f8:5f:15:02:7c:81:69:3d:
         72:2d:c9:e5:0c:b2:a9:20:b1:29:4d:cc:bf:dd:fe:aa:3a:77:
         92:60:d2:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS4DODKewIib9fuQcK6jlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDA3ZDE3ZWY2YmNkNjE2M2ExNTJhOGJlNjE5MTAyMDM5YzNkOTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLfEr33o/TkSWq1uKBBMvNsDZWk1
L6y44100HSsRI1nS0gbkFtVyJ+YTNorGYxyQKkJiogZI55JVaD/CIxWFYv4zKjwr
acjQs5p7Ksg7zCZfqaP0WHcFxmANgs1NDGQ6zKVsOHoM0S0q/wb9kZzaL7lXgFy4
mtltDzI2YmUDGKHe9LloACu6wglY7vmABDGWQ3lOSv33HxOnSl+juDhRVjK/6OTq
k0aZ9C+DhJFFpe4eBQPaCkx+kdMp0pbWdwP2BOjRUp1DJ/FJd8TTm72zkzkYUv2H
yzEa6mqARnAtbm7R0Y09ex9HMkW4HoEOxE+z6mG8VLbw7eCZ9XsJWKOIbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQH0X72vNYWOhUqi+YZECA5w9lDMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvTkFmUmZ2YTgxaFk2RlNxTDVoa1FJRG5EMlVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2R6fMA0G
CSqGSIb3DQEBCwUAA4IBAQA9V/mj5DtDO7WX0J9/NVgYsrhELag+qTsZvL/Yj8AF
cMK2DODMjxuvQvGnqQrgIL6ZZ7bYu3sKyDWKx5dRE2GTi9gy/AcG9LdgADvkDk83
AbIDBvx5rQ91FGswlmBpeZbakN0ecC5Xw19aS/RhqURrGC4Z8bEeMmo6wbZuJXLs
GjEUXfS/0tgBQhhCknvY6UqL4vEYQlFZ+wemr4g1jEvKx0vFRjbfgi3H/a5Mkmtx
r9IyLoVFLJlreoZ3jiXjWzOwGPlcSD9q1QXYfRpSJDj5lPO/stXRGtTuld8LSq46
Z6cc+F8VAnyBaT1yLcnlDLKpILEpTcy/3f6qOneSYNIS
-----END CERTIFICATE-----