Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/51A2sPh7PyF2sa9eigUAXYYa8No.roa
File:                     51A2sPh7PyF2sa9eigUAXYYa8No.roa (raw, json)
Hash identifier:          KZRGnxIK5NgQ8AU/qnmhX2HSN+R1iY9+FeCHsOlrYHE=
Subject key identifier:   E7:50:36:B0:F8:7B:3F:21:76:B1:AF:5E:8A:05:00:5D:86:1A:F0:DA
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCEC4652C5CB32F8F43E310CDF9DFD
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/51A2sPh7PyF2sa9eigUAXYYa8No.roa
Signing time:             Tue 02 Jan 2024 06:29:30 +0000
ROA not before:           Tue 02 Jan 2024 06:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49882
IP address blocks:        87.120.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:ec:46:52:c5:cb:32:f8:f4:3e:31:0c:df:9d:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e75036b0f87b3f2176b1af5e8a05005d861af0da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:4a:f7:18:65:85:d7:e0:35:33:9a:db:e3:3e:
                    3a:31:70:8f:4c:4b:46:a4:5d:99:13:53:32:41:f3:
                    f5:87:a1:e6:de:5f:b3:f3:93:59:b6:ef:5a:7a:b4:
                    a8:51:5b:85:f3:e4:a5:fc:f4:95:03:84:69:62:d7:
                    d0:56:49:65:63:19:14:92:3f:9d:de:96:c0:05:46:
                    a6:c8:c5:67:11:24:d5:d4:d0:35:bb:70:68:fd:b7:
                    84:be:d1:79:eb:3f:11:54:b0:20:ef:26:1c:63:8d:
                    ec:e9:3c:73:d8:30:c5:41:b2:98:34:1c:ba:dd:f4:
                    f2:f5:29:a6:c5:40:cc:94:cf:39:e9:9f:75:9e:4b:
                    62:9a:cb:d3:7a:ca:1d:d6:63:b0:af:c3:95:4c:ef:
                    23:57:9c:56:a2:3c:bb:aa:a8:fd:26:ed:17:75:58:
                    cb:7c:36:10:45:b3:33:58:94:b7:25:d9:34:5e:6d:
                    a8:44:80:a3:a6:73:00:8e:3c:5e:4c:25:55:de:b2:
                    d7:94:1f:b6:14:49:99:6d:80:c6:9a:55:83:f7:d0:
                    a2:74:1d:c7:25:f6:68:f1:f5:88:7c:cd:4a:f5:81:
                    d0:07:ad:14:da:33:71:8a:26:34:3a:3f:6c:93:44:
                    01:f4:ef:aa:05:7d:ae:df:81:ca:27:ac:90:84:e9:
                    13:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:50:36:B0:F8:7B:3F:21:76:B1:AF:5E:8A:05:00:5D:86:1A:F0:DA
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/51A2sPh7PyF2sa9eigUAXYYa8No.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:03:95:b0:cc:54:5a:0c:25:d1:2e:b5:3b:73:2f:b4:11:f6:
         33:fc:f8:f5:af:fc:99:80:96:c7:81:da:13:e6:e7:eb:bd:89:
         56:7c:93:7b:e6:89:f0:ab:3b:4b:3b:05:8f:b0:39:04:64:49:
         83:1d:dc:60:8b:a8:fa:50:cb:27:2f:10:ee:6e:80:44:56:6c:
         e5:d3:5b:23:9c:f7:42:0c:9d:44:4a:03:5b:37:c5:9d:6c:6d:
         b6:99:c5:06:5f:6d:15:28:d5:bf:78:9d:a8:6b:af:2a:88:53:
         e1:b3:18:c7:5f:ce:f0:3b:1c:12:22:4b:46:df:fa:02:84:8e:
         a6:1f:c0:a6:40:72:ca:4d:4c:96:a3:ad:15:44:74:d3:5b:5c:
         31:f1:9f:19:84:cd:65:13:20:82:4a:48:21:38:dd:9f:8d:9a:
         87:f1:03:50:b0:a1:a7:b3:70:80:33:9f:75:24:b3:c4:ee:cf:
         fd:31:60:58:60:15:06:7e:e8:98:ce:b7:86:e4:ce:30:b1:6c:
         2f:ae:f6:2a:07:57:83:81:46:8e:dc:56:0d:05:d1:43:1f:55:
         9e:44:ab:0f:71:2f:f6:82:3b:8d:f7:2c:ae:fd:ee:b9:06:10:
         bd:72:d5:01:90:40:9f:5d:07:c5:b2:cc:6d:0d:4d:7a:8a:f9:
         0c:da:1c:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3OxGUsXLMvj0PjEM3539MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzUwMzZiMGY4N2IzZjIxNzZiMWFmNWU4YTA1MDA1ZDg2MWFmMGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0r3GGWF1+A1M5rb4z46MXCPTEtG
pF2ZE1MyQfP1h6Hm3l+z85NZtu9aerSoUVuF8+Sl/PSVA4RpYtfQVkllYxkUkj+d
3pbABUamyMVnESTV1NA1u3Bo/beEvtF56z8RVLAg7yYcY43s6Txz2DDFQbKYNBy6
3fTy9SmmxUDMlM856Z91nktimsvTesod1mOwr8OVTO8jV5xWojy7qqj9Ju0XdVjL
fDYQRbMzWJS3Jdk0Xm2oRICjpnMAjjxeTCVV3rLXlB+2FEmZbYDGmlWD99CidB3H
JfZo8fWIfM1K9YHQB60U2jNxiiY0Oj9sk0QB9O+qBX2u34HKJ6yQhOkTqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOdQNrD4ez8hdrGvXooFAF2GGvDaMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNTFBMnNQaDdQeUYyc2E5ZWlnVUFYWVlhOE5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3iNMA0G
CSqGSIb3DQEBCwUAA4IBAQAeA5WwzFRaDCXRLrU7cy+0EfYz/Pj1r/yZgJbHgdoT
5ufrvYlWfJN75onwqztLOwWPsDkEZEmDHdxgi6j6UMsnLxDuboBEVmzl01sjnPdC
DJ1ESgNbN8WdbG22mcUGX20VKNW/eJ2oa68qiFPhsxjHX87wOxwSIktG3/oChI6m
H8CmQHLKTUyWo60VRHTTW1wx8Z8ZhM1lEyCCSkghON2fjZqH8QNQsKGns3CAM591
JLPE7s/9MWBYYBUGfuiYzreG5M4wsWwvrvYqB1eDgUaO3FYNBdFDH1WeRKsPcS/2
gjuN9yyu/e65BhC9ctUBkECfXQfFssxtDU16ivkM2hwU
-----END CERTIFICATE-----