Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/2KdtsH5mYfkke7WWFX1m4Xak9Bs.roa
File:                     2KdtsH5mYfkke7WWFX1m4Xak9Bs.roa (raw, json)
Hash identifier:          4xbO3yLbMZEMAoelGakY38dRQW1kv0N/Xsv5ywIk84g=
Subject key identifier:   D8:A7:6D:B0:7E:66:61:F9:24:7B:B5:96:15:7D:66:E1:76:A4:F4:1B
Certificate issuer:       /CN=107807c2518915138f555123605c0133dfdbb4fa
Certificate serial:       018CC5DC29BC0F7922FEC42E2614C4E34F3A
Authority key identifier: 10:78:07:C2:51:89:15:13:8F:55:51:23:60:5C:01:33:DF:DB:B4:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EHgHwlGJFROPVVEjYFwBM9_btPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/2KdtsH5mYfkke7WWFX1m4Xak9Bs.roa
Signing time:             Mon 01 Jan 2024 16:29:49 +0000
ROA not before:           Mon 01 Jan 2024 16:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        132.71.0.0/16 maxlen: 16
                          132.70.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/EHgHwlGJFROPVVEjYFwBM9_btPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/EHgHwlGJFROPVVEjYFwBM9_btPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EHgHwlGJFROPVVEjYFwBM9_btPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 22:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:29:bc:0f:79:22:fe:c4:2e:26:14:c4:e3:4f:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=107807c2518915138f555123605c0133dfdbb4fa
        Validity
            Not Before: Jan  1 16:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8a76db07e6661f9247bb596157d66e176a4f41b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:0e:53:77:2c:1e:46:28:e8:d0:d2:49:3a:fb:
                    a8:21:f7:ee:4d:7d:2c:2d:6c:d9:ad:53:b5:ae:41:
                    f0:35:4d:b5:87:51:fa:42:8a:12:36:10:72:ee:f2:
                    36:44:7a:4f:f4:23:80:6a:f9:71:d7:95:7b:34:e4:
                    49:05:3d:50:07:bb:43:f5:7e:17:83:65:2e:1e:eb:
                    4c:89:c8:0a:9f:40:85:ae:a6:33:af:4e:8c:33:ea:
                    0f:e1:2b:2e:5d:33:88:49:a3:f7:b5:0f:51:c5:b9:
                    81:66:1a:08:d2:b5:bc:a5:12:80:04:ed:2f:c7:17:
                    27:94:df:a7:f6:05:c1:d6:a8:a1:25:e9:d3:41:a9:
                    93:b8:25:1c:f1:81:8f:1a:fa:82:8d:a8:f8:42:e2:
                    6b:06:80:23:51:74:ec:a5:cc:cb:c1:5d:18:ec:dc:
                    14:a8:0e:e7:e4:2d:22:95:81:12:59:6d:31:32:81:
                    2d:42:30:97:27:62:0a:8e:4b:c0:ee:db:73:52:40:
                    5e:64:22:13:69:13:fe:49:f2:72:fc:33:83:f6:71:
                    56:75:cc:0e:53:48:a7:3f:94:ed:8c:6d:7c:71:d2:
                    f4:dc:62:d2:96:53:47:75:c8:a0:cf:b0:97:e7:d0:
                    fc:08:53:ca:07:f3:92:f8:a1:ec:d9:d7:87:fc:22:
                    79:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:A7:6D:B0:7E:66:61:F9:24:7B:B5:96:15:7D:66:E1:76:A4:F4:1B
            X509v3 Authority Key Identifier:
                keyid:10:78:07:C2:51:89:15:13:8F:55:51:23:60:5C:01:33:DF:DB:B4:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHgHwlGJFROPVVEjYFwBM9_btPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/2KdtsH5mYfkke7WWFX1m4Xak9Bs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/EHgHwlGJFROPVVEjYFwBM9_btPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.70.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         1f:bf:dd:6d:6e:fe:02:c5:1e:2d:f6:8c:35:89:5f:5f:9a:7e:
         bd:43:fb:05:e0:aa:c9:e9:0e:f6:f8:ca:f7:24:f4:09:2f:91:
         6d:99:f1:f1:7c:90:e2:ce:33:38:d2:b1:ed:72:1f:13:0c:09:
         0c:0c:92:eb:b1:03:08:12:50:90:74:2a:31:5b:08:0e:b8:0a:
         05:ce:e1:8d:d8:ec:23:34:49:1e:2a:ee:21:4d:6e:59:36:89:
         b8:c8:aa:7f:a2:20:cc:c9:f3:c9:07:be:d8:b8:34:6f:25:c5:
         c6:83:cc:49:ad:fa:77:7a:44:92:83:77:ae:ee:cb:1e:7d:f3:
         a5:96:3f:13:3a:f9:0a:bc:6c:80:b3:92:31:20:fa:f5:d7:7f:
         85:2b:51:bf:08:90:3c:59:1f:bb:74:54:80:ec:f6:e7:ab:cb:
         60:64:25:cb:f1:c8:42:ed:d8:33:fc:e1:10:9e:2c:5c:41:1b:
         25:a1:1b:79:6d:a5:9d:75:c2:21:2e:94:85:6a:6e:19:4e:d2:
         9d:c2:57:b1:82:3b:c6:9b:33:8d:69:8c:7c:21:ef:91:6b:19:
         54:fc:83:73:68:44:a7:5a:85:08:d5:9e:97:08:65:e0:96:00:
         f0:a9:dd:6b:91:fd:d9:0a:b2:e7:73:8f:84:8c:a7:63:8f:e0:
         38:70:10:b2
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzF3Cm8D3ki/sQuJhTE4086MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzgwN2MyNTE4OTE1MTM4ZjU1NTEyMzYwNWMwMTMzZGZk
YmI0ZmEwHhcNMjQwMTAxMTYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGE3NmRiMDdlNjY2MWY5MjQ3YmI1OTYxNTdkNjZlMTc2YTRmNDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApA5TdyweRijo0NJJOvuoIffuTX0s
LWzZrVO1rkHwNU21h1H6QooSNhBy7vI2RHpP9COAavlx15V7NORJBT1QB7tD9X4X
g2UuHutMicgKn0CFrqYzr06MM+oP4SsuXTOISaP3tQ9RxbmBZhoI0rW8pRKABO0v
xxcnlN+n9gXB1qihJenTQamTuCUc8YGPGvqCjaj4QuJrBoAjUXTspczLwV0Y7NwU
qA7n5C0ilYESWW0xMoEtQjCXJ2IKjkvA7ttzUkBeZCITaRP+SfJy/DOD9nFWdcwO
U0inP5TtjG18cdL03GLSllNHdcigz7CX59D8CFPKB/OS+KHs2deH/CJ5RQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFNinbbB+ZmH5JHu1lhV9ZuF2pPQbMB8GA1UdIwQY
MBaAFBB4B8JRiRUTj1VRI2BcATPf27T6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhnSHdsR0pGUk9QVlZFallGd0JNOV9idFBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8yODYwYTQtM2I5NC00Mjc0LWEzYTIt
ZjlhYzE1ZTY2Mzg2LzEvMktkdHNINW1ZZmtrZTdXV0ZYMW00WGFrOUJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8yODYwYTQtM2I5NC00Mjc0LWEzYTItZjlhYzE1ZTY2Mzg2
LzEvRUhnSHdsR0pGUk9QVlZFallGd0JNOV9idFBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBhEYwDQYJ
KoZIhvcNAQELBQADggEBAB+/3W1u/gLFHi32jDWJX1+afr1D+wXgqsnpDvb4yvck
9AkvkW2Z8fF8kOLOMzjSse1yHxMMCQwMkuuxAwgSUJB0KjFbCA64CgXO4Y3Y7CM0
SR4q7iFNblk2ibjIqn+iIMzJ88kHvti4NG8lxcaDzEmt+nd6RJKDd67uyx5986WW
PxM6+Qq8bICzkjEg+vXXf4UrUb8IkDxZH7t0VIDs9uery2BkJcvxyELt2DP84RCe
LFxBGyWhG3ltpZ11wiEulIVqbhlO0p3CV7GCO8abM41pjHwh75FrGVT8g3NoRKda
hQjVnpcIZeCWAPCp3WuR/dkKsudzj4SMp2OP4DhwELI=
-----END CERTIFICATE-----