Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/aYF30ZFrvtaKBZWNizoCpyO21v8.roa
File:                     aYF30ZFrvtaKBZWNizoCpyO21v8.roa (raw, json)
Hash identifier:          7A8iDphnqdnGZ4tAakv6xwpniHRTTqZsTmwWqCPgjqc=
Subject key identifier:   69:81:77:D1:91:6B:BE:D6:8A:05:95:8D:8B:3A:02:A7:23:B6:D6:FF
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       018CC6B945A8868C9249E99D7B2C54C75A13
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/aYF30ZFrvtaKBZWNizoCpyO21v8.roa
Signing time:             Mon 01 Jan 2024 20:31:19 +0000
ROA not before:           Mon 01 Jan 2024 20:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8280
IP address blocks:        151.236.29.0/24 maxlen: 24
                          2a03:f80:30::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:45:a8:86:8c:92:49:e9:9d:7b:2c:54:c7:5a:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 20:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=698177d1916bbed68a05958d8b3a02a723b6d6ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d6:f0:f7:30:3d:bb:24:70:e8:ac:18:e8:33:
                    48:0e:54:f5:26:06:14:8c:32:99:4d:b4:61:95:38:
                    c6:8d:e0:f4:81:dc:3b:74:5d:87:86:ca:47:aa:07:
                    42:2c:da:2d:1b:1d:27:b9:15:4d:25:57:27:dd:dd:
                    12:52:50:7e:29:70:c6:4a:74:ff:07:7d:e4:44:f3:
                    90:23:8b:5f:d3:a7:7f:53:e6:be:6f:27:f6:eb:71:
                    da:d3:bc:99:ae:2f:42:ac:19:ca:6e:c5:01:02:6b:
                    e6:81:73:f7:08:02:60:0e:ad:cc:2b:38:94:97:2b:
                    6e:28:31:ac:2a:d9:ab:88:4e:ec:b0:e8:3c:42:71:
                    f0:bd:a7:b0:7f:3f:24:c8:7a:dd:53:ed:f3:8d:9d:
                    bd:35:58:16:61:0a:90:f7:3a:91:f0:dd:bd:45:d6:
                    8c:e6:84:89:27:da:48:16:4e:89:b4:98:b8:e8:76:
                    e3:a7:f4:99:ff:8b:cd:59:02:c6:13:9b:6e:ef:07:
                    10:11:47:b7:ad:e3:ca:7d:86:e2:65:ff:16:95:5c:
                    89:a1:0b:65:08:2f:56:a4:ab:1e:65:e9:2a:08:62:
                    3b:eb:b4:22:ec:a6:93:ca:7d:f3:9d:66:10:6a:b8:
                    0b:3e:89:e5:44:ea:61:2a:95:c3:06:54:0c:96:df:
                    c9:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:81:77:D1:91:6B:BE:D6:8A:05:95:8D:8B:3A:02:A7:23:B6:D6:FF
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/aYF30ZFrvtaKBZWNizoCpyO21v8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.236.29.0/24
                IPv6:
                  2a03:f80:30::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:7d:c1:44:fa:35:5d:bd:9f:76:ec:4f:c5:56:c4:88:15:a2:
         e3:72:25:dd:22:81:f4:c9:f9:4c:b4:ee:cd:1c:83:fc:2c:62:
         aa:1f:c4:e2:c0:c4:76:4f:6b:65:a0:22:a7:aa:f9:62:4b:8c:
         b7:24:6e:0b:46:0e:00:8d:7a:59:51:63:e7:bf:59:ae:6e:11:
         76:f8:e4:9a:2a:d2:2c:5f:13:32:e6:6d:d6:2f:19:9f:59:d8:
         d9:73:0b:13:0d:42:29:5b:b6:24:29:c8:28:2e:6f:fa:8d:2d:
         cc:14:25:b4:ae:6c:be:28:ac:11:e0:69:5b:83:7f:36:81:10:
         73:e6:64:b9:2a:27:99:49:11:1e:47:07:14:dc:9e:bf:a5:22:
         f4:33:58:7a:ee:7d:b1:fb:72:a6:cc:1c:4f:83:e0:45:16:3b:
         a9:ea:e4:d7:67:7a:3d:0c:73:b2:2d:ea:51:cf:00:e5:67:c5:
         33:07:bc:b9:c8:38:ca:ae:7b:df:4a:f1:10:f4:40:a0:9b:a7:
         9e:cb:1e:ac:1b:e1:1d:a5:bd:6f:73:21:20:ea:21:2e:71:49:
         cd:92:aa:68:1e:54:89:8e:36:99:b3:77:86:b3:ff:69:56:74:
         a7:36:24:03:1a:c0:89:31:a4:8b:a1:76:bf:ff:a9:d8:ff:28:
         8f:39:4d:37
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGuUWohoySSemdeyxUx1oTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQwMTAxMjAzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTgxNzdkMTkxNmJiZWQ2OGEwNTk1OGQ4YjNhMDJhNzIzYjZkNmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxtbw9zA9uyRw6KwY6DNIDlT1JgYU
jDKZTbRhlTjGjeD0gdw7dF2HhspHqgdCLNotGx0nuRVNJVcn3d0SUlB+KXDGSnT/
B33kRPOQI4tf06d/U+a+byf263Ha07yZri9CrBnKbsUBAmvmgXP3CAJgDq3MKziU
lytuKDGsKtmriE7ssOg8QnHwvaewfz8kyHrdU+3zjZ29NVgWYQqQ9zqR8N29RdaM
5oSJJ9pIFk6JtJi46Hbjp/SZ/4vNWQLGE5tu7wcQEUe3rePKfYbiZf8WlVyJoQtl
CC9WpKseZekqCGI767Qi7KaTyn3znWYQargLPonlROphKpXDBlQMlt/JHQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGmBd9GRa77WigWVjYs6Aqcjttb/MB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvYVlGMzBaRnJ2dGFLQlpXTml6b0NweU8yMXY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAl+wdMA8E
AgACMAkDBwAqAw+AADAwDQYJKoZIhvcNAQELBQADggEBABp9wUT6NV29n3bsT8VW
xIgVouNyJd0igfTJ+Uy07s0cg/wsYqofxOLAxHZPa2WgIqeq+WJLjLckbgtGDgCN
ellRY+e/Wa5uEXb45Joq0ixfEzLmbdYvGZ9Z2NlzCxMNQilbtiQpyCgub/qNLcwU
JbSubL4orBHgaVuDfzaBEHPmZLkqJ5lJER5HBxTcnr+lIvQzWHrufbH7cqbMHE+D
4EUWO6nq5Ndnej0Mc7It6lHPAOVnxTMHvLnIOMque99K8RD0QKCbp57LHqwb4R2l
vW9zISDqIS5xSc2SqmgeVImONpmzd4az/2lWdKc2JAMawIkxpIuhdr//qdj/KI85
TTc=
-----END CERTIFICATE-----