Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/IP5HMpZ7u0cJphVtoX5qm1aDDHQ.roa
File:                     IP5HMpZ7u0cJphVtoX5qm1aDDHQ.roa (raw, json)
Hash identifier:          nXODXQS63AYSlw+ubRAXZZAkGgHkecDbhMBlXT8f/o8=
Subject key identifier:   20:FE:47:32:96:7B:BB:47:09:A6:15:6D:A1:7E:6A:9B:56:83:0C:74
Certificate issuer:       /CN=defc2686c29abef18f40b30e7e9513247a66ef13
Certificate serial:       018CC64B543F48EAA69D74E65A2B88C81AF2
Authority key identifier: DE:FC:26:86:C2:9A:BE:F1:8F:40:B3:0E:7E:95:13:24:7A:66:EF:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3vwmhsKavvGPQLMOfpUTJHpm7xM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/IP5HMpZ7u0cJphVtoX5qm1aDDHQ.roa
Signing time:             Mon 01 Jan 2024 18:31:14 +0000
ROA not before:           Mon 01 Jan 2024 18:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58293
IP address blocks:        212.6.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/3vwmhsKavvGPQLMOfpUTJHpm7xM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/3vwmhsKavvGPQLMOfpUTJHpm7xM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3vwmhsKavvGPQLMOfpUTJHpm7xM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:54:3f:48:ea:a6:9d:74:e6:5a:2b:88:c8:1a:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=defc2686c29abef18f40b30e7e9513247a66ef13
        Validity
            Not Before: Jan  1 18:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20fe4732967bbb4709a6156da17e6a9b56830c74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:4b:26:9e:d3:b6:4b:9a:3c:70:c1:06:ba:e7:
                    25:ca:e2:41:bd:44:ba:48:fc:76:59:19:19:40:78:
                    68:59:36:c2:48:88:db:ed:08:24:d0:14:15:0c:13:
                    6c:61:49:2b:1a:89:e3:0a:88:36:7e:4b:63:80:a8:
                    c9:a1:09:03:97:89:a5:42:b4:10:93:ff:a2:3c:3f:
                    ae:ba:49:e8:c6:91:a1:73:a4:74:9c:7b:65:a5:4d:
                    ce:e6:6d:9c:83:45:68:f4:23:13:a1:91:8f:09:e9:
                    3d:db:77:22:69:82:ab:62:6c:cd:a3:30:c0:54:fa:
                    37:b7:ec:8f:c9:44:0a:75:f6:4c:65:f2:2c:ed:6b:
                    3d:45:83:35:c4:2e:d3:43:04:03:a1:85:f7:49:c3:
                    be:da:99:df:80:3d:d3:21:88:a3:57:d5:ad:3d:7c:
                    7c:91:c3:be:99:d6:01:6a:26:00:2e:c9:f9:39:1e:
                    0c:95:6e:b1:f8:ec:f0:13:9c:15:fd:34:7c:b8:3e:
                    49:81:b3:27:39:4d:80:23:62:e5:e0:51:8c:2f:02:
                    e2:94:bc:cd:1c:23:bb:76:0a:28:36:38:49:c4:e5:
                    c7:bf:76:c1:4b:49:10:57:94:e8:62:93:90:68:32:
                    6d:32:33:68:bd:9b:b0:00:35:f1:d1:6b:36:ba:3c:
                    25:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:FE:47:32:96:7B:BB:47:09:A6:15:6D:A1:7E:6A:9B:56:83:0C:74
            X509v3 Authority Key Identifier:
                keyid:DE:FC:26:86:C2:9A:BE:F1:8F:40:B3:0E:7E:95:13:24:7A:66:EF:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3vwmhsKavvGPQLMOfpUTJHpm7xM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/IP5HMpZ7u0cJphVtoX5qm1aDDHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/3vwmhsKavvGPQLMOfpUTJHpm7xM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.6.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:f1:4d:44:56:3d:18:e7:77:76:52:61:0d:63:6d:fe:f3:df:
         50:c5:7e:fc:9c:c7:1e:a9:6a:7e:41:6f:c8:41:4f:a8:de:ec:
         9f:3e:d5:65:2a:03:7c:39:ae:c9:8e:43:89:2a:36:76:49:ec:
         b0:9f:ab:8b:2a:10:f9:dc:a7:a7:0a:50:ac:f5:c0:f4:6b:21:
         09:2e:14:2e:46:e3:9e:51:0f:9e:92:d4:f3:87:31:88:1f:65:
         71:c8:36:3d:00:de:06:46:3d:81:d1:dc:41:d7:1f:2c:ea:20:
         08:a6:91:85:d0:4b:32:6e:3d:62:08:65:68:c3:7d:61:5b:26:
         ff:31:1b:59:a8:e1:10:30:f9:67:97:48:51:1f:f0:9c:25:6a:
         fe:ff:f0:03:d9:49:57:1b:55:0a:9a:cf:97:a7:4f:a7:f4:58:
         a6:c1:15:e6:02:61:63:f1:68:88:64:2c:bb:2d:56:18:9a:04:
         4b:5a:9a:97:10:d3:e6:d2:93:a9:78:d1:b9:b5:6f:fe:0e:20:
         bc:cf:23:57:18:7d:92:a0:bc:67:67:d7:63:19:ff:e5:6e:26:
         40:a2:01:4f:67:39:a1:eb:f9:b8:42:50:30:45:25:1d:c3:e6:
         59:2c:8d:1b:fc:0a:54:f2:29:1a:75:f0:92:31:ad:53:17:96:
         64:ed:65:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS1Q/SOqmnXTmWiuIyBryMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZmMyNjg2YzI5YWJlZjE4ZjQwYjMwZTdlOTUxMzI0N2E2
NmVmMTMwHhcNMjQwMTAxMTgzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGZlNDczMjk2N2JiYjQ3MDlhNjE1NmRhMTdlNmE5YjU2ODMwYzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0smntO2S5o8cMEGuuclyuJBvUS6
SPx2WRkZQHhoWTbCSIjb7Qgk0BQVDBNsYUkrGonjCog2fktjgKjJoQkDl4mlQrQQ
k/+iPD+uuknoxpGhc6R0nHtlpU3O5m2cg0Vo9CMToZGPCek923ciaYKrYmzNozDA
VPo3t+yPyUQKdfZMZfIs7Ws9RYM1xC7TQwQDoYX3ScO+2pnfgD3TIYijV9WtPXx8
kcO+mdYBaiYALsn5OR4MlW6x+OzwE5wV/TR8uD5JgbMnOU2AI2Ll4FGMLwLilLzN
HCO7dgooNjhJxOXHv3bBS0kQV5ToYpOQaDJtMjNovZuwADXx0Ws2ujwlsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCD+RzKWe7tHCaYVbaF+aptWgwx0MB8GA1UdIwQY
MBaAFN78JobCmr7xj0CzDn6VEyR6Zu8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3Z3bWhzS2F2dkdQUUxNT2ZwVVRKSHBtN3hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9iNDUxNWUtODY0MS00NWIwLWI3NWYt
MDk2OTIxYzkxYzQxLzEvSVA1SE1wWjd1MGNKcGhWdG9YNXFtMWFEREhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9iNDUxNWUtODY0MS00NWIwLWI3NWYtMDk2OTIxYzkxYzQx
LzEvM3Z3bWhzS2F2dkdQUUxNT2ZwVVRKSHBtN3hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AYhMA0G
CSqGSIb3DQEBCwUAA4IBAQCA8U1EVj0Y53d2UmENY23+899QxX78nMceqWp+QW/I
QU+o3uyfPtVlKgN8Oa7JjkOJKjZ2Seywn6uLKhD53KenClCs9cD0ayEJLhQuRuOe
UQ+ektTzhzGIH2VxyDY9AN4GRj2B0dxB1x8s6iAIppGF0Esybj1iCGVow31hWyb/
MRtZqOEQMPlnl0hRH/CcJWr+//AD2UlXG1UKms+Xp0+n9FimwRXmAmFj8WiIZCy7
LVYYmgRLWpqXENPm0pOpeNG5tW/+DiC8zyNXGH2SoLxnZ9djGf/lbiZAogFPZzmh
6/m4QlAwRSUdw+ZZLI0b/ApU8ikadfCSMa1TF5Zk7WVn
-----END CERTIFICATE-----