Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/0blcNhd6TPFCi34jEjorMIYPsNw.roa
File:                     0blcNhd6TPFCi34jEjorMIYPsNw.roa (raw, json)
Hash identifier:          1X0k/yFqqi6ah4p6xj7VCFUGsmk9tqSGooD8W7iCZ9I=
Subject key identifier:   D1:B9:5C:36:17:7A:4C:F1:42:8B:7E:23:12:3A:2B:30:86:0F:B0:DC
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018E7BECDFFD3D5148C9AC54D17BE3656F15
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/0blcNhd6TPFCi34jEjorMIYPsNw.roa
Signing time:             Tue 26 Mar 2024 18:01:45 +0000
ROA not before:           Tue 26 Mar 2024 18:01:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204914
IP address blocks:        2.56.165.0/24 maxlen: 24
                          77.83.242.0/24 maxlen: 24
                          185.234.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7b:ec:df:fd:3d:51:48:c9:ac:54:d1:7b:e3:65:6f:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Mar 26 18:01:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1b95c36177a4cf1428b7e23123a2b30860fb0dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:64:78:a4:ea:ab:22:2b:df:88:40:0e:3c:21:
                    a1:b6:ce:b0:cd:55:48:b2:39:3c:bc:5b:b8:45:41:
                    b4:ba:3e:7c:ba:67:03:83:1e:fc:62:f7:61:ec:14:
                    42:60:75:72:f0:0b:6d:36:1c:5a:1b:7c:63:29:c4:
                    95:4b:4b:72:09:f7:ab:ab:a3:50:cd:da:22:48:c7:
                    e2:a8:3f:56:3a:85:f0:58:8c:a5:ca:2a:f9:83:32:
                    ba:cf:19:d5:a8:2d:e9:f2:45:b4:d3:44:46:a3:db:
                    bd:e7:a0:0c:98:87:6b:ea:13:25:4c:9a:87:96:05:
                    da:bf:83:cf:f4:fd:f0:08:41:89:2a:ae:f0:2c:7b:
                    eb:27:d0:01:e5:29:c0:69:62:79:ab:8c:17:1f:6a:
                    b7:31:40:e7:49:05:69:19:9f:db:5b:a9:f4:1b:92:
                    2e:42:93:7e:7a:35:de:09:a7:cf:69:2e:98:34:4a:
                    22:9c:9d:9a:3d:e4:49:6c:e0:7d:2b:61:92:f6:ed:
                    99:1d:05:3e:9a:83:00:71:36:6b:b1:5b:70:a8:bf:
                    82:7a:66:69:a9:3e:70:26:81:c0:20:87:ee:15:d5:
                    db:83:1e:34:ac:a2:14:ab:f4:97:45:b1:35:90:04:
                    b8:89:02:cb:4a:8b:2d:6b:5a:ee:6b:38:60:94:2a:
                    6f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:B9:5C:36:17:7A:4C:F1:42:8B:7E:23:12:3A:2B:30:86:0F:B0:DC
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/0blcNhd6TPFCi34jEjorMIYPsNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.165.0/24
                  77.83.242.0/24
                  185.234.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:e6:42:f4:4b:d7:5e:f8:6d:49:6f:4d:18:1a:86:af:21:8c:
         d3:28:4c:e8:77:4a:4a:40:13:7a:6c:19:a1:05:be:f9:04:0d:
         38:d8:5a:53:f9:d2:48:72:88:42:90:05:30:b0:8c:1c:bb:27:
         cb:fe:82:d6:ce:1b:f9:c3:9c:b3:a5:06:a1:77:fc:79:82:36:
         84:8f:5b:20:e8:30:5a:f9:c7:43:bc:b5:23:43:a2:51:c1:19:
         ff:af:0f:39:80:5a:2c:93:a5:61:17:1b:47:20:0f:78:da:fc:
         00:44:cb:7a:17:93:5d:34:a3:44:0b:e0:f7:c0:df:e7:eb:94:
         bb:c8:81:2d:2b:5f:58:70:7d:d2:17:2c:d2:71:2d:d3:f6:44:
         2c:29:26:2d:53:d6:9e:46:4f:ad:f0:e5:0e:56:7b:c4:cb:7d:
         c6:80:b1:8a:9c:be:b7:61:d2:f8:dd:50:9e:21:e6:46:15:c9:
         90:42:e2:37:c1:b7:0f:d5:d0:19:7b:ac:af:ef:95:46:3f:89:
         e7:1b:c8:2e:ae:6a:f2:f9:a5:1b:97:76:c2:a2:c3:e2:7b:8d:
         fd:e1:54:00:3c:65:78:98:56:21:3e:51:47:e2:99:c5:a9:44:
         df:67:f4:71:ac:96:1d:65:69:5c:f0:00:b6:75:cf:90:7c:5d:
         e1:6f:b5:a1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY577N/9PVFIyaxU0XvjZW8VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMzI2MTgwMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWI5NWMzNjE3N2E0Y2YxNDI4YjdlMjMxMjNhMmIzMDg2MGZiMGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWR4pOqrIivfiEAOPCGhts6wzVVI
sjk8vFu4RUG0uj58umcDgx78Yvdh7BRCYHVy8AttNhxaG3xjKcSVS0tyCferq6NQ
zdoiSMfiqD9WOoXwWIylyir5gzK6zxnVqC3p8kW000RGo9u956AMmIdr6hMlTJqH
lgXav4PP9P3wCEGJKq7wLHvrJ9AB5SnAaWJ5q4wXH2q3MUDnSQVpGZ/bW6n0G5Iu
QpN+ejXeCafPaS6YNEoinJ2aPeRJbOB9K2GS9u2ZHQU+moMAcTZrsVtwqL+CemZp
qT5wJoHAIIfuFdXbgx40rKIUq/SXRbE1kAS4iQLLSosta1ruazhglCpvCQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNG5XDYXekzxQot+IxI6KzCGD7DcMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvMGJsY05oZDZUUEZDaTM0akVqb3JNSVlQc053LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAAjilAwQA
TVPyAwQAuepLMA0GCSqGSIb3DQEBCwUAA4IBAQAB5kL0S9de+G1Jb00YGoavIYzT
KEzod0pKQBN6bBmhBb75BA042FpT+dJIcohCkAUwsIwcuyfL/oLWzhv5w5yzpQah
d/x5gjaEj1sg6DBa+cdDvLUjQ6JRwRn/rw85gFosk6VhFxtHIA942vwARMt6F5Nd
NKNEC+D3wN/n65S7yIEtK19YcH3SFyzScS3T9kQsKSYtU9aeRk+t8OUOVnvEy33G
gLGKnL63YdL43VCeIeZGFcmQQuI3wbcP1dAZe6yv75VGP4nnG8gurmry+aUbl3bC
osPie4394VQAPGV4mFYhPlFH4pnFqUTfZ/RxrJYdZWlc8AC2dc+QfF3hb7Wh
-----END CERTIFICATE-----