Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/tmuSHsJATLiYuMZM9IJFHOGJ-zw.roa
File:                     tmuSHsJATLiYuMZM9IJFHOGJ-zw.roa (raw, json)
Hash identifier:          YqEaKSC/fFkPZkH1e/BPTX3Obp/uUanc9yDv0V3v6UQ=
Subject key identifier:   B6:6B:92:1E:C2:40:4C:B8:98:B8:C6:4C:F4:82:45:1C:E1:89:FB:3C
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4255D255099E0A69986A022AFABA657
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/tmuSHsJATLiYuMZM9IJFHOGJ-zw.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        212.107.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 02:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5d:25:50:99:e0:a6:99:86:a0:22:af:ab:a6:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b66b921ec2404cb898b8c64cf482451ce189fb3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:8a:f2:e1:94:08:ef:a1:c2:90:db:a0:37:2a:
                    a4:4d:b3:fb:f7:0c:f2:87:d0:85:d7:7d:a4:4f:68:
                    f3:6a:08:78:52:8b:e8:5a:7f:9e:9e:76:65:12:cf:
                    6b:74:9e:1d:23:48:69:2f:42:9f:e7:19:d0:87:18:
                    7c:1d:e4:9b:4c:3a:4b:84:a6:b2:c2:cd:d3:ae:33:
                    42:f6:e0:8e:bb:aa:da:40:2e:df:37:a0:6c:18:d2:
                    a0:3b:ff:66:e4:3f:43:86:56:0d:4e:00:a8:41:02:
                    01:75:a8:bb:35:6a:35:23:4a:1e:00:cb:61:e6:27:
                    ba:f0:57:30:4b:fb:64:78:39:f2:04:1a:fb:d4:75:
                    c6:78:be:29:61:8d:61:50:50:99:38:21:fa:7c:b0:
                    90:d9:09:4c:36:81:12:fa:6c:c6:11:1b:47:11:51:
                    a4:cc:53:8b:21:f2:00:8a:89:9b:41:9e:f1:78:9e:
                    4f:0a:e5:a4:66:fa:1f:47:91:80:1f:5c:88:90:14:
                    dc:3e:8a:58:ad:28:0f:06:fb:eb:83:d0:82:d4:1d:
                    b5:6d:b6:43:48:63:34:0f:3a:60:43:58:85:db:09:
                    30:b8:b1:70:ee:fb:ba:56:6b:ae:19:e2:77:d8:a0:
                    a3:67:3a:89:40:05:b0:19:b8:9f:46:5d:ef:ad:88:
                    22:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:6B:92:1E:C2:40:4C:B8:98:B8:C6:4C:F4:82:45:1C:E1:89:FB:3C
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/tmuSHsJATLiYuMZM9IJFHOGJ-zw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.107.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:ac:8f:ca:18:ed:89:8e:a1:1f:e0:76:37:6c:ce:45:c9:20:
         21:24:87:51:c4:80:de:b1:96:75:d6:81:60:f8:50:87:db:57:
         1b:af:fa:34:bc:2f:f3:d2:5d:b4:d3:ea:99:08:7d:5a:58:4f:
         e9:e7:4d:98:fc:60:57:17:3a:27:0a:06:3f:e9:9d:79:76:3c:
         3a:d6:19:2c:f8:0a:0f:76:2f:4e:aa:90:08:5d:46:01:dc:e2:
         fb:ed:4b:3e:ba:dd:81:5b:bc:45:cd:45:33:5d:5d:0a:c4:2a:
         ca:2e:09:b2:cd:05:3f:9a:7f:83:b2:22:f5:ee:47:86:a0:53:
         f5:80:81:e7:e0:ff:97:48:81:78:38:47:35:08:91:a6:b4:39:
         bf:92:a9:2f:8d:78:d4:d3:3b:de:6d:06:74:a6:a2:b8:6a:6a:
         ee:22:c8:cf:41:36:4c:0c:6e:01:57:51:26:ab:f6:a4:15:ce:
         de:ec:3d:d7:7e:37:26:c4:40:a5:be:c0:8e:52:34:6b:70:80:
         af:38:47:60:25:ce:87:22:db:c6:aa:9f:50:dc:46:41:76:a0:
         17:82:63:41:b7:15:e8:a1:25:43:f5:e2:c9:9c:dd:00:1d:15:
         64:df:9f:a4:ff:8f:52:d3:cd:99:cc:79:cc:46:12:68:d5:ab:
         6b:a4:96:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJV0lUJngppmGoCKvq6ZXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjZiOTIxZWMyNDA0Y2I4OThiOGM2NGNmNDgyNDUxY2UxODlmYjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYry4ZQI76HCkNugNyqkTbP79wzy
h9CF132kT2jzagh4UovoWn+ennZlEs9rdJ4dI0hpL0Kf5xnQhxh8HeSbTDpLhKay
ws3TrjNC9uCOu6raQC7fN6BsGNKgO/9m5D9DhlYNTgCoQQIBdai7NWo1I0oeAMth
5ie68FcwS/tkeDnyBBr71HXGeL4pYY1hUFCZOCH6fLCQ2QlMNoES+mzGERtHEVGk
zFOLIfIAiombQZ7xeJ5PCuWkZvofR5GAH1yIkBTcPopYrSgPBvvrg9CC1B21bbZD
SGM0DzpgQ1iF2wkwuLFw7vu6VmuuGeJ32KCjZzqJQAWwGbifRl3vrYgiAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLZrkh7CQEy4mLjGTPSCRRzhifs8MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvdG11U0hzSkFUTGlZdU1aTTlJSkZIT0dKLXp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GsPMA0G
CSqGSIb3DQEBCwUAA4IBAQCPrI/KGO2JjqEf4HY3bM5FySAhJIdRxIDesZZ11oFg
+FCH21cbr/o0vC/z0l200+qZCH1aWE/p502Y/GBXFzonCgY/6Z15djw61hks+AoP
di9OqpAIXUYB3OL77Us+ut2BW7xFzUUzXV0KxCrKLgmyzQU/mn+DsiL17keGoFP1
gIHn4P+XSIF4OEc1CJGmtDm/kqkvjXjU0zvebQZ0pqK4amruIsjPQTZMDG4BV1Em
q/akFc7e7D3XfjcmxEClvsCOUjRrcICvOEdgJc6HItvGqp9Q3EZBdqAXgmNBtxXo
oSVD9eLJnN0AHRVk35+k/49S082ZzHnMRhJo1atrpJYR
-----END CERTIFICATE-----