Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/990513-f49c-45fb-a7bb-5f045688bb99/1/u0647rlA-z5ZkyJbI0-Kiu-mKeE.roa
File:                     u0647rlA-z5ZkyJbI0-Kiu-mKeE.roa (raw, json)
Hash identifier:          70EmcBHPnh7PT9+VsDD3JFOItw166IFVDkUhSB3mfMQ=
Subject key identifier:   BB:4E:B8:EE:B9:40:FB:3E:59:93:22:5B:23:4F:8A:8A:EF:A6:29:E1
Certificate issuer:       /CN=7020f9115d194031fc5c849f15abbfd80e08622b
Certificate serial:       018CC5004D67C79E1F1F67F7ED935DF1968B
Authority key identifier: 70:20:F9:11:5D:19:40:31:FC:5C:84:9F:15:AB:BF:D8:0E:08:62:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cCD5EV0ZQDH8XISfFau_2A4IYis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/990513-f49c-45fb-a7bb-5f045688bb99/1/u0647rlA-z5ZkyJbI0-Kiu-mKeE.roa
Signing time:             Mon 01 Jan 2024 12:29:40 +0000
ROA not before:           Mon 01 Jan 2024 12:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211453
IP address blocks:        176.113.44.0/24 maxlen: 24
                          2a0c:8840:1000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/990513-f49c-45fb-a7bb-5f045688bb99/1/cCD5EV0ZQDH8XISfFau_2A4IYis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/990513-f49c-45fb-a7bb-5f045688bb99/1/cCD5EV0ZQDH8XISfFau_2A4IYis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cCD5EV0ZQDH8XISfFau_2A4IYis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:4d:67:c7:9e:1f:1f:67:f7:ed:93:5d:f1:96:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7020f9115d194031fc5c849f15abbfd80e08622b
        Validity
            Not Before: Jan  1 12:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb4eb8eeb940fb3e5993225b234f8a8aefa629e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e7:95:d0:bb:3f:cc:38:a2:42:be:15:9a:d4:
                    57:5c:4d:85:fe:ba:84:4a:00:0b:6b:ac:e7:55:30:
                    2c:25:69:15:9e:26:09:76:87:9a:fb:48:96:76:47:
                    5d:0f:75:4a:3f:b8:2b:67:dd:0b:f3:7e:94:45:ba:
                    e9:43:71:d9:03:47:e1:83:23:9c:4e:76:9f:a9:41:
                    39:1a:0b:c8:98:1b:eb:68:68:09:f1:19:df:a2:46:
                    39:dd:0f:56:a0:9b:f4:7c:96:c4:d4:0a:74:c6:a6:
                    e8:a1:41:3e:65:7f:69:6e:1d:a4:c9:7d:11:24:2d:
                    6e:82:7e:af:e7:75:84:92:65:da:71:95:ce:b7:10:
                    3a:8a:5e:78:3c:f7:41:52:47:01:38:5f:82:42:bc:
                    61:b4:42:bf:bf:ff:b9:0e:ec:db:4e:31:5f:26:08:
                    ed:91:ad:38:ef:9b:3f:12:b4:b5:f9:f0:d0:19:79:
                    85:97:09:dd:c5:e7:04:07:1e:41:c0:9f:b6:8d:d0:
                    e4:4f:00:62:60:2c:35:5a:1a:8d:bd:95:2b:64:6f:
                    76:7e:0c:7f:e2:9c:47:f4:79:46:70:2d:8e:4a:fd:
                    d4:32:30:ac:bb:af:69:3a:c7:be:17:82:f6:4d:c5:
                    0d:74:33:fe:46:5c:a0:79:18:3f:99:0f:32:bc:bb:
                    5e:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:4E:B8:EE:B9:40:FB:3E:59:93:22:5B:23:4F:8A:8A:EF:A6:29:E1
            X509v3 Authority Key Identifier:
                keyid:70:20:F9:11:5D:19:40:31:FC:5C:84:9F:15:AB:BF:D8:0E:08:62:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cCD5EV0ZQDH8XISfFau_2A4IYis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/990513-f49c-45fb-a7bb-5f045688bb99/1/u0647rlA-z5ZkyJbI0-Kiu-mKeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/990513-f49c-45fb-a7bb-5f045688bb99/1/cCD5EV0ZQDH8XISfFau_2A4IYis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.113.44.0/24
                IPv6:
                  2a0c:8840:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         98:90:45:ec:f7:cc:5d:30:80:a3:98:53:d4:d7:47:7d:34:1a:
         79:15:eb:2d:f0:e1:e1:d9:6c:13:06:e8:30:5a:48:e8:94:4c:
         91:d1:84:b8:7b:6e:f9:68:e6:15:ba:ad:6d:18:3d:a1:c3:27:
         a2:67:7a:f6:9e:2b:02:28:d3:32:95:c1:83:71:7c:b2:a8:98:
         46:b8:74:18:9e:82:2d:4a:5f:6f:7a:6f:aa:7a:42:82:a4:3c:
         73:df:81:97:70:82:ce:40:66:41:0d:00:1b:a9:18:84:4c:7a:
         42:f6:36:bb:ed:ab:89:6d:d6:2b:6d:5b:d7:34:c4:2f:e9:04:
         12:a0:63:5c:39:6e:bb:80:4c:fc:27:68:48:af:43:b6:7e:d6:
         a0:d3:66:90:57:96:ad:c7:d4:0e:cb:1b:e9:d7:6f:f4:d4:6c:
         ad:46:03:b0:5d:5c:35:f0:e8:49:27:75:23:2f:bc:01:b4:58:
         9b:85:2f:e1:1b:e0:58:24:e0:04:44:77:36:81:cd:b4:ef:83:
         79:c0:17:65:f5:22:a5:ec:f6:ca:8f:27:a3:0a:ed:6e:8b:de:
         d7:ac:31:cb:7e:48:a9:54:84:05:a8:fa:ed:4d:1f:8f:c3:78:
         7d:be:5d:2d:a9:43:b7:0a:7a:81:f7:05:2a:d9:0f:d7:31:47:
         be:55:7f:cf
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzFAE1nx54fH2f37ZNd8ZaLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMjBmOTExNWQxOTQwMzFmYzVjODQ5ZjE1YWJiZmQ4MGUw
ODYyMmIwHhcNMjQwMTAxMTIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjRlYjhlZWI5NDBmYjNlNTk5MzIyNWIyMzRmOGE4YWVmYTYyOWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueeV0Ls/zDiiQr4VmtRXXE2F/rqE
SgALa6znVTAsJWkVniYJdoea+0iWdkddD3VKP7grZ90L836URbrpQ3HZA0fhgyOc
TnafqUE5GgvImBvraGgJ8RnfokY53Q9WoJv0fJbE1Ap0xqbooUE+ZX9pbh2kyX0R
JC1ugn6v53WEkmXacZXOtxA6il54PPdBUkcBOF+CQrxhtEK/v/+5DuzbTjFfJgjt
ka0475s/ErS1+fDQGXmFlwndxecEBx5BwJ+2jdDkTwBiYCw1WhqNvZUrZG92fgx/
4pxH9HlGcC2OSv3UMjCsu69pOse+F4L2TcUNdDP+RlygeRg/mQ8yvLtefwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFLtOuO65QPs+WZMiWyNPiorvpinhMB8GA1UdIwQY
MBaAFHAg+RFdGUAx/FyEnxWrv9gOCGIrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0NENUVWMFpRREg4WElTZkZhdV8yQTRJWWlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85OTA1MTMtZjQ5Yy00NWZiLWE3YmIt
NWYwNDU2ODhiYjk5LzEvdTA2NDdybEEtejVaa3lKYkkwLUtpdS1tS2VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85OTA1MTMtZjQ5Yy00NWZiLWE3YmItNWYwNDU2ODhiYjk5
LzEvY0NENUVWMFpRREg4WElTZkZhdV8yQTRJWWlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAsHEsMA4E
AgACMAgDBgQqDIhAEDANBgkqhkiG9w0BAQsFAAOCAQEAmJBF7PfMXTCAo5hT1NdH
fTQaeRXrLfDh4dlsEwboMFpI6JRMkdGEuHtu+WjmFbqtbRg9ocMnomd69p4rAijT
MpXBg3F8sqiYRrh0GJ6CLUpfb3pvqnpCgqQ8c9+Bl3CCzkBmQQ0AG6kYhEx6QvY2
u+2riW3WK21b1zTEL+kEEqBjXDluu4BM/CdoSK9Dtn7WoNNmkFeWrcfUDssb6ddv
9NRsrUYDsF1cNfDoSSd1Iy+8AbRYm4Uv4RvgWCTgBER3NoHNtO+DecAXZfUipez2
yo8nowrtbove16wxy35IqVSEBaj67U0fj8N4fb5dLalDtwp6gfcFKtkP1zFHvlV/
zw==
-----END CERTIFICATE-----