Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/eC-iV1c55M_LmMKnKfLF6ewANv0.roa
File:                     eC-iV1c55M_LmMKnKfLF6ewANv0.roa (raw, json)
Hash identifier:          fyQcJeHmXG2SS10E62LwoKIGgJXCOLt24d2sf2a9rj8=
Subject key identifier:   78:2F:A2:57:57:39:E4:CF:CB:98:C2:A7:29:F2:C5:E9:EC:00:36:FD
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348E73BD189DBBF48D92DE8FCB0A4BE
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/eC-iV1c55M_LmMKnKfLF6ewANv0.roa
Signing time:             Mon 01 Jan 2024 04:29:44 +0000
ROA not before:           Mon 01 Jan 2024 04:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209848
IP address blocks:        212.243.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e7:3b:d1:89:db:bf:48:d9:2d:e8:fc:b0:a4:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=782fa2575739e4cfcb98c2a729f2c5e9ec0036fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:90:d5:d3:53:7d:c9:c1:c5:d4:2f:74:af:c6:
                    5c:08:c0:8e:52:d4:88:a4:62:8f:0d:91:b0:ae:68:
                    a8:f9:d4:04:11:a7:23:49:d1:0b:fb:31:fd:99:6f:
                    89:09:fd:6c:2f:83:6b:3d:5c:1b:d1:45:20:d2:16:
                    d3:20:fe:d3:48:7b:9b:24:88:08:08:72:fe:c4:33:
                    ae:ac:08:33:5c:0b:ac:8a:ec:7f:a5:70:6d:6b:53:
                    c9:20:2d:15:17:4b:9e:50:2d:53:68:06:3e:0e:2e:
                    f4:9c:52:89:fd:64:08:96:4c:5c:1a:0d:d0:7f:fb:
                    a4:4b:e9:d7:93:8d:a2:f6:49:0f:d8:1f:2c:9c:83:
                    af:e5:2f:bd:16:da:61:f0:d9:09:fd:87:e8:1b:c1:
                    e3:77:a0:d2:a5:17:07:33:22:90:e0:55:5c:c0:4d:
                    c5:a2:f3:ea:79:6a:fd:3d:7a:a1:24:fa:39:ec:e9:
                    53:59:49:82:30:2d:cb:62:92:f2:e3:23:4e:59:af:
                    63:23:38:58:0b:ed:48:c4:c4:16:3f:3d:5d:ac:8f:
                    e3:7a:09:03:52:e5:06:74:45:96:46:f0:52:81:bd:
                    2f:37:0a:27:37:c6:86:f8:ec:87:54:f2:e2:9f:57:
                    92:73:e6:6d:34:03:9a:31:ab:20:13:02:b5:6f:4b:
                    ff:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:2F:A2:57:57:39:E4:CF:CB:98:C2:A7:29:F2:C5:E9:EC:00:36:FD
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/eC-iV1c55M_LmMKnKfLF6ewANv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.243.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:fb:7a:4f:75:4c:86:b1:63:c0:d3:52:ef:11:33:38:0f:cc:
         a9:6c:75:84:17:db:02:a7:0a:43:68:6b:c2:29:27:cd:73:2e:
         98:b8:40:f9:3a:f4:78:dd:b5:4d:da:62:d7:9e:33:b7:b8:d2:
         4c:92:d5:3c:07:72:bb:7d:4f:ff:ea:a9:19:8e:76:86:4d:98:
         f1:35:5a:11:83:b8:38:97:dc:7e:fd:3e:78:39:92:94:fa:3a:
         92:33:1c:ed:58:56:6c:ec:cd:30:38:b3:72:9d:df:46:65:d4:
         41:50:d2:c3:53:20:d0:c4:c5:d9:67:ac:ec:90:ae:22:d6:b1:
         e3:ec:41:af:0a:e3:20:46:44:65:04:d9:ba:db:3e:31:32:c7:
         6b:77:52:04:27:bc:09:e3:3c:87:e2:bb:21:97:03:d3:ba:06:
         9c:a3:b4:46:3c:6a:83:0b:56:2a:3d:56:29:92:fd:06:7c:53:
         9d:41:6e:3e:01:d2:c3:4e:1e:47:b1:eb:13:4a:4a:b0:8e:62:
         a8:54:55:28:93:f2:49:6a:73:25:e1:ea:f7:75:65:f4:ec:59:
         7d:12:14:55:74:b4:fc:5e:ec:84:55:6d:e4:df:b4:26:d0:92:
         42:5f:07:97:ea:d2:c4:cf:81:e2:68:09:8d:57:8a:04:ca:fc:
         51:c8:83:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOc70Ynbv0jZLej8sKS+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODJmYTI1NzU3MzllNGNmY2I5OGMyYTcyOWYyYzVlOWVjMDAzNmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA35DV01N9ycHF1C90r8ZcCMCOUtSI
pGKPDZGwrmio+dQEEacjSdEL+zH9mW+JCf1sL4NrPVwb0UUg0hbTIP7TSHubJIgI
CHL+xDOurAgzXAusiux/pXBta1PJIC0VF0ueUC1TaAY+Di70nFKJ/WQIlkxcGg3Q
f/ukS+nXk42i9kkP2B8snIOv5S+9Ftph8NkJ/YfoG8Hjd6DSpRcHMyKQ4FVcwE3F
ovPqeWr9PXqhJPo57OlTWUmCMC3LYpLy4yNOWa9jIzhYC+1IxMQWPz1drI/jegkD
UuUGdEWWRvBSgb0vNwonN8aG+OyHVPLin1eSc+ZtNAOaMasgEwK1b0v/OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHgvoldXOeTPy5jCpynyxensADb9MB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvZUMtaVYxYzU1TV9MbU1LbktmTEY2ZXdBTnYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1POBMA0G
CSqGSIb3DQEBCwUAA4IBAQAo+3pPdUyGsWPA01LvETM4D8ypbHWEF9sCpwpDaGvC
KSfNcy6YuED5OvR43bVN2mLXnjO3uNJMktU8B3K7fU//6qkZjnaGTZjxNVoRg7g4
l9x+/T54OZKU+jqSMxztWFZs7M0wOLNynd9GZdRBUNLDUyDQxMXZZ6zskK4i1rHj
7EGvCuMgRkRlBNm62z4xMsdrd1IEJ7wJ4zyH4rshlwPTugaco7RGPGqDC1YqPVYp
kv0GfFOdQW4+AdLDTh5HsesTSkqwjmKoVFUok/JJanMl4er3dWX07Fl9EhRVdLT8
XuyEVW3k37Qm0JJCXweX6tLEz4HiaAmNV4oEyvxRyIN8
-----END CERTIFICATE-----