Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/zLIb4PDXwEpL66872cjC2DyErio.roa
File:                     zLIb4PDXwEpL66872cjC2DyErio.roa (raw, json)
Hash identifier:          NYn6+ScCrpz1+CZzwETFG9wmwcSPIjiuTi81GaHpynE=
Subject key identifier:   CC:B2:1B:E0:F0:D7:C0:4A:4B:EB:AF:3B:D9:C8:C2:D8:3C:84:AE:2A
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348E66C389491F3B919582A98F34949
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/zLIb4PDXwEpL66872cjC2DyErio.roa
Signing time:             Mon 01 Jan 2024 04:29:43 +0000
ROA not before:           Mon 01 Jan 2024 04:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209326
IP address blocks:        212.243.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e6:6c:38:94:91:f3:b9:19:58:2a:98:f3:49:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccb21be0f0d7c04a4bebaf3bd9c8c2d83c84ae2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:44:43:98:03:22:8a:49:19:d9:6e:ae:03:6f:
                    59:b9:56:54:fe:d1:57:14:b6:76:98:13:2a:19:28:
                    43:52:60:0b:b2:74:f5:95:3d:c8:f7:48:1f:88:46:
                    83:0e:50:8b:80:c9:38:79:9b:84:7d:f0:9d:61:4c:
                    15:27:3d:4b:c8:9e:db:78:9b:ec:1b:70:54:5d:41:
                    7a:0b:59:a6:2c:0c:df:e7:ff:cd:03:0b:9b:cd:00:
                    a7:e6:e9:96:8a:95:09:05:a8:51:50:ca:e6:80:a4:
                    04:3b:7a:53:ab:dc:dc:23:05:4e:d8:dd:61:4a:eb:
                    e3:d5:37:d4:4a:a0:47:54:b0:9d:f7:09:f9:98:20:
                    0f:b8:7e:c1:b0:80:34:fc:45:09:2e:02:03:7e:cf:
                    68:d2:d4:0b:96:5b:a7:6f:39:0e:d4:3e:bd:9c:9b:
                    cb:37:1d:e1:b8:d7:5c:0b:12:de:3b:5f:85:de:8f:
                    b5:2e:c7:98:1d:02:4e:1d:bf:95:c2:c2:3e:07:9e:
                    05:dc:b7:f7:2e:28:f4:f0:20:34:00:99:c2:56:1f:
                    f1:16:6e:32:e6:54:eb:40:01:58:80:b6:7b:cc:c3:
                    58:a3:e0:06:c1:86:83:d9:0a:54:fd:a1:1e:50:9f:
                    af:04:ae:74:10:2c:81:1a:30:b1:92:e9:cd:65:ab:
                    62:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:B2:1B:E0:F0:D7:C0:4A:4B:EB:AF:3B:D9:C8:C2:D8:3C:84:AE:2A
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/zLIb4PDXwEpL66872cjC2DyErio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.243.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:ff:8d:53:53:a2:1e:ec:9d:14:a3:05:9e:f7:44:bc:86:b7:
         3b:a6:26:ed:c7:c0:68:79:8b:4c:16:e9:cc:65:97:54:20:30:
         13:6a:0f:0f:2e:ca:ee:3a:c8:4f:f9:43:0d:2b:51:83:56:07:
         c8:39:2e:62:cb:31:77:68:fe:e2:9e:9e:dd:ed:09:7b:74:af:
         88:fc:c2:e0:16:2e:87:85:40:62:b2:c0:42:02:5e:da:5d:c4:
         10:ae:25:bb:f1:e5:e5:97:c1:66:10:d6:0d:00:64:4d:ec:ca:
         c0:e7:16:e8:86:36:be:14:c1:d7:72:2e:a3:02:66:c9:61:5c:
         ac:46:01:97:af:f3:6f:d7:bb:7e:36:63:d7:cc:b3:a3:72:82:
         50:56:7c:75:1e:1c:d6:4a:68:3e:33:39:3a:56:cd:3b:39:fd:
         aa:9b:6b:47:0e:f2:e8:74:6f:13:8f:58:a9:19:05:d0:d5:36:
         5c:bb:40:90:96:83:9f:ae:f3:fc:aa:98:0e:96:c1:32:a7:8f:
         38:f5:df:d8:86:cc:dd:f3:f8:09:9d:2f:8f:d1:d0:e7:66:e9:
         6f:f4:19:f1:92:0d:10:4c:b1:d1:46:64:35:b4:6b:88:51:c6:
         18:cd:cd:48:1c:93:bd:b5:88:f8:e3:e8:14:f4:53:ae:62:36:
         18:0d:f3:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOZsOJSR87kZWCqY80lJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2IyMWJlMGYwZDdjMDRhNGJlYmFmM2JkOWM4YzJkODNjODRhZTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0RDmAMiikkZ2W6uA29ZuVZU/tFX
FLZ2mBMqGShDUmALsnT1lT3I90gfiEaDDlCLgMk4eZuEffCdYUwVJz1LyJ7beJvs
G3BUXUF6C1mmLAzf5//NAwubzQCn5umWipUJBahRUMrmgKQEO3pTq9zcIwVO2N1h
Suvj1TfUSqBHVLCd9wn5mCAPuH7BsIA0/EUJLgIDfs9o0tQLllunbzkO1D69nJvL
Nx3huNdcCxLeO1+F3o+1LseYHQJOHb+VwsI+B54F3Lf3Lij08CA0AJnCVh/xFm4y
5lTrQAFYgLZ7zMNYo+AGwYaD2QpU/aEeUJ+vBK50ECyBGjCxkunNZati4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMyyG+Dw18BKS+uvO9nIwtg8hK4qMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvekxJYjRQRFh3RXBMNjY4NzJjakMyRHlFcmlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1PNwMA0G
CSqGSIb3DQEBCwUAA4IBAQAU/41TU6Ie7J0UowWe90S8hrc7pibtx8BoeYtMFunM
ZZdUIDATag8PLsruOshP+UMNK1GDVgfIOS5iyzF3aP7inp7d7Ql7dK+I/MLgFi6H
hUBissBCAl7aXcQQriW78eXll8FmENYNAGRN7MrA5xbohja+FMHXci6jAmbJYVys
RgGXr/Nv17t+NmPXzLOjcoJQVnx1HhzWSmg+Mzk6Vs07Of2qm2tHDvLodG8Tj1ip
GQXQ1TZcu0CQloOfrvP8qpgOlsEyp4849d/Yhszd8/gJnS+P0dDnZulv9Bnxkg0Q
TLHRRmQ1tGuIUcYYzc1IHJO9tYj44+gU9FOuYjYYDfNF
-----END CERTIFICATE-----