Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/1s1bbORbc4_XMFyVrTcBfrjJKGU.roa
File:                     1s1bbORbc4_XMFyVrTcBfrjJKGU.roa (raw, json)
Hash identifier:          7GaGr+VebbEC2zNOT0rBb1O/dJ3x9t+sZaDY70qUsLc=
Subject key identifier:   D6:CD:5B:6C:E4:5B:73:8F:D7:30:5C:95:AD:37:01:7E:B8:C9:28:65
Certificate issuer:       /CN=68a8e93d3f590f4450d1db3c2074598244353e93
Certificate serial:       018CC6B7FFBD9013CD90ABD167A14C2820AD
Authority key identifier: 68:A8:E9:3D:3F:59:0F:44:50:D1:DB:3C:20:74:59:82:44:35:3E:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aKjpPT9ZD0RQ0ds8IHRZgkQ1PpM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/1s1bbORbc4_XMFyVrTcBfrjJKGU.roa
Signing time:             Mon 01 Jan 2024 20:29:56 +0000
ROA not before:           Mon 01 Jan 2024 20:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21221
IP address blocks:        217.18.64.0/20 maxlen: 24
                          178.255.192.0/21 maxlen: 24
                          2a00:19c0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/aKjpPT9ZD0RQ0ds8IHRZgkQ1PpM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/aKjpPT9ZD0RQ0ds8IHRZgkQ1PpM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aKjpPT9ZD0RQ0ds8IHRZgkQ1PpM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:ff:bd:90:13:cd:90:ab:d1:67:a1:4c:28:20:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68a8e93d3f590f4450d1db3c2074598244353e93
        Validity
            Not Before: Jan  1 20:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6cd5b6ce45b738fd7305c95ad37017eb8c92865
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:b0:9d:f2:77:e6:c6:7b:dc:66:43:c7:5e:85:
                    6a:5c:3b:6e:18:f1:ca:3b:8e:f0:5d:71:15:88:24:
                    69:c2:f3:d7:0c:93:2d:ef:15:5b:49:31:69:6c:fe:
                    e5:19:ff:73:37:94:90:83:f7:f7:3a:d6:d8:25:29:
                    2a:41:b5:c6:03:09:b5:6f:48:62:8e:f3:ac:81:0c:
                    a6:7f:fc:a7:e9:82:59:50:3d:ab:2e:d6:8d:d7:d4:
                    48:d0:6d:1e:83:76:fc:43:58:39:2f:ab:c2:ab:ce:
                    08:30:64:8e:0b:3e:7f:c2:c0:9a:6d:a7:5c:b9:59:
                    c6:a3:0e:49:3e:32:60:f4:aa:c1:84:bd:40:0d:eb:
                    35:13:67:59:27:f0:c7:c3:68:57:bd:6b:60:4c:b6:
                    e4:7c:28:cd:88:ea:43:93:7c:82:d6:c9:2a:08:72:
                    f7:ef:4c:31:e0:e9:ab:57:58:ea:69:ec:07:ca:45:
                    7d:d8:5c:8b:8e:05:4b:c0:53:40:03:41:93:92:7c:
                    66:b0:f4:a3:e2:d7:5a:b4:83:34:5a:8d:0a:3f:42:
                    fb:84:27:11:54:41:76:8b:04:6b:31:ca:73:1e:00:
                    f8:3c:24:7f:f0:c7:bb:93:78:f2:98:c6:39:2e:12:
                    53:cb:8a:0f:b8:48:46:f0:31:0a:b3:2b:7a:e2:e9:
                    ca:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:CD:5B:6C:E4:5B:73:8F:D7:30:5C:95:AD:37:01:7E:B8:C9:28:65
            X509v3 Authority Key Identifier:
                keyid:68:A8:E9:3D:3F:59:0F:44:50:D1:DB:3C:20:74:59:82:44:35:3E:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aKjpPT9ZD0RQ0ds8IHRZgkQ1PpM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/1s1bbORbc4_XMFyVrTcBfrjJKGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/bb3b29-81e5-45a2-81ec-25dd4cbb3698/1/aKjpPT9ZD0RQ0ds8IHRZgkQ1PpM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.255.192.0/21
                  217.18.64.0/20
                IPv6:
                  2a00:19c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:61:11:61:aa:54:06:3e:cb:54:0a:f5:37:c8:ae:f9:ef:bf:
         c9:fa:0a:04:df:d5:74:bd:ee:36:80:e2:3e:23:d3:46:a8:46:
         b7:ff:be:ea:1f:3a:37:e7:10:b3:7e:54:37:00:ce:90:0e:a3:
         c6:89:28:3c:7a:ec:da:76:42:79:cb:7b:d0:66:63:6f:84:2c:
         3e:c7:f6:df:40:d7:17:a9:fe:81:da:41:b6:6d:c6:a2:37:b5:
         42:78:55:22:56:0f:39:e1:36:ef:d8:8d:3c:c3:9e:aa:24:7d:
         57:4c:ce:29:50:99:83:f0:8e:3f:14:01:95:7e:61:cc:cf:97:
         81:a0:be:e5:7d:c2:69:1f:13:51:1b:e6:81:dc:8d:57:47:49:
         f8:b9:f5:52:31:98:85:6d:02:de:37:e5:86:4e:f8:9f:d8:0a:
         b4:fb:6f:d3:d9:47:d8:6c:48:3a:e8:1f:04:c5:66:31:99:97:
         f7:18:e0:45:60:52:80:8b:a5:cc:29:fb:38:4b:72:1d:cc:e8:
         3b:fb:31:00:70:36:38:58:4b:c9:cc:2c:66:0e:43:d1:e0:60:
         3b:a1:8a:82:02:db:e4:98:0a:ec:90:c9:d7:60:51:0c:69:97:
         f1:54:3c:41:d3:d0:41:2c:8d:0a:27:e7:d8:ef:48:8e:c7:c9:
         f4:49:9c:e4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGt/+9kBPNkKvRZ6FMKCCtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YThlOTNkM2Y1OTBmNDQ1MGQxZGIzYzIwNzQ1OTgyNDQz
NTNlOTMwHhcNMjQwMTAxMjAyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmNkNWI2Y2U0NWI3MzhmZDczMDVjOTVhZDM3MDE3ZWI4YzkyODY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk7Cd8nfmxnvcZkPHXoVqXDtuGPHK
O47wXXEViCRpwvPXDJMt7xVbSTFpbP7lGf9zN5SQg/f3OtbYJSkqQbXGAwm1b0hi
jvOsgQymf/yn6YJZUD2rLtaN19RI0G0eg3b8Q1g5L6vCq84IMGSOCz5/wsCabadc
uVnGow5JPjJg9KrBhL1ADes1E2dZJ/DHw2hXvWtgTLbkfCjNiOpDk3yC1skqCHL3
70wx4OmrV1jqaewHykV92FyLjgVLwFNAA0GTknxmsPSj4tdatIM0Wo0KP0L7hCcR
VEF2iwRrMcpzHgD4PCR/8Me7k3jymMY5LhJTy4oPuEhG8DEKsyt64unK9wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNbNW2zkW3OP1zBcla03AX64yShlMB8GA1UdIwQY
MBaAFGio6T0/WQ9EUNHbPCB0WYJENT6TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUtqcFBUOVpEMFJRMGRzOElIUlpna1ExUHBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9iYjNiMjktODFlNS00NWEyLTgxZWMt
MjVkZDRjYmIzNjk4LzEvMXMxYmJPUmJjNF9YTUZ5VnJUY0JmcmpKS0dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9iYjNiMjktODFlNS00NWEyLTgxZWMtMjVkZDRjYmIzNjk4
LzEvYUtqcFBUOVpEMFJRMGRzOElIUlpna1ExUHBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDsv/AAwQE
2RJAMA0EAgACMAcDBQAqABnAMA0GCSqGSIb3DQEBCwUAA4IBAQAwYRFhqlQGPstU
CvU3yK7577/J+goE39V0ve42gOI+I9NGqEa3/77qHzo35xCzflQ3AM6QDqPGiSg8
euzadkJ5y3vQZmNvhCw+x/bfQNcXqf6B2kG2bcaiN7VCeFUiVg854Tbv2I08w56q
JH1XTM4pUJmD8I4/FAGVfmHMz5eBoL7lfcJpHxNRG+aB3I1XR0n4ufVSMZiFbQLe
N+WGTvif2Aq0+2/T2UfYbEg66B8ExWYxmZf3GOBFYFKAi6XMKfs4S3IdzOg7+zEA
cDY4WEvJzCxmDkPR4GA7oYqCAtvkmArskMnXYFEMaZfxVDxB09BBLI0KJ+fY70iO
x8n0SZzk
-----END CERTIFICATE-----