Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/40uOc8fzMoC7OpbqEKMrVJU00Rc.roa
File:                     40uOc8fzMoC7OpbqEKMrVJU00Rc.roa (raw, json)
Hash identifier:          PCcOdhCuq3dJ8wuFVaNAtRUgMLGjjZLLd/y/RX+XY4Q=
Subject key identifier:   E3:4B:8E:73:C7:F3:32:80:BB:3A:96:EA:10:A3:2B:54:95:34:D1:17
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       018CC3B6D3DD6C0AD080BE049BC4D425FD43
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/40uOc8fzMoC7OpbqEKMrVJU00Rc.roa
Signing time:             Mon 01 Jan 2024 06:29:48 +0000
ROA not before:           Mon 01 Jan 2024 06:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41167
IP address blocks:        217.110.62.0/24 maxlen: 24
                          217.111.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d3:dd:6c:0a:d0:80:be:04:9b:c4:d4:25:fd:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  1 06:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e34b8e73c7f33280bb3a96ea10a32b549534d117
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e2:96:76:d4:09:28:de:1b:c8:7d:fe:d6:82:
                    f4:39:85:c6:8b:2d:82:ad:4e:0f:05:90:d9:d1:1c:
                    be:03:6e:f5:c7:7c:25:ca:f1:ee:f2:60:08:8a:05:
                    06:46:3e:60:99:b3:5f:db:d5:8f:c7:fd:20:8e:5d:
                    ad:6c:c9:2d:05:61:5d:c2:80:48:04:ea:ad:8d:71:
                    c0:eb:eb:0a:e1:e7:52:91:75:3d:66:2f:a3:af:55:
                    10:31:e6:60:87:df:4d:1e:f3:a7:be:51:d8:89:00:
                    85:dc:8c:79:31:4f:01:c4:32:5b:44:ea:d5:7f:22:
                    6f:71:9b:c4:b1:6d:54:b7:66:50:e8:2a:9d:14:83:
                    73:4b:12:6b:21:72:1b:57:78:75:fe:1c:2f:80:bf:
                    3d:45:4b:26:9e:48:c3:c4:3c:6a:ab:83:2f:c9:5e:
                    e7:20:91:05:d3:aa:f4:37:f6:f8:3b:d2:8e:d8:f1:
                    bc:3d:85:2a:23:64:7e:15:b2:88:33:6d:8e:53:36:
                    11:fd:98:eb:91:a5:96:f3:15:12:11:cb:70:64:7f:
                    1d:08:ca:38:27:9b:4f:41:27:2b:08:ce:a2:72:c0:
                    a9:89:40:da:f4:c2:8b:65:e2:87:be:0e:89:3a:b5:
                    23:c9:1a:dd:78:82:72:8c:69:6b:2c:87:85:85:c0:
                    2d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:4B:8E:73:C7:F3:32:80:BB:3A:96:EA:10:A3:2B:54:95:34:D1:17
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/40uOc8fzMoC7OpbqEKMrVJU00Rc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.110.62.0/24
                  217.111.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:c0:f8:d4:6a:cc:da:75:62:20:73:b7:8b:2b:75:11:e3:12:
         4c:a8:38:75:b1:c1:bb:73:a8:7e:91:8d:35:10:b2:e7:59:f0:
         6a:e9:8f:86:dd:f5:73:41:6b:63:bb:cd:f5:59:67:d7:75:25:
         1f:23:f9:fe:1c:a7:5c:68:c4:69:4c:0d:14:13:39:00:9f:b9:
         4c:e5:15:1c:5b:f3:61:10:c1:d9:f6:68:a7:d8:4f:cd:e6:c2:
         48:b2:8b:ec:2f:49:86:8f:02:25:2b:49:42:7a:43:9a:9a:36:
         4a:90:90:5b:2f:30:cd:04:51:29:5a:ca:0a:a0:be:43:8b:f9:
         f6:e6:fa:01:53:5c:f9:02:83:09:3a:e1:cf:e2:4a:c3:36:65:
         59:5c:cc:4b:26:d9:6f:21:02:9e:f4:5d:fc:bf:14:af:79:15:
         15:c4:5e:0f:ba:05:e3:c5:be:91:5a:37:bf:19:83:f3:8e:98:
         e7:c0:34:ed:f2:fb:9a:19:ec:78:82:d0:9e:6a:8a:af:cb:53:
         9b:4d:33:8c:a6:4a:7d:e5:93:2e:e8:66:7a:a7:93:b4:0d:00:
         81:37:8c:cb:0e:4c:a7:9d:21:75:6e:8a:1e:9a:79:03:51:36:
         16:fb:26:b6:13:ac:d2:dc:08:93:02:55:b9:29:be:7d:6b:2c:
         c4:ea:50:09
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDttPdbArQgL4Em8TUJf1DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjQwMTAxMDYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzRiOGU3M2M3ZjMzMjgwYmIzYTk2ZWExMGEzMmI1NDk1MzRkMTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuKWdtQJKN4byH3+1oL0OYXGiy2C
rU4PBZDZ0Ry+A271x3wlyvHu8mAIigUGRj5gmbNf29WPx/0gjl2tbMktBWFdwoBI
BOqtjXHA6+sK4edSkXU9Zi+jr1UQMeZgh99NHvOnvlHYiQCF3Ix5MU8BxDJbROrV
fyJvcZvEsW1Ut2ZQ6CqdFINzSxJrIXIbV3h1/hwvgL89RUsmnkjDxDxqq4MvyV7n
IJEF06r0N/b4O9KO2PG8PYUqI2R+FbKIM22OUzYR/ZjrkaWW8xUSEctwZH8dCMo4
J5tPQScrCM6icsCpiUDa9MKLZeKHvg6JOrUjyRrdeIJyjGlrLIeFhcAtTwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFONLjnPH8zKAuzqW6hCjK1SVNNEXMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvNDB1T2M4ZnpNb0M3T3BicUVLTXJWSlUwMFJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA2W4+AwQA
2W8sMA0GCSqGSIb3DQEBCwUAA4IBAQBmwPjUaszadWIgc7eLK3UR4xJMqDh1scG7
c6h+kY01ELLnWfBq6Y+G3fVzQWtju831WWfXdSUfI/n+HKdcaMRpTA0UEzkAn7lM
5RUcW/NhEMHZ9min2E/N5sJIsovsL0mGjwIlK0lCekOamjZKkJBbLzDNBFEpWsoK
oL5Di/n25voBU1z5AoMJOuHP4krDNmVZXMxLJtlvIQKe9F38vxSveRUVxF4PugXj
xb6RWje/GYPzjpjnwDTt8vuaGex4gtCeaoqvy1ObTTOMpkp95ZMu6GZ6p5O0DQCB
N4zLDkynnSF1booemnkDUTYW+ya2E6zS3AiTAlW5Kb59ayzE6lAJ
-----END CERTIFICATE-----