Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/31e0d4-35ce-4d02-9734-d78fb97f9828/1/CpUT5pZwZGUz-sEd19v2u6z7Ia4.roa
File:                     CpUT5pZwZGUz-sEd19v2u6z7Ia4.roa (raw, json)
Hash identifier:          ozm50eCW9GllA0047JaXtY6SJ31Gc5McKeSAUN4sqq4=
Subject key identifier:   0A:95:13:E6:96:70:64:65:33:FA:C1:1D:D7:DB:F6:BB:AC:FB:21:AE
Certificate issuer:       /CN=4ee52752a81bdfe0a401f9a261d79fee4b617115
Certificate serial:       018CC3B745DF8D40F71FB5A6845EC0F10877
Authority key identifier: 4E:E5:27:52:A8:1B:DF:E0:A4:01:F9:A2:61:D7:9F:EE:4B:61:71:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TuUnUqgb3-CkAfmiYdef7kthcRU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/31e0d4-35ce-4d02-9734-d78fb97f9828/1/CpUT5pZwZGUz-sEd19v2u6z7Ia4.roa
Signing time:             Mon 01 Jan 2024 06:30:17 +0000
ROA not before:           Mon 01 Jan 2024 06:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8303
IP address blocks:        149.219.0.0/16 maxlen: 16
                          149.219.249.0/24 maxlen: 24
                          149.219.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/31e0d4-35ce-4d02-9734-d78fb97f9828/1/TuUnUqgb3-CkAfmiYdef7kthcRU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/31e0d4-35ce-4d02-9734-d78fb97f9828/1/TuUnUqgb3-CkAfmiYdef7kthcRU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TuUnUqgb3-CkAfmiYdef7kthcRU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:45:df:8d:40:f7:1f:b5:a6:84:5e:c0:f1:08:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ee52752a81bdfe0a401f9a261d79fee4b617115
        Validity
            Not Before: Jan  1 06:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a9513e69670646533fac11dd7dbf6bbacfb21ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:dc:df:fd:a7:0c:0f:b2:82:a7:b6:5f:23:d1:
                    1a:2e:48:a2:bf:45:8b:68:03:9a:d1:97:d3:59:96:
                    d2:9f:27:67:cf:7b:f0:05:d0:f5:a9:83:ac:d8:88:
                    78:2a:64:32:63:f5:64:72:c1:ce:58:19:1c:56:c2:
                    08:46:bb:7a:c3:6b:31:c7:52:4b:03:ab:2d:53:a5:
                    18:f1:75:0c:8c:21:f2:4a:fd:f7:8c:f3:e7:a6:72:
                    2d:0e:7b:ec:64:04:b1:e6:04:70:ce:6a:91:cc:1d:
                    78:06:dc:15:5d:ab:78:83:72:0b:d8:9a:d0:a3:2b:
                    c1:14:eb:22:c6:3c:64:9d:4d:25:d0:f1:73:92:ab:
                    7e:87:55:39:da:31:f0:17:32:e6:2b:fc:4a:39:b8:
                    d6:0e:cc:20:40:3e:4b:04:72:7b:db:14:df:28:e7:
                    6b:59:8c:38:d3:58:9d:15:b1:90:47:eb:22:af:4e:
                    ce:15:4d:ea:32:2b:30:08:44:bb:7b:e3:c9:c5:fc:
                    d4:17:d9:ad:c2:47:a7:f1:90:bc:80:0d:d9:e4:0f:
                    2a:a7:ab:b3:1f:9a:b7:91:b3:20:97:38:0c:87:ed:
                    db:25:51:0b:e2:e4:41:d1:c0:03:2c:92:fd:3d:8c:
                    d4:33:34:d6:90:b0:eb:b2:72:ef:00:ca:8c:1f:e2:
                    0f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:95:13:E6:96:70:64:65:33:FA:C1:1D:D7:DB:F6:BB:AC:FB:21:AE
            X509v3 Authority Key Identifier:
                keyid:4E:E5:27:52:A8:1B:DF:E0:A4:01:F9:A2:61:D7:9F:EE:4B:61:71:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TuUnUqgb3-CkAfmiYdef7kthcRU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/31e0d4-35ce-4d02-9734-d78fb97f9828/1/CpUT5pZwZGUz-sEd19v2u6z7Ia4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/31e0d4-35ce-4d02-9734-d78fb97f9828/1/TuUnUqgb3-CkAfmiYdef7kthcRU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.219.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         73:d8:c6:9a:17:db:6e:99:f4:89:49:24:92:34:5a:fe:55:78:
         ff:a8:3f:01:f9:4f:8f:07:36:29:b0:ac:cd:9e:3e:11:80:3f:
         a4:7b:c7:60:a9:58:5e:04:b8:e5:87:9a:80:a3:fc:5a:d8:94:
         fe:c3:15:28:7f:40:fb:b4:a1:a9:1a:01:ed:56:9c:d1:ea:37:
         1c:09:45:2d:14:e5:02:3f:66:6f:e9:c9:bb:b4:1f:18:47:39:
         03:0b:72:c2:b0:5c:ef:5c:38:19:e7:69:ec:58:1a:f8:1d:4e:
         82:2c:03:89:92:8b:52:ed:ac:78:d5:f1:c8:ba:d6:a0:9a:04:
         0d:c0:b3:25:2a:3b:a7:5b:41:2d:cd:e2:ed:f2:a4:47:c1:90:
         02:7f:fb:8f:5b:ec:77:0c:b2:7c:ac:cf:36:c1:5b:75:49:c0:
         98:4a:94:a3:55:93:a0:c7:c8:3e:02:1f:d2:18:de:0d:05:10:
         84:70:a5:12:e7:01:1c:52:4e:e1:2a:fd:fc:df:0d:7d:50:ec:
         ca:64:6b:51:02:05:70:ae:44:f4:94:e3:b3:f6:e3:f4:af:67:
         7a:b8:c9:7e:8d:71:c9:d4:43:b3:e9:c4:a2:2c:ac:0e:e8:b2:
         a8:4a:99:f2:27:ba:4a:9b:23:39:49:25:59:5b:03:19:4d:32:
         07:b7:47:82
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzDt0XfjUD3H7WmhF7A8Qh3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZTUyNzUyYTgxYmRmZTBhNDAxZjlhMjYxZDc5ZmVlNGI2
MTcxMTUwHhcNMjQwMTAxMDYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTk1MTNlNjk2NzA2NDY1MzNmYWMxMWRkN2RiZjZiYmFjZmIyMWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodzf/acMD7KCp7ZfI9EaLkiiv0WL
aAOa0ZfTWZbSnydnz3vwBdD1qYOs2Ih4KmQyY/VkcsHOWBkcVsIIRrt6w2sxx1JL
A6stU6UY8XUMjCHySv33jPPnpnItDnvsZASx5gRwzmqRzB14BtwVXat4g3IL2JrQ
oyvBFOsixjxknU0l0PFzkqt+h1U52jHwFzLmK/xKObjWDswgQD5LBHJ72xTfKOdr
WYw401idFbGQR+sir07OFU3qMiswCES7e+PJxfzUF9mtwken8ZC8gA3Z5A8qp6uz
H5q3kbMglzgMh+3bJVEL4uRB0cADLJL9PYzUMzTWkLDrsnLvAMqMH+IP1QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFAqVE+aWcGRlM/rBHdfb9rus+yGuMB8GA1UdIwQY
MBaAFE7lJ1KoG9/gpAH5omHXn+5LYXEVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHVVblVxZ2IzLUNrQWZtaVlkZWY3a3RoY1JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy8zMWUwZDQtMzVjZS00ZDAyLTk3MzQt
ZDc4ZmI5N2Y5ODI4LzEvQ3BVVDVwWndaR1V6LXNFZDE5djJ1Nno3SWE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy8zMWUwZDQtMzVjZS00ZDAyLTk3MzQtZDc4ZmI5N2Y5ODI4
LzEvVHVVblVxZ2IzLUNrQWZtaVlkZWY3a3RoY1JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAldswDQYJ
KoZIhvcNAQELBQADggEBAHPYxpoX226Z9IlJJJI0Wv5VeP+oPwH5T48HNimwrM2e
PhGAP6R7x2CpWF4EuOWHmoCj/FrYlP7DFSh/QPu0oakaAe1WnNHqNxwJRS0U5QI/
Zm/pybu0HxhHOQMLcsKwXO9cOBnnaexYGvgdToIsA4mSi1LtrHjV8ci61qCaBA3A
syUqO6dbQS3N4u3ypEfBkAJ/+49b7HcMsnyszzbBW3VJwJhKlKNVk6DHyD4CH9IY
3g0FEIRwpRLnARxSTuEq/fzfDX1Q7Mpka1ECBXCuRPSU47P24/SvZ3q4yX6NccnU
Q7PpxKIsrA7osqhKmfInukqbIzlJJVlbAxlNMge3R4I=
-----END CERTIFICATE-----