Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/641f45-b933-4019-aa7a-ad513574a404/1/OcRBpDVYbxbGXOhjxD4n1FGgckc.roa
File:                     OcRBpDVYbxbGXOhjxD4n1FGgckc.roa (raw, json)
Hash identifier:          9AHCR5ToDY/D4gtAnu8wcO1te4IHWefeVqfEbWQdihI=
Subject key identifier:   39:C4:41:A4:35:58:6F:16:C6:5C:E8:63:C4:3E:27:D4:51:A0:72:47
Certificate issuer:       /CN=05a3b616407b97e26116334877c6aa928aaaeeb2
Certificate serial:       018CC94D61CAD575760A1B360241D940D77B
Authority key identifier: 05:A3:B6:16:40:7B:97:E2:61:16:33:48:77:C6:AA:92:8A:AA:EE:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BaO2FkB7l-JhFjNId8aqkoqq7rI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/641f45-b933-4019-aa7a-ad513574a404/1/OcRBpDVYbxbGXOhjxD4n1FGgckc.roa
Signing time:             Tue 02 Jan 2024 08:32:20 +0000
ROA not before:           Tue 02 Jan 2024 08:32:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198024
IP address blocks:        161.41.128.0/17 maxlen: 17
                          161.41.0.0/17 maxlen: 17

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/641f45-b933-4019-aa7a-ad513574a404/1/BaO2FkB7l-JhFjNId8aqkoqq7rI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/641f45-b933-4019-aa7a-ad513574a404/1/BaO2FkB7l-JhFjNId8aqkoqq7rI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BaO2FkB7l-JhFjNId8aqkoqq7rI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 20:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:61:ca:d5:75:76:0a:1b:36:02:41:d9:40:d7:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05a3b616407b97e26116334877c6aa928aaaeeb2
        Validity
            Not Before: Jan  2 08:32:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39c441a435586f16c65ce863c43e27d451a07247
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:3d:c7:50:61:88:2d:1d:f6:46:a6:8d:f0:d5:
                    70:c2:82:09:b8:d9:45:93:7f:dc:b3:cd:23:a7:20:
                    8e:78:76:8c:61:d0:c5:05:04:88:9a:f0:d6:ba:62:
                    2a:f4:74:1b:47:31:3f:95:92:b9:79:5f:2d:50:93:
                    08:1a:95:f0:9e:46:e2:5b:7c:89:a3:f2:c8:3d:25:
                    1f:cb:31:5b:72:f4:6d:a6:dc:23:07:4e:e8:0d:e8:
                    af:94:7d:92:f4:8e:2e:34:60:cb:2e:bc:b5:15:5a:
                    76:7d:34:2a:fc:35:78:c5:38:72:60:70:73:d0:a9:
                    4c:8c:af:6f:06:76:00:95:14:81:f8:d5:f5:6a:3c:
                    bf:c3:bc:58:b6:d9:08:93:f9:e2:1c:0f:09:1f:31:
                    2c:4f:44:51:66:33:45:6f:23:7a:9c:22:7e:85:4a:
                    b9:ef:43:b5:00:0d:3f:91:5e:96:46:97:21:3c:e6:
                    be:ca:08:94:7e:52:c8:a1:e4:72:f0:6a:b7:3a:bf:
                    03:eb:e3:7c:fe:27:77:1e:64:c5:68:39:c9:29:ac:
                    c4:e2:a1:d5:9c:02:64:10:ab:af:51:e7:f4:48:7e:
                    79:b7:b6:11:bc:0d:1f:8b:ff:aa:54:9e:cf:39:e1:
                    a5:49:ab:cc:ac:9a:c7:33:1a:11:bc:94:60:5b:80:
                    5c:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:C4:41:A4:35:58:6F:16:C6:5C:E8:63:C4:3E:27:D4:51:A0:72:47
            X509v3 Authority Key Identifier:
                keyid:05:A3:B6:16:40:7B:97:E2:61:16:33:48:77:C6:AA:92:8A:AA:EE:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BaO2FkB7l-JhFjNId8aqkoqq7rI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/641f45-b933-4019-aa7a-ad513574a404/1/OcRBpDVYbxbGXOhjxD4n1FGgckc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/641f45-b933-4019-aa7a-ad513574a404/1/BaO2FkB7l-JhFjNId8aqkoqq7rI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.41.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3d:35:c8:c9:4d:82:ea:8b:15:3c:f2:21:0f:d4:7a:82:75:20:
         9c:d0:3d:50:f7:a0:25:85:44:43:2f:47:4e:28:ea:98:89:93:
         b7:d5:f0:61:68:6f:38:2a:3a:0b:fa:81:94:42:a4:93:4b:4e:
         03:a8:de:e2:14:ec:95:40:10:ce:2a:a3:6a:50:3a:c1:e6:d9:
         be:42:39:bd:81:39:67:ef:c5:72:a4:1c:f7:3d:99:3a:86:02:
         26:74:84:9b:b5:88:4d:8b:80:c9:05:63:16:ef:54:23:50:92:
         f1:34:7c:cb:4f:89:5a:df:ae:0c:0d:83:52:ae:e5:99:ef:88:
         f0:9c:8e:22:61:ee:6e:f3:9e:d8:7a:ba:09:f1:94:08:ca:78:
         79:5d:c8:c2:1a:f1:fa:ab:9d:3a:44:dc:64:b5:6b:f6:3a:49:
         3e:8a:1b:db:51:00:b5:8c:ac:35:f1:51:f5:2e:89:8e:26:22:
         6c:28:6c:26:45:33:6b:2f:a0:f9:dd:0a:5a:f9:67:f4:b9:84:
         93:ec:43:45:f1:f2:05:e0:38:1b:b8:3c:43:4b:61:3f:2b:9a:
         72:41:1e:0c:b3:e8:dc:a4:d8:4e:54:d2:b0:2f:5a:81:9a:d0:
         e5:74:eb:a7:ff:8b:12:41:c7:f0:75:2e:b6:09:c6:99:dd:1e:
         6b:22:17:74
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzJTWHK1XV2Chs2AkHZQNd7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YTNiNjE2NDA3Yjk3ZTI2MTE2MzM0ODc3YzZhYTkyOGFh
YWVlYjIwHhcNMjQwMTAyMDgzMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWM0NDFhNDM1NTg2ZjE2YzY1Y2U4NjNjNDNlMjdkNDUxYTA3MjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmj3HUGGILR32RqaN8NVwwoIJuNlF
k3/cs80jpyCOeHaMYdDFBQSImvDWumIq9HQbRzE/lZK5eV8tUJMIGpXwnkbiW3yJ
o/LIPSUfyzFbcvRtptwjB07oDeivlH2S9I4uNGDLLry1FVp2fTQq/DV4xThyYHBz
0KlMjK9vBnYAlRSB+NX1ajy/w7xYttkIk/niHA8JHzEsT0RRZjNFbyN6nCJ+hUq5
70O1AA0/kV6WRpchPOa+ygiUflLIoeRy8Gq3Or8D6+N8/id3HmTFaDnJKazE4qHV
nAJkEKuvUef0SH55t7YRvA0fi/+qVJ7POeGlSavMrJrHMxoRvJRgW4BcNQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFDnEQaQ1WG8WxlzoY8Q+J9RRoHJHMB8GA1UdIwQY
MBaAFAWjthZAe5fiYRYzSHfGqpKKqu6yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmFPMkZrQjdsLUpoRmpOSWQ4YXFrb3FxN3JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi82NDFmNDUtYjkzMy00MDE5LWFhN2Et
YWQ1MTM1NzRhNDA0LzEvT2NSQnBEVllieGJHWE9oanhENG4xRkdnY2tjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi82NDFmNDUtYjkzMy00MDE5LWFhN2EtYWQ1MTM1NzRhNDA0
LzEvQmFPMkZrQjdsLUpoRmpOSWQ4YXFrb3FxN3JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAoSkwDQYJ
KoZIhvcNAQELBQADggEBAD01yMlNguqLFTzyIQ/UeoJ1IJzQPVD3oCWFREMvR04o
6piJk7fV8GFobzgqOgv6gZRCpJNLTgOo3uIU7JVAEM4qo2pQOsHm2b5COb2BOWfv
xXKkHPc9mTqGAiZ0hJu1iE2LgMkFYxbvVCNQkvE0fMtPiVrfrgwNg1Ku5ZnviPCc
jiJh7m7znth6ugnxlAjKeHldyMIa8fqrnTpE3GS1a/Y6ST6KG9tRALWMrDXxUfUu
iY4mImwobCZFM2svoPndClr5Z/S5hJPsQ0Xx8gXgOBu4PENLYT8rmnJBHgyz6Nyk
2E5U0rAvWoGa0OV066f/ixJBx/B1LrYJxpndHmsiF3Q=
-----END CERTIFICATE-----