Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/ORhBz4KRm2gloGHlSyClusZu9tI.roa
File:                     ORhBz4KRm2gloGHlSyClusZu9tI.roa (raw, json)
Hash identifier:          JbsoogMNWD/lhbP+4vVwr6exl7qtpby38NnKeDDSUtY=
Subject key identifier:   39:18:41:CF:82:91:9B:68:25:A0:61:E5:4B:20:A5:BA:C6:6E:F6:D2
Certificate issuer:       /CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
Certificate serial:       018CC26D2CDDBC8C8928D0C7E796AD1CFB43
Authority key identifier: 29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/ORhBz4KRm2gloGHlSyClusZu9tI.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25151
IP address blocks:        2.57.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2c:dd:bc:8c:89:28:d0:c7:e7:96:ad:1c:fb:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=391841cf82919b6825a061e54b20a5bac66ef6d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:e8:44:53:a3:53:cf:ae:f0:c7:2e:5d:e2:b9:
                    23:b6:6c:75:70:dc:1e:0e:28:21:0b:9d:28:d4:11:
                    b3:a4:48:b3:74:b2:6a:dc:5e:82:05:1e:3c:08:22:
                    0a:17:c3:31:e2:ef:5c:38:79:b2:33:4c:d2:20:02:
                    fc:8f:f3:47:ad:2c:34:83:d1:2b:c6:b6:a0:2a:b0:
                    d7:26:1a:1c:25:78:a3:10:00:bb:da:e8:03:d6:85:
                    74:58:dc:a7:2b:8f:55:e5:d5:ff:b3:f3:22:a9:ad:
                    9e:32:ac:7e:59:8f:8e:c4:e1:d2:c2:ee:e1:48:d0:
                    c4:11:94:fe:d4:2d:f0:d9:19:80:e7:d3:b4:3d:92:
                    4b:0e:10:d9:2b:fa:20:04:80:d8:d5:15:32:bf:b2:
                    75:7f:78:18:ce:dd:3a:b0:5d:2a:78:89:39:ad:bf:
                    e4:c3:39:c0:c6:b9:a2:3b:51:26:00:3c:9c:fb:cc:
                    51:d2:c8:79:91:74:9f:43:dd:7e:cb:75:df:8d:18:
                    88:fb:ca:17:a2:f7:1b:05:38:d5:3b:17:b1:12:e7:
                    a1:b4:b6:a4:26:df:85:57:68:52:aa:ff:47:12:4b:
                    c3:7d:ab:93:5e:90:0e:e9:1f:d4:41:1c:20:60:1b:
                    5d:5b:e2:b9:e5:a9:0a:fc:a3:b4:04:93:73:a7:cd:
                    c8:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:18:41:CF:82:91:9B:68:25:A0:61:E5:4B:20:A5:BA:C6:6E:F6:D2
            X509v3 Authority Key Identifier:
                keyid:29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/ORhBz4KRm2gloGHlSyClusZu9tI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:e9:de:3c:c6:ec:95:fb:ff:d8:5c:22:88:0b:17:f0:56:fc:
         2a:2d:31:41:91:f5:02:3a:a7:86:66:13:25:1f:bb:d2:63:01:
         10:34:bd:07:cb:e8:21:78:ff:a0:56:ad:21:7e:7e:6e:32:2a:
         f3:5d:c4:e3:ca:19:fb:2a:a6:03:f9:45:27:ed:32:f5:6a:d5:
         10:98:0b:b7:12:b5:82:d0:4f:f4:a5:af:d4:40:ff:33:9b:eb:
         dd:ff:e9:62:66:4b:6a:b9:37:86:b6:ac:bf:5b:fc:ae:14:45:
         50:75:33:f7:98:a5:69:5d:b0:70:bc:06:a0:e3:14:55:93:3c:
         87:0d:d8:94:3f:d8:76:e0:c2:5e:63:43:cb:bf:65:43:af:40:
         69:1c:a9:f4:be:1e:92:63:07:2c:fa:98:fb:6c:5f:f6:6c:fb:
         97:5a:f0:05:27:92:f7:d7:bf:55:93:65:ad:cb:28:16:69:c5:
         cf:c0:40:72:04:cc:16:55:c2:db:23:51:b0:90:de:49:7c:7b:
         96:50:a0:d4:76:f6:a8:19:e7:7d:71:4f:98:24:a6:d0:ec:af:
         38:0c:cc:15:6b:b9:6d:35:6d:8b:7e:28:bb:1d:2a:ee:80:0b:
         5f:d9:d5:c0:93:0f:c5:f8:7b:b1:cf:f8:0f:16:80:35:4d:28:
         a7:e9:f7:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSzdvIyJKNDH55atHPtDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDlmZmZjZDgxYTY2YmM5OGI2MjlkNGMwNTc5MjQ3NjQ1
ZjBmZTQwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTE4NDFjZjgyOTE5YjY4MjVhMDYxZTU0YjIwYTViYWM2NmVmNmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ehEU6NTz67wxy5d4rkjtmx1cNwe
DighC50o1BGzpEizdLJq3F6CBR48CCIKF8Mx4u9cOHmyM0zSIAL8j/NHrSw0g9Er
xragKrDXJhocJXijEAC72ugD1oV0WNynK49V5dX/s/Miqa2eMqx+WY+OxOHSwu7h
SNDEEZT+1C3w2RmA59O0PZJLDhDZK/ogBIDY1RUyv7J1f3gYzt06sF0qeIk5rb/k
wznAxrmiO1EmADyc+8xR0sh5kXSfQ91+y3XfjRiI+8oXovcbBTjVOxexEuehtLak
Jt+FV2hSqv9HEkvDfauTXpAO6R/UQRwgYBtdW+K55akK/KO0BJNzp83ItwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDkYQc+CkZtoJaBh5UsgpbrGbvbSMB8GA1UdIwQY
MBaAFCkJ//zYGma8mLYp1MBXkkdkXw/kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2Qt
ZjJhZTdiYzdlY2M1LzEvT1JoQno0S1JtMmdsb0dIbFN5Q2x1c1p1OXRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2QtZjJhZTdiYzdlY2M1
LzEvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjk4MA0G
CSqGSIb3DQEBCwUAA4IBAQAy6d48xuyV+//YXCKICxfwVvwqLTFBkfUCOqeGZhMl
H7vSYwEQNL0Hy+gheP+gVq0hfn5uMirzXcTjyhn7KqYD+UUn7TL1atUQmAu3ErWC
0E/0pa/UQP8zm+vd/+liZktquTeGtqy/W/yuFEVQdTP3mKVpXbBwvAag4xRVkzyH
DdiUP9h24MJeY0PLv2VDr0BpHKn0vh6SYwcs+pj7bF/2bPuXWvAFJ5L3179Vk2Wt
yygWacXPwEByBMwWVcLbI1GwkN5JfHuWUKDUdvaoGed9cU+YJKbQ7K84DMwVa7lt
NW2Lfii7HSrugAtf2dXAkw/F+Huxz/gPFoA1TSin6feT
-----END CERTIFICATE-----