Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/U1272dy41zTYjwnPj8-2Idt3roE.roa
File:                     U1272dy41zTYjwnPj8-2Idt3roE.roa (raw, json)
Hash identifier:          HBRbe8vXlfDOf5Xr29AKz99U1s/CahA+sDlacBUhPzQ=
Subject key identifier:   53:5D:BB:D9:DC:B8:D7:34:D8:8F:09:CF:8F:CF:B6:21:DB:77:AE:81
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       018CC7274E66583278EA1F71A93AA7B969E1
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/U1272dy41zTYjwnPj8-2Idt3roE.roa
Signing time:             Mon 01 Jan 2024 22:31:31 +0000
ROA not before:           Mon 01 Jan 2024 22:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41683
IP address blocks:        213.238.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:4e:66:58:32:78:ea:1f:71:a9:3a:a7:b9:69:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan  1 22:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=535dbbd9dcb8d734d88f09cf8fcfb621db77ae81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ff:6a:1b:d1:e1:a9:91:40:a0:31:4c:a3:dd:
                    ce:e0:3f:2d:c7:11:6a:24:52:a3:7a:03:fe:72:58:
                    bb:5b:f1:56:63:75:c2:35:3c:b1:c5:ec:5b:1d:cc:
                    3f:71:d9:66:4c:3e:b9:51:56:d1:e8:93:dd:4a:e0:
                    65:a9:49:b8:48:ad:04:dc:2f:20:2a:f1:96:9a:1b:
                    25:2d:e8:dd:e8:48:53:59:9c:38:a4:5b:dc:bc:a8:
                    ee:87:06:b0:58:14:53:23:d7:03:7b:b0:ef:a7:70:
                    93:78:77:1a:b5:2a:52:51:1d:49:7d:ec:86:d7:a7:
                    49:fa:ca:e3:2f:2e:7a:b4:34:d9:84:14:ec:e5:f6:
                    d6:b3:f8:11:8d:16:c3:b6:77:90:09:ee:8e:c6:9f:
                    68:8f:ce:c0:4b:43:a9:82:5e:8d:8e:d7:49:5e:02:
                    21:71:ad:e9:0f:88:c8:58:e9:c0:d1:1f:70:2b:3b:
                    80:e1:c0:3e:f8:c4:7c:77:5e:02:37:c4:99:2b:24:
                    dc:39:83:92:0e:2e:a0:c0:30:b8:e5:ce:db:cd:7b:
                    f7:46:32:3d:6e:ea:07:68:49:f9:2d:59:6e:98:f6:
                    38:da:30:b6:a6:11:1a:06:8c:a8:68:26:a1:5e:e4:
                    c1:c5:00:2e:be:4f:22:f5:11:b2:63:ac:f5:34:0a:
                    84:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:5D:BB:D9:DC:B8:D7:34:D8:8F:09:CF:8F:CF:B6:21:DB:77:AE:81
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/U1272dy41zTYjwnPj8-2Idt3roE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:41:5d:bd:69:0e:f9:69:07:e1:c5:a2:e8:40:db:5a:68:c5:
         92:45:1c:1d:06:08:44:05:0e:c5:38:02:cd:f3:c1:35:9b:8b:
         9c:0c:b3:73:f6:5f:e7:16:ee:3f:55:be:4d:7d:67:83:14:5d:
         fb:3a:0d:22:63:76:03:b0:33:95:f1:fd:12:b7:16:27:9d:e7:
         e0:88:15:87:78:f2:8f:ca:5b:b9:5c:42:48:11:2e:0f:49:83:
         8f:c3:79:8b:d9:3f:e2:71:d1:85:e8:7b:11:63:03:31:1f:d8:
         3b:32:2e:3a:d1:8a:06:35:e1:45:1f:41:e7:ca:87:4d:2e:6f:
         cd:51:da:06:58:a2:87:18:ee:ec:96:62:18:b7:19:a8:83:4f:
         2e:36:5a:35:fb:9f:4a:7a:a9:fb:c4:27:d5:74:56:bb:03:6a:
         85:89:fc:25:97:39:87:44:fd:20:44:73:14:1f:94:e6:6e:0a:
         a2:c6:8d:a7:7c:6b:bb:21:c5:02:be:39:04:f2:73:33:61:0a:
         3a:11:ff:10:58:c6:95:bc:73:dd:55:ab:58:22:ac:c3:62:55:
         9f:3f:62:17:7f:02:0f:95:54:3a:c5:4f:ab:f2:85:5d:da:dd:
         88:90:d6:b6:fd:92:a1:f7:25:09:22:5a:d4:20:cd:16:f7:79:
         4b:de:26:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ05mWDJ46h9xqTqnuWnhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjQwMTAxMjIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzVkYmJkOWRjYjhkNzM0ZDg4ZjA5Y2Y4ZmNmYjYyMWRiNzdhZTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlP9qG9HhqZFAoDFMo93O4D8txxFq
JFKjegP+cli7W/FWY3XCNTyxxexbHcw/cdlmTD65UVbR6JPdSuBlqUm4SK0E3C8g
KvGWmhslLejd6EhTWZw4pFvcvKjuhwawWBRTI9cDe7Dvp3CTeHcatSpSUR1JfeyG
16dJ+srjLy56tDTZhBTs5fbWs/gRjRbDtneQCe6Oxp9oj87AS0Opgl6NjtdJXgIh
ca3pD4jIWOnA0R9wKzuA4cA++MR8d14CN8SZKyTcOYOSDi6gwDC45c7bzXv3RjI9
buoHaEn5LVlumPY42jC2phEaBoyoaCahXuTBxQAuvk8i9RGyY6z1NAqEUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFNdu9ncuNc02I8Jz4/PtiHbd66BMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvVTEyNzJkeTQxelRZanduUGo4LTJJZHQzcm9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e6wMA0G
CSqGSIb3DQEBCwUAA4IBAQClQV29aQ75aQfhxaLoQNtaaMWSRRwdBghEBQ7FOALN
88E1m4ucDLNz9l/nFu4/Vb5NfWeDFF37Og0iY3YDsDOV8f0StxYnnefgiBWHePKP
ylu5XEJIES4PSYOPw3mL2T/icdGF6HsRYwMxH9g7Mi460YoGNeFFH0HnyodNLm/N
UdoGWKKHGO7slmIYtxmog08uNlo1+59Keqn7xCfVdFa7A2qFifwllzmHRP0gRHMU
H5Tmbgqixo2nfGu7IcUCvjkE8nMzYQo6Ef8QWMaVvHPdVatYIqzDYlWfP2IXfwIP
lVQ6xU+r8oVd2t2IkNa2/ZKh9yUJIlrUIM0W93lL3iYL
-----END CERTIFICATE-----