Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/or06vnHu0OlegECluMyQb7vAHNc.roa
File:                     or06vnHu0OlegECluMyQb7vAHNc.roa (raw, json)
Hash identifier:          BnPis9kS2GHs5VHGoiI6TFPZhglK4BYa+1grzQocPII=
Subject key identifier:   A2:BD:3A:BE:71:EE:D0:E9:5E:80:40:A5:B8:CC:90:6F:BB:C0:1C:D7
Certificate issuer:       /CN=b2ed1d6066f4e4654ef5f3cc70a5d905a9af8290
Certificate serial:       018E3C17A00BEF300E59CDAB284EB0F0117E
Authority key identifier: B2:ED:1D:60:66:F4:E4:65:4E:F5:F3:CC:70:A5:D9:05:A9:AF:82:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/su0dYGb05GVO9fPMcKXZBamvgpA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/or06vnHu0OlegECluMyQb7vAHNc.roa
Signing time:             Thu 14 Mar 2024 08:32:44 +0000
ROA not before:           Thu 14 Mar 2024 08:32:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50866
IP address blocks:        217.145.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/su0dYGb05GVO9fPMcKXZBamvgpA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/su0dYGb05GVO9fPMcKXZBamvgpA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/su0dYGb05GVO9fPMcKXZBamvgpA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3c:17:a0:0b:ef:30:0e:59:cd:ab:28:4e:b0:f0:11:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2ed1d6066f4e4654ef5f3cc70a5d905a9af8290
        Validity
            Not Before: Mar 14 08:32:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2bd3abe71eed0e95e8040a5b8cc906fbbc01cd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ad:0d:7c:08:0e:3c:99:70:69:30:9b:ad:a6:
                    70:37:43:13:f9:8a:f4:71:76:ea:e3:34:c4:8f:3e:
                    88:9f:fc:63:e5:82:a8:5f:45:5f:1f:68:84:85:89:
                    80:fb:2e:de:d1:66:97:1f:4e:ff:ba:2f:fa:db:71:
                    77:57:43:6a:28:ff:37:3a:6e:ed:41:3e:27:b7:c9:
                    26:d9:9c:ab:c2:01:10:2a:4f:ab:07:5a:3b:28:94:
                    78:00:a5:41:66:22:9e:c7:0e:85:38:fe:f8:80:48:
                    7d:7f:01:1a:6b:2e:fe:6b:e4:09:53:1e:53:11:60:
                    50:e4:99:1c:e0:22:85:97:c6:cd:3b:fa:7d:9c:02:
                    85:86:6a:96:4e:6d:28:77:56:43:ec:fa:b2:4a:4a:
                    c0:38:ed:0c:e4:bb:74:db:18:d2:50:01:d7:86:fb:
                    ca:70:43:a7:11:d1:1d:e8:f3:e0:22:29:92:f1:86:
                    9c:da:51:0e:67:85:2b:39:18:ea:3e:2d:9d:21:b2:
                    e8:a6:f8:8d:12:9a:52:43:05:b8:4a:ec:ee:00:fe:
                    3b:60:74:c9:6c:68:4e:3f:5c:31:b8:bb:c8:6e:e3:
                    1c:84:09:48:09:03:3d:e3:c0:13:10:94:c7:f1:74:
                    f2:fa:70:9a:3f:62:cf:d5:9d:b3:60:df:91:9b:0f:
                    e0:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:BD:3A:BE:71:EE:D0:E9:5E:80:40:A5:B8:CC:90:6F:BB:C0:1C:D7
            X509v3 Authority Key Identifier:
                keyid:B2:ED:1D:60:66:F4:E4:65:4E:F5:F3:CC:70:A5:D9:05:A9:AF:82:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/su0dYGb05GVO9fPMcKXZBamvgpA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/or06vnHu0OlegECluMyQb7vAHNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/su0dYGb05GVO9fPMcKXZBamvgpA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.145.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:9a:59:0a:99:b1:5f:b3:85:4f:63:46:47:93:03:ea:cd:ee:
         c9:e9:90:59:9c:7f:e1:5b:b3:d3:66:30:64:64:be:90:2e:43:
         99:05:52:08:cd:bb:0c:22:93:b9:a9:65:e5:ec:f1:96:b5:fe:
         d8:b7:a2:e0:cb:3d:56:ff:e2:39:c6:f7:06:d8:8d:f2:cc:5e:
         4b:df:29:7a:e2:e9:2d:4a:a6:36:2c:0a:41:f7:3e:32:f9:99:
         15:e9:33:9b:58:ae:b6:14:b0:0e:61:d8:49:3c:2d:61:0f:83:
         3e:8e:ca:bd:38:d6:74:22:fc:e2:70:07:94:cc:c3:8e:45:8c:
         8f:6c:b5:58:69:8a:3a:de:06:9a:ef:d2:1a:49:13:65:c8:e9:
         f7:56:17:9d:ac:f9:f4:70:4d:fa:61:4b:e8:1b:fe:bc:5d:92:
         bc:c7:b8:89:b2:19:62:6f:06:ba:2d:26:7e:ea:fe:90:95:bd:
         86:e7:82:1d:bc:54:ef:9f:25:47:e8:9f:2e:9d:83:ad:45:b0:
         7e:ea:2e:56:a0:4f:e4:10:77:81:6f:11:22:84:1c:8b:a9:60:
         65:81:03:97:70:2f:38:f9:06:e6:f3:5e:01:4e:bc:a0:da:79:
         61:83:36:07:b9:f2:72:1e:3a:ec:fd:8f:3d:2b:57:7b:01:c8:
         2f:a3:e4:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY48F6AL7zAOWc2rKE6w8BF+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZWQxZDYwNjZmNGU0NjU0ZWY1ZjNjYzcwYTVkOTA1YTlh
ZjgyOTAwHhcNMjQwMzE0MDgzMjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmJkM2FiZTcxZWVkMGU5NWU4MDQwYTViOGNjOTA2ZmJiYzAxY2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApq0NfAgOPJlwaTCbraZwN0MT+Yr0
cXbq4zTEjz6In/xj5YKoX0VfH2iEhYmA+y7e0WaXH07/ui/623F3V0NqKP83Om7t
QT4nt8km2ZyrwgEQKk+rB1o7KJR4AKVBZiKexw6FOP74gEh9fwEaay7+a+QJUx5T
EWBQ5Jkc4CKFl8bNO/p9nAKFhmqWTm0od1ZD7PqySkrAOO0M5Lt02xjSUAHXhvvK
cEOnEdEd6PPgIimS8Yac2lEOZ4UrORjqPi2dIbLopviNEppSQwW4SuzuAP47YHTJ
bGhOP1wxuLvIbuMchAlICQM948ATEJTH8XTy+nCaP2LP1Z2zYN+Rmw/gyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKK9Or5x7tDpXoBApbjMkG+7wBzXMB8GA1UdIwQY
MBaAFLLtHWBm9ORlTvXzzHCl2QWpr4KQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3UwZFlHYjA1R1ZPOWZQTWNLWFpCYW12Z3BBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8xMTgyY2ItNWY5NS00Y2Q0LWI3MmYt
NDZiNDZmYzBlNDk2LzEvb3IwNnZuSHUwT2xlZ0VDbHVNeVFiN3ZBSE5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8xMTgyY2ItNWY5NS00Y2Q0LWI3MmYtNDZiNDZmYzBlNDk2
LzEvc3UwZFlHYjA1R1ZPOWZQTWNLWFpCYW12Z3BBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZGmMA0G
CSqGSIb3DQEBCwUAA4IBAQAnmlkKmbFfs4VPY0ZHkwPqze7J6ZBZnH/hW7PTZjBk
ZL6QLkOZBVIIzbsMIpO5qWXl7PGWtf7Yt6Lgyz1W/+I5xvcG2I3yzF5L3yl64ukt
SqY2LApB9z4y+ZkV6TObWK62FLAOYdhJPC1hD4M+jsq9ONZ0IvzicAeUzMOORYyP
bLVYaYo63gaa79IaSRNlyOn3VhedrPn0cE36YUvoG/68XZK8x7iJshlibwa6LSZ+
6v6Qlb2G54IdvFTvnyVH6J8unYOtRbB+6i5WoE/kEHeBbxEihByLqWBlgQOXcC84
+Qbm814BTryg2nlhgzYHufJyHjrs/Y89K1d7Acgvo+SF
-----END CERTIFICATE-----