Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/PifORIFtGnQ2ZOpQhgsEH1AQN0c.roa
File:                     PifORIFtGnQ2ZOpQhgsEH1AQN0c.roa (raw, json)
Hash identifier:          +Ea1AB3UCN0MHul8c+tQFqnpz3w9yV8r/6ffPnn59Lw=
Subject key identifier:   3E:27:CE:44:81:6D:1A:74:36:64:EA:50:86:0B:04:1F:50:10:37:47
Certificate issuer:       /CN=7afb5441d8ef8e41aa28dd51cdde925943aef7fa
Certificate serial:       018E09989FD0116C222DB46EEF53E86CFCE4
Authority key identifier: 7A:FB:54:41:D8:EF:8E:41:AA:28:DD:51:CD:DE:92:59:43:AE:F7:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/PifORIFtGnQ2ZOpQhgsEH1AQN0c.roa
Signing time:             Mon 04 Mar 2024 13:13:01 +0000
ROA not before:           Mon 04 Mar 2024 13:13:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        116.199.224.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:09:98:9f:d0:11:6c:22:2d:b4:6e:ef:53:e8:6c:fc:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7afb5441d8ef8e41aa28dd51cdde925943aef7fa
        Validity
            Not Before: Mar  4 13:13:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e27ce44816d1a743664ea50860b041f50103747
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:31:98:3c:b1:e6:80:49:6e:d8:0a:95:dd:97:
                    10:3c:7d:46:80:68:02:da:c0:6b:96:6c:ab:6f:86:
                    f9:16:ff:c5:a8:e7:09:32:84:3b:6f:40:a7:31:46:
                    38:01:bb:7d:65:77:32:46:55:a3:a2:7d:49:98:d3:
                    bf:2f:fe:3d:3f:3f:0a:d1:29:62:5e:6c:e2:eb:67:
                    cf:a0:3c:89:da:49:f2:8e:95:6f:88:99:bf:c7:ef:
                    7f:c8:64:c0:5e:14:ea:1b:3b:80:07:33:dc:dc:b2:
                    18:c4:9c:9d:ec:35:da:4e:2b:7f:bf:15:1a:38:c0:
                    ab:18:76:1c:1f:6b:3b:c4:2b:5d:d0:a8:8b:ba:13:
                    85:49:d2:54:33:ab:1d:1d:71:f1:ec:26:7a:8d:e3:
                    a3:5a:e5:e3:d0:cf:ed:d0:a0:39:b4:a9:0e:41:9e:
                    92:cc:af:ec:02:8f:cf:cd:33:a9:a2:48:d8:07:40:
                    05:c8:29:5e:3e:dc:ab:4c:5e:67:7b:1f:49:7a:78:
                    23:11:ed:92:6b:2a:14:1f:fd:04:31:e5:b0:f3:bb:
                    94:65:69:0f:48:4b:bf:a9:ed:a5:33:3c:e0:c4:d8:
                    04:5b:5b:98:7e:de:d2:28:35:05:d1:0b:62:5e:5a:
                    0f:29:9f:a9:ec:6e:4f:02:91:7c:0e:cf:b9:d6:b1:
                    f8:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:27:CE:44:81:6D:1A:74:36:64:EA:50:86:0B:04:1F:50:10:37:47
            X509v3 Authority Key Identifier:
                keyid:7A:FB:54:41:D8:EF:8E:41:AA:28:DD:51:CD:DE:92:59:43:AE:F7:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/PifORIFtGnQ2ZOpQhgsEH1AQN0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.199.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         36:dd:b4:e5:27:5c:44:74:00:97:07:22:88:d3:01:b4:d2:49:
         bb:2f:ad:47:c3:bf:59:58:c7:8e:3f:63:1c:76:bc:79:61:fa:
         e6:68:1c:8c:7b:7f:b0:4e:25:86:4c:8f:17:65:2a:f8:44:2a:
         f9:6b:25:d7:36:34:52:01:94:36:a2:5b:82:d7:73:07:62:cc:
         a1:38:8e:91:89:9b:e0:cc:8e:61:cb:69:2a:eb:77:20:68:bc:
         b0:57:9f:c5:98:09:b5:e4:d3:2b:c8:df:0f:b7:eb:e9:46:3a:
         9d:0e:ab:6f:7c:17:75:33:49:d3:cd:02:b8:f0:c7:a7:0c:71:
         db:9b:f5:8b:d2:10:d5:33:8b:03:b8:34:e8:06:2b:f8:de:fb:
         0a:a6:70:fa:c4:3c:1b:36:ff:14:36:4b:c6:91:20:5c:82:be:
         5d:e8:49:bd:71:5a:9d:6c:a0:5f:b9:7d:d2:2f:af:3c:d7:17:
         63:fa:03:89:6e:a6:0d:d7:12:e8:2f:e9:b5:c9:7e:50:18:2c:
         ff:4b:5d:2e:0a:42:f0:df:68:d3:ee:e1:87:13:f6:92:41:a1:
         10:c2:21:6b:57:87:70:28:eb:0e:d1:d3:e4:3e:6a:ee:84:1a:
         60:c1:4c:bc:83:96:19:3b:b7:ae:fb:7a:3c:4a:c2:54:96:73:
         5e:c4:52:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4JmJ/QEWwiLbRu71PobPzkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZmI1NDQxZDhlZjhlNDFhYTI4ZGQ1MWNkZGU5MjU5NDNh
ZWY3ZmEwHhcNMjQwMzA0MTMxMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTI3Y2U0NDgxNmQxYTc0MzY2NGVhNTA4NjBiMDQxZjUwMTAzNzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDGYPLHmgElu2AqV3ZcQPH1GgGgC
2sBrlmyrb4b5Fv/FqOcJMoQ7b0CnMUY4Abt9ZXcyRlWjon1JmNO/L/49Pz8K0Sli
Xmzi62fPoDyJ2knyjpVviJm/x+9/yGTAXhTqGzuABzPc3LIYxJyd7DXaTit/vxUa
OMCrGHYcH2s7xCtd0KiLuhOFSdJUM6sdHXHx7CZ6jeOjWuXj0M/t0KA5tKkOQZ6S
zK/sAo/PzTOpokjYB0AFyClePtyrTF5nex9JengjEe2SayoUH/0EMeWw87uUZWkP
SEu/qe2lMzzgxNgEW1uYft7SKDUF0QtiXloPKZ+p7G5PApF8Ds+51rH4TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD4nzkSBbRp0NmTqUIYLBB9QEDdHMB8GA1UdIwQY
MBaAFHr7VEHY745BqijdUc3ekllDrvf6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXZ0VVFkanZqa0dxS04xUnpkNlNXVU91OV9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny80ZDc2ZjUtNDJlYy00NTNlLTg5OTIt
ZDg5NzNhY2FmNDFkLzEvUGlmT1JJRnRHblEyWk9wUWhnc0VIMUFRTjBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny80ZDc2ZjUtNDJlYy00NTNlLTg5OTItZDg5NzNhY2FmNDFk
LzEvZXZ0VVFkanZqa0dxS04xUnpkNlNXVU91OV9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDdMfgMA0G
CSqGSIb3DQEBCwUAA4IBAQA23bTlJ1xEdACXByKI0wG00km7L61Hw79ZWMeOP2Mc
drx5YfrmaByMe3+wTiWGTI8XZSr4RCr5ayXXNjRSAZQ2oluC13MHYsyhOI6RiZvg
zI5hy2kq63cgaLywV5/FmAm15NMryN8Pt+vpRjqdDqtvfBd1M0nTzQK48MenDHHb
m/WL0hDVM4sDuDToBiv43vsKpnD6xDwbNv8UNkvGkSBcgr5d6Em9cVqdbKBfuX3S
L6881xdj+gOJbqYN1xLoL+m1yX5QGCz/S10uCkLw32jT7uGHE/aSQaEQwiFrV4dw
KOsO0dPkPmruhBpgwUy8g5YZO7eu+3o8SsJUlnNexFJt
-----END CERTIFICATE-----