Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/1aff10-dd29-439f-8d23-bc9a5f6605fc/1/bOKmK0vmlo_j5On5gUze09kL_j8.roa
File:                     bOKmK0vmlo_j5On5gUze09kL_j8.roa (raw, json)
Hash identifier:          JeyCZXJ42ScH/31Rh0mciAl98lLu2FCQQ88zQAhk66k=
Subject key identifier:   6C:E2:A6:2B:4B:E6:96:8F:E3:E4:E9:F9:81:4C:DE:D3:D9:0B:FE:3F
Certificate issuer:       /CN=7373c1ff55403d4792346493f769f8d033bef02c
Certificate serial:       018CC7950D6D4CAB3281BED8F31EF1599A6E
Authority key identifier: 73:73:C1:FF:55:40:3D:47:92:34:64:93:F7:69:F8:D0:33:BE:F0:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c3PB_1VAPUeSNGST92n40DO-8Cw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/1aff10-dd29-439f-8d23-bc9a5f6605fc/1/bOKmK0vmlo_j5On5gUze09kL_j8.roa
Signing time:             Tue 02 Jan 2024 00:31:23 +0000
ROA not before:           Tue 02 Jan 2024 00:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57161
IP address blocks:        213.108.244.0/23 maxlen: 24
                          2a0d:16c0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/1aff10-dd29-439f-8d23-bc9a5f6605fc/1/c3PB_1VAPUeSNGST92n40DO-8Cw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/1aff10-dd29-439f-8d23-bc9a5f6605fc/1/c3PB_1VAPUeSNGST92n40DO-8Cw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c3PB_1VAPUeSNGST92n40DO-8Cw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:0d:6d:4c:ab:32:81:be:d8:f3:1e:f1:59:9a:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7373c1ff55403d4792346493f769f8d033bef02c
        Validity
            Not Before: Jan  2 00:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ce2a62b4be6968fe3e4e9f9814cded3d90bfe3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:15:5b:7c:15:7d:f2:98:72:43:6e:4f:df:13:
                    44:a7:48:6f:2e:08:fd:e8:04:dd:ec:7f:e3:6f:b6:
                    9b:04:86:5b:5f:d1:6e:84:29:91:c8:c8:c4:15:3c:
                    54:2a:e2:d2:b2:e1:6f:7f:f0:5e:b0:c1:a4:8b:a0:
                    93:d1:ff:16:27:18:b1:42:60:17:9b:ba:65:cd:d6:
                    1d:af:76:08:70:29:e9:3c:6b:42:aa:71:04:74:f7:
                    22:c5:35:2b:3d:c6:4f:8d:0e:51:75:9a:48:47:eb:
                    f4:f9:dd:b2:b1:96:ba:2f:10:e2:cc:1c:e3:b3:82:
                    b5:66:c7:c8:62:6e:11:ec:af:dc:e2:8d:0b:22:7f:
                    5f:ab:87:db:1b:ac:6b:5c:7e:8c:05:a6:1e:fb:de:
                    e6:a0:98:9d:39:c7:88:39:ff:18:5e:99:b6:60:29:
                    38:80:11:31:f6:90:cb:64:3a:95:31:54:37:58:5c:
                    01:ec:21:a9:f2:07:b8:1f:75:74:49:08:f1:98:ea:
                    6b:1a:d6:8f:ea:85:4a:00:12:c8:b0:ba:1e:9c:a7:
                    bd:ac:fa:68:20:ac:10:b9:4d:cf:13:3e:d0:0d:09:
                    92:ff:7d:2e:2a:39:ef:e8:81:1a:8b:07:30:6e:a3:
                    e7:a5:bf:b2:0d:03:21:41:ad:04:20:8a:24:71:81:
                    fa:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:E2:A6:2B:4B:E6:96:8F:E3:E4:E9:F9:81:4C:DE:D3:D9:0B:FE:3F
            X509v3 Authority Key Identifier:
                keyid:73:73:C1:FF:55:40:3D:47:92:34:64:93:F7:69:F8:D0:33:BE:F0:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3PB_1VAPUeSNGST92n40DO-8Cw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/1aff10-dd29-439f-8d23-bc9a5f6605fc/1/bOKmK0vmlo_j5On5gUze09kL_j8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/1aff10-dd29-439f-8d23-bc9a5f6605fc/1/c3PB_1VAPUeSNGST92n40DO-8Cw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.108.244.0/23
                IPv6:
                  2a0d:16c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         62:9b:af:33:ee:b8:56:76:1a:a3:95:e1:aa:f7:71:77:bd:6d:
         0a:e0:0b:14:25:a3:68:7f:d0:33:ce:32:2c:3a:dc:cf:32:55:
         f8:f4:d9:00:fe:27:73:64:85:70:0f:de:3e:5c:6d:f1:bf:5c:
         47:58:23:83:69:79:a5:69:21:c8:a4:50:be:5b:4a:88:ee:9a:
         b5:56:ae:86:fb:aa:d6:0b:09:23:43:98:ef:88:7d:fa:97:db:
         ac:e6:eb:6c:d8:f9:7c:5f:76:df:29:a1:9e:02:63:f4:68:fb:
         37:7a:44:78:1d:a6:4e:b2:e9:d3:93:1f:97:2e:fb:c7:3a:23:
         71:e5:03:8e:ad:e8:b4:50:07:75:4b:7d:ce:45:c7:f9:87:44:
         25:64:b3:79:85:29:0b:83:cd:ae:fd:49:0f:d1:5b:db:7e:99:
         67:18:01:aa:e5:45:aa:0c:24:e2:d5:bd:e1:f5:10:4b:36:df:
         6b:10:2c:9b:cd:3f:ed:7e:69:ea:e2:66:d7:b5:c9:cc:c9:f5:
         0f:02:77:b2:b8:08:ed:06:26:ff:5e:5c:dd:cb:c9:d8:d4:11:
         ab:e5:30:66:ee:d5:a1:32:81:e1:6d:fe:d9:ed:3d:8e:8a:8f:
         b3:c6:1c:55:4e:82:40:4d:7a:8e:07:8b:8c:52:52:ad:26:c2:
         e7:fd:46:32
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlQ1tTKsygb7Y8x7xWZpuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczNzNjMWZmNTU0MDNkNDc5MjM0NjQ5M2Y3NjlmOGQwMzNi
ZWYwMmMwHhcNMjQwMTAyMDAzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2UyYTYyYjRiZTY5NjhmZTNlNGU5Zjk4MTRjZGVkM2Q5MGJmZTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxVbfBV98phyQ25P3xNEp0hvLgj9
6ATd7H/jb7abBIZbX9FuhCmRyMjEFTxUKuLSsuFvf/BesMGki6CT0f8WJxixQmAX
m7plzdYdr3YIcCnpPGtCqnEEdPcixTUrPcZPjQ5RdZpIR+v0+d2ysZa6LxDizBzj
s4K1ZsfIYm4R7K/c4o0LIn9fq4fbG6xrXH6MBaYe+97moJidOceIOf8YXpm2YCk4
gBEx9pDLZDqVMVQ3WFwB7CGp8ge4H3V0SQjxmOprGtaP6oVKABLIsLoenKe9rPpo
IKwQuU3PEz7QDQmS/30uKjnv6IEaiwcwbqPnpb+yDQMhQa0EIIokcYH6gQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGzipitL5paP4+Tp+YFM3tPZC/4/MB8GA1UdIwQY
MBaAFHNzwf9VQD1HkjRkk/dp+NAzvvAsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzNQQl8xVkFQVWVTTkdTVDkybjQwRE8tOEN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8xYWZmMTAtZGQyOS00MzlmLThkMjMt
YmM5YTVmNjYwNWZjLzEvYk9LbUswdm1sb19qNU9uNWdVemUwOWtMX2o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8xYWZmMTAtZGQyOS00MzlmLThkMjMtYmM5YTVmNjYwNWZj
LzEvYzNQQl8xVkFQVWVTTkdTVDkybjQwRE8tOEN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQB1Wz0MA0E
AgACMAcDBQAqDRbAMA0GCSqGSIb3DQEBCwUAA4IBAQBim68z7rhWdhqjleGq93F3
vW0K4AsUJaNof9AzzjIsOtzPMlX49NkA/idzZIVwD94+XG3xv1xHWCODaXmlaSHI
pFC+W0qI7pq1Vq6G+6rWCwkjQ5jviH36l9us5uts2Pl8X3bfKaGeAmP0aPs3ekR4
HaZOsunTkx+XLvvHOiNx5QOOrei0UAd1S33ORcf5h0QlZLN5hSkLg82u/UkP0Vvb
fplnGAGq5UWqDCTi1b3h9RBLNt9rECybzT/tfmnq4mbXtcnMyfUPAneyuAjtBib/
Xlzdy8nY1BGr5TBm7tWhMoHhbf7Z7T2Oio+zxhxVToJATXqOB4uMUlKtJsLn/UYy
-----END CERTIFICATE-----