Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/29a091-8550-43c6-8a0c-c682b5be0e53/1/bLALJ9utoFFukO9Wa0vLJ8SsKTU.roa
File:                     bLALJ9utoFFukO9Wa0vLJ8SsKTU.roa (raw, json)
Hash identifier:          yRKeEUHE02HkbngSjWJ5TGLWE4BxK2sajBdzgQMqnv4=
Subject key identifier:   6C:B0:0B:27:DB:AD:A0:51:6E:90:EF:56:6B:4B:CB:27:C4:AC:29:35
Certificate issuer:       /CN=cec4788b2b692c7103b1cb9e1617f8b366910f13
Certificate serial:       018CC6B78BCB4D2B7B69E79115F0F7B2CDC3
Authority key identifier: CE:C4:78:8B:2B:69:2C:71:03:B1:CB:9E:16:17:F8:B3:66:91:0F:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsR4iytpLHEDscueFhf4s2aRDxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/29a091-8550-43c6-8a0c-c682b5be0e53/1/bLALJ9utoFFukO9Wa0vLJ8SsKTU.roa
Signing time:             Mon 01 Jan 2024 20:29:26 +0000
ROA not before:           Mon 01 Jan 2024 20:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        192.124.243.0/24 maxlen: 24
                          141.48.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/29a091-8550-43c6-8a0c-c682b5be0e53/1/zsR4iytpLHEDscueFhf4s2aRDxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/29a091-8550-43c6-8a0c-c682b5be0e53/1/zsR4iytpLHEDscueFhf4s2aRDxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsR4iytpLHEDscueFhf4s2aRDxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:8b:cb:4d:2b:7b:69:e7:91:15:f0:f7:b2:cd:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec4788b2b692c7103b1cb9e1617f8b366910f13
        Validity
            Not Before: Jan  1 20:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cb00b27dbada0516e90ef566b4bcb27c4ac2935
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:3f:ce:29:73:fa:68:30:36:d9:fe:a5:1d:d1:
                    60:6c:39:ad:13:e8:e3:4d:91:cc:31:e3:48:22:60:
                    65:b4:81:44:42:0c:4c:85:11:c0:5f:57:a9:92:41:
                    37:f5:33:5f:17:ef:d0:9d:bf:70:b9:7f:ed:4a:f6:
                    80:d6:54:50:aa:59:f4:d4:b2:11:a3:e1:b3:7a:c5:
                    2d:be:5c:95:f2:f2:e7:7d:17:07:c9:52:26:e7:20:
                    ce:99:be:6f:9f:0d:df:20:5a:fd:92:18:d6:02:3d:
                    76:f7:bc:f0:9c:07:37:dd:5a:a0:15:49:61:2f:08:
                    64:fa:d6:03:c8:ad:95:79:03:5e:ff:98:77:ea:51:
                    29:b8:69:e0:c0:5e:bc:eb:4a:f2:5f:ff:21:3b:8b:
                    2b:46:72:28:87:29:62:bc:61:92:7d:61:06:a7:97:
                    ae:58:b1:6d:32:7a:3b:54:04:79:2e:cc:1b:9f:55:
                    6d:72:a3:fd:99:bb:6e:4e:8b:f2:e2:53:ea:27:6e:
                    04:05:4e:3d:75:4f:35:0a:8e:74:5f:a0:22:30:37:
                    c2:b3:18:0a:61:aa:c3:bf:c4:49:df:c0:67:31:c3:
                    bc:c7:a8:1a:6f:2f:9a:b7:75:4d:e9:2e:b3:45:44:
                    59:4d:22:51:e2:07:b6:c3:c7:83:e3:16:68:0b:d5:
                    2c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:B0:0B:27:DB:AD:A0:51:6E:90:EF:56:6B:4B:CB:27:C4:AC:29:35
            X509v3 Authority Key Identifier:
                keyid:CE:C4:78:8B:2B:69:2C:71:03:B1:CB:9E:16:17:F8:B3:66:91:0F:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsR4iytpLHEDscueFhf4s2aRDxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/29a091-8550-43c6-8a0c-c682b5be0e53/1/bLALJ9utoFFukO9Wa0vLJ8SsKTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/29a091-8550-43c6-8a0c-c682b5be0e53/1/zsR4iytpLHEDscueFhf4s2aRDxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.48.0.0/16
                  192.124.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:8c:26:29:27:bd:08:a2:8a:14:d4:0e:6a:8b:85:e0:75:bc:
         25:f3:e5:21:15:81:38:c9:0d:ad:b5:e7:bb:ce:4a:3c:d0:ad:
         3d:12:48:fd:6d:9e:5d:9d:53:66:8a:d9:e0:78:8c:4e:d8:1c:
         29:ed:b1:1d:40:e4:b7:31:af:92:ae:21:81:b5:9f:5f:ea:d2:
         3f:6a:0c:99:80:10:e7:c2:9d:ee:a1:4a:15:b1:7c:90:59:01:
         36:5b:e9:24:89:5e:3e:60:93:2f:49:9e:b1:90:fd:26:1c:1c:
         9e:2c:a5:71:4c:4e:07:51:f8:e6:bb:82:d3:18:72:59:c9:6c:
         0e:7a:7e:0e:8b:6d:01:d1:5f:eb:0d:3e:68:1b:97:76:05:db:
         c1:75:e2:19:53:32:29:ae:e7:23:87:3f:2c:55:b5:6e:6e:db:
         74:38:09:0c:3f:37:36:b4:40:ed:1c:53:2e:5a:80:e4:a3:16:
         4d:13:59:21:3f:81:b5:b9:11:c2:28:2e:88:cc:66:10:8b:80:
         a1:fe:24:9a:02:ba:84:df:80:bf:b7:29:9f:c5:d9:0c:13:be:
         5f:98:66:3b:8b:f1:8f:29:e0:fd:7e:bd:6d:32:90:01:cc:11:
         6f:0c:95:72:b3:34:bc:72:2f:b4:13:a8:08:4a:9c:b8:ee:fe:
         61:1a:da:5f
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzGt4vLTSt7aeeRFfD3ss3DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzQ3ODhiMmI2OTJjNzEwM2IxY2I5ZTE2MTdmOGIzNjY5
MTBmMTMwHhcNMjQwMTAxMjAyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2IwMGIyN2RiYWRhMDUxNmU5MGVmNTY2YjRiY2IyN2M0YWMyOTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjT/OKXP6aDA22f6lHdFgbDmtE+jj
TZHMMeNIImBltIFEQgxMhRHAX1epkkE39TNfF+/Qnb9wuX/tSvaA1lRQqln01LIR
o+GzesUtvlyV8vLnfRcHyVIm5yDOmb5vnw3fIFr9khjWAj1297zwnAc33VqgFUlh
Lwhk+tYDyK2VeQNe/5h36lEpuGngwF6860ryX/8hO4srRnIohylivGGSfWEGp5eu
WLFtMno7VAR5Lswbn1VtcqP9mbtuTovy4lPqJ24EBU49dU81Co50X6AiMDfCsxgK
YarDv8RJ38BnMcO8x6gaby+at3VN6S6zRURZTSJR4ge2w8eD4xZoC9UsJwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFGywCyfbraBRbpDvVmtLyyfErCk1MB8GA1UdIwQY
MBaAFM7EeIsraSxxA7HLnhYX+LNmkQ8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNSNGl5dHBMSEVEc2N1ZUZoZjRzMmFSRHhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8yOWEwOTEtODU1MC00M2M2LThhMGMt
YzY4MmI1YmUwZTUzLzEvYkxBTEo5dXRvRkZ1a085V2EwdkxKOFNzS1RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8yOWEwOTEtODU1MC00M2M2LThhMGMtYzY4MmI1YmUwZTUz
LzEvenNSNGl5dHBMSEVEc2N1ZUZoZjRzMmFSRHhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAjTADBADA
fPMwDQYJKoZIhvcNAQELBQADggEBAHWMJiknvQiiihTUDmqLheB1vCXz5SEVgTjJ
Da2157vOSjzQrT0SSP1tnl2dU2aK2eB4jE7YHCntsR1A5Lcxr5KuIYG1n1/q0j9q
DJmAEOfCne6hShWxfJBZATZb6SSJXj5gky9JnrGQ/SYcHJ4spXFMTgdR+Oa7gtMY
clnJbA56fg6LbQHRX+sNPmgbl3YF28F14hlTMimu5yOHPyxVtW5u23Q4CQw/Nza0
QO0cUy5agOSjFk0TWSE/gbW5EcIoLojMZhCLgKH+JJoCuoTfgL+3KZ/F2QwTvl+Y
ZjuL8Y8p4P1+vW0ykAHMEW8MlXKzNLxyL7QTqAhKnLju/mEa2l8=
-----END CERTIFICATE-----