Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/773e49-f4ea-47a7-8a60-d42d4e9c767d/1/0mxk_8f8VJDKHho4tPgum9xosnQ.roa
File:                     0mxk_8f8VJDKHho4tPgum9xosnQ.roa (raw, json)
Hash identifier:          RVHFKHsbaSZQtvGNgajwWxyQWE+zn0SYubRIhDkP/WQ=
Subject key identifier:   D2:6C:64:FF:C7:FC:54:90:CA:1E:1A:38:B4:F8:2E:9B:DC:68:B2:74
Certificate issuer:       /CN=67a4ec38f2ff69d2505f7f62e94c3bd798b58552
Certificate serial:       018CC8DEA17470EC68F3B5337A18D9CB9AB1
Authority key identifier: 67:A4:EC:38:F2:FF:69:D2:50:5F:7F:62:E9:4C:3B:D7:98:B5:85:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z6TsOPL_adJQX39i6Uw715i1hVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/773e49-f4ea-47a7-8a60-d42d4e9c767d/1/0mxk_8f8VJDKHho4tPgum9xosnQ.roa
Signing time:             Tue 02 Jan 2024 06:31:22 +0000
ROA not before:           Tue 02 Jan 2024 06:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39657
IP address blocks:        217.30.3.0/24 maxlen: 24
                          217.30.0.0/23 maxlen: 24
                          217.30.0.0/22 maxlen: 24
                          217.30.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/773e49-f4ea-47a7-8a60-d42d4e9c767d/1/Z6TsOPL_adJQX39i6Uw715i1hVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/773e49-f4ea-47a7-8a60-d42d4e9c767d/1/Z6TsOPL_adJQX39i6Uw715i1hVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z6TsOPL_adJQX39i6Uw715i1hVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:a1:74:70:ec:68:f3:b5:33:7a:18:d9:cb:9a:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67a4ec38f2ff69d2505f7f62e94c3bd798b58552
        Validity
            Not Before: Jan  2 06:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d26c64ffc7fc5490ca1e1a38b4f82e9bdc68b274
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:26:e0:73:97:a4:7f:4b:d3:97:4b:41:09:6b:
                    80:a4:9e:53:37:f3:74:c8:eb:e3:29:12:f3:7e:0d:
                    f6:15:2a:c3:e5:ee:de:d8:a2:c0:bc:73:79:91:f4:
                    31:57:b7:28:3f:d3:6a:48:30:c9:0b:2e:f9:51:fc:
                    72:ea:68:80:b9:30:a2:27:6c:bf:3d:d7:fe:81:49:
                    5f:3f:5e:19:bc:a9:3a:20:b0:2d:bc:a8:c7:be:b6:
                    54:58:4a:ae:8d:18:29:3f:f8:96:3b:15:11:9a:0b:
                    f8:02:78:fe:3d:26:9e:d7:f8:ad:b9:1f:87:dc:79:
                    db:7e:e1:cd:9c:a7:a3:7a:90:14:0e:54:79:88:2e:
                    48:c6:bb:9c:83:d2:fb:99:e3:4d:f8:88:9f:cb:5f:
                    8f:b5:d5:fa:15:4d:dc:d1:f0:5d:f9:05:60:93:2c:
                    69:91:e8:97:2a:90:83:b0:f6:65:06:04:2f:21:a4:
                    59:19:32:21:ec:79:0c:26:4d:aa:24:24:e8:65:b4:
                    c5:88:f4:f6:e9:ff:b4:19:2d:52:86:40:58:e8:87:
                    43:dc:a6:26:c5:95:bc:18:be:02:7b:10:dd:e6:9b:
                    5a:55:3a:f4:62:b8:8f:71:54:a1:22:3c:05:ed:70:
                    95:1e:4f:67:73:1b:c3:16:56:f5:4d:5a:24:7c:c1:
                    fa:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:6C:64:FF:C7:FC:54:90:CA:1E:1A:38:B4:F8:2E:9B:DC:68:B2:74
            X509v3 Authority Key Identifier:
                keyid:67:A4:EC:38:F2:FF:69:D2:50:5F:7F:62:E9:4C:3B:D7:98:B5:85:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z6TsOPL_adJQX39i6Uw715i1hVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/773e49-f4ea-47a7-8a60-d42d4e9c767d/1/0mxk_8f8VJDKHho4tPgum9xosnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/773e49-f4ea-47a7-8a60-d42d4e9c767d/1/Z6TsOPL_adJQX39i6Uw715i1hVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.30.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:9e:ea:6b:f8:31:2f:3a:b3:8b:63:95:88:5e:b3:9f:83:87:
         07:6c:af:58:dd:fc:b7:4c:a4:4c:4c:69:d9:4b:ad:d3:81:56:
         65:06:24:ad:a1:de:f0:cf:b6:94:49:d5:94:e5:37:96:7e:fe:
         94:3f:10:a1:de:67:3e:ae:93:da:0d:c6:31:12:09:6b:fb:d4:
         12:0c:22:b9:6b:9d:e5:f7:8f:49:45:b9:17:dd:df:1e:ea:e2:
         1a:5d:72:3c:b6:00:1f:c5:3f:29:d5:97:d1:42:55:a1:8a:03:
         28:b0:db:27:c4:3a:e6:a9:a3:56:76:17:7c:ec:8a:57:cf:bd:
         8d:7d:d4:ad:92:e4:6c:15:f3:e7:5a:d4:9e:99:10:25:21:17:
         3c:b4:42:74:5e:ba:69:21:46:42:f8:e2:e9:e7:f7:89:db:9d:
         b9:41:28:34:9e:f1:08:16:e4:f0:bb:35:64:a4:0e:f3:43:82:
         4c:d9:b4:87:47:8f:fa:53:53:60:07:e3:bd:ec:f8:56:93:1f:
         84:64:cd:cb:70:39:bd:ce:eb:83:5f:20:69:8e:5d:d5:1c:13:
         fd:e6:91:74:b6:83:4c:42:93:b1:9e:4a:ce:d0:6a:d6:76:94:
         53:bf:79:8d:79:95:cd:b5:81:d2:d6:fe:53:82:91:34:da:40:
         14:49:bd:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3qF0cOxo87UzehjZy5qxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YTRlYzM4ZjJmZjY5ZDI1MDVmN2Y2MmU5NGMzYmQ3OThi
NTg1NTIwHhcNMjQwMTAyMDYzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjZjNjRmZmM3ZmM1NDkwY2ExZTFhMzhiNGY4MmU5YmRjNjhiMjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSbgc5ekf0vTl0tBCWuApJ5TN/N0
yOvjKRLzfg32FSrD5e7e2KLAvHN5kfQxV7coP9NqSDDJCy75Ufxy6miAuTCiJ2y/
Pdf+gUlfP14ZvKk6ILAtvKjHvrZUWEqujRgpP/iWOxURmgv4Anj+PSae1/ituR+H
3HnbfuHNnKejepAUDlR5iC5Ixrucg9L7meNN+Iify1+PtdX6FU3c0fBd+QVgkyxp
keiXKpCDsPZlBgQvIaRZGTIh7HkMJk2qJCToZbTFiPT26f+0GS1ShkBY6IdD3KYm
xZW8GL4CexDd5ptaVTr0YriPcVShIjwF7XCVHk9ncxvDFlb1TVokfMH6uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJsZP/H/FSQyh4aOLT4LpvcaLJ0MB8GA1UdIwQY
MBaAFGek7Djy/2nSUF9/YulMO9eYtYVSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjZUc09QTF9hZEpRWDM5aTZVdzcxNWkxaFZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS83NzNlNDktZjRlYS00N2E3LThhNjAt
ZDQyZDRlOWM3NjdkLzEvMG14a184ZjhWSkRLSGhvNHRQZ3VtOXhvc25RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS83NzNlNDktZjRlYS00N2E3LThhNjAtZDQyZDRlOWM3Njdk
LzEvWjZUc09QTF9hZEpRWDM5aTZVdzcxNWkxaFZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2R4AMA0G
CSqGSIb3DQEBCwUAA4IBAQB7nupr+DEvOrOLY5WIXrOfg4cHbK9Y3fy3TKRMTGnZ
S63TgVZlBiStod7wz7aUSdWU5TeWfv6UPxCh3mc+rpPaDcYxEglr+9QSDCK5a53l
949JRbkX3d8e6uIaXXI8tgAfxT8p1ZfRQlWhigMosNsnxDrmqaNWdhd87IpXz72N
fdStkuRsFfPnWtSemRAlIRc8tEJ0XrppIUZC+OLp5/eJ2525QSg0nvEIFuTwuzVk
pA7zQ4JM2bSHR4/6U1NgB+O97PhWkx+EZM3LcDm9zuuDXyBpjl3VHBP95pF0toNM
QpOxnkrO0GrWdpRTv3mNeZXNtYHS1v5TgpE02kAUSb1o
-----END CERTIFICATE-----