Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/Dkg_NuS3Gkj0fSCiyleMwbgOp7M.roa
File:                     Dkg_NuS3Gkj0fSCiyleMwbgOp7M.roa (raw, json)
Hash identifier:          KhksMPJgygDdX9Lp9SVvkhu18/68wlAs/oxbEMJX1ro=
Subject key identifier:   0E:48:3F:36:E4:B7:1A:48:F4:7D:20:A2:CA:57:8C:C1:B8:0E:A7:B3
Certificate issuer:       /CN=51618df006d548d1d87ed6419550662db6fc0606
Certificate serial:       018CC3B6DD4FDA763EC41849392C6AE5FBC2
Authority key identifier: 51:61:8D:F0:06:D5:48:D1:D8:7E:D6:41:95:50:66:2D:B6:FC:06:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UWGN8AbVSNHYftZBlVBmLbb8BgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/Dkg_NuS3Gkj0fSCiyleMwbgOp7M.roa
Signing time:             Mon 01 Jan 2024 06:29:50 +0000
ROA not before:           Mon 01 Jan 2024 06:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50022
IP address blocks:        213.110.240.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/UWGN8AbVSNHYftZBlVBmLbb8BgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/UWGN8AbVSNHYftZBlVBmLbb8BgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UWGN8AbVSNHYftZBlVBmLbb8BgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:dd:4f:da:76:3e:c4:18:49:39:2c:6a:e5:fb:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51618df006d548d1d87ed6419550662db6fc0606
        Validity
            Not Before: Jan  1 06:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e483f36e4b71a48f47d20a2ca578cc1b80ea7b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b7:5d:2d:df:ba:7c:5c:42:1a:5c:ef:b3:a9:
                    e3:c8:fe:0e:03:6c:16:a2:84:19:ac:26:1a:e7:1d:
                    d7:3f:94:48:80:ec:ac:6a:a2:0b:40:65:9c:12:64:
                    ef:56:ee:c2:2e:27:23:49:cf:89:fa:0b:db:1a:04:
                    d9:54:df:ab:78:ab:59:fd:a2:dd:32:57:d6:d8:33:
                    ad:96:48:5b:b8:0d:b1:48:e7:bb:9a:d2:95:0f:61:
                    27:1b:bc:2d:f4:49:3f:7d:4e:95:c6:ff:a0:26:f0:
                    52:e9:dc:69:9e:5a:8b:67:48:8e:09:6a:e3:48:e2:
                    09:7e:0d:30:c9:86:5d:94:23:27:2f:e4:61:c1:e7:
                    66:8f:2d:f3:4a:c9:e7:eb:20:eb:a5:3a:41:b1:6b:
                    eb:da:76:20:85:e3:4d:da:af:28:86:77:29:ad:03:
                    d9:78:46:89:e1:a3:ce:e6:b0:35:0b:9d:24:c1:d2:
                    98:9c:ab:05:c9:fa:6c:ea:f6:e9:c1:a7:4c:e0:16:
                    05:6d:4c:76:59:1d:a1:d3:cb:63:5d:15:3b:4e:6b:
                    09:3b:55:e6:41:a6:a1:02:dd:f6:eb:fa:79:c4:59:
                    4e:0f:26:2e:94:5a:7b:02:00:34:a1:5c:a1:b1:bd:
                    9e:59:a8:d3:4e:24:56:37:16:5f:ff:26:86:4f:f2:
                    ca:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:48:3F:36:E4:B7:1A:48:F4:7D:20:A2:CA:57:8C:C1:B8:0E:A7:B3
            X509v3 Authority Key Identifier:
                keyid:51:61:8D:F0:06:D5:48:D1:D8:7E:D6:41:95:50:66:2D:B6:FC:06:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UWGN8AbVSNHYftZBlVBmLbb8BgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/Dkg_NuS3Gkj0fSCiyleMwbgOp7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/UWGN8AbVSNHYftZBlVBmLbb8BgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.110.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         77:d1:df:73:72:3d:98:95:d0:dc:35:ee:a1:a7:a6:81:8f:c2:
         86:f9:9d:e5:37:24:2c:a9:46:87:44:dd:cd:fa:25:d0:49:a6:
         22:b9:ea:2d:f5:c2:22:f9:fd:18:6d:73:51:0c:6b:a9:56:25:
         b5:58:4c:ca:8a:30:21:3e:57:25:76:b2:bc:0b:52:dc:9e:a6:
         93:75:a5:4f:3e:97:6f:54:8d:11:be:9e:01:59:7e:13:25:7a:
         bb:0f:66:d1:52:38:91:a9:e0:7f:7f:df:be:79:11:99:18:a4:
         25:1d:2c:31:a8:c1:8c:c7:50:93:f5:42:cc:d0:5a:f4:58:83:
         ff:0e:2e:72:49:17:65:7c:01:93:a2:c5:45:4b:d5:85:b0:bd:
         50:5d:95:12:e4:9e:74:46:d4:13:2a:6f:ee:18:96:67:20:13:
         e2:ce:33:eb:c4:97:9d:3c:56:c2:40:45:de:52:51:72:d1:21:
         a0:29:78:e1:5e:f1:43:6e:d2:47:b9:a8:2a:ab:fe:3c:28:56:
         ef:33:c5:e3:c2:19:4f:e9:b9:3b:a8:45:e3:da:07:f9:41:23:
         a0:30:64:d1:9a:70:d5:61:a8:ec:e9:54:8c:48:9e:23:06:96:
         d7:b0:ac:73:fa:f4:9d:d0:65:81:1e:26:2e:4e:76:97:d9:e9:
         52:07:c2:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtt1P2nY+xBhJOSxq5fvCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxNjE4ZGYwMDZkNTQ4ZDFkODdlZDY0MTk1NTA2NjJkYjZm
YzA2MDYwHhcNMjQwMTAxMDYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTQ4M2YzNmU0YjcxYTQ4ZjQ3ZDIwYTJjYTU3OGNjMWI4MGVhN2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLddLd+6fFxCGlzvs6njyP4OA2wW
ooQZrCYa5x3XP5RIgOysaqILQGWcEmTvVu7CLicjSc+J+gvbGgTZVN+reKtZ/aLd
MlfW2DOtlkhbuA2xSOe7mtKVD2EnG7wt9Ek/fU6Vxv+gJvBS6dxpnlqLZ0iOCWrj
SOIJfg0wyYZdlCMnL+Rhwedmjy3zSsnn6yDrpTpBsWvr2nYgheNN2q8ohncprQPZ
eEaJ4aPO5rA1C50kwdKYnKsFyfps6vbpwadM4BYFbUx2WR2h08tjXRU7TmsJO1Xm
QaahAt326/p5xFlODyYulFp7AgA0oVyhsb2eWajTTiRWNxZf/yaGT/LKqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5IPzbktxpI9H0gospXjMG4DqezMB8GA1UdIwQY
MBaAFFFhjfAG1UjR2H7WQZVQZi22/AYGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVdHTjhBYlZTTkhZZnRaQmxWQm1MYmI4QmdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9kNWZmZTctM2I0OC00ZjgwLThkNmEt
MzE3YzJmYjBhMzViLzEvRGtnX051UzNHa2owZlNDaXlsZU13YmdPcDdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9kNWZmZTctM2I0OC00ZjgwLThkNmEtMzE3YzJmYjBhMzVi
LzEvVVdHTjhBYlZTTkhZZnRaQmxWQm1MYmI4QmdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE1W7wMA0G
CSqGSIb3DQEBCwUAA4IBAQB30d9zcj2YldDcNe6hp6aBj8KG+Z3lNyQsqUaHRN3N
+iXQSaYiueot9cIi+f0YbXNRDGupViW1WEzKijAhPlcldrK8C1LcnqaTdaVPPpdv
VI0Rvp4BWX4TJXq7D2bRUjiRqeB/f9++eRGZGKQlHSwxqMGMx1CT9ULM0Fr0WIP/
Di5ySRdlfAGTosVFS9WFsL1QXZUS5J50RtQTKm/uGJZnIBPizjPrxJedPFbCQEXe
UlFy0SGgKXjhXvFDbtJHuagqq/48KFbvM8XjwhlP6bk7qEXj2gf5QSOgMGTRmnDV
Yajs6VSMSJ4jBpbXsKxz+vSd0GWBHiYuTnaX2elSB8JA
-----END CERTIFICATE-----