Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/iLaRgRns8JyokR7CHDfztC0zZqQ.roa
File:                     iLaRgRns8JyokR7CHDfztC0zZqQ.roa (raw, json)
Hash identifier:          8r3JQ/wa+n9DbUoqCaPbaAVlu8t6yWDWbO2DLEhRhWY=
Subject key identifier:   88:B6:91:81:19:EC:F0:9C:A8:91:1E:C2:1C:37:F3:B4:2D:33:66:A4
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       018CC94D46B78C7D18DD21C4B7CFC31292B6
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/iLaRgRns8JyokR7CHDfztC0zZqQ.roa
Signing time:             Tue 02 Jan 2024 08:32:13 +0000
ROA not before:           Tue 02 Jan 2024 08:32:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398465
IP address blocks:        212.111.220.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:03:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:46:b7:8c:7d:18:dd:21:c4:b7:cf:c3:12:92:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan  2 08:32:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88b6918119ecf09ca8911ec21c37f3b42d3366a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:2c:5a:48:3d:4f:19:91:f1:12:65:e3:28:fe:
                    f6:39:ef:d6:84:09:29:86:83:0c:64:d7:23:3f:cb:
                    dc:0a:59:7b:1a:71:3e:75:d0:bb:9e:0d:ca:7b:c8:
                    93:9e:83:1e:e7:3a:96:09:44:df:d5:87:ad:ef:1b:
                    b3:cf:3a:0c:a5:a6:45:83:2a:50:f7:04:75:e0:92:
                    39:79:e0:f9:0b:c5:64:2e:bc:d5:ab:9e:9a:1a:25:
                    73:68:e2:e4:15:8c:00:90:f9:d7:45:39:f0:f8:d7:
                    7d:4f:75:d2:6e:2b:dd:30:f8:a1:0a:31:35:8c:9e:
                    8a:68:ec:59:5d:b3:7b:9c:25:fb:96:8c:fd:ca:5a:
                    09:d2:45:ed:3a:44:2f:b2:6a:0d:aa:07:86:de:08:
                    20:61:7b:03:82:e0:0a:95:f9:0a:66:c5:47:d2:a7:
                    89:6d:5e:64:b7:d7:86:e0:ec:ba:c7:f0:4a:03:bb:
                    9c:c5:22:44:c0:64:57:d9:0b:33:bf:f9:19:a0:3e:
                    b2:2b:ec:8a:9e:68:70:cd:e9:98:25:0f:8b:0a:bf:
                    9e:1b:49:3a:fd:53:5b:2e:a1:7a:60:71:4a:96:f7:
                    35:15:cb:13:2a:be:38:75:a5:0e:76:de:f6:a5:14:
                    04:fc:51:9b:fb:25:67:3e:ce:fa:e8:55:b8:9b:39:
                    d4:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:B6:91:81:19:EC:F0:9C:A8:91:1E:C2:1C:37:F3:B4:2D:33:66:A4
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/iLaRgRns8JyokR7CHDfztC0zZqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.111.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:fd:6e:27:47:4c:42:bc:73:6a:b0:21:26:88:3c:7b:77:38:
         d5:c3:da:63:46:fe:da:fe:d2:5a:01:32:f5:b8:be:c3:58:3a:
         85:1d:c8:d1:b3:fc:4e:b0:b7:95:15:81:a7:56:9a:57:8e:d6:
         13:f0:1b:f4:fe:4e:98:86:9a:77:8c:28:59:4e:88:fe:43:2d:
         a8:ad:ca:d9:0c:29:a0:66:b6:83:4c:5f:d9:83:b8:19:9d:5e:
         ca:dd:e9:24:15:7b:66:a2:a1:fa:6a:48:f5:39:ec:b3:05:16:
         b9:13:05:aa:56:b6:0d:4f:77:e8:83:62:84:c8:2d:dd:5c:42:
         c3:b2:73:36:17:9e:f5:0c:17:a7:b2:31:71:2a:a2:2d:88:22:
         62:b3:60:34:59:ba:eb:fb:7f:c5:8b:ac:67:15:bd:d4:3f:4a:
         cd:22:56:64:2e:b1:e3:ab:0d:f8:19:d2:e0:0c:4d:c2:c1:94:
         a4:c1:fe:c1:15:57:0a:7f:d8:cc:4e:f5:89:13:a0:8b:00:3e:
         8d:e2:03:28:41:59:ea:11:8a:8e:69:ae:25:d9:b1:ea:58:6c:
         55:61:d5:ef:d2:58:93:c8:d1:cd:60:ab:50:ae:93:b4:fb:e8:
         13:72:de:6f:31:7e:e0:ab:39:8e:82:d9:b6:35:dc:09:07:21:
         86:5d:07:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTUa3jH0Y3SHEt8/DEpK2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQwMTAyMDgzMjEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGI2OTE4MTE5ZWNmMDljYTg5MTFlYzIxYzM3ZjNiNDJkMzM2NmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjixaSD1PGZHxEmXjKP72Oe/WhAkp
hoMMZNcjP8vcCll7GnE+ddC7ng3Ke8iTnoMe5zqWCUTf1Yet7xuzzzoMpaZFgypQ
9wR14JI5eeD5C8VkLrzVq56aGiVzaOLkFYwAkPnXRTnw+Nd9T3XSbivdMPihCjE1
jJ6KaOxZXbN7nCX7loz9yloJ0kXtOkQvsmoNqgeG3gggYXsDguAKlfkKZsVH0qeJ
bV5kt9eG4Oy6x/BKA7ucxSJEwGRX2Qszv/kZoD6yK+yKnmhwzemYJQ+LCr+eG0k6
/VNbLqF6YHFKlvc1FcsTKr44daUOdt72pRQE/FGb+yVnPs766FW4mznUGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIi2kYEZ7PCcqJEewhw387QtM2akMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvaUxhUmdSbnM4Snlva1I3Q0hEZnp0QzB6WnFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1G/cMA0G
CSqGSIb3DQEBCwUAA4IBAQCK/W4nR0xCvHNqsCEmiDx7dzjVw9pjRv7a/tJaATL1
uL7DWDqFHcjRs/xOsLeVFYGnVppXjtYT8Bv0/k6Yhpp3jChZToj+Qy2orcrZDCmg
ZraDTF/Zg7gZnV7K3ekkFXtmoqH6akj1OeyzBRa5EwWqVrYNT3fog2KEyC3dXELD
snM2F571DBensjFxKqItiCJis2A0Wbrr+3/Fi6xnFb3UP0rNIlZkLrHjqw34GdLg
DE3CwZSkwf7BFVcKf9jMTvWJE6CLAD6N4gMoQVnqEYqOaa4l2bHqWGxVYdXv0liT
yNHNYKtQrpO0++gTct5vMX7gqzmOgtm2NdwJByGGXQci
-----END CERTIFICATE-----