Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/t4YwJwgXzRRwitnO74yQ_dPF54g.roa
File:                     t4YwJwgXzRRwitnO74yQ_dPF54g.roa (raw, json)
Hash identifier:          2usuyUyWXzRFp1DCqWDcbFOrKQm4OlsAif5Ea5gZDGY=
Subject key identifier:   B7:86:30:27:08:17:CD:14:70:8A:D9:CE:EF:8C:90:FD:D3:C5:E7:88
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       018CC94D3FD94CF624A26F7FBF3D81AEBDDF
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/t4YwJwgXzRRwitnO74yQ_dPF54g.roa
Signing time:             Tue 02 Jan 2024 08:32:12 +0000
ROA not before:           Tue 02 Jan 2024 08:32:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54339
IP address blocks:        212.111.211.0/24 maxlen: 24
                          212.111.218.0/23 maxlen: 24
                          77.47.180.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:3f:d9:4c:f6:24:a2:6f:7f:bf:3d:81:ae:bd:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan  2 08:32:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b78630270817cd14708ad9ceef8c90fdd3c5e788
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:f3:7b:eb:1c:55:01:a7:06:86:cf:a8:95:8b:
                    f5:69:1a:44:8b:93:a6:c4:82:b4:cf:55:ef:e2:be:
                    ab:8a:1a:d9:42:6d:26:09:ee:c2:5e:d1:c5:65:1c:
                    69:ad:18:e2:f4:7c:dd:82:86:ce:4d:1a:9e:18:de:
                    18:de:49:08:38:c5:19:7a:b1:5b:c3:2e:e1:cd:4c:
                    38:a9:10:7e:97:8d:b3:c0:a2:c3:a7:54:c7:05:5f:
                    7c:ad:6c:86:1f:71:19:2b:52:e5:d1:48:9a:a0:21:
                    82:23:ae:02:14:37:08:b0:03:3d:80:42:68:41:9e:
                    dc:b1:9b:9e:c9:b2:8d:01:72:c3:11:83:b7:45:52:
                    8e:64:d1:3d:a0:69:bc:b0:83:b5:2d:db:e7:8a:66:
                    f9:30:27:ee:2a:8d:ae:1c:7e:55:2b:9b:44:70:8e:
                    ab:5a:ae:f2:b0:bb:84:72:d1:a1:ab:f5:17:6b:66:
                    4b:a4:95:b8:ef:8f:70:94:96:7f:f3:4c:2c:dd:99:
                    66:8d:28:a6:32:ae:75:7e:dd:08:a3:65:7d:4f:ec:
                    bf:0b:a0:6e:06:f1:50:2b:77:c3:dc:0f:7c:8d:dc:
                    32:e6:8c:22:cf:b0:e4:75:07:94:62:ad:17:89:5c:
                    e8:ff:be:06:3d:e8:7b:20:45:d0:16:76:5e:a7:3f:
                    f5:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:86:30:27:08:17:CD:14:70:8A:D9:CE:EF:8C:90:FD:D3:C5:E7:88
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/t4YwJwgXzRRwitnO74yQ_dPF54g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.180.0/22
                  212.111.211.0/24
                  212.111.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         66:8a:4b:6e:c3:88:ec:8e:98:ee:c0:f3:6c:f9:dd:17:23:f0:
         b8:48:fb:f0:24:ef:a1:4a:d0:cb:70:9c:9b:d9:43:90:ff:e7:
         51:26:07:42:1b:bd:d8:bc:99:fb:98:a4:2b:75:ca:ab:8c:45:
         2b:07:fc:d8:7b:44:7c:e6:bb:a6:c0:62:49:a4:fd:6b:1a:34:
         a4:16:78:fc:ad:25:c1:9a:b5:fc:f0:67:f6:71:ae:f5:14:bb:
         8f:04:4b:f5:f3:f8:99:77:94:04:8e:eb:a1:d4:df:00:fa:71:
         92:71:ae:3f:f8:9b:fa:7f:51:9c:78:3d:f3:bd:ea:e9:fa:35:
         ce:60:c3:bb:88:b0:8c:9c:a5:04:ef:fc:af:66:bd:a5:23:8a:
         e3:bf:a7:63:c0:7e:a2:38:35:19:32:1d:e1:29:72:62:f9:a0:
         15:42:fe:ca:36:d8:cd:63:55:b6:75:bf:da:bc:b5:a0:1e:8b:
         41:99:80:dd:0d:76:70:2f:86:34:ca:ca:62:ac:97:74:ed:75:
         84:c8:b8:4a:02:58:1c:56:54:93:7c:9a:a1:0a:f8:7b:cf:e8:
         79:cc:4a:0d:64:a0:2f:c2:93:b6:ea:9d:72:de:9d:45:d6:82:
         ac:be:58:35:85:eb:83:cf:28:e5:f9:34:bd:b9:80:3b:4b:26:
         38:1e:c4:ec
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTT/ZTPYkom9/vz2Brr3fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQwMTAyMDgzMjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzg2MzAyNzA4MTdjZDE0NzA4YWQ5Y2VlZjhjOTBmZGQzYzVlNzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifN76xxVAacGhs+olYv1aRpEi5Om
xIK0z1Xv4r6rihrZQm0mCe7CXtHFZRxprRji9HzdgobOTRqeGN4Y3kkIOMUZerFb
wy7hzUw4qRB+l42zwKLDp1THBV98rWyGH3EZK1Ll0UiaoCGCI64CFDcIsAM9gEJo
QZ7csZueybKNAXLDEYO3RVKOZNE9oGm8sIO1Ldvnimb5MCfuKo2uHH5VK5tEcI6r
Wq7ysLuEctGhq/UXa2ZLpJW4749wlJZ/80ws3ZlmjSimMq51ft0Io2V9T+y/C6Bu
BvFQK3fD3A98jdwy5owiz7DkdQeUYq0XiVzo/74GPeh7IEXQFnZepz/1mQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLeGMCcIF80UcIrZzu+MkP3TxeeIMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvdDRZd0p3Z1h6UlJ3aXRuTzc0eVFfZFBGNTRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCTS+0AwQA
1G/TAwQB1G/aMA0GCSqGSIb3DQEBCwUAA4IBAQBmiktuw4jsjpjuwPNs+d0XI/C4
SPvwJO+hStDLcJyb2UOQ/+dRJgdCG73YvJn7mKQrdcqrjEUrB/zYe0R85rumwGJJ
pP1rGjSkFnj8rSXBmrX88Gf2ca71FLuPBEv18/iZd5QEjuuh1N8A+nGSca4/+Jv6
f1GceD3zverp+jXOYMO7iLCMnKUE7/yvZr2lI4rjv6djwH6iODUZMh3hKXJi+aAV
Qv7KNtjNY1W2db/avLWgHotBmYDdDXZwL4Y0yspirJd07XWEyLhKAlgcVlSTfJqh
Cvh7z+h5zEoNZKAvwpO26p1y3p1F1oKsvlg1heuDzyjl+TS9uYA7SyY4HsTs
-----END CERTIFICATE-----