Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/0SZ1oIwim7IAyDckdr-8svkY53M.roa
File:                     0SZ1oIwim7IAyDckdr-8svkY53M.roa (raw, json)
Hash identifier:          ZGvsKSC4bj2ZzlPcQEKGf5YPitnOjtrk2jDq8Ky+dCk=
Subject key identifier:   D1:26:75:A0:8C:22:9B:B2:00:C8:37:24:76:BF:BC:B2:F9:18:E7:73
Certificate issuer:       /CN=7c673daad6d9317f0101d41a042a61e57689453a
Certificate serial:       018CC86F1CD6BCB83FE916E6B53C64D51532
Authority key identifier: 7C:67:3D:AA:D6:D9:31:7F:01:01:D4:1A:04:2A:61:E5:76:89:45:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fGc9qtbZMX8BAdQaBCph5XaJRTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/0SZ1oIwim7IAyDckdr-8svkY53M.roa
Signing time:             Tue 02 Jan 2024 04:29:34 +0000
ROA not before:           Tue 02 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        203.12.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/fGc9qtbZMX8BAdQaBCph5XaJRTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/fGc9qtbZMX8BAdQaBCph5XaJRTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fGc9qtbZMX8BAdQaBCph5XaJRTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:1c:d6:bc:b8:3f:e9:16:e6:b5:3c:64:d5:15:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c673daad6d9317f0101d41a042a61e57689453a
        Validity
            Not Before: Jan  2 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d12675a08c229bb200c8372476bfbcb2f918e773
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:37:83:3d:d8:46:27:1d:6c:56:98:ea:87:fd:
                    00:f1:87:a3:49:69:a1:82:ab:be:de:44:fb:3d:13:
                    f5:82:10:3f:f0:52:b7:c5:9a:33:4b:cf:47:7c:c7:
                    ae:3e:a8:13:35:2f:01:9a:a3:c1:9d:ed:b0:06:ab:
                    21:3a:65:e7:da:dd:8a:2c:d9:cb:45:6e:aa:bf:95:
                    f8:09:a5:2d:4b:50:d0:67:74:41:fe:69:53:01:7a:
                    a4:27:51:19:62:ad:61:1a:2e:8f:c7:62:cd:b5:d0:
                    51:35:11:88:e6:b8:57:8a:8c:9a:1d:38:74:21:59:
                    32:68:cb:73:7e:cc:f9:86:aa:bc:13:5e:36:26:5b:
                    82:a6:f5:6d:20:36:95:45:99:b4:ef:3f:a9:d0:d9:
                    73:5d:29:1c:d4:8b:ea:ac:e5:ba:6a:e0:ba:df:f8:
                    ad:8d:d9:c1:64:c7:8b:29:8d:29:ea:3b:62:30:86:
                    e5:d6:89:4d:1e:93:6c:91:c0:40:cb:0c:ba:2b:30:
                    c7:a1:52:e4:ca:af:e7:f0:1e:ec:e8:5d:70:69:fe:
                    65:f7:33:31:76:da:6f:b0:b2:ab:b5:19:3f:76:bc:
                    09:9d:e5:72:64:7d:cf:e4:dc:cc:49:50:b8:bc:5d:
                    42:65:8f:dd:89:55:4d:99:2b:6b:23:12:6b:e5:66:
                    85:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:26:75:A0:8C:22:9B:B2:00:C8:37:24:76:BF:BC:B2:F9:18:E7:73
            X509v3 Authority Key Identifier:
                keyid:7C:67:3D:AA:D6:D9:31:7F:01:01:D4:1A:04:2A:61:E5:76:89:45:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fGc9qtbZMX8BAdQaBCph5XaJRTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/0SZ1oIwim7IAyDckdr-8svkY53M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/fGc9qtbZMX8BAdQaBCph5XaJRTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.12.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:87:a7:51:81:2f:57:a3:0e:7a:e7:b7:2a:97:12:f5:ba:6d:
         35:0f:8a:92:1c:e6:24:a1:cf:58:a4:12:57:fd:c9:e4:30:b8:
         51:f6:54:91:f6:97:14:58:17:05:11:66:35:b0:d9:2a:d9:93:
         8f:07:81:d4:8d:4b:50:a5:14:e3:20:f6:51:50:40:b6:fa:51:
         f7:e8:a7:40:38:4a:17:22:f8:80:03:1b:1a:bf:e9:13:ca:c2:
         69:ee:bf:53:9a:e7:fa:62:e1:3f:aa:6e:be:c4:2d:84:d2:12:
         d8:35:55:a8:fc:a6:53:f3:e7:f2:1e:c3:b9:17:5c:dd:c8:6c:
         60:5f:64:c9:5c:f7:b5:28:3b:e9:22:a6:5f:08:b6:39:da:2a:
         08:ce:86:f8:0c:b3:bb:d7:70:a7:75:e3:ed:f7:c0:52:da:ec:
         2c:31:ed:67:98:6e:75:ce:a2:02:9d:cf:dc:66:db:79:27:3a:
         13:24:03:ef:2a:d1:20:7a:04:51:e0:a6:0b:f8:be:2f:a1:3c:
         7f:52:18:aa:61:04:76:e7:95:06:df:8a:bb:17:b5:43:3a:b7:
         f8:57:d8:43:e3:1e:96:9b:6c:cd:24:18:ff:b7:51:27:d0:61:
         c5:aa:08:53:71:72:49:05:48:f0:99:49:da:4f:c1:d0:42:6d:
         f4:0c:3a:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbxzWvLg/6RbmtTxk1RUyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjNjczZGFhZDZkOTMxN2YwMTAxZDQxYTA0MmE2MWU1NzY4
OTQ1M2EwHhcNMjQwMTAyMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTI2NzVhMDhjMjI5YmIyMDBjODM3MjQ3NmJmYmNiMmY5MThlNzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDeDPdhGJx1sVpjqh/0A8YejSWmh
gqu+3kT7PRP1ghA/8FK3xZozS89HfMeuPqgTNS8BmqPBne2wBqshOmXn2t2KLNnL
RW6qv5X4CaUtS1DQZ3RB/mlTAXqkJ1EZYq1hGi6Px2LNtdBRNRGI5rhXioyaHTh0
IVkyaMtzfsz5hqq8E142JluCpvVtIDaVRZm07z+p0NlzXSkc1IvqrOW6auC63/it
jdnBZMeLKY0p6jtiMIbl1olNHpNskcBAywy6KzDHoVLkyq/n8B7s6F1waf5l9zMx
dtpvsLKrtRk/drwJneVyZH3P5NzMSVC4vF1CZY/diVVNmStrIxJr5WaFAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNEmdaCMIpuyAMg3JHa/vLL5GOdzMB8GA1UdIwQY
MBaAFHxnParW2TF/AQHUGgQqYeV2iUU6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkdjOXF0YlpNWDhCQWRRYUJDcGg1WGFKUlRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMDM3ZGItNzU5Mi00YjYyLWJkYWEt
MDRlNDZlZjBjZDIxLzEvMFNaMW9Jd2ltN0lBeURja2RyLThzdmtZNTNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMDM3ZGItNzU5Mi00YjYyLWJkYWEtMDRlNDZlZjBjZDIx
LzEvZkdjOXF0YlpNWDhCQWRRYUJDcGg1WGFKUlRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAywzaMA0G
CSqGSIb3DQEBCwUAA4IBAQBTh6dRgS9Xow5657cqlxL1um01D4qSHOYkoc9YpBJX
/cnkMLhR9lSR9pcUWBcFEWY1sNkq2ZOPB4HUjUtQpRTjIPZRUEC2+lH36KdAOEoX
IviAAxsav+kTysJp7r9Tmuf6YuE/qm6+xC2E0hLYNVWo/KZT8+fyHsO5F1zdyGxg
X2TJXPe1KDvpIqZfCLY52ioIzob4DLO713CndePt98BS2uwsMe1nmG51zqICnc/c
Ztt5JzoTJAPvKtEgegRR4KYL+L4voTx/UhiqYQR255UG34q7F7VDOrf4V9hD4x6W
m2zNJBj/t1En0GHFqghTcXJJBUjwmUnaT8HQQm30DDqA
-----END CERTIFICATE-----