Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/8c5787-09fa-4988-81a1-75d6be4e5c37/1/2s8Pbl5Zt2P4pi61ykgNzCEUg7Y.roa
File:                     2s8Pbl5Zt2P4pi61ykgNzCEUg7Y.roa (raw, json)
Hash identifier:          qlrXwArZmvn9oy2pA19cOo+14UzQ5qEBjBPfMt28srQ=
Subject key identifier:   DA:CF:0F:6E:5E:59:B7:63:F8:A6:2E:B5:CA:48:0D:CC:21:14:83:B6
Certificate issuer:       /CN=66491883cb4c50122fdb2754b6252fdd6fc9d51f
Certificate serial:       018CC5DCB8FA57F7EEBC2BDD0420A6381610
Authority key identifier: 66:49:18:83:CB:4C:50:12:2F:DB:27:54:B6:25:2F:DD:6F:C9:D5:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZkkYg8tMUBIv2ydUtiUv3W_J1R8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/8c5787-09fa-4988-81a1-75d6be4e5c37/1/2s8Pbl5Zt2P4pi61ykgNzCEUg7Y.roa
Signing time:             Mon 01 Jan 2024 16:30:25 +0000
ROA not before:           Mon 01 Jan 2024 16:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25244
IP address blocks:        212.126.240.0/21 maxlen: 21
                          212.126.248.0/21 maxlen: 21
                          212.126.224.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/8c5787-09fa-4988-81a1-75d6be4e5c37/1/ZkkYg8tMUBIv2ydUtiUv3W_J1R8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/8c5787-09fa-4988-81a1-75d6be4e5c37/1/ZkkYg8tMUBIv2ydUtiUv3W_J1R8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZkkYg8tMUBIv2ydUtiUv3W_J1R8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:b8:fa:57:f7:ee:bc:2b:dd:04:20:a6:38:16:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66491883cb4c50122fdb2754b6252fdd6fc9d51f
        Validity
            Not Before: Jan  1 16:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dacf0f6e5e59b763f8a62eb5ca480dcc211483b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:85:08:b4:c4:ea:a5:7b:04:60:bf:1f:99:63:
                    37:ee:d6:a2:d6:e8:08:0d:6b:4b:31:d5:bd:06:58:
                    79:17:2d:4f:fa:62:38:63:57:4f:3c:25:b2:60:e9:
                    1f:11:1f:7f:7d:81:3f:83:c0:0a:a2:29:c7:e5:8e:
                    ab:82:cd:96:b1:d4:75:a3:8f:fd:00:bc:de:a7:31:
                    5f:92:73:d0:62:0a:bb:29:27:77:06:35:2e:2c:f2:
                    0b:13:d9:60:b2:62:12:36:fb:51:76:ca:43:cc:1a:
                    85:cf:fa:c3:61:64:d8:ca:0a:41:41:d7:c8:18:5f:
                    8a:9a:a2:0a:41:d9:35:74:e8:09:78:90:99:17:c9:
                    b8:4a:2a:54:47:65:5f:3c:38:91:0c:e5:f3:91:2b:
                    93:dd:4e:5e:e3:04:d6:b4:4a:a9:39:1f:8a:ef:fc:
                    39:36:88:e0:0f:a4:15:c4:3e:8b:0c:b9:b3:5c:93:
                    45:b4:83:88:64:b1:e5:b4:e6:79:6e:c5:ef:28:9b:
                    57:e2:65:99:c0:37:cd:98:8c:7f:d2:71:eb:6a:c0:
                    13:8e:05:00:3d:57:3f:84:46:ce:e6:cf:67:db:f8:
                    9a:49:85:e1:02:7c:91:2a:82:a1:03:5f:c3:5d:10:
                    4b:fc:76:b6:4c:5b:ab:f2:2b:ce:b5:ad:d1:40:d9:
                    39:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:CF:0F:6E:5E:59:B7:63:F8:A6:2E:B5:CA:48:0D:CC:21:14:83:B6
            X509v3 Authority Key Identifier:
                keyid:66:49:18:83:CB:4C:50:12:2F:DB:27:54:B6:25:2F:DD:6F:C9:D5:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZkkYg8tMUBIv2ydUtiUv3W_J1R8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/8c5787-09fa-4988-81a1-75d6be4e5c37/1/2s8Pbl5Zt2P4pi61ykgNzCEUg7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/8c5787-09fa-4988-81a1-75d6be4e5c37/1/ZkkYg8tMUBIv2ydUtiUv3W_J1R8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.126.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         83:db:f4:8e:50:5f:33:ac:fa:8c:78:e1:45:73:ff:02:a8:c0:
         ff:0e:d2:bd:3a:b3:66:c4:6a:44:b0:a5:e3:85:9e:54:af:6b:
         ad:0b:6c:b4:e6:cb:7a:49:7b:3b:50:17:04:2a:39:ae:da:67:
         70:cb:d1:20:55:4c:82:85:22:65:05:7b:a2:f2:05:63:e3:4e:
         33:9f:e0:dc:55:2f:df:86:f6:4c:ea:e7:ce:60:f8:5e:aa:72:
         a3:72:41:c3:b9:2a:e0:dd:53:31:59:7a:c7:06:56:10:24:bf:
         cf:15:ca:52:07:e1:83:67:02:f4:49:bf:5c:50:2d:08:e3:f8:
         33:f4:eb:17:8b:7d:a4:dc:0d:ff:53:c3:8b:b3:05:b3:d0:ad:
         e1:d5:55:dd:e2:e1:36:3a:9a:0a:90:28:da:3d:dd:2d:11:92:
         ff:da:7d:4b:f2:87:0b:de:55:8f:14:b6:44:1f:4d:f0:7e:e9:
         bb:8f:b9:c4:67:58:14:5d:52:76:51:90:16:17:09:d4:0d:58:
         b9:d4:b9:f1:3f:8d:fa:3f:b5:ab:3d:52:bf:c4:0f:44:6c:ff:
         49:2e:a5:64:1b:25:d6:62:10:3e:dc:a8:9a:fe:09:9a:7e:25:
         03:81:32:95:5c:e0:9d:d3:ea:ed:e0:6a:89:a6:e1:9c:e2:f6:
         1e:9f:e9:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Lj6V/fuvCvdBCCmOBYQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NDkxODgzY2I0YzUwMTIyZmRiMjc1NGI2MjUyZmRkNmZj
OWQ1MWYwHhcNMjQwMTAxMTYzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWNmMGY2ZTVlNTliNzYzZjhhNjJlYjVjYTQ4MGRjYzIxMTQ4M2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4UItMTqpXsEYL8fmWM37tai1ugI
DWtLMdW9Blh5Fy1P+mI4Y1dPPCWyYOkfER9/fYE/g8AKoinH5Y6rgs2WsdR1o4/9
ALzepzFfknPQYgq7KSd3BjUuLPILE9lgsmISNvtRdspDzBqFz/rDYWTYygpBQdfI
GF+KmqIKQdk1dOgJeJCZF8m4SipUR2VfPDiRDOXzkSuT3U5e4wTWtEqpOR+K7/w5
NojgD6QVxD6LDLmzXJNFtIOIZLHltOZ5bsXvKJtX4mWZwDfNmIx/0nHrasATjgUA
PVc/hEbO5s9n2/iaSYXhAnyRKoKhA1/DXRBL/Ha2TFur8ivOta3RQNk5PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrPD25eWbdj+KYutcpIDcwhFIO2MB8GA1UdIwQY
MBaAFGZJGIPLTFASL9snVLYlL91vydUfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmtrWWc4dE1VQkl2MnlkVXRpVXYzV19KMVI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC84YzU3ODctMDlmYS00OTg4LTgxYTEt
NzVkNmJlNGU1YzM3LzEvMnM4UGJsNVp0MlA0cGk2MXlrZ056Q0VVZzdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC84YzU3ODctMDlmYS00OTg4LTgxYTEtNzVkNmJlNGU1YzM3
LzEvWmtrWWc4dE1VQkl2MnlkVXRpVXYzV19KMVI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1H7gMA0G
CSqGSIb3DQEBCwUAA4IBAQCD2/SOUF8zrPqMeOFFc/8CqMD/DtK9OrNmxGpEsKXj
hZ5Ur2utC2y05st6SXs7UBcEKjmu2mdwy9EgVUyChSJlBXui8gVj404zn+DcVS/f
hvZM6ufOYPheqnKjckHDuSrg3VMxWXrHBlYQJL/PFcpSB+GDZwL0Sb9cUC0I4/gz
9OsXi32k3A3/U8OLswWz0K3h1VXd4uE2OpoKkCjaPd0tEZL/2n1L8ocL3lWPFLZE
H03wfum7j7nEZ1gUXVJ2UZAWFwnUDVi51LnxP436P7WrPVK/xA9EbP9JLqVkGyXW
YhA+3Kia/gmafiUDgTKVXOCd0+rt4GqJpuGc4vYen+kO
-----END CERTIFICATE-----