Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/f8ae47-0ed4-4681-9c12-fa1260850709/1/0bB5uPgbYCmm2kekjmS50nCaqMo.roa
File:                     0bB5uPgbYCmm2kekjmS50nCaqMo.roa (raw, json)
Hash identifier:          3FEinUDpU4/YpIWVHsWUKL7Ffuuefowc6Z3KuZVClrg=
Subject key identifier:   D1:B0:79:B8:F8:1B:60:29:A6:DA:47:A4:8E:64:B9:D2:70:9A:A8:CA
Certificate issuer:       /CN=5349c2d00ba46be9244b76194baa10f33ce3462c
Certificate serial:       018CC8DECA810AD5EFE93703E4BDB56A46E4
Authority key identifier: 53:49:C2:D0:0B:A4:6B:E9:24:4B:76:19:4B:AA:10:F3:3C:E3:46:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U0nC0Auka-kkS3YZS6oQ8zzjRiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/f8ae47-0ed4-4681-9c12-fa1260850709/1/0bB5uPgbYCmm2kekjmS50nCaqMo.roa
Signing time:             Tue 02 Jan 2024 06:31:33 +0000
ROA not before:           Tue 02 Jan 2024 06:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20712
IP address blocks:        176.123.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/f8ae47-0ed4-4681-9c12-fa1260850709/1/U0nC0Auka-kkS3YZS6oQ8zzjRiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/f8ae47-0ed4-4681-9c12-fa1260850709/1/U0nC0Auka-kkS3YZS6oQ8zzjRiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U0nC0Auka-kkS3YZS6oQ8zzjRiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ca:81:0a:d5:ef:e9:37:03:e4:bd:b5:6a:46:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5349c2d00ba46be9244b76194baa10f33ce3462c
        Validity
            Not Before: Jan  2 06:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1b079b8f81b6029a6da47a48e64b9d2709aa8ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:1e:31:c8:04:a6:06:96:b4:41:25:d1:10:ec:
                    cf:a8:d7:3b:81:2f:84:66:d4:b7:dc:e5:f6:9d:24:
                    e3:25:8b:16:03:26:42:6e:e5:6e:51:55:c9:d4:b4:
                    bf:33:a0:d9:78:8e:67:52:d2:02:32:9a:57:dc:36:
                    09:a6:0a:85:f4:7c:53:d8:db:9d:07:f7:ee:5e:6a:
                    22:6c:93:87:fc:1c:98:ca:e8:da:9a:13:e4:6a:43:
                    c9:1e:28:8a:6e:9e:d4:7e:7c:08:6f:30:11:8f:36:
                    92:4f:52:1a:39:1f:02:87:8b:dd:0d:4a:e7:7f:1e:
                    6f:a5:b2:29:6c:79:a2:d1:69:7e:ba:5c:6e:18:45:
                    9e:cb:af:47:1f:b1:1c:e0:5b:f4:c8:f2:77:b9:e9:
                    c6:65:f1:23:a3:62:be:39:7c:7b:65:0b:9a:9b:48:
                    dd:c3:4d:85:fa:38:2d:35:42:ed:fb:f8:75:e8:0f:
                    bf:0c:76:da:26:71:81:ba:37:87:26:5e:41:15:f9:
                    6f:e9:75:90:9d:14:6e:54:24:0b:99:d4:5f:9a:71:
                    77:75:3b:ee:d1:f7:c3:5c:ca:89:4f:9a:fa:c6:c6:
                    33:b6:4c:5f:48:cc:0d:ee:ee:f3:59:bd:4a:b9:c1:
                    6c:34:b0:b0:fa:76:f1:91:7e:35:33:ff:29:ad:15:
                    f7:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:B0:79:B8:F8:1B:60:29:A6:DA:47:A4:8E:64:B9:D2:70:9A:A8:CA
            X509v3 Authority Key Identifier:
                keyid:53:49:C2:D0:0B:A4:6B:E9:24:4B:76:19:4B:AA:10:F3:3C:E3:46:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U0nC0Auka-kkS3YZS6oQ8zzjRiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f8ae47-0ed4-4681-9c12-fa1260850709/1/0bB5uPgbYCmm2kekjmS50nCaqMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f8ae47-0ed4-4681-9c12-fa1260850709/1/U0nC0Auka-kkS3YZS6oQ8zzjRiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.123.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:af:dd:d9:16:b5:5d:da:05:82:2d:a1:73:f5:fd:8a:f2:ca:
         c8:ea:ca:5b:8b:b6:f7:20:1b:61:cc:e0:8c:78:2d:19:36:55:
         4d:4a:59:ff:fb:26:3c:50:af:d4:b0:8c:11:e1:ae:a1:4d:3a:
         37:73:09:03:5d:97:16:76:22:3f:71:19:04:cb:87:38:99:b3:
         d5:a8:d8:c3:97:f2:f2:97:f6:7b:37:94:25:2c:14:4a:2d:ef:
         ab:14:3d:66:4e:29:48:78:25:12:71:fa:e6:0a:fc:95:59:1c:
         7f:dc:4e:e6:87:92:cf:85:f4:cb:dd:25:e0:b6:dc:72:a9:bc:
         22:a7:1b:7f:6f:c7:22:64:9b:fd:3f:42:89:32:a6:fe:cb:68:
         94:ae:0f:95:cc:e7:05:62:a6:c0:7d:5e:d6:51:d3:b6:4f:a7:
         0d:85:9c:bf:23:71:c1:62:f7:6a:fc:8a:49:8b:f2:0a:c9:b3:
         18:38:5b:ad:e7:ed:5b:e9:b1:82:62:0c:f5:d3:6d:c2:c3:e1:
         f4:fc:61:bc:3c:f6:66:c6:b2:e3:47:6d:f7:d3:bd:3f:99:77:
         70:65:d5:e2:22:5d:f8:a0:e9:77:fc:8c:ca:2f:fd:45:f0:04:
         70:0d:77:6a:f5:99:f9:10:10:3f:c5:75:76:bc:5f:57:42:78:
         81:dd:75:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3sqBCtXv6TcD5L21akbkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNDljMmQwMGJhNDZiZTkyNDRiNzYxOTRiYWExMGYzM2Nl
MzQ2MmMwHhcNMjQwMTAyMDYzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWIwNzliOGY4MWI2MDI5YTZkYTQ3YTQ4ZTY0YjlkMjcwOWFhOGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvx4xyASmBpa0QSXREOzPqNc7gS+E
ZtS33OX2nSTjJYsWAyZCbuVuUVXJ1LS/M6DZeI5nUtICMppX3DYJpgqF9HxT2Nud
B/fuXmoibJOH/ByYyujamhPkakPJHiiKbp7UfnwIbzARjzaST1IaOR8Ch4vdDUrn
fx5vpbIpbHmi0Wl+ulxuGEWey69HH7Ec4Fv0yPJ3uenGZfEjo2K+OXx7ZQuam0jd
w02F+jgtNULt+/h16A+/DHbaJnGBujeHJl5BFflv6XWQnRRuVCQLmdRfmnF3dTvu
0ffDXMqJT5r6xsYztkxfSMwN7u7zWb1KucFsNLCw+nbxkX41M/8prRX3vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNGwebj4G2ApptpHpI5kudJwmqjKMB8GA1UdIwQY
MBaAFFNJwtALpGvpJEt2GUuqEPM840YsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTBuQzBBdWthLWtrUzNZWlM2b1E4enpqUml3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9mOGFlNDctMGVkNC00NjgxLTljMTIt
ZmExMjYwODUwNzA5LzEvMGJCNXVQZ2JZQ21tMmtla2ptUzUwbkNhcU1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9mOGFlNDctMGVkNC00NjgxLTljMTItZmExMjYwODUwNzA5
LzEvVTBuQzBBdWthLWtrUzNZWlM2b1E4enpqUml3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHveMA0G
CSqGSIb3DQEBCwUAA4IBAQClr93ZFrVd2gWCLaFz9f2K8srI6spbi7b3IBthzOCM
eC0ZNlVNSln/+yY8UK/UsIwR4a6hTTo3cwkDXZcWdiI/cRkEy4c4mbPVqNjDl/Ly
l/Z7N5QlLBRKLe+rFD1mTilIeCUScfrmCvyVWRx/3E7mh5LPhfTL3SXgttxyqbwi
pxt/b8ciZJv9P0KJMqb+y2iUrg+VzOcFYqbAfV7WUdO2T6cNhZy/I3HBYvdq/IpJ
i/IKybMYOFut5+1b6bGCYgz1023Cw+H0/GG8PPZmxrLjR233070/mXdwZdXiIl34
oOl3/IzKL/1F8ARwDXdq9Zn5EBA/xXV2vF9XQniB3XVB
-----END CERTIFICATE-----