Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/b3c8a6-e32e-4700-b5ed-6a994e5ec472/1/cZI5xlK00Anhl9D-jmOWUEP0xj4.roa
File:                     cZI5xlK00Anhl9D-jmOWUEP0xj4.roa (raw, json)
Hash identifier:          t0sFSdpdAHxrtlSgwAcNpqxxUR6xUgaft2oH2PYds0s=
Subject key identifier:   71:92:39:C6:52:B4:D0:09:E1:97:D0:FE:8E:63:96:50:43:F4:C6:3E
Certificate issuer:       /CN=815fc22125726256d6a35f3da28f7513dd31c1fe
Certificate serial:       018CC64AEE482562618CFDDCE747FF82FF35
Authority key identifier: 81:5F:C2:21:25:72:62:56:D6:A3:5F:3D:A2:8F:75:13:DD:31:C1:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gV_CISVyYlbWo189oo91E90xwf4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/b3c8a6-e32e-4700-b5ed-6a994e5ec472/1/cZI5xlK00Anhl9D-jmOWUEP0xj4.roa
Signing time:             Mon 01 Jan 2024 18:30:48 +0000
ROA not before:           Mon 01 Jan 2024 18:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        141.20.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/b3c8a6-e32e-4700-b5ed-6a994e5ec472/1/gV_CISVyYlbWo189oo91E90xwf4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/b3c8a6-e32e-4700-b5ed-6a994e5ec472/1/gV_CISVyYlbWo189oo91E90xwf4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gV_CISVyYlbWo189oo91E90xwf4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:ee:48:25:62:61:8c:fd:dc:e7:47:ff:82:ff:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=815fc22125726256d6a35f3da28f7513dd31c1fe
        Validity
            Not Before: Jan  1 18:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=719239c652b4d009e197d0fe8e63965043f4c63e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:97:1c:9b:96:b5:4d:58:7d:52:f4:4c:dc:c6:
                    84:6b:a3:8e:d5:99:f7:5a:bf:bf:75:a0:8f:02:b3:
                    da:e2:cc:f9:01:0c:dc:8e:cf:64:b8:c3:69:89:ae:
                    03:49:46:05:f5:20:a0:8c:e3:7c:e5:ae:6e:35:36:
                    a3:78:a2:c3:aa:d8:77:cf:fa:55:ea:9a:6e:c4:c7:
                    90:ce:f6:fb:c4:1b:55:ce:3e:56:15:4e:5a:31:8c:
                    16:30:c9:21:f2:bc:e8:cd:97:e1:30:ee:d0:c4:5f:
                    1a:e7:0f:18:e5:cd:37:9e:2a:f2:cb:a8:d6:53:19:
                    5b:16:20:ef:ad:5c:45:18:51:49:eb:80:dd:be:32:
                    aa:e9:a8:de:6a:49:d4:04:07:9f:ed:8d:11:0e:e9:
                    16:5e:32:cb:7e:cf:b6:16:b3:29:b0:42:e6:dd:75:
                    2e:70:c0:b5:dc:f7:b0:6b:dc:53:f6:89:d5:fa:1e:
                    1e:36:18:eb:d2:b6:98:2d:e5:04:92:c9:fd:4d:3e:
                    4a:77:c2:8a:53:a0:20:38:2f:43:ab:d2:73:84:c5:
                    ca:d2:ca:92:ca:c9:99:91:4d:3c:cf:0e:85:55:20:
                    05:99:32:a3:de:67:77:ab:bf:36:66:bf:ce:cc:7b:
                    53:b6:e0:32:8e:51:d7:f6:47:e1:9e:1c:4f:2c:46:
                    ce:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:92:39:C6:52:B4:D0:09:E1:97:D0:FE:8E:63:96:50:43:F4:C6:3E
            X509v3 Authority Key Identifier:
                keyid:81:5F:C2:21:25:72:62:56:D6:A3:5F:3D:A2:8F:75:13:DD:31:C1:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gV_CISVyYlbWo189oo91E90xwf4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/b3c8a6-e32e-4700-b5ed-6a994e5ec472/1/cZI5xlK00Anhl9D-jmOWUEP0xj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/b3c8a6-e32e-4700-b5ed-6a994e5ec472/1/gV_CISVyYlbWo189oo91E90xwf4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.20.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         88:fc:41:c0:5c:c6:28:ba:dd:68:9d:6d:b6:c3:3f:f6:33:dd:
         da:47:3f:84:99:19:84:2e:f5:92:9f:3e:f0:e8:ad:10:06:a9:
         7c:f4:8a:ec:98:a8:94:8e:e8:ba:ec:c7:81:97:05:7e:5a:a5:
         f0:f4:5a:4e:50:96:ce:19:41:47:65:50:23:71:c8:53:e9:d6:
         3b:26:d3:39:4f:4f:73:82:64:32:4a:75:cf:7c:25:6b:1d:9a:
         22:9a:5d:1a:b4:cf:62:fe:c3:09:0b:47:eb:a0:4d:eb:d3:17:
         89:2f:39:c2:0d:04:23:19:67:76:f2:a8:75:de:d3:1f:14:d0:
         da:d1:1f:57:d4:29:8d:e2:a1:f4:29:91:a5:bd:78:ba:f1:39:
         37:89:4f:49:a6:85:74:21:b9:a6:41:96:6a:23:dc:bc:d6:0a:
         32:da:21:0f:da:57:e7:7f:92:51:0d:4b:d8:9d:e3:7a:10:9e:
         54:54:62:fa:85:13:1c:6e:21:11:88:59:5d:af:70:90:a9:00:
         92:f8:39:d6:88:bb:bf:b0:dc:7e:f8:06:a9:02:ea:2f:23:e3:
         31:12:66:a4:b9:15:99:80:4b:dc:27:01:92:c5:41:92:b4:a7:
         60:d9:74:6b:8e:a1:3a:0f:c6:15:47:af:ba:ed:18:32:0b:06:
         fa:50:5b:25
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzGSu5IJWJhjP3c50f/gv81MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNWZjMjIxMjU3MjYyNTZkNmEzNWYzZGEyOGY3NTEzZGQz
MWMxZmUwHhcNMjQwMTAxMTgzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTkyMzljNjUyYjRkMDA5ZTE5N2QwZmU4ZTYzOTY1MDQzZjRjNjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgZccm5a1TVh9UvRM3MaEa6OO1Zn3
Wr+/daCPArPa4sz5AQzcjs9kuMNpia4DSUYF9SCgjON85a5uNTajeKLDqth3z/pV
6ppuxMeQzvb7xBtVzj5WFU5aMYwWMMkh8rzozZfhMO7QxF8a5w8Y5c03niryy6jW
UxlbFiDvrVxFGFFJ64DdvjKq6ajeaknUBAef7Y0RDukWXjLLfs+2FrMpsELm3XUu
cMC13Pewa9xT9onV+h4eNhjr0raYLeUEksn9TT5Kd8KKU6AgOC9Dq9JzhMXK0sqS
ysmZkU08zw6FVSAFmTKj3md3q782Zr/OzHtTtuAyjlHX9kfhnhxPLEbOyQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHGSOcZStNAJ4ZfQ/o5jllBD9MY+MB8GA1UdIwQY
MBaAFIFfwiElcmJW1qNfPaKPdRPdMcH+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1ZfQ0lTVnlZbGJXbzE4OW9vOTFFOTB4d2Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9iM2M4YTYtZTMyZS00NzAwLWI1ZWQt
NmE5OTRlNWVjNDcyLzEvY1pJNXhsSzAwQW5obDlELWptT1dVRVAweGo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9iM2M4YTYtZTMyZS00NzAwLWI1ZWQtNmE5OTRlNWVjNDcy
LzEvZ1ZfQ0lTVnlZbGJXbzE4OW9vOTFFOTB4d2Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjRQwDQYJ
KoZIhvcNAQELBQADggEBAIj8QcBcxii63WidbbbDP/Yz3dpHP4SZGYQu9ZKfPvDo
rRAGqXz0iuyYqJSO6Lrsx4GXBX5apfD0Wk5Qls4ZQUdlUCNxyFPp1jsm0zlPT3OC
ZDJKdc98JWsdmiKaXRq0z2L+wwkLR+ugTevTF4kvOcINBCMZZ3byqHXe0x8U0NrR
H1fUKY3iofQpkaW9eLrxOTeJT0mmhXQhuaZBlmoj3LzWCjLaIQ/aV+d/klENS9id
43oQnlRUYvqFExxuIRGIWV2vcJCpAJL4OdaIu7+w3H74BqkC6i8j4zESZqS5FZmA
S9wnAZLFQZK0p2DZdGuOoToPxhVHr7rtGDILBvpQWyU=
-----END CERTIFICATE-----