Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/cCW4WRcIHETD4hvgD7i-aUfzPPM.roa
File:                     cCW4WRcIHETD4hvgD7i-aUfzPPM.roa (raw, json)
Hash identifier:          0eQ61JhRehoupW9S/A+/yHFdpdnVDLb40gFvvLq8FL8=
Subject key identifier:   70:25:B8:59:17:08:1C:44:C3:E2:1B:E0:0F:B8:BE:69:47:F3:3C:F3
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E19993906CCBAF2944D43C2C9648E
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/cCW4WRcIHETD4hvgD7i-aUfzPPM.roa
Signing time:             Mon 01 Jan 2024 14:29:36 +0000
ROA not before:           Mon 01 Jan 2024 14:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208121
IP address blocks:        139.28.86.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:19:99:39:06:cc:ba:f2:94:4d:43:c2:c9:64:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7025b85917081c44c3e21be00fb8be6947f33cf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:90:e7:bb:bc:27:a5:76:96:8e:ff:ec:2e:b3:
                    06:89:eb:06:f4:a1:7d:d9:89:99:63:7d:32:97:75:
                    76:d7:2f:73:50:f4:e7:07:63:a2:af:3b:a5:4a:5b:
                    90:a9:66:e2:52:08:27:19:53:bd:c2:61:fa:34:63:
                    4c:02:64:12:83:2f:67:8f:ad:ec:93:a1:00:7e:dd:
                    c9:85:1d:3b:2d:65:b0:96:21:f6:17:12:63:3d:8c:
                    20:d0:2e:d7:4f:97:06:5d:0d:45:34:bc:53:db:8d:
                    a7:ed:41:a2:e7:5c:18:2d:91:df:ac:0d:4e:b2:b6:
                    1d:78:e0:ba:ae:b5:0c:24:d1:2c:fc:98:66:5b:2e:
                    f4:93:f7:d0:55:50:02:c7:1e:85:eb:33:cf:12:eb:
                    4c:33:35:62:82:72:f6:11:21:f4:42:ac:06:aa:72:
                    8c:19:75:1c:0b:9e:7c:fe:e5:aa:52:e3:dd:62:16:
                    33:7c:c6:f0:cf:47:24:0b:7c:5e:f3:d9:3d:68:42:
                    f8:7d:d5:c4:4e:1c:c2:1a:f9:23:2d:b3:39:16:85:
                    c1:46:aa:4e:a6:be:0a:23:d0:e3:34:23:38:1e:91:
                    a9:73:c8:ca:41:21:ae:f3:df:85:4f:44:4f:ef:ad:
                    be:19:24:9c:85:80:b1:dd:87:da:aa:f8:98:d9:4a:
                    44:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:25:B8:59:17:08:1C:44:C3:E2:1B:E0:0F:B8:BE:69:47:F3:3C:F3
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/cCW4WRcIHETD4hvgD7i-aUfzPPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:32:63:ba:4f:14:83:05:08:ea:d1:b4:9b:f4:a5:fc:7f:9f:
         69:22:4a:67:c2:ad:cb:48:64:1f:0b:2c:cd:c4:83:25:75:b8:
         ca:a6:dd:2c:0e:ac:0f:e9:3b:3b:27:ed:06:c3:95:b9:ca:93:
         9a:a8:dc:b2:c5:ed:a3:30:49:85:9d:c5:e1:72:c5:a2:27:17:
         30:a8:35:b2:30:13:84:73:a0:3e:3d:6e:38:c9:02:53:06:99:
         29:53:ea:dc:a5:43:af:52:98:37:3a:5c:5e:e7:35:3b:18:59:
         31:78:16:b7:9d:a1:0c:97:0e:d1:3d:9e:67:a9:d4:f2:47:07:
         3a:34:69:dd:22:c7:d0:0d:11:95:1a:9e:16:27:cc:aa:ec:bc:
         ad:44:9f:6b:f1:73:81:89:ab:bb:5f:7b:87:15:08:53:e7:54:
         60:08:1b:ce:bd:dd:87:eb:b9:6b:b4:ad:66:f5:64:39:f9:c2:
         29:c3:68:79:16:68:60:4a:fb:da:e9:1a:58:9e:89:9f:91:0c:
         fe:f1:bc:89:69:56:6a:22:79:30:84:45:4a:45:4d:63:6b:e8:
         ca:7e:bd:31:02:9b:1f:19:eb:e3:a2:bc:c0:ce:52:46:09:a3:
         f9:a4:c3:ab:36:c6:a2:ee:2c:75:a4:33:ec:a2:17:32:b5:11:
         05:a8:b7:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhmZOQbMuvKUTUPCyWSOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDI1Yjg1OTE3MDgxYzQ0YzNlMjFiZTAwZmI4YmU2OTQ3ZjMzY2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZDnu7wnpXaWjv/sLrMGiesG9KF9
2YmZY30yl3V21y9zUPTnB2OirzulSluQqWbiUggnGVO9wmH6NGNMAmQSgy9nj63s
k6EAft3JhR07LWWwliH2FxJjPYwg0C7XT5cGXQ1FNLxT242n7UGi51wYLZHfrA1O
srYdeOC6rrUMJNEs/JhmWy70k/fQVVACxx6F6zPPEutMMzVignL2ESH0QqwGqnKM
GXUcC558/uWqUuPdYhYzfMbwz0ckC3xe89k9aEL4fdXEThzCGvkjLbM5FoXBRqpO
pr4KI9DjNCM4HpGpc8jKQSGu89+FT0RP762+GSSchYCx3YfaqviY2UpEWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHAluFkXCBxEw+Ib4A+4vmlH8zzzMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvY0NXNFdSY0lIRVRENGh2Z0Q3aS1hVWZ6UFBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBixxWMA0G
CSqGSIb3DQEBCwUAA4IBAQA2MmO6TxSDBQjq0bSb9KX8f59pIkpnwq3LSGQfCyzN
xIMldbjKpt0sDqwP6Ts7J+0Gw5W5ypOaqNyyxe2jMEmFncXhcsWiJxcwqDWyMBOE
c6A+PW44yQJTBpkpU+rcpUOvUpg3Olxe5zU7GFkxeBa3naEMlw7RPZ5nqdTyRwc6
NGndIsfQDRGVGp4WJ8yq7LytRJ9r8XOBiau7X3uHFQhT51RgCBvOvd2H67lrtK1m
9WQ5+cIpw2h5FmhgSvva6RpYnomfkQz+8byJaVZqInkwhEVKRU1ja+jKfr0xApsf
GevjorzAzlJGCaP5pMOrNsai7ix1pDPsohcytREFqLeg
-----END CERTIFICATE-----