Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/i2m9faAKeF9u6eR7YLIlDAbuag8.roa
File:                     i2m9faAKeF9u6eR7YLIlDAbuag8.roa (raw, json)
Hash identifier:          QB4k8hVhtkh/gn2xtU9PjmEu9dKiVaXku0kZT56aLOE=
Subject key identifier:   8B:69:BD:7D:A0:0A:78:5F:6E:E9:E4:7B:60:B2:25:0C:06:EE:6A:0F
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E1F29A1BAF16AD4C0C167313DC810
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/i2m9faAKeF9u6eR7YLIlDAbuag8.roa
Signing time:             Mon 01 Jan 2024 14:29:37 +0000
ROA not before:           Mon 01 Jan 2024 14:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     272916
IP address blocks:        141.136.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:1f:29:a1:ba:f1:6a:d4:c0:c1:67:31:3d:c8:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b69bd7da00a785f6ee9e47b60b2250c06ee6a0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:6f:95:96:d1:11:3e:6b:46:c9:29:e0:13:cf:
                    db:fe:f3:da:f0:1e:14:d5:54:b6:14:14:a5:a9:32:
                    f0:8b:8d:4d:2c:11:74:61:6f:35:de:53:93:da:bb:
                    45:2b:0b:a1:9b:d6:47:e7:05:7b:89:0e:a3:36:44:
                    0e:4e:fe:d3:10:d4:ac:5d:48:2c:ce:f9:3d:69:20:
                    28:1a:88:3f:4f:5b:27:e3:cf:e5:5a:cd:61:b0:4d:
                    a6:99:5a:88:db:3b:1d:f1:96:5b:c1:7d:5d:98:ed:
                    09:48:62:7b:90:d6:97:a1:2c:11:89:f0:80:cb:58:
                    b8:da:e0:5b:d2:d9:d0:a0:96:ec:93:93:3c:79:43:
                    8f:af:8c:e9:f2:6b:13:79:21:49:28:1c:83:39:f3:
                    4e:0a:f1:71:b5:e0:d4:32:84:3f:7f:a3:2d:f0:b2:
                    81:7e:8a:68:12:c8:9c:91:fb:ab:ad:95:a9:fe:d1:
                    82:a1:ea:0a:99:06:1a:6a:48:06:eb:e4:cb:92:b2:
                    58:40:2a:a7:f5:f5:43:05:6b:e8:c5:e1:d8:02:53:
                    f5:16:39:55:5a:39:43:28:bf:b6:b5:ce:39:5e:fc:
                    14:96:d5:ed:17:24:3e:7d:d4:0d:5d:14:76:f4:b0:
                    e0:02:64:af:25:55:25:6a:ce:15:8c:63:70:f8:bf:
                    ed:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:69:BD:7D:A0:0A:78:5F:6E:E9:E4:7B:60:B2:25:0C:06:EE:6A:0F
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/i2m9faAKeF9u6eR7YLIlDAbuag8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.136.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:b3:c6:2f:6c:5a:60:b7:ab:36:43:e3:9f:6e:34:00:8e:e0:
         6b:9f:9f:f0:3d:20:c8:3f:3c:0c:63:ca:d1:a0:55:b0:af:66:
         23:90:8d:ee:15:fb:fe:91:d5:80:c9:14:63:df:bf:e9:97:bb:
         b9:ae:02:2b:f1:a6:e4:8f:5d:12:2d:f1:a1:24:35:a5:f8:28:
         27:7e:cb:ab:07:2a:06:3c:e2:68:f6:2a:65:bf:7a:49:2f:05:
         27:43:13:d2:a4:4b:a0:e3:94:57:e4:ff:48:1d:b5:a1:87:f9:
         58:72:38:3e:45:c5:67:9f:a5:c1:f1:8e:f7:64:11:61:b8:65:
         9d:7f:8c:1d:9f:04:9e:8c:87:bc:4c:f3:65:d5:fc:bb:6f:df:
         ae:4a:ac:f9:fe:af:50:e1:10:4f:4e:74:0a:30:41:69:97:54:
         ed:4d:3f:c7:c7:ce:f0:4f:3d:b1:54:86:4f:c2:18:73:63:27:
         ee:a0:3c:31:5a:78:fb:54:a5:0b:ce:b0:a0:99:c6:5f:be:9f:
         ac:0a:be:35:45:2d:77:7d:d5:24:d2:3a:3a:64:c3:7c:be:52:
         9d:f4:10:fb:39:59:cc:47:29:5f:67:c1:e4:01:80:25:fb:a0:
         7e:af:5a:fb:9b:65:32:c0:9e:44:1c:47:a5:d8:33:2e:d9:57:
         0f:cb:33:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbh8pobrxatTAwWcxPcgQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjY5YmQ3ZGEwMGE3ODVmNmVlOWU0N2I2MGIyMjUwYzA2ZWU2YTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2+VltERPmtGySngE8/b/vPa8B4U
1VS2FBSlqTLwi41NLBF0YW813lOT2rtFKwuhm9ZH5wV7iQ6jNkQOTv7TENSsXUgs
zvk9aSAoGog/T1sn48/lWs1hsE2mmVqI2zsd8ZZbwX1dmO0JSGJ7kNaXoSwRifCA
y1i42uBb0tnQoJbsk5M8eUOPr4zp8msTeSFJKByDOfNOCvFxteDUMoQ/f6Mt8LKB
fopoEsickfurrZWp/tGCoeoKmQYaakgG6+TLkrJYQCqn9fVDBWvoxeHYAlP1FjlV
WjlDKL+2tc45XvwUltXtFyQ+fdQNXRR29LDgAmSvJVUlas4VjGNw+L/tjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFItpvX2gCnhfbunke2CyJQwG7moPMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvaTJtOWZhQUtlRjl1NmVSN1lMSWxEQWJ1YWc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjYg9MA0G
CSqGSIb3DQEBCwUAA4IBAQA9s8YvbFpgt6s2Q+OfbjQAjuBrn5/wPSDIPzwMY8rR
oFWwr2YjkI3uFfv+kdWAyRRj37/pl7u5rgIr8abkj10SLfGhJDWl+CgnfsurByoG
POJo9iplv3pJLwUnQxPSpEug45RX5P9IHbWhh/lYcjg+RcVnn6XB8Y73ZBFhuGWd
f4wdnwSejIe8TPNl1fy7b9+uSqz5/q9Q4RBPTnQKMEFpl1TtTT/Hx87wTz2xVIZP
whhzYyfuoDwxWnj7VKULzrCgmcZfvp+sCr41RS13fdUk0jo6ZMN8vlKd9BD7OVnM
RylfZ8HkAYAl+6B+r1r7m2UywJ5EHEel2DMu2VcPyzM8
-----END CERTIFICATE-----