Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/s2DgewY5WOk_wtj4K_BeJM-Laec.roa
File:                     s2DgewY5WOk_wtj4K_BeJM-Laec.roa (raw, json)
Hash identifier:          hUAPohOW+TNHEKBVoAktx2D0YcB28ezPFzRmbGsqOGo=
Subject key identifier:   B3:60:E0:7B:06:39:58:E9:3F:C2:D8:F8:2B:F0:5E:24:CF:8B:69:E7
Certificate issuer:       /CN=4c37f27eb4997b3bef9f28266a39694050fe74f9
Certificate serial:       018CC56ED975FAB3E8088270E8C5C1711946
Authority key identifier: 4C:37:F2:7E:B4:99:7B:3B:EF:9F:28:26:6A:39:69:40:50:FE:74:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TDfyfrSZezvvnygmajlpQFD-dPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/s2DgewY5WOk_wtj4K_BeJM-Laec.roa
Signing time:             Mon 01 Jan 2024 14:30:25 +0000
ROA not before:           Mon 01 Jan 2024 14:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50330
IP address blocks:        213.244.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/TDfyfrSZezvvnygmajlpQFD-dPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/TDfyfrSZezvvnygmajlpQFD-dPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TDfyfrSZezvvnygmajlpQFD-dPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d9:75:fa:b3:e8:08:82:70:e8:c5:c1:71:19:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c37f27eb4997b3bef9f28266a39694050fe74f9
        Validity
            Not Before: Jan  1 14:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b360e07b063958e93fc2d8f82bf05e24cf8b69e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:fc:64:73:1f:f5:a3:28:d6:7c:9f:9c:fd:88:
                    55:8b:49:4f:5d:d8:9d:59:47:80:1b:9c:24:e1:d9:
                    c4:2f:6f:aa:73:08:1b:bc:6b:9e:bd:da:8f:8c:8c:
                    53:2c:b5:a0:08:25:34:7c:1e:15:69:b8:ef:fc:e3:
                    ce:a4:62:8b:27:d7:5c:e9:08:7d:a6:96:d4:33:42:
                    2c:44:8b:33:ce:9f:d9:db:da:d5:02:3b:25:eb:16:
                    36:7c:99:c1:d4:4f:c4:aa:36:e6:ba:9e:2e:ad:34:
                    5d:bd:87:d5:c8:cd:78:85:1e:f9:ec:c4:56:d9:b4:
                    94:f4:2d:f2:c1:8e:f3:b4:15:9a:80:4e:eb:5e:74:
                    3c:86:c7:99:91:ec:59:2f:1d:3e:a2:9d:41:a5:65:
                    e3:cd:52:2d:77:49:9d:ce:11:72:f9:fc:a9:04:f8:
                    4d:cf:3b:a8:b4:c7:04:a0:24:7e:cd:92:92:60:1a:
                    b6:3f:d6:b8:70:d0:7e:7e:ca:4e:b0:72:ec:ab:d6:
                    cc:23:54:a6:16:3b:fa:cf:7f:28:a6:06:fa:cb:b4:
                    79:a3:50:62:7b:06:21:3c:ed:60:0a:5d:5c:7b:23:
                    b9:23:9e:2e:52:ff:96:54:89:fb:82:fc:77:79:94:
                    22:ea:01:ac:13:8f:ec:2e:10:f4:22:d4:00:00:a5:
                    9d:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:60:E0:7B:06:39:58:E9:3F:C2:D8:F8:2B:F0:5E:24:CF:8B:69:E7
            X509v3 Authority Key Identifier:
                keyid:4C:37:F2:7E:B4:99:7B:3B:EF:9F:28:26:6A:39:69:40:50:FE:74:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TDfyfrSZezvvnygmajlpQFD-dPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/s2DgewY5WOk_wtj4K_BeJM-Laec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/TDfyfrSZezvvnygmajlpQFD-dPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.244.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:03:36:f3:97:d7:cc:d0:2e:ab:0e:85:5b:ff:94:1c:6c:71:
         ef:80:c0:44:a7:cf:b3:5f:a3:39:e7:f7:70:1a:cf:4a:87:5a:
         32:63:a4:5c:ae:64:ee:26:19:43:86:23:e9:1c:1b:61:69:f5:
         84:03:a2:d4:04:1a:bc:cf:74:eb:d4:47:49:f5:5a:86:7a:97:
         d1:21:35:61:db:d9:72:c3:b6:40:11:d3:f8:94:17:db:46:b3:
         24:6d:1f:fd:fa:cc:77:42:9a:74:79:cd:1f:d8:7a:c4:02:67:
         1d:ac:07:26:23:f6:95:c0:30:2d:93:f8:40:24:16:2c:e1:da:
         ee:7b:08:22:c5:3d:a0:cb:07:41:69:94:7a:2c:75:58:ed:66:
         4b:65:8d:a8:9b:2b:11:ad:d2:f8:4c:f4:48:06:c4:c4:fc:29:
         dc:06:2a:4f:7c:d0:af:ce:d1:8c:13:e1:ff:d0:fa:61:10:85:
         60:16:99:0d:a2:35:35:9a:9c:92:7f:eb:52:fa:f1:af:3f:30:
         d9:13:37:64:38:59:ca:2a:02:d1:49:b3:7c:2c:db:64:66:f4:
         da:41:7c:4a:2f:4b:2d:b4:ce:d7:9a:75:22:0a:d8:8b:eb:8e:
         8c:ff:f3:c6:4f:b1:d0:d9:73:86:55:c3:b9:ce:ac:b7:1e:48:
         51:68:99:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbtl1+rPoCIJw6MXBcRlGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMzdmMjdlYjQ5OTdiM2JlZjlmMjgyNjZhMzk2OTQwNTBm
ZTc0ZjkwHhcNMjQwMTAxMTQzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzYwZTA3YjA2Mzk1OGU5M2ZjMmQ4ZjgyYmYwNWUyNGNmOGI2OWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovxkcx/1oyjWfJ+c/YhVi0lPXdid
WUeAG5wk4dnEL2+qcwgbvGuevdqPjIxTLLWgCCU0fB4Vabjv/OPOpGKLJ9dc6Qh9
ppbUM0IsRIszzp/Z29rVAjsl6xY2fJnB1E/Eqjbmup4urTRdvYfVyM14hR757MRW
2bSU9C3ywY7ztBWagE7rXnQ8hseZkexZLx0+op1BpWXjzVItd0mdzhFy+fypBPhN
zzuotMcEoCR+zZKSYBq2P9a4cNB+fspOsHLsq9bMI1SmFjv6z38opgb6y7R5o1Bi
ewYhPO1gCl1ceyO5I54uUv+WVIn7gvx3eZQi6gGsE4/sLhD0ItQAAKWddwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLNg4HsGOVjpP8LY+CvwXiTPi2nnMB8GA1UdIwQY
MBaAFEw38n60mXs7758oJmo5aUBQ/nT5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVERmeWZyU1plenZ2bnlnbWFqbHBRRkQtZFBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8wOWNlYTAtZWYyYi00ZjIwLWExOWEt
ZWI1YTYyN2U3NmEzLzEvczJEZ2V3WTVXT2tfd3RqNEtfQmVKTS1MYWVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8wOWNlYTAtZWYyYi00ZjIwLWExOWEtZWI1YTYyN2U3NmEz
LzEvVERmeWZyU1plenZ2bnlnbWFqbHBRRkQtZFBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1fR5MA0G
CSqGSIb3DQEBCwUAA4IBAQB9Azbzl9fM0C6rDoVb/5QcbHHvgMBEp8+zX6M55/dw
Gs9Kh1oyY6RcrmTuJhlDhiPpHBthafWEA6LUBBq8z3Tr1EdJ9VqGepfRITVh29ly
w7ZAEdP4lBfbRrMkbR/9+sx3Qpp0ec0f2HrEAmcdrAcmI/aVwDAtk/hAJBYs4dru
ewgixT2gywdBaZR6LHVY7WZLZY2omysRrdL4TPRIBsTE/CncBipPfNCvztGME+H/
0PphEIVgFpkNojU1mpySf+tS+vGvPzDZEzdkOFnKKgLRSbN8LNtkZvTaQXxKL0st
tM7XmnUiCtiL646M//PGT7HQ2XOGVcO5zqy3HkhRaJlh
-----END CERTIFICATE-----