Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/0lCEWt7EhpSrsRI4bNz-kUzH2eI.roa
File:                     0lCEWt7EhpSrsRI4bNz-kUzH2eI.roa (raw, json)
Hash identifier:          nf39ZNfSGf9BEk40Vvwca4uqDbeTd2DAZISUuvs+Eto=
Subject key identifier:   D2:50:84:5A:DE:C4:86:94:AB:B1:12:38:6C:DC:FE:91:4C:C7:D9:E2
Certificate issuer:       /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial:       018CC8DF30125D58ED91B1F7FE45C9438A8E
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/0lCEWt7EhpSrsRI4bNz-kUzH2eI.roa
Signing time:             Tue 02 Jan 2024 06:31:59 +0000
ROA not before:           Tue 02 Jan 2024 06:31:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202001
IP address blocks:        147.234.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:30:12:5d:58:ed:91:b1:f7:fe:45:c9:43:8a:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
        Validity
            Not Before: Jan  2 06:31:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d250845adec48694abb112386cdcfe914cc7d9e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:d5:f9:80:d2:7a:09:d9:a3:d5:67:ec:8d:d9:
                    0a:87:98:b2:72:d5:91:39:84:a3:ea:ba:cc:f4:ef:
                    99:3e:c3:83:bf:54:25:c3:29:99:b3:dc:f9:25:40:
                    c7:c5:17:00:06:53:52:cb:90:99:88:1f:27:d9:09:
                    54:ac:01:f3:7d:07:96:f0:1b:82:7e:a2:cd:3c:21:
                    6d:9c:bc:7b:28:11:68:c9:d0:99:53:e8:30:a0:23:
                    43:f3:de:7d:df:7a:f6:67:49:f9:14:44:f4:9e:08:
                    48:d3:ed:07:90:d8:e7:14:f2:f5:24:b0:30:c3:4c:
                    00:34:eb:d3:2f:2d:6c:c9:df:dd:02:e7:de:e0:52:
                    32:e7:5e:0d:8f:73:15:67:cb:9e:29:e4:6f:7c:fe:
                    30:5c:63:4e:a8:17:93:74:7c:d1:17:5b:0c:e0:47:
                    59:4f:6e:9e:bf:8e:14:63:36:34:7d:09:38:39:d5:
                    6c:54:50:00:b5:fa:e4:3b:f7:89:aa:06:55:b2:af:
                    c5:91:72:78:8a:c3:23:b2:c8:42:e4:22:e8:8b:91:
                    b0:d3:2c:c4:b3:d4:83:1f:38:7f:27:b6:7c:a4:e7:
                    ff:80:77:40:a9:0d:31:a7:45:f6:f5:35:d2:ef:c5:
                    2a:ec:38:0c:00:25:0e:84:d8:8d:7a:e4:d5:27:09:
                    93:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:50:84:5A:DE:C4:86:94:AB:B1:12:38:6C:DC:FE:91:4C:C7:D9:E2
            X509v3 Authority Key Identifier:
                keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/0lCEWt7EhpSrsRI4bNz-kUzH2eI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.234.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:8c:eb:f5:29:96:27:74:6a:69:28:fa:a3:09:de:2c:5f:37:
         58:c5:ba:ba:94:01:71:ff:17:5e:a6:7e:9b:a4:10:24:75:e9:
         e7:24:da:e2:b7:d0:f0:bc:67:65:d2:a8:a7:a2:aa:d4:95:fc:
         d9:c4:ba:e7:de:97:72:f6:09:d6:25:b9:bf:5c:7c:a1:6b:ba:
         ef:f9:4e:c8:af:8d:38:72:ca:86:c4:d5:de:35:38:9e:c2:7f:
         36:bf:84:9a:2a:33:81:6a:80:1f:1e:bd:67:89:8c:e9:8d:b9:
         34:b2:e7:40:b7:40:2b:63:8b:05:ea:a6:2b:78:3e:7d:64:d1:
         91:52:74:97:bd:35:1f:a9:f7:15:a2:98:8a:93:77:24:2c:af:
         f4:75:fc:67:3a:ef:5e:48:84:09:be:6f:27:b0:2f:89:76:a8:
         8d:84:50:0d:4b:56:7f:bf:00:2a:28:f0:ba:e3:dd:2f:ae:36:
         52:5b:a4:ee:ab:73:5c:76:10:52:c8:8d:5f:29:96:cc:da:d2:
         f9:14:ff:61:ea:50:bc:5d:f4:6f:d8:4a:0a:45:31:bf:0b:fd:
         90:e6:f8:92:c7:e7:e1:72:26:23:8d:fa:fc:7a:39:c8:50:8e:
         34:b9:2b:97:94:50:b7:44:ab:0f:8a:5c:12:ad:bc:00:0f:f0:
         43:13:80:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3zASXVjtkbH3/kXJQ4qOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjQwMTAyMDYzMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjUwODQ1YWRlYzQ4Njk0YWJiMTEyMzg2Y2RjZmU5MTRjYzdkOWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkNX5gNJ6Cdmj1WfsjdkKh5iyctWR
OYSj6rrM9O+ZPsODv1QlwymZs9z5JUDHxRcABlNSy5CZiB8n2QlUrAHzfQeW8BuC
fqLNPCFtnLx7KBFoydCZU+gwoCND895933r2Z0n5FET0nghI0+0HkNjnFPL1JLAw
w0wANOvTLy1syd/dAufe4FIy514Nj3MVZ8ueKeRvfP4wXGNOqBeTdHzRF1sM4EdZ
T26ev44UYzY0fQk4OdVsVFAAtfrkO/eJqgZVsq/FkXJ4isMjsshC5CLoi5Gw0yzE
s9SDHzh/J7Z8pOf/gHdAqQ0xp0X29TXS78Uq7DgMACUOhNiNeuTVJwmT6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJQhFrexIaUq7ESOGzc/pFMx9niMB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvMGxDRVd0N0VocFNyc1JJNGJOei1rVXpIMmVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk+oiMA0G
CSqGSIb3DQEBCwUAA4IBAQAtjOv1KZYndGppKPqjCd4sXzdYxbq6lAFx/xdepn6b
pBAkdennJNrit9DwvGdl0qinoqrUlfzZxLrn3pdy9gnWJbm/XHyha7rv+U7Ir404
csqGxNXeNTiewn82v4SaKjOBaoAfHr1niYzpjbk0sudAt0ArY4sF6qYreD59ZNGR
UnSXvTUfqfcVopiKk3ckLK/0dfxnOu9eSIQJvm8nsC+JdqiNhFANS1Z/vwAqKPC6
490vrjZSW6Tuq3NcdhBSyI1fKZbM2tL5FP9h6lC8XfRv2EoKRTG/C/2Q5viSx+fh
ciYjjfr8ejnIUI40uSuXlFC3RKsPilwSrbwAD/BDE4B4
-----END CERTIFICATE-----