Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/c2E6PCaVG8CKhW5UhHrIv2ZXG8o.roa
File:                     c2E6PCaVG8CKhW5UhHrIv2ZXG8o.roa (raw, json)
Hash identifier:          IcmWgcpImRXRm7RFkjYpB11vrbdfvD277HPYXxrol2I=
Subject key identifier:   73:61:3A:3C:26:95:1B:C0:8A:85:6E:54:84:7A:C8:BF:66:57:1B:CA
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       01916AB3F07AFA9ABBEAFC701D18F805C090
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/c2E6PCaVG8CKhW5UhHrIv2ZXG8o.roa
Signing time:             Mon 19 Aug 2024 12:54:22 +0000
ROA not before:           Mon 19 Aug 2024 12:54:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        212.80.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6a:b3:f0:7a:fa:9a:bb:ea:fc:70:1d:18:f8:05:c0:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Aug 19 12:54:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73613a3c26951bc08a856e54847ac8bf66571bca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:0d:c4:72:76:c1:85:c3:3d:85:a6:94:0d:47:
                    1e:56:b0:bc:3d:f6:f0:2c:3c:44:8d:91:8d:d7:91:
                    21:27:ff:1f:20:23:b0:88:57:e0:c4:8a:b6:84:4e:
                    59:78:78:3e:b4:be:90:b2:2b:63:d7:fa:85:63:1b:
                    93:7d:1a:08:d0:88:a0:3c:37:50:6d:c5:d7:ae:40:
                    cf:9b:8f:5f:23:93:59:fc:de:62:7d:9a:60:6d:bc:
                    93:3f:24:8f:51:2b:ca:e4:49:43:cd:1d:b5:48:b6:
                    ca:79:4d:37:32:4f:2d:fb:48:72:1d:35:79:39:23:
                    64:f2:de:d1:cb:ab:49:b4:42:a8:9f:3e:de:2f:36:
                    aa:b9:86:6b:04:ae:f9:35:bc:8b:5b:b4:bf:44:53:
                    9a:40:23:9a:df:4c:1d:3b:03:eb:48:58:93:9e:89:
                    00:f5:77:50:1d:90:6d:ed:cd:da:06:6d:63:12:ec:
                    3e:da:04:61:9d:5f:2a:60:f7:98:3b:79:d5:4c:db:
                    e8:79:5d:c1:45:ba:66:33:a0:fb:1a:54:f4:dd:7e:
                    38:b3:a1:5c:9b:92:fc:90:e2:3a:0a:0f:d4:68:81:
                    f2:c7:f8:b7:61:13:7f:67:a3:f2:49:21:f6:3b:2f:
                    fc:2a:fe:36:57:60:d0:ff:eb:d5:c3:0e:76:e5:39:
                    c8:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:61:3A:3C:26:95:1B:C0:8A:85:6E:54:84:7A:C8:BF:66:57:1B:CA
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/c2E6PCaVG8CKhW5UhHrIv2ZXG8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.80.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:94:a8:c1:fb:2c:b2:62:09:66:d4:ea:2e:bf:e8:54:a4:bc:
         1f:99:62:35:02:b3:be:07:1c:3e:68:11:83:21:82:e9:27:34:
         e3:f4:34:90:f0:3b:b8:56:32:2c:a3:cc:b8:c0:a1:f3:2c:6e:
         bf:ed:09:53:71:7f:cc:24:71:68:49:ad:1a:93:a0:63:db:d0:
         fc:94:a5:3c:0c:2b:c5:21:11:e3:ec:32:e0:18:ff:ab:8c:41:
         38:b2:db:fa:ee:6a:44:2a:b4:14:73:36:22:e9:a4:70:14:18:
         23:44:69:0e:9b:f1:9f:92:3f:40:36:a4:c5:d0:b4:f8:12:9f:
         c7:19:fa:12:f9:d8:10:51:b5:1d:25:0a:b6:4c:1c:15:2e:0f:
         83:7e:35:51:cf:45:48:57:49:5b:29:ef:ce:68:8c:af:40:34:
         ae:34:51:2e:12:c2:10:7a:b3:1d:fd:c9:70:d6:11:ad:19:21:
         34:1f:81:84:d5:ed:16:e8:dd:d6:02:2e:eb:10:d1:f9:5b:4a:
         c2:eb:2e:61:18:86:70:ad:ba:52:9b:64:5d:83:09:ce:3e:e1:
         d8:ba:72:8e:1b:d8:2c:07:e8:fe:b4:f0:18:77:63:27:78:f7:
         38:8c:eb:2c:86:d1:0b:27:92:2d:e7:3b:a9:65:14:0c:b2:3c:
         f7:74:bf:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFqs/B6+pq76vxwHRj4BcCQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjQwODE5MTI1NDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzYxM2EzYzI2OTUxYmMwOGE4NTZlNTQ4NDdhYzhiZjY2NTcxYmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQ3EcnbBhcM9haaUDUceVrC8Pfbw
LDxEjZGN15EhJ/8fICOwiFfgxIq2hE5ZeHg+tL6Qsitj1/qFYxuTfRoI0IigPDdQ
bcXXrkDPm49fI5NZ/N5ifZpgbbyTPySPUSvK5ElDzR21SLbKeU03Mk8t+0hyHTV5
OSNk8t7Ry6tJtEKonz7eLzaquYZrBK75NbyLW7S/RFOaQCOa30wdOwPrSFiTnokA
9XdQHZBt7c3aBm1jEuw+2gRhnV8qYPeYO3nVTNvoeV3BRbpmM6D7GlT03X44s6Fc
m5L8kOI6Cg/UaIHyx/i3YRN/Z6PySSH2Oy/8Kv42V2DQ/+vVww525TnIGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHNhOjwmlRvAioVuVIR6yL9mVxvKMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvYzJFNlBDYVZHOENLaFc1VWhIckl2MlpYRzhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FAAMA0G
CSqGSIb3DQEBCwUAA4IBAQA3lKjB+yyyYglm1Oouv+hUpLwfmWI1ArO+Bxw+aBGD
IYLpJzTj9DSQ8Du4VjIso8y4wKHzLG6/7QlTcX/MJHFoSa0ak6Bj29D8lKU8DCvF
IRHj7DLgGP+rjEE4stv67mpEKrQUczYi6aRwFBgjRGkOm/Gfkj9ANqTF0LT4Ep/H
GfoS+dgQUbUdJQq2TBwVLg+DfjVRz0VIV0lbKe/OaIyvQDSuNFEuEsIQerMd/clw
1hGtGSE0H4GE1e0W6N3WAi7rENH5W0rC6y5hGIZwrbpSm2RdgwnOPuHYunKOG9gs
B+j+tPAYd2MnePc4jOsshtELJ5It5zupZRQMsjz3dL9U
-----END CERTIFICATE-----