Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/d67661-4324-4e7a-ac6e-8b49dab166a4/1/bUMmES3An4bVa7Eqg3M-JrZWsAQ.roa
File:                     bUMmES3An4bVa7Eqg3M-JrZWsAQ.roa (raw, json)
Hash identifier:          1O8LJKA9Kq+h+MxmJdkpGc7TskhMyvig3vpALs4o5Jo=
Subject key identifier:   6D:43:26:11:2D:C0:9F:86:D5:6B:B1:2A:83:73:3E:26:B6:56:B0:04
Certificate issuer:       /CN=571a0fc012efb89650a77e6fbd12dcabda428cb0
Certificate serial:       018CC3B73FEFE1A0DF98DE133FC4302FB7C9
Authority key identifier: 57:1A:0F:C0:12:EF:B8:96:50:A7:7E:6F:BD:12:DC:AB:DA:42:8C:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VxoPwBLvuJZQp35vvRLcq9pCjLA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/d67661-4324-4e7a-ac6e-8b49dab166a4/1/bUMmES3An4bVa7Eqg3M-JrZWsAQ.roa
Signing time:             Mon 01 Jan 2024 06:30:15 +0000
ROA not before:           Mon 01 Jan 2024 06:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        139.18.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/d67661-4324-4e7a-ac6e-8b49dab166a4/1/VxoPwBLvuJZQp35vvRLcq9pCjLA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/d67661-4324-4e7a-ac6e-8b49dab166a4/1/VxoPwBLvuJZQp35vvRLcq9pCjLA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VxoPwBLvuJZQp35vvRLcq9pCjLA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 09:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3f:ef:e1:a0:df:98:de:13:3f:c4:30:2f:b7:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=571a0fc012efb89650a77e6fbd12dcabda428cb0
        Validity
            Not Before: Jan  1 06:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d4326112dc09f86d56bb12a83733e26b656b004
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c0:98:f6:a6:1e:4a:07:78:f0:df:fe:a3:c0:
                    db:b0:89:42:c5:f9:ad:ce:e4:33:d5:94:05:49:e5:
                    f2:e7:51:d3:a0:03:4a:c2:fe:80:f4:c1:e4:d6:30:
                    b6:47:ac:a1:b4:0b:d3:ac:ad:ee:3c:fd:c6:31:16:
                    98:a9:eb:58:be:ca:8c:5c:56:b4:44:33:1f:a9:7f:
                    b1:60:b2:4c:87:ef:eb:88:d0:f6:8f:98:16:f1:df:
                    49:48:07:12:8d:4f:cb:23:bb:8d:21:7a:d4:93:94:
                    fe:7b:ff:7b:15:e7:24:66:59:bc:0f:bb:0f:69:72:
                    09:fc:30:e4:8d:5b:72:95:68:be:48:52:89:67:76:
                    95:da:39:24:82:80:e4:19:30:df:9c:3d:65:9f:b2:
                    62:db:75:da:ee:08:b3:ca:28:5e:aa:35:73:45:02:
                    00:bf:cb:22:77:2e:44:a8:e9:ba:1b:7c:80:08:3b:
                    7d:d4:e2:c0:c6:da:da:a1:7f:54:d4:67:ac:a7:ec:
                    ce:61:a6:00:4c:8c:a7:6f:e4:bb:9d:66:5b:b2:4e:
                    28:9d:52:16:24:81:3b:7b:a9:17:7e:c9:34:82:71:
                    ac:60:e3:45:88:6b:54:43:07:52:bb:be:7d:53:6d:
                    42:b1:b2:c8:24:cc:d9:df:e6:b8:33:54:04:33:8f:
                    10:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:43:26:11:2D:C0:9F:86:D5:6B:B1:2A:83:73:3E:26:B6:56:B0:04
            X509v3 Authority Key Identifier:
                keyid:57:1A:0F:C0:12:EF:B8:96:50:A7:7E:6F:BD:12:DC:AB:DA:42:8C:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VxoPwBLvuJZQp35vvRLcq9pCjLA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/d67661-4324-4e7a-ac6e-8b49dab166a4/1/bUMmES3An4bVa7Eqg3M-JrZWsAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/d67661-4324-4e7a-ac6e-8b49dab166a4/1/VxoPwBLvuJZQp35vvRLcq9pCjLA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.18.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4f:4f:0c:05:52:84:cb:94:a9:bb:dd:a4:90:0d:59:df:77:b0:
         29:be:fc:66:c5:67:21:8c:b4:63:d3:1a:0f:32:db:aa:6a:f2:
         e8:a2:19:89:11:48:b2:f4:3b:71:0e:f1:b7:c8:71:d0:54:66:
         e2:73:ef:8f:12:ff:70:c7:5e:89:ce:0d:af:87:95:d7:7a:6b:
         11:10:cf:3d:5a:83:47:27:20:88:80:d4:43:03:60:93:16:bb:
         5a:11:d4:d3:45:d5:dc:f7:51:88:88:02:f8:be:4a:f1:34:00:
         c5:30:09:d0:f2:da:f7:0d:0c:c0:b4:76:df:5c:6b:20:1e:55:
         04:5a:de:f7:eb:e8:03:60:81:61:15:55:8a:8a:5a:0c:cd:29:
         00:ce:07:c2:0e:d7:fd:52:f6:c8:cf:3f:2e:4a:66:9d:ba:45:
         8a:a4:3d:56:67:da:28:ac:bf:e7:80:3e:02:92:90:b7:e0:7d:
         15:84:17:a7:2e:50:71:53:22:5e:62:f9:15:35:69:ea:ce:31:
         5a:78:d0:19:d9:2c:26:4a:d2:94:e1:c4:25:d0:5a:98:09:c8:
         d3:2d:e2:20:44:90:38:4b:a9:30:d0:f0:65:ed:08:91:dc:e4:
         7c:9e:88:1e:e5:89:5d:42:c3:a4:1d:cb:bb:65:6d:82:c9:9e:
         05:5e:33:d1
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzDtz/v4aDfmN4TP8QwL7fJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MWEwZmMwMTJlZmI4OTY1MGE3N2U2ZmJkMTJkY2FiZGE0
MjhjYjAwHhcNMjQwMTAxMDYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDQzMjYxMTJkYzA5Zjg2ZDU2YmIxMmE4MzczM2UyNmI2NTZiMDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcCY9qYeSgd48N/+o8DbsIlCxfmt
zuQz1ZQFSeXy51HToANKwv6A9MHk1jC2R6yhtAvTrK3uPP3GMRaYqetYvsqMXFa0
RDMfqX+xYLJMh+/riND2j5gW8d9JSAcSjU/LI7uNIXrUk5T+e/97FeckZlm8D7sP
aXIJ/DDkjVtylWi+SFKJZ3aV2jkkgoDkGTDfnD1ln7Ji23Xa7gizyiheqjVzRQIA
v8sidy5EqOm6G3yACDt91OLAxtraoX9U1Gesp+zOYaYATIynb+S7nWZbsk4onVIW
JIE7e6kXfsk0gnGsYONFiGtUQwdSu759U21CsbLIJMzZ3+a4M1QEM48Q0QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFG1DJhEtwJ+G1WuxKoNzPia2VrAEMB8GA1UdIwQY
MBaAFFcaD8AS77iWUKd+b70S3KvaQoywMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhvUHdCTHZ1SlpRcDM1dnZSTGNxOXBDakxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9kNjc2NjEtNDMyNC00ZTdhLWFjNmUt
OGI0OWRhYjE2NmE0LzEvYlVNbUVTM0FuNGJWYTdFcWczTS1KclpXc0FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9kNjc2NjEtNDMyNC00ZTdhLWFjNmUtOGI0OWRhYjE2NmE0
LzEvVnhvUHdCTHZ1SlpRcDM1dnZSTGNxOXBDakxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAixIwDQYJ
KoZIhvcNAQELBQADggEBAE9PDAVShMuUqbvdpJANWd93sCm+/GbFZyGMtGPTGg8y
26pq8uiiGYkRSLL0O3EO8bfIcdBUZuJz748S/3DHXonODa+Hldd6axEQzz1ag0cn
IIiA1EMDYJMWu1oR1NNF1dz3UYiIAvi+SvE0AMUwCdDy2vcNDMC0dt9cayAeVQRa
3vfr6ANggWEVVYqKWgzNKQDOB8IO1/1S9sjPPy5KZp26RYqkPVZn2iisv+eAPgKS
kLfgfRWEF6cuUHFTIl5i+RU1aerOMVp40BnZLCZK0pThxCXQWpgJyNMt4iBEkDhL
qTDQ8GXtCJHc5HyeiB7liV1Cw6Qdy7tlbYLJngVeM9E=
-----END CERTIFICATE-----