Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/CCs7s7qtTwTA4v_cUzv1kNWH5cs.roa
File:                     CCs7s7qtTwTA4v_cUzv1kNWH5cs.roa (raw, json)
Hash identifier:          n9IEvGnZo2t/xTYkauWQNpybghOPxemj5Hqf6XCpTTU=
Subject key identifier:   08:2B:3B:B3:BA:AD:4F:04:C0:E2:FF:DC:53:3B:F5:90:D5:87:E5:CB
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019421B1A2FD63DBEBBFBCB583899D7D3CFD
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/CCs7s7qtTwTA4v_cUzv1kNWH5cs.roa
Signing time:             Wed 01 Jan 2025 11:47:57 +0000
ROA not before:           Wed 01 Jan 2025 11:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1239
IP address blocks:        176.57.58.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:a2:fd:63:db:eb:bf:bc:b5:83:89:9d:7d:3c:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 11:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=082b3bb3baad4f04c0e2ffdc533bf590d587e5cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:ac:b7:3b:05:8e:62:6c:61:e6:7c:c8:69:0e:
                    1a:82:e9:65:a2:a8:12:66:e5:fb:92:f3:0e:1a:96:
                    3f:43:bf:f0:0b:6c:6f:5e:b4:a2:c8:93:e8:8d:20:
                    43:a8:89:ec:96:ee:b4:b6:c8:62:ef:2b:aa:98:81:
                    7a:70:ca:98:c8:39:00:ba:61:40:8d:3d:24:49:88:
                    58:72:c8:be:05:01:b8:68:22:22:d7:e6:b8:4c:4c:
                    8b:9b:2f:16:77:b6:81:c8:b2:42:6c:b5:54:10:3c:
                    91:ea:ef:c1:aa:66:8a:a8:4e:6f:7d:d5:82:6d:d9:
                    4f:4a:69:c7:0f:cf:0b:a7:61:bb:6e:88:9a:c0:80:
                    51:c5:56:7f:24:1e:9d:41:7c:e8:f4:84:20:4c:d9:
                    72:23:2d:7b:fd:80:11:01:d5:53:d9:04:42:b8:4b:
                    02:c6:d8:2f:89:2e:c8:eb:dd:13:1e:e1:6d:5c:2b:
                    af:c8:ea:60:14:88:8f:b8:ea:61:16:41:e4:82:03:
                    8c:06:29:a4:d1:72:5f:57:f8:bd:91:99:ca:f3:65:
                    a1:9f:b3:b9:8b:ca:73:e8:72:7a:98:98:70:a1:14:
                    f7:cd:86:51:a6:8b:20:2b:b6:3f:bc:14:52:b4:eb:
                    20:6e:3c:39:71:f4:3b:98:d2:64:b0:2f:cb:af:1b:
                    50:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:2B:3B:B3:BA:AD:4F:04:C0:E2:FF:DC:53:3B:F5:90:D5:87:E5:CB
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/CCs7s7qtTwTA4v_cUzv1kNWH5cs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:57:a9:a2:b1:34:ce:82:76:e3:4a:c1:92:32:0c:4a:28:ac:
         31:fa:6e:69:04:f7:ea:3c:35:6a:1d:87:46:ae:dc:6e:d5:31:
         f0:55:15:d3:79:0e:3e:99:86:48:40:88:23:9a:b7:e2:23:94:
         35:70:51:48:d7:25:b7:9a:85:cc:59:ba:e0:5f:98:8b:f4:36:
         4d:77:9d:ac:98:29:94:85:b5:25:72:3d:c5:5e:dd:2f:d7:db:
         65:5c:81:e0:9a:28:c3:a0:46:0c:a9:00:82:89:70:6d:cb:c2:
         c2:7d:a8:63:c8:4f:ad:b6:b2:79:3b:0b:48:6d:92:bf:9d:ce:
         c8:93:87:f4:27:a4:bf:95:8f:6c:67:21:ea:6e:1e:e6:a9:85:
         08:c8:e6:2d:11:ad:27:9b:ff:81:07:a1:d2:ff:60:c1:13:e7:
         b3:a7:51:73:b7:f3:69:24:59:c4:5c:8a:84:6b:b7:4c:45:33:
         ac:97:af:eb:20:f2:e5:63:65:42:4e:cd:45:53:c9:da:ed:f0:
         6c:3d:54:38:97:6d:41:b5:c9:a2:bb:b8:f9:40:83:bb:ba:40:
         27:b1:a8:3f:f7:ee:2d:81:65:24:fd:b0:29:09:99:5c:38:4e:
         77:d1:be:7f:bd:80:11:b1:4a:87:85:cb:9d:05:6a:61:72:06:
         9b:a6:10:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsaL9Y9vrv7y1g4mdfTz9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwMTAxMTE0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODJiM2JiM2JhYWQ0ZjA0YzBlMmZmZGM1MzNiZjU5MGQ1ODdlNWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ay3OwWOYmxh5nzIaQ4agulloqgS
ZuX7kvMOGpY/Q7/wC2xvXrSiyJPojSBDqInslu60tshi7yuqmIF6cMqYyDkAumFA
jT0kSYhYcsi+BQG4aCIi1+a4TEyLmy8Wd7aByLJCbLVUEDyR6u/BqmaKqE5vfdWC
bdlPSmnHD88Lp2G7boiawIBRxVZ/JB6dQXzo9IQgTNlyIy17/YARAdVT2QRCuEsC
xtgviS7I690THuFtXCuvyOpgFIiPuOphFkHkggOMBimk0XJfV/i9kZnK82Whn7O5
i8pz6HJ6mJhwoRT3zYZRposgK7Y/vBRStOsgbjw5cfQ7mNJksC/LrxtQcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAgrO7O6rU8EwOL/3FM79ZDVh+XLMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvQ0NzN3M3cXRUd1RBNHZfY1V6djFrTldINWNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsDk6MA0G
CSqGSIb3DQEBCwUAA4IBAQBHV6misTTOgnbjSsGSMgxKKKwx+m5pBPfqPDVqHYdG
rtxu1THwVRXTeQ4+mYZIQIgjmrfiI5Q1cFFI1yW3moXMWbrgX5iL9DZNd52smCmU
hbUlcj3FXt0v19tlXIHgmijDoEYMqQCCiXBty8LCfahjyE+ttrJ5OwtIbZK/nc7I
k4f0J6S/lY9sZyHqbh7mqYUIyOYtEa0nm/+BB6HS/2DBE+ezp1Fzt/NpJFnEXIqE
a7dMRTOsl6/rIPLlY2VCTs1FU8na7fBsPVQ4l21Btcmiu7j5QIO7ukAnsag/9+4t
gWUk/bApCZlcOE530b5/vYARsUqHhcudBWphcgabphDI
-----END CERTIFICATE-----