Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/BZ4lZ9jQS3w4e_Szokbbnnzc2u0.roa
File:                     BZ4lZ9jQS3w4e_Szokbbnnzc2u0.roa (raw, json)
Hash identifier:          UGfPz41l+W+MTh/alkA8aGsqRruBTF/VshHwQZgug04=
Subject key identifier:   05:9E:25:67:D8:D0:4B:7C:38:7B:F4:B3:A2:46:DB:9E:7C:DC:DA:ED
Certificate issuer:       /CN=2e252a477242fb45f20bb08020a403a2bb466a9b
Certificate serial:       018CC5DCD10CAF66286031840F1768D22F54
Authority key identifier: 2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/BZ4lZ9jQS3w4e_Szokbbnnzc2u0.roa
Signing time:             Mon 01 Jan 2024 16:30:32 +0000
ROA not before:           Mon 01 Jan 2024 16:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29049
IP address blocks:        62.212.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:d1:0c:af:66:28:60:31:84:0f:17:68:d2:2f:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e252a477242fb45f20bb08020a403a2bb466a9b
        Validity
            Not Before: Jan  1 16:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=059e2567d8d04b7c387bf4b3a246db9e7cdcdaed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:15:da:04:a2:48:14:a6:f7:de:d5:07:11:c8:
                    13:96:5a:c4:b8:a1:4f:eb:db:d4:19:b4:96:97:4c:
                    58:95:f3:45:4f:20:77:7d:f7:a6:fb:da:1f:7c:b4:
                    86:bf:d2:1c:b9:6e:14:0f:30:0f:9e:b6:71:08:b6:
                    5d:e1:93:5b:02:17:f8:8d:03:19:4e:ee:92:4a:29:
                    fa:a6:44:0b:39:31:9b:0c:15:45:70:c4:b1:e4:72:
                    9c:db:4c:4f:ac:69:33:0d:38:4b:ff:66:b4:b5:08:
                    91:3a:89:ec:24:f7:f9:10:4a:3c:11:65:1e:1a:db:
                    00:69:c1:e5:d7:89:9f:cb:e9:04:bf:96:2e:ad:10:
                    1d:9c:76:d8:95:5e:e3:fd:c3:29:83:91:01:9a:a5:
                    e7:48:47:da:b2:68:bf:6a:fb:bb:31:be:fc:66:36:
                    7e:15:0e:b4:f9:3b:6e:5e:ef:8d:74:a5:3e:23:3a:
                    5e:5e:db:49:ae:fb:84:17:ee:19:04:69:13:df:41:
                    bc:c0:7f:f9:67:63:27:ed:56:78:13:c4:e5:1d:15:
                    8b:90:bc:24:ef:70:7d:62:45:6b:35:09:57:35:f2:
                    7e:56:e9:fc:2a:dd:04:ed:e2:ff:99:f3:73:16:01:
                    76:6c:86:01:36:c9:4a:00:c5:fe:cf:71:7e:bb:45:
                    38:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:9E:25:67:D8:D0:4B:7C:38:7B:F4:B3:A2:46:DB:9E:7C:DC:DA:ED
            X509v3 Authority Key Identifier:
                keyid:2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/BZ4lZ9jQS3w4e_Szokbbnnzc2u0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.212.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:c6:f9:6c:4f:c7:7f:47:fc:7d:17:ce:52:3f:50:09:50:85:
         fa:0f:ba:d3:ea:13:99:f4:88:09:e4:65:27:63:71:31:cd:7d:
         3d:ed:fe:3c:16:0e:b1:4b:b1:53:04:2e:4c:99:25:ec:83:1f:
         86:72:a8:b2:0f:a4:c4:7f:c4:40:f3:a0:62:9c:2b:e8:29:fe:
         79:ae:41:b3:ef:24:09:4b:73:d3:c5:03:93:43:0a:2a:67:26:
         2d:cf:39:9d:12:7d:c5:be:d9:72:e4:76:01:dd:09:38:47:9c:
         05:e4:3a:f0:4d:d8:05:47:08:83:64:d0:52:b7:26:36:6a:78:
         37:77:d5:a2:39:92:31:67:bf:ae:20:69:30:90:8e:2b:9c:02:
         4a:b8:7e:31:f2:0e:fc:ac:e1:7c:0c:ed:88:a6:6b:0c:25:93:
         5f:91:ec:c4:1d:d1:44:32:c5:11:cf:0d:ac:7b:7d:d0:e4:81:
         b4:85:c3:d1:2e:3d:b5:59:6a:33:2d:f8:0c:c5:71:d2:f8:1b:
         f4:e5:c0:c3:60:c8:e2:c0:6c:0d:b2:1f:bc:b1:3e:83:ab:48:
         6a:7d:7e:a5:ee:31:cc:5a:9a:2a:d8:28:c3:c3:5c:ab:6f:0c:
         8d:21:8c:24:5b:98:b3:0a:00:76:20:6d:5e:13:3f:50:af:20:
         96:09:76:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3NEMr2YoYDGEDxdo0i9UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMjUyYTQ3NzI0MmZiNDVmMjBiYjA4MDIwYTQwM2EyYmI0
NjZhOWIwHhcNMjQwMTAxMTYzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTllMjU2N2Q4ZDA0YjdjMzg3YmY0YjNhMjQ2ZGI5ZTdjZGNkYWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2BXaBKJIFKb33tUHEcgTllrEuKFP
69vUGbSWl0xYlfNFTyB3ffem+9offLSGv9IcuW4UDzAPnrZxCLZd4ZNbAhf4jQMZ
Tu6SSin6pkQLOTGbDBVFcMSx5HKc20xPrGkzDThL/2a0tQiROonsJPf5EEo8EWUe
GtsAacHl14mfy+kEv5YurRAdnHbYlV7j/cMpg5EBmqXnSEfasmi/avu7Mb78ZjZ+
FQ60+TtuXu+NdKU+IzpeXttJrvuEF+4ZBGkT30G8wH/5Z2Mn7VZ4E8TlHRWLkLwk
73B9YkVrNQlXNfJ+Vun8Kt0E7eL/mfNzFgF2bIYBNslKAMX+z3F+u0U44QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAWeJWfY0Et8OHv0s6JG25583NrtMB8GA1UdIwQY
MBaAFC4lKkdyQvtF8guwgCCkA6K7RmqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmIt
MTZmMTQ2YmVmOTk1LzEvQlo0bFo5alFTM3c0ZV9Tem9rYmJubnpjMnUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmItMTZmMTQ2YmVmOTk1
LzEvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPtTgMA0G
CSqGSIb3DQEBCwUAA4IBAQAFxvlsT8d/R/x9F85SP1AJUIX6D7rT6hOZ9IgJ5GUn
Y3ExzX097f48Fg6xS7FTBC5MmSXsgx+GcqiyD6TEf8RA86BinCvoKf55rkGz7yQJ
S3PTxQOTQwoqZyYtzzmdEn3Fvtly5HYB3Qk4R5wF5DrwTdgFRwiDZNBStyY2ang3
d9WiOZIxZ7+uIGkwkI4rnAJKuH4x8g78rOF8DO2IpmsMJZNfkezEHdFEMsURzw2s
e33Q5IG0hcPRLj21WWozLfgMxXHS+Bv05cDDYMjiwGwNsh+8sT6Dq0hqfX6l7jHM
Wpoq2CjDw1yrbwyNIYwkW5izCgB2IG1eEz9QryCWCXbV
-----END CERTIFICATE-----