Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/23L-thOGWEr4xG4ZrX5I2DlacyU.roa
File:                     23L-thOGWEr4xG4ZrX5I2DlacyU.roa (raw, json)
Hash identifier:          2SERHsAq1xN4ySjB9fDelZDy/nn/iwZf0z+CScDedM4=
Subject key identifier:   DB:72:FE:B6:13:86:58:4A:F8:C4:6E:19:AD:7E:48:D8:39:5A:73:25
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       018F3A3004FFD8DEB2D10FE9EB8CB98579AC
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/23L-thOGWEr4xG4ZrX5I2DlacyU.roa
Signing time:             Thu 02 May 2024 16:42:56 +0000
ROA not before:           Thu 02 May 2024 16:42:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209336
IP address blocks:        217.180.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:41:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3a:30:04:ff:d8:de:b2:d1:0f:e9:eb:8c:b9:85:79:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: May  2 16:42:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db72feb61386584af8c46e19ad7e48d8395a7325
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c7:36:aa:c1:eb:08:e3:20:db:04:f2:cb:50:
                    89:fe:83:80:39:2f:29:08:c3:f5:9e:e5:52:aa:df:
                    f0:ba:8f:c7:4a:e3:91:3a:71:66:f5:fb:e9:27:e2:
                    d9:30:5b:10:6e:da:52:18:4f:d1:ff:c1:eb:8e:16:
                    a9:1d:6e:49:de:20:66:54:ab:8e:ac:f5:47:41:91:
                    34:2d:57:6a:2f:86:15:62:70:20:d5:3c:95:f5:1b:
                    54:c7:98:a7:22:c7:ed:a2:5e:35:42:5c:79:7d:c2:
                    cf:7e:cd:a2:eb:d2:43:fa:db:14:6b:2b:8b:8a:38:
                    0b:c7:6b:27:db:f0:2f:3d:7b:5e:6d:db:da:f6:f8:
                    fe:d4:41:c5:40:d6:8c:fe:d8:85:d9:5c:75:81:a9:
                    b5:06:85:aa:94:e7:47:f7:05:9c:b1:5b:5c:51:a2:
                    8e:6f:79:38:86:7b:3f:71:46:b8:f2:68:5d:d3:ad:
                    59:4c:64:b7:85:3f:0b:e2:67:b3:ef:c1:70:5c:b0:
                    b2:b9:58:42:2f:5e:48:d6:32:76:30:51:a9:a5:5f:
                    85:e9:1c:44:ca:26:7a:5e:a9:1b:57:dd:d1:1d:7a:
                    1c:7c:ce:49:51:65:12:8e:39:64:ab:9a:e5:db:51:
                    8b:ef:b6:17:1d:43:99:c9:07:f6:75:b7:99:ae:4b:
                    7d:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:72:FE:B6:13:86:58:4A:F8:C4:6E:19:AD:7E:48:D8:39:5A:73:25
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/23L-thOGWEr4xG4ZrX5I2DlacyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.180.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:47:90:c9:45:de:13:c1:2a:ce:b8:50:52:c1:13:49:8b:93:
         b3:5d:28:2f:99:ac:4a:84:91:2b:70:e9:9a:e9:e5:d5:9b:d2:
         d4:ba:e6:5e:b8:3e:12:cb:15:df:84:6b:f2:32:7b:f0:b8:29:
         0a:cd:d7:39:fe:b5:13:c8:a2:55:a5:f1:c8:0a:d3:8b:8b:b5:
         02:5d:48:c2:5f:41:3c:69:42:a9:39:f1:24:01:44:e7:ba:8e:
         28:e1:dd:56:68:aa:81:3a:08:60:9c:5d:64:0a:88:aa:ae:1f:
         05:74:80:dd:8c:59:82:9b:fa:b1:53:f2:48:36:3b:71:51:97:
         1f:57:09:60:49:57:5b:9b:ec:df:e8:44:79:d0:10:8d:b1:a6:
         a8:48:21:21:c3:da:e8:79:ed:56:8d:19:0b:c4:f8:da:47:78:
         76:0e:21:f8:55:bd:45:e8:ba:67:1b:5c:5d:60:cd:d8:dd:32:
         2c:1a:02:2c:26:20:6b:6c:77:37:9e:5c:69:62:f1:11:f3:42:
         44:da:d7:0e:2f:46:3e:8f:51:29:cc:c4:f6:02:7a:23:64:cd:
         8a:3a:9e:cf:24:07:c5:5f:31:4f:fb:c0:dd:e0:6a:0f:ec:c6:
         e9:f4:c1:87:f9:c7:ef:f6:5c:62:59:82:2d:e7:15:72:d1:ab:
         26:ac:46:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY86MAT/2N6y0Q/p64y5hXmsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjQwNTAyMTY0MjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjcyZmViNjEzODY1ODRhZjhjNDZlMTlhZDdlNDhkODM5NWE3MzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8c2qsHrCOMg2wTyy1CJ/oOAOS8p
CMP1nuVSqt/wuo/HSuOROnFm9fvpJ+LZMFsQbtpSGE/R/8HrjhapHW5J3iBmVKuO
rPVHQZE0LVdqL4YVYnAg1TyV9RtUx5inIsftol41Qlx5fcLPfs2i69JD+tsUayuL
ijgLx2sn2/AvPXtebdva9vj+1EHFQNaM/tiF2Vx1gam1BoWqlOdH9wWcsVtcUaKO
b3k4hns/cUa48mhd061ZTGS3hT8L4mez78FwXLCyuVhCL15I1jJ2MFGppV+F6RxE
yiZ6XqkbV93RHXocfM5JUWUSjjlkq5rl21GL77YXHUOZyQf2dbeZrkt9fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNty/rYThlhK+MRuGa1+SNg5WnMlMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvMjNMLXRoT0dXRXI0eEc0WnJYNUkyRGxhY3lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2bQ8MA0G
CSqGSIb3DQEBCwUAA4IBAQAjR5DJRd4TwSrOuFBSwRNJi5OzXSgvmaxKhJErcOma
6eXVm9LUuuZeuD4SyxXfhGvyMnvwuCkKzdc5/rUTyKJVpfHICtOLi7UCXUjCX0E8
aUKpOfEkAUTnuo4o4d1WaKqBOghgnF1kCoiqrh8FdIDdjFmCm/qxU/JINjtxUZcf
VwlgSVdbm+zf6ER50BCNsaaoSCEhw9roee1WjRkLxPjaR3h2DiH4Vb1F6LpnG1xd
YM3Y3TIsGgIsJiBrbHc3nlxpYvER80JE2tcOL0Y+j1EpzMT2AnojZM2KOp7PJAfF
XzFP+8Dd4GoP7Mbp9MGH+cfv9lxiWYIt5xVy0asmrEY6
-----END CERTIFICATE-----