Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/7caae5-03af-47f8-b29e-e951a74346f9/1/bnad2SC-npFRgRseN8bSDk2zjuA.roa
File:                     bnad2SC-npFRgRseN8bSDk2zjuA.roa (raw, json)
Hash identifier:          cmpj2Ncjhgl8k4atC1s+uwFLO0KdQMYqzaNl31IjHlI=
Subject key identifier:   6E:76:9D:D9:20:BE:9E:91:51:81:1B:1E:37:C6:D2:0E:4D:B3:8E:E0
Certificate issuer:       /CN=552423ed905000f69ad93eefc666bb9b1addcb37
Certificate serial:       018E1EC598F265CC18778BBE333F65DD7CC3
Authority key identifier: 55:24:23:ED:90:50:00:F6:9A:D9:3E:EF:C6:66:BB:9B:1A:DD:CB:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VSQj7ZBQAPaa2T7vxma7mxrdyzc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/7caae5-03af-47f8-b29e-e951a74346f9/1/bnad2SC-npFRgRseN8bSDk2zjuA.roa
Signing time:             Fri 08 Mar 2024 15:54:10 +0000
ROA not before:           Fri 08 Mar 2024 15:54:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        51.4.0.0/15 maxlen: 15
                          51.8.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/7caae5-03af-47f8-b29e-e951a74346f9/1/VSQj7ZBQAPaa2T7vxma7mxrdyzc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/7caae5-03af-47f8-b29e-e951a74346f9/1/VSQj7ZBQAPaa2T7vxma7mxrdyzc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VSQj7ZBQAPaa2T7vxma7mxrdyzc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1e:c5:98:f2:65:cc:18:77:8b:be:33:3f:65:dd:7c:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=552423ed905000f69ad93eefc666bb9b1addcb37
        Validity
            Not Before: Mar  8 15:54:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e769dd920be9e9151811b1e37c6d20e4db38ee0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:e6:d5:51:91:83:0b:fb:55:d1:7b:68:2a:79:
                    ab:42:f7:14:04:49:e6:a2:6f:e5:cf:b4:b1:f1:b5:
                    90:49:4d:8c:36:a0:6e:5f:11:3c:55:12:79:09:53:
                    05:64:d7:63:4c:0d:e3:0e:43:7e:3d:3a:12:92:ec:
                    7e:9c:94:38:4e:97:0d:8a:69:16:2b:53:29:2f:ad:
                    a3:bf:8e:3b:ce:bb:42:47:90:2c:35:f4:ed:61:a2:
                    ea:8d:2b:70:17:09:c2:52:2f:66:3f:a8:22:bf:49:
                    d8:69:61:35:b6:79:6e:59:c1:09:ef:4d:96:1d:0e:
                    28:73:b1:44:00:d8:29:09:0d:90:32:32:e5:72:76:
                    3e:34:48:60:c9:da:41:af:38:e7:bf:05:81:5a:9f:
                    90:bd:94:8d:5b:54:c7:fd:28:8e:96:bd:22:92:c5:
                    52:0d:5a:4b:e8:d1:bd:92:e8:d9:c1:f0:4b:4c:a6:
                    bb:53:89:f2:d2:71:3e:b8:60:64:19:44:29:78:45:
                    73:92:c7:91:1e:0d:a6:12:d2:73:a7:3e:30:d1:3f:
                    2b:fa:4d:8a:cf:81:56:aa:97:a0:03:86:09:e2:af:
                    9c:c2:38:34:44:10:72:76:de:99:61:ce:5b:da:e4:
                    8d:07:80:a9:9e:41:bc:42:87:0c:d1:d7:74:cc:16:
                    a6:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:76:9D:D9:20:BE:9E:91:51:81:1B:1E:37:C6:D2:0E:4D:B3:8E:E0
            X509v3 Authority Key Identifier:
                keyid:55:24:23:ED:90:50:00:F6:9A:D9:3E:EF:C6:66:BB:9B:1A:DD:CB:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VSQj7ZBQAPaa2T7vxma7mxrdyzc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/7caae5-03af-47f8-b29e-e951a74346f9/1/bnad2SC-npFRgRseN8bSDk2zjuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/7caae5-03af-47f8-b29e-e951a74346f9/1/VSQj7ZBQAPaa2T7vxma7mxrdyzc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.4.0.0/15
                  51.8.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         6b:be:b5:5a:d1:61:b5:35:62:07:7c:3f:a1:08:79:6d:85:d5:
         26:41:7c:d2:c5:98:a2:37:cc:9a:4f:3e:8f:0d:6b:4d:34:f3:
         04:9e:0b:2a:50:6c:e2:c5:bb:b8:b0:3b:b7:82:46:65:77:f6:
         1c:49:a3:9c:99:b5:f6:39:56:ae:27:e3:5c:c4:62:5f:ca:68:
         d4:02:99:14:2c:f5:d0:76:e2:02:09:90:e4:de:e9:a7:14:bd:
         77:bb:c3:b5:87:14:ea:d5:a4:3c:16:0b:1c:24:2f:47:dc:76:
         d2:6a:b4:0d:cd:94:80:80:ab:85:96:2f:33:2a:0a:ee:2d:46:
         96:c7:54:b5:55:8f:74:eb:ed:66:05:8f:3f:f5:2a:0c:fa:80:
         48:2b:ee:5b:0a:f4:05:2c:f8:be:e4:75:56:2e:82:d2:88:3f:
         e6:94:dc:29:d9:18:64:35:0d:cc:7d:b0:6a:ee:21:93:cb:5b:
         f9:2c:cf:fe:2a:71:93:b6:02:07:f8:05:73:4a:0e:9a:18:c6:
         72:7f:66:95:c7:2c:c3:08:e2:4c:dd:12:52:a6:c8:de:ef:51:
         50:a2:f2:cf:58:da:3d:fe:7a:75:69:98:1d:33:54:95:54:d7:
         28:87:cc:d1:28:64:9e:b7:b8:35:eb:3f:18:40:d7:87:1d:3f:
         ac:e9:e0:06
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAY4exZjyZcwYd4u+Mz9l3XzDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1MjQyM2VkOTA1MDAwZjY5YWQ5M2VlZmM2NjZiYjliMWFk
ZGNiMzcwHhcNMjQwMzA4MTU1NDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTc2OWRkOTIwYmU5ZTkxNTE4MTFiMWUzN2M2ZDIwZTRkYjM4ZWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+bVUZGDC/tV0XtoKnmrQvcUBEnm
om/lz7Sx8bWQSU2MNqBuXxE8VRJ5CVMFZNdjTA3jDkN+PToSkux+nJQ4TpcNimkW
K1MpL62jv447zrtCR5AsNfTtYaLqjStwFwnCUi9mP6giv0nYaWE1tnluWcEJ702W
HQ4oc7FEANgpCQ2QMjLlcnY+NEhgydpBrzjnvwWBWp+QvZSNW1TH/SiOlr0iksVS
DVpL6NG9kujZwfBLTKa7U4ny0nE+uGBkGUQpeEVzkseRHg2mEtJzpz4w0T8r+k2K
z4FWqpegA4YJ4q+cwjg0RBBydt6ZYc5b2uSNB4CpnkG8QocM0dd0zBamuwIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFG52ndkgvp6RUYEbHjfG0g5Ns47gMB8GA1UdIwQY
MBaAFFUkI+2QUAD2mtk+78Zmu5sa3cs3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlNRajdaQlFBUGFhMlQ3dnhtYTdteHJkeXpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS83Y2FhZTUtMDNhZi00N2Y4LWIyOWUt
ZTk1MWE3NDM0NmY5LzEvYm5hZDJTQy1ucEZSZ1JzZU44YlNEazJ6anVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS83Y2FhZTUtMDNhZi00N2Y4LWIyOWUtZTk1MWE3NDM0NmY5
LzEvVlNRajdaQlFBUGFhMlQ3dnhtYTdteHJkeXpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCMGCCsGAQUFBwEHAQH/BBQwEjAQBAIAATAKAwMBMwQDAwAz
CDANBgkqhkiG9w0BAQsFAAOCAQEAa761WtFhtTViB3w/oQh5bYXVJkF80sWYojfM
mk8+jw1rTTTzBJ4LKlBs4sW7uLA7t4JGZXf2HEmjnJm19jlWrifjXMRiX8po1AKZ
FCz10HbiAgmQ5N7ppxS9d7vDtYcU6tWkPBYLHCQvR9x20mq0Dc2UgICrhZYvMyoK
7i1GlsdUtVWPdOvtZgWPP/UqDPqASCvuWwr0BSz4vuR1Vi6C0og/5pTcKdkYZDUN
zH2wau4hk8tb+SzP/ipxk7YCB/gFc0oOmhjGcn9mlccswwjiTN0SUqbI3u9RUKLy
z1jaPf56dWmYHTNUlVTXKIfM0Shknre4Nes/GEDXhx0/rOngBg==
-----END CERTIFICATE-----