Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/a72a92-568b-4327-9c1d-6681f916e554/1/B6zSuIMEf51tuhiIAouH5M4nvc0.roa
File:                     B6zSuIMEf51tuhiIAouH5M4nvc0.roa (raw, json)
Hash identifier:          u5E1ZiCtedbtTuguW/mTLwNPeEbV19OjxjZGlBqu3Os=
Subject key identifier:   07:AC:D2:B8:83:04:7F:9D:6D:BA:18:88:02:8B:87:E4:CE:27:BD:CD
Certificate issuer:       /CN=56d57f6cf28c982c1d3ff6c5257f399e9b955bdd
Certificate serial:       018CC2DACD98E5A113E13620FEEADF6354B8
Authority key identifier: 56:D5:7F:6C:F2:8C:98:2C:1D:3F:F6:C5:25:7F:39:9E:9B:95:5B:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VtV_bPKMmCwdP_bFJX85npuVW90.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/a72a92-568b-4327-9c1d-6681f916e554/1/B6zSuIMEf51tuhiIAouH5M4nvc0.roa
Signing time:             Mon 01 Jan 2024 02:29:28 +0000
ROA not before:           Mon 01 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211612
IP address blocks:        94.76.41.0/24 maxlen: 24
                          94.76.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/a72a92-568b-4327-9c1d-6681f916e554/1/VtV_bPKMmCwdP_bFJX85npuVW90.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/a72a92-568b-4327-9c1d-6681f916e554/1/VtV_bPKMmCwdP_bFJX85npuVW90.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VtV_bPKMmCwdP_bFJX85npuVW90.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:cd:98:e5:a1:13:e1:36:20:fe:ea:df:63:54:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56d57f6cf28c982c1d3ff6c5257f399e9b955bdd
        Validity
            Not Before: Jan  1 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07acd2b883047f9d6dba1888028b87e4ce27bdcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a1:e4:4c:a9:1f:5a:29:c2:1b:b3:ab:54:35:
                    34:79:31:e2:04:c3:1f:41:7b:cb:8c:8b:c0:33:21:
                    cd:5e:af:c1:06:43:c6:b9:a0:cb:45:96:e1:d0:ba:
                    61:7e:ca:c9:ef:57:f1:a7:ae:c3:0d:ca:4c:25:d4:
                    69:e9:83:86:09:66:c8:1c:cc:00:f4:0d:66:58:16:
                    40:14:16:b5:02:ff:d9:d2:63:3f:ed:8b:48:3a:f4:
                    d1:f1:c7:f7:d2:1c:6f:05:df:e1:99:05:c0:1e:f6:
                    ea:74:c7:df:a2:cb:3b:71:ba:ad:cf:6b:f9:b7:f1:
                    38:de:41:87:14:c5:24:cf:a6:ca:f2:92:e0:bd:f4:
                    44:08:0e:b0:08:41:3b:d3:d3:4c:cc:d4:35:07:d7:
                    b2:81:e8:aa:97:22:0f:c6:9c:18:c3:93:ad:09:59:
                    ac:14:ae:4f:b9:97:5a:47:2f:28:af:4d:e2:89:ed:
                    45:bd:17:c5:8f:ae:f6:eb:5a:76:43:ae:c3:81:bb:
                    ab:90:ca:c4:44:3f:7f:85:72:83:5e:fb:9e:9b:73:
                    21:56:05:2b:ab:61:fb:5b:a2:42:46:b1:97:d9:a2:
                    75:9a:a6:91:60:1d:cb:14:4d:4c:d2:7a:46:dc:ca:
                    a8:9b:cd:91:3e:27:2e:b0:c9:0b:e8:0c:1d:af:76:
                    b1:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:AC:D2:B8:83:04:7F:9D:6D:BA:18:88:02:8B:87:E4:CE:27:BD:CD
            X509v3 Authority Key Identifier:
                keyid:56:D5:7F:6C:F2:8C:98:2C:1D:3F:F6:C5:25:7F:39:9E:9B:95:5B:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VtV_bPKMmCwdP_bFJX85npuVW90.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/a72a92-568b-4327-9c1d-6681f916e554/1/B6zSuIMEf51tuhiIAouH5M4nvc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/a72a92-568b-4327-9c1d-6681f916e554/1/VtV_bPKMmCwdP_bFJX85npuVW90.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.76.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c3:b5:d4:33:47:89:57:48:6e:7f:a8:c5:09:d7:82:d7:62:cf:
         73:fa:3c:2a:15:98:24:83:e4:69:cf:e8:4d:77:51:e2:b3:b6:
         fe:70:ae:91:29:f8:8c:23:a4:4c:75:9c:28:c4:51:14:10:7f:
         e2:4a:c3:c4:79:d3:41:8b:d6:03:a9:f4:c0:d2:11:4d:82:cd:
         ec:31:08:98:e2:b1:b5:dc:0a:ac:08:c5:4d:10:f3:8d:0a:34:
         22:e3:4b:82:ed:02:7e:0f:56:29:3d:1f:89:70:12:7d:bc:d4:
         d9:99:7d:a4:90:bc:3a:10:77:ce:91:7c:5a:7f:f6:11:0c:4e:
         e2:94:95:3c:c6:77:d1:7c:25:b2:92:ca:f1:71:fe:8c:b2:60:
         26:62:a2:d2:ba:44:4d:2e:3f:86:92:f0:c4:30:00:1e:ad:ff:
         87:63:60:92:57:ba:63:b0:b6:db:f5:fd:b3:77:4b:94:84:70:
         2c:00:6b:96:a6:8d:70:78:ef:4f:71:be:52:e1:ff:b1:e4:97:
         97:39:c3:0a:76:6b:cd:4a:1b:6e:af:56:39:f4:05:28:e0:c8:
         e8:8a:b4:79:1f:df:fc:3c:03:6a:2f:f7:07:27:d2:c1:10:1f:
         1d:0f:01:32:00:61:b0:ef:3d:37:d3:d9:21:99:01:53:e5:86:
         a8:1b:6d:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2s2Y5aET4TYg/urfY1S4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2ZDU3ZjZjZjI4Yzk4MmMxZDNmZjZjNTI1N2YzOTllOWI5
NTViZGQwHhcNMjQwMTAxMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2FjZDJiODgzMDQ3ZjlkNmRiYTE4ODgwMjhiODdlNGNlMjdiZGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6HkTKkfWinCG7OrVDU0eTHiBMMf
QXvLjIvAMyHNXq/BBkPGuaDLRZbh0LphfsrJ71fxp67DDcpMJdRp6YOGCWbIHMwA
9A1mWBZAFBa1Av/Z0mM/7YtIOvTR8cf30hxvBd/hmQXAHvbqdMffoss7cbqtz2v5
t/E43kGHFMUkz6bK8pLgvfRECA6wCEE709NMzNQ1B9eygeiqlyIPxpwYw5OtCVms
FK5PuZdaRy8or03iie1FvRfFj67261p2Q67DgburkMrERD9/hXKDXvuem3MhVgUr
q2H7W6JCRrGX2aJ1mqaRYB3LFE1M0npG3Mqom82RPicusMkL6Awdr3axeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAes0riDBH+dbboYiAKLh+TOJ73NMB8GA1UdIwQY
MBaAFFbVf2zyjJgsHT/2xSV/OZ6blVvdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnRWX2JQS01tQ3dkUF9iRkpYODVucHVWVzkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9hNzJhOTItNTY4Yi00MzI3LTljMWQt
NjY4MWY5MTZlNTU0LzEvQjZ6U3VJTUVmNTF0dWhpSUFvdUg1TTRudmMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9hNzJhOTItNTY4Yi00MzI3LTljMWQtNjY4MWY5MTZlNTU0
LzEvVnRWX2JQS01tQ3dkUF9iRkpYODVucHVWVzkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXkwoMA0G
CSqGSIb3DQEBCwUAA4IBAQDDtdQzR4lXSG5/qMUJ14LXYs9z+jwqFZgkg+Rpz+hN
d1His7b+cK6RKfiMI6RMdZwoxFEUEH/iSsPEedNBi9YDqfTA0hFNgs3sMQiY4rG1
3AqsCMVNEPONCjQi40uC7QJ+D1YpPR+JcBJ9vNTZmX2kkLw6EHfOkXxaf/YRDE7i
lJU8xnfRfCWyksrxcf6MsmAmYqLSukRNLj+GkvDEMAAerf+HY2CSV7pjsLbb9f2z
d0uUhHAsAGuWpo1weO9Pcb5S4f+x5JeXOcMKdmvNShtur1Y59AUo4MjoirR5H9/8
PANqL/cHJ9LBEB8dDwEyAGGw7z0309khmQFT5YaoG230
-----END CERTIFICATE-----