Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/d899cc-5357-471a-bc1c-077bc8ba1e5d/1/XpoKFpgpdhEiqHOsfYTkyjcF9-Y.roa
File:                     XpoKFpgpdhEiqHOsfYTkyjcF9-Y.roa (raw, json)
Hash identifier:          JZHw4frTtrKLQAPb8JuuU1HwfbA+cUwCtCe6pTnE93Y=
Subject key identifier:   5E:9A:0A:16:98:29:76:11:22:A8:73:AC:7D:84:E4:CA:37:05:F7:E6
Certificate issuer:       /CN=2b4e2d34ccee4576b5ce7605a084e6c08522c228
Certificate serial:       018CC7264A0B23DC37009F8E2B8218676FC4
Authority key identifier: 2B:4E:2D:34:CC:EE:45:76:B5:CE:76:05:A0:84:E6:C0:85:22:C2:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K04tNMzuRXa1znYFoITmwIUiwig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/d899cc-5357-471a-bc1c-077bc8ba1e5d/1/XpoKFpgpdhEiqHOsfYTkyjcF9-Y.roa
Signing time:             Mon 01 Jan 2024 22:30:24 +0000
ROA not before:           Mon 01 Jan 2024 22:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47254
IP address blocks:        212.102.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/d899cc-5357-471a-bc1c-077bc8ba1e5d/1/K04tNMzuRXa1znYFoITmwIUiwig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/d899cc-5357-471a-bc1c-077bc8ba1e5d/1/K04tNMzuRXa1znYFoITmwIUiwig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K04tNMzuRXa1znYFoITmwIUiwig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:4a:0b:23:dc:37:00:9f:8e:2b:82:18:67:6f:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b4e2d34ccee4576b5ce7605a084e6c08522c228
        Validity
            Not Before: Jan  1 22:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e9a0a169829761122a873ac7d84e4ca3705f7e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:70:28:eb:4e:69:56:66:b2:0e:14:35:bf:66:
                    e9:d6:9e:e2:23:86:51:35:b0:b9:08:5b:b0:0e:ae:
                    ea:05:00:f0:2d:b5:c2:64:16:2c:e2:b5:cd:00:4a:
                    74:63:0a:a3:cd:3e:c3:73:70:d2:3a:3f:88:63:a2:
                    ef:7d:03:4a:db:0f:6e:55:58:af:86:77:01:47:d8:
                    bd:ef:c5:79:30:3e:37:d8:a4:4f:5b:80:ed:21:c4:
                    a6:18:87:e2:50:f9:dc:c4:b1:36:ab:ee:84:bd:4a:
                    6a:1f:ac:ff:2c:35:1d:8f:70:5a:9c:ea:61:c4:12:
                    b4:45:d6:83:cc:3f:66:67:92:d0:5c:29:18:f2:a9:
                    43:35:4a:b8:e5:72:3a:8f:48:fc:49:9b:38:38:21:
                    e3:90:9a:75:56:4b:18:f7:d0:30:07:51:84:02:8c:
                    3b:6d:f1:51:c2:9b:bb:73:ec:98:47:9f:4c:a2:90:
                    11:26:31:0e:03:5a:97:bf:fd:ea:5f:5a:21:0c:04:
                    bb:e3:a4:ea:07:40:07:16:d0:62:79:24:f9:9a:d2:
                    d5:a4:86:a7:80:92:d9:b4:52:ac:3c:d3:32:15:cf:
                    2b:3a:55:ff:da:c1:43:4e:83:dc:8a:19:71:ab:c5:
                    50:df:95:57:de:35:29:94:c5:6b:01:e6:4e:f5:fc:
                    02:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:9A:0A:16:98:29:76:11:22:A8:73:AC:7D:84:E4:CA:37:05:F7:E6
            X509v3 Authority Key Identifier:
                keyid:2B:4E:2D:34:CC:EE:45:76:B5:CE:76:05:A0:84:E6:C0:85:22:C2:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K04tNMzuRXa1znYFoITmwIUiwig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/d899cc-5357-471a-bc1c-077bc8ba1e5d/1/XpoKFpgpdhEiqHOsfYTkyjcF9-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/d899cc-5357-471a-bc1c-077bc8ba1e5d/1/K04tNMzuRXa1znYFoITmwIUiwig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.102.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:55:fc:9a:ac:82:f3:94:c1:a2:72:8d:de:74:33:d1:04:cb:
         1f:b0:a4:66:f6:da:d7:fa:f0:5d:93:96:18:5e:7c:07:b1:a9:
         66:0a:01:f4:74:06:be:cd:e1:29:49:24:eb:18:ee:62:dc:9a:
         bb:ad:92:bd:67:18:99:58:73:04:e8:19:01:45:70:14:3f:24:
         bb:fc:af:bb:50:ab:08:a1:57:b8:2f:a9:60:cc:63:3e:83:2e:
         aa:b2:0c:bc:00:68:1d:36:7e:8f:be:51:02:ca:1f:df:84:b5:
         1c:2f:9d:2f:1f:31:5d:d4:26:4c:c7:55:71:01:e9:c2:c8:a3:
         75:32:25:f3:07:46:af:15:54:4a:d9:64:6c:1e:3d:8e:b8:61:
         40:33:db:c8:9d:6d:81:86:24:f7:99:6d:cc:76:8d:35:02:04:
         10:7e:5c:5b:e2:0c:13:d5:81:d6:5e:d0:89:3a:16:7c:61:e3:
         68:e1:14:f5:59:87:74:75:5f:f7:05:6b:73:ea:53:f8:7f:fd:
         09:77:09:9e:5c:0c:b5:47:9e:fc:22:3d:64:91:32:e9:bd:1a:
         b9:8b:d2:f9:5f:43:95:8b:13:8b:f6:27:6a:70:68:55:80:b3:
         c7:c7:18:b9:f8:7e:e1:98:d5:e4:ac:a9:bf:ec:bf:d3:03:02:
         94:89:fb:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJkoLI9w3AJ+OK4IYZ2/EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNGUyZDM0Y2NlZTQ1NzZiNWNlNzYwNWEwODRlNmMwODUy
MmMyMjgwHhcNMjQwMTAxMjIzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTlhMGExNjk4Mjk3NjExMjJhODczYWM3ZDg0ZTRjYTM3MDVmN2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3Ao605pVmayDhQ1v2bp1p7iI4ZR
NbC5CFuwDq7qBQDwLbXCZBYs4rXNAEp0YwqjzT7Dc3DSOj+IY6LvfQNK2w9uVViv
hncBR9i978V5MD432KRPW4DtIcSmGIfiUPncxLE2q+6EvUpqH6z/LDUdj3BanOph
xBK0RdaDzD9mZ5LQXCkY8qlDNUq45XI6j0j8SZs4OCHjkJp1VksY99AwB1GEAow7
bfFRwpu7c+yYR59MopARJjEOA1qXv/3qX1ohDAS746TqB0AHFtBieST5mtLVpIan
gJLZtFKsPNMyFc8rOlX/2sFDToPcihlxq8VQ35VX3jUplMVrAeZO9fwCrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF6aChaYKXYRIqhzrH2E5Mo3BffmMB8GA1UdIwQY
MBaAFCtOLTTM7kV2tc52BaCE5sCFIsIoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzA0dE5NenVSWGExem5ZRm9JVG13SVVpd2lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9kODk5Y2MtNTM1Ny00NzFhLWJjMWMt
MDc3YmM4YmExZTVkLzEvWHBvS0ZwZ3BkaEVpcUhPc2ZZVGt5amNGOS1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9kODk5Y2MtNTM1Ny00NzFhLWJjMWMtMDc3YmM4YmExZTVk
LzEvSzA0dE5NenVSWGExem5ZRm9JVG13SVVpd2lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GZiMA0G
CSqGSIb3DQEBCwUAA4IBAQAAVfyarILzlMGico3edDPRBMsfsKRm9trX+vBdk5YY
XnwHsalmCgH0dAa+zeEpSSTrGO5i3Jq7rZK9ZxiZWHME6BkBRXAUPyS7/K+7UKsI
oVe4L6lgzGM+gy6qsgy8AGgdNn6PvlECyh/fhLUcL50vHzFd1CZMx1VxAenCyKN1
MiXzB0avFVRK2WRsHj2OuGFAM9vInW2BhiT3mW3Mdo01AgQQflxb4gwT1YHWXtCJ
OhZ8YeNo4RT1WYd0dV/3BWtz6lP4f/0JdwmeXAy1R578Ij1kkTLpvRq5i9L5X0OV
ixOL9idqcGhVgLPHxxi5+H7hmNXkrKm/7L/TAwKUiftk
-----END CERTIFICATE-----