Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/506f3d-c863-462f-87eb-b3ae1e4c32b7/1/XqRC5G2oQzqgyxjNANBxj8BHSyE.roa
File:                     XqRC5G2oQzqgyxjNANBxj8BHSyE.roa (raw, json)
Hash identifier:          2y198b/KfGNRD+ETdPrwOwMG4AfNTui7dTXxIAzZIPk=
Subject key identifier:   5E:A4:42:E4:6D:A8:43:3A:A0:CB:18:CD:00:D0:71:8F:C0:47:4B:21
Certificate issuer:       /CN=1c683f95c98d2cfe9d79cdd3db8ee8138bb35772
Certificate serial:       018CC34909675D7B88AAF7EE14589DB4F311
Authority key identifier: 1C:68:3F:95:C9:8D:2C:FE:9D:79:CD:D3:DB:8E:E8:13:8B:B3:57:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HGg_lcmNLP6dec3T247oE4uzV3I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/506f3d-c863-462f-87eb-b3ae1e4c32b7/1/XqRC5G2oQzqgyxjNANBxj8BHSyE.roa
Signing time:             Mon 01 Jan 2024 04:29:52 +0000
ROA not before:           Mon 01 Jan 2024 04:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        212.61.166.0/24 maxlen: 24
                          2a02:830:4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/506f3d-c863-462f-87eb-b3ae1e4c32b7/1/HGg_lcmNLP6dec3T247oE4uzV3I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/506f3d-c863-462f-87eb-b3ae1e4c32b7/1/HGg_lcmNLP6dec3T247oE4uzV3I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HGg_lcmNLP6dec3T247oE4uzV3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:09:67:5d:7b:88:aa:f7:ee:14:58:9d:b4:f3:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c683f95c98d2cfe9d79cdd3db8ee8138bb35772
        Validity
            Not Before: Jan  1 04:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ea442e46da8433aa0cb18cd00d0718fc0474b21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:d8:ff:d4:9f:c3:7b:ea:d2:2f:d6:b4:7b:3a:
                    76:d3:25:d4:ee:23:4e:38:34:5e:71:59:ec:c5:2d:
                    d5:ff:4f:b3:fd:94:5e:b8:54:15:b0:66:3f:78:29:
                    e9:c5:47:86:45:20:7a:6f:b0:d8:da:2b:9d:23:83:
                    75:57:bb:10:9e:20:23:71:be:ea:c0:38:99:82:51:
                    71:b5:95:dc:a8:6f:24:9e:f2:08:da:79:11:a0:37:
                    ff:6a:0c:0b:4f:82:ae:97:4f:f1:57:2d:64:b9:28:
                    39:eb:e3:2d:fa:28:8c:08:ae:f1:47:cc:b4:54:d6:
                    2f:53:04:bc:6c:72:23:60:13:ea:6f:2f:c5:97:18:
                    5e:54:05:67:4c:52:31:91:89:21:e8:fc:2c:e8:4c:
                    fe:de:45:ba:44:4e:9d:e5:cd:b8:af:a2:74:22:7c:
                    1c:35:ae:4f:86:fe:72:0c:b7:56:26:f3:4a:bc:a5:
                    6f:55:a5:6f:0c:d8:9e:be:53:13:c7:3a:ad:a8:a2:
                    c5:66:7e:f7:bf:e0:cf:53:37:2b:1c:14:4b:75:3b:
                    1e:71:d2:7f:c3:4a:4f:cc:bf:6d:54:ae:5a:1b:28:
                    cc:e5:e6:8f:bf:58:36:17:21:32:47:8a:95:90:4b:
                    86:0a:a7:75:a0:0f:c0:46:a4:50:86:7b:2e:28:ff:
                    91:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:A4:42:E4:6D:A8:43:3A:A0:CB:18:CD:00:D0:71:8F:C0:47:4B:21
            X509v3 Authority Key Identifier:
                keyid:1C:68:3F:95:C9:8D:2C:FE:9D:79:CD:D3:DB:8E:E8:13:8B:B3:57:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HGg_lcmNLP6dec3T247oE4uzV3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/506f3d-c863-462f-87eb-b3ae1e4c32b7/1/XqRC5G2oQzqgyxjNANBxj8BHSyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/506f3d-c863-462f-87eb-b3ae1e4c32b7/1/HGg_lcmNLP6dec3T247oE4uzV3I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.61.166.0/24
                IPv6:
                  2a02:830:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:50:cd:16:a6:02:86:83:2d:71:e0:9a:1b:6f:d4:65:66:86:
         b0:0a:16:da:7d:91:bb:a0:5c:99:c4:73:dc:3a:e9:b7:0d:7e:
         19:a7:81:90:4b:6f:3e:33:08:c5:a0:1f:b3:4e:2d:7b:1a:40:
         86:2d:a1:4b:e6:c9:35:64:5d:9c:69:3e:61:f3:52:c2:cb:9a:
         53:15:a2:e2:2e:ee:18:47:b4:29:65:a8:ef:18:72:da:bd:4e:
         86:90:d4:a8:52:61:b7:77:d5:72:da:7a:26:44:42:fd:82:51:
         b2:b0:bb:e9:a1:5d:c8:01:8e:4d:16:b8:3e:e2:63:5d:22:56:
         75:67:73:eb:62:eb:7d:dc:e8:be:1c:a1:01:a7:8c:e5:56:80:
         30:6d:79:68:52:d2:f8:45:65:55:6f:d0:76:64:06:77:44:c8:
         87:5f:0c:40:ba:e9:3b:a7:55:e3:ba:46:8e:79:01:eb:c1:6e:
         4b:9d:81:e2:65:d5:26:eb:46:eb:a8:bb:0b:16:a9:26:5e:c4:
         f6:bf:71:4e:c4:16:b1:46:19:38:13:8b:15:61:20:34:29:41:
         52:30:fa:6b:08:56:34:63:4e:e6:cc:db:e8:d4:1d:3a:9e:34:
         e9:56:12:b2:5e:9b:8c:ab:7c:80:29:12:4c:71:16:f9:75:49:
         26:40:7f:3e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDSQlnXXuIqvfuFFidtPMRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNjgzZjk1Yzk4ZDJjZmU5ZDc5Y2RkM2RiOGVlODEzOGJi
MzU3NzIwHhcNMjQwMTAxMDQyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWE0NDJlNDZkYTg0MzNhYTBjYjE4Y2QwMGQwNzE4ZmMwNDc0YjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Nj/1J/De+rSL9a0ezp20yXU7iNO
ODRecVnsxS3V/0+z/ZReuFQVsGY/eCnpxUeGRSB6b7DY2iudI4N1V7sQniAjcb7q
wDiZglFxtZXcqG8knvII2nkRoDf/agwLT4Kul0/xVy1kuSg56+Mt+iiMCK7xR8y0
VNYvUwS8bHIjYBPqby/FlxheVAVnTFIxkYkh6Pws6Ez+3kW6RE6d5c24r6J0Inwc
Na5Phv5yDLdWJvNKvKVvVaVvDNievlMTxzqtqKLFZn73v+DPUzcrHBRLdTsecdJ/
w0pPzL9tVK5aGyjM5eaPv1g2FyEyR4qVkEuGCqd1oA/ARqRQhnsuKP+RJwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF6kQuRtqEM6oMsYzQDQcY/AR0shMB8GA1UdIwQY
MBaAFBxoP5XJjSz+nXnN09uO6BOLs1dyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEdnX2xjbU5MUDZkZWMzVDI0N29FNHV6VjNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC81MDZmM2QtYzg2My00NjJmLTg3ZWIt
YjNhZTFlNGMzMmI3LzEvWHFSQzVHMm9RenFneXhqTkFOQnhqOEJIU3lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC81MDZmM2QtYzg2My00NjJmLTg3ZWItYjNhZTFlNGMzMmI3
LzEvSEdnX2xjbU5MUDZkZWMzVDI0N29FNHV6VjNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA1D2mMA8E
AgACMAkDBwAqAggwAAQwDQYJKoZIhvcNAQELBQADggEBABFQzRamAoaDLXHgmhtv
1GVmhrAKFtp9kbugXJnEc9w66bcNfhmngZBLbz4zCMWgH7NOLXsaQIYtoUvmyTVk
XZxpPmHzUsLLmlMVouIu7hhHtCllqO8Yctq9ToaQ1KhSYbd31XLaeiZEQv2CUbKw
u+mhXcgBjk0WuD7iY10iVnVnc+ti633c6L4coQGnjOVWgDBteWhS0vhFZVVv0HZk
BndEyIdfDEC66TunVeO6Ro55AevBbkudgeJl1SbrRuuouwsWqSZexPa/cU7EFrFG
GTgTixVhIDQpQVIw+msIVjRjTubM2+jUHTqeNOlWErJem4yrfIApEkxxFvl1SSZA
fz4=
-----END CERTIFICATE-----