Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Pg2C09ahlYyZJkQSNo7RkVXoSqE.roa
File:                     Pg2C09ahlYyZJkQSNo7RkVXoSqE.roa (raw, json)
Hash identifier:          AJeRnQDj3lTGUZKvc0TkuzOsisJl/BB8dEs9BRiZI/U=
Subject key identifier:   3E:0D:82:D3:D6:A1:95:8C:99:26:44:12:36:8E:D1:91:55:E8:4A:A1
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01907E6751F8C9D579C0CB9C5149C7F07D1B
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Pg2C09ahlYyZJkQSNo7RkVXoSqE.roa
Signing time:             Thu 04 Jul 2024 15:40:18 +0000
ROA not before:           Thu 04 Jul 2024 15:40:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50057
IP address blocks:        217.60.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:7e:67:51:f8:c9:d5:79:c0:cb:9c:51:49:c7:f0:7d:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jul  4 15:40:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e0d82d3d6a1958c99264412368ed19155e84aa1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f4:27:c5:f1:e3:ce:48:5b:a9:7c:05:e3:b6:
                    6e:27:d2:f7:be:25:b7:e3:1a:01:8a:48:23:2f:3e:
                    f3:b3:41:c4:db:fa:78:fb:2d:1a:63:e2:fd:1b:1a:
                    36:48:71:3c:0e:73:91:4e:1b:b4:30:d7:66:c4:d4:
                    3d:88:8e:d6:4e:b7:7f:7f:a8:13:2b:1c:42:ad:15:
                    09:a2:2e:cb:a7:cf:18:84:94:02:5c:d1:4a:61:a9:
                    6a:de:25:3a:1a:69:2c:0d:35:e4:32:19:f0:f8:68:
                    09:93:11:4a:62:40:37:a1:de:91:52:a3:b6:bc:f1:
                    a0:09:ba:b4:29:82:56:c7:1f:d2:6f:c7:b8:1c:d4:
                    f8:9a:8e:a1:65:23:10:00:56:dc:22:32:b2:e0:cc:
                    12:51:34:d6:17:4b:4d:df:65:25:11:48:30:2e:32:
                    a3:66:9b:ee:e7:6c:8f:73:5f:6c:79:b8:aa:43:07:
                    45:b6:51:1a:a0:87:70:d7:33:18:9c:17:3a:58:1b:
                    85:fb:d0:45:13:3c:d6:d6:dc:5e:07:f0:31:04:8f:
                    38:f3:07:17:f4:73:ab:6c:1c:79:b4:59:06:25:1f:
                    5c:84:20:57:a2:60:56:24:d1:25:dd:af:15:02:9a:
                    72:f9:e5:6b:3a:81:a0:95:09:2d:3a:82:9e:f0:44:
                    37:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:0D:82:D3:D6:A1:95:8C:99:26:44:12:36:8E:D1:91:55:E8:4A:A1
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Pg2C09ahlYyZJkQSNo7RkVXoSqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:b7:51:31:1b:46:50:86:aa:e0:90:2e:40:24:87:1c:a2:2d:
         2b:be:9b:5a:33:0e:c1:bf:c9:52:40:69:94:61:c6:32:88:bf:
         6f:81:01:e0:15:0f:36:e6:32:4e:54:0a:b5:2c:ea:60:28:fb:
         82:a1:bb:05:8b:6c:cc:2d:93:10:dd:9d:7c:b4:24:c0:2d:44:
         03:17:f7:85:b9:3a:67:0a:ba:5b:d1:44:d1:16:ed:e9:fd:32:
         88:98:64:6f:4c:27:b9:8f:a1:68:20:ce:53:11:45:4e:9b:02:
         8b:29:be:fe:33:6a:cb:46:e7:bf:fb:41:ee:dc:f9:68:d1:f6:
         08:d6:30:2c:c1:b9:b4:1d:31:e2:16:b5:f6:31:81:8d:16:b7:
         fc:54:54:cb:01:7a:47:f2:47:d9:94:ef:02:c9:8b:76:d8:c7:
         c0:4b:87:eb:da:8a:9c:86:df:8c:6d:fb:aa:4e:50:31:36:15:
         d4:14:a7:8d:56:c5:70:bc:11:dc:08:a0:04:d3:3e:d4:be:50:
         f8:66:1b:02:5d:7e:9b:1b:ac:e9:22:4c:24:1a:2e:e2:c6:b8:
         35:e7:c0:6d:0d:f1:b2:a5:e5:e7:26:b7:cd:d1:f0:f5:07:87:
         19:26:cd:06:7e:8a:75:26:88:ae:42:81:ec:d7:41:0d:7c:df:
         cf:76:bf:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZB+Z1H4ydV5wMucUUnH8H0bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQwNzA0MTU0MDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTBkODJkM2Q2YTE5NThjOTkyNjQ0MTIzNjhlZDE5MTU1ZTg0YWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfQnxfHjzkhbqXwF47ZuJ9L3viW3
4xoBikgjLz7zs0HE2/p4+y0aY+L9Gxo2SHE8DnORThu0MNdmxNQ9iI7WTrd/f6gT
KxxCrRUJoi7Lp88YhJQCXNFKYalq3iU6GmksDTXkMhnw+GgJkxFKYkA3od6RUqO2
vPGgCbq0KYJWxx/Sb8e4HNT4mo6hZSMQAFbcIjKy4MwSUTTWF0tN32UlEUgwLjKj
Zpvu52yPc19sebiqQwdFtlEaoIdw1zMYnBc6WBuF+9BFEzzW1txeB/AxBI848wcX
9HOrbBx5tFkGJR9chCBXomBWJNEl3a8VAppy+eVrOoGglQktOoKe8EQ3XwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD4NgtPWoZWMmSZEEjaO0ZFV6EqhMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvUGcyQzA5YWhsWXlaSmtRU05vN1JrVlhvU3FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Tz/MA0G
CSqGSIb3DQEBCwUAA4IBAQAqt1ExG0ZQhqrgkC5AJIccoi0rvptaMw7Bv8lSQGmU
YcYyiL9vgQHgFQ825jJOVAq1LOpgKPuCobsFi2zMLZMQ3Z18tCTALUQDF/eFuTpn
Crpb0UTRFu3p/TKImGRvTCe5j6FoIM5TEUVOmwKLKb7+M2rLRue/+0Hu3Plo0fYI
1jAswbm0HTHiFrX2MYGNFrf8VFTLAXpH8kfZlO8CyYt22MfAS4fr2oqcht+Mbfuq
TlAxNhXUFKeNVsVwvBHcCKAE0z7UvlD4ZhsCXX6bG6zpIkwkGi7ixrg158BtDfGy
peXnJrfN0fD1B4cZJs0Gfop1JoiuQoHs10ENfN/Pdr/5
-----END CERTIFICATE-----