Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/cRZ6qWJRlf-hIhI_rLkUE8qbzt0.roa
File:                     cRZ6qWJRlf-hIhI_rLkUE8qbzt0.roa (raw, json)
Hash identifier:          S5T+PYh/WTIxsl2nJLgoiIqkmdSx0+tSITshJLq1lcI=
Subject key identifier:   71:16:7A:A9:62:51:95:FF:A1:22:12:3F:AC:B9:14:13:CA:9B:CE:DD
Certificate issuer:       /CN=700a1231d1c27a754e46ef10e92a730ae15d0f55
Certificate serial:       018CC4254AA4D1000ABD5AAF0F90B734786D
Authority key identifier: 70:0A:12:31:D1:C2:7A:75:4E:46:EF:10:E9:2A:73:0A:E1:5D:0F:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cAoSMdHCenVORu8Q6SpzCuFdD1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/cRZ6qWJRlf-hIhI_rLkUE8qbzt0.roa
Signing time:             Mon 01 Jan 2024 08:30:27 +0000
ROA not before:           Mon 01 Jan 2024 08:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56544
IP address blocks:        217.11.140.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/cAoSMdHCenVORu8Q6SpzCuFdD1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/cAoSMdHCenVORu8Q6SpzCuFdD1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cAoSMdHCenVORu8Q6SpzCuFdD1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:4a:a4:d1:00:0a:bd:5a:af:0f:90:b7:34:78:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=700a1231d1c27a754e46ef10e92a730ae15d0f55
        Validity
            Not Before: Jan  1 08:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71167aa9625195ffa122123facb91413ca9bcedd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:5a:30:b7:6e:97:86:24:19:40:02:43:bf:d4:
                    fe:72:da:17:29:e3:5a:96:aa:30:3d:f0:a1:15:86:
                    87:28:e4:0d:da:5f:b0:86:67:7e:73:af:72:12:d9:
                    61:f5:25:81:63:0f:70:1b:4b:99:df:ff:3a:92:c3:
                    76:e8:d5:18:27:9b:e4:8a:2e:88:b0:d5:ba:50:41:
                    f2:0b:c1:fd:7a:af:12:db:79:d7:a1:83:1b:a1:f7:
                    49:59:1c:93:27:4f:77:8f:a5:59:39:48:d9:e8:6b:
                    7a:29:2e:12:0d:c8:85:31:d1:e8:27:c7:af:e4:40:
                    78:76:b7:78:4a:c5:ef:2d:cf:69:2e:8d:f4:89:18:
                    ce:ca:34:07:11:1f:93:2b:fb:fd:79:1b:dc:9e:46:
                    53:fa:e7:83:df:b2:3a:e3:87:31:64:75:29:62:b8:
                    0b:db:2f:d2:97:e6:57:0f:89:d6:54:2e:87:ed:86:
                    b5:37:71:6c:ba:13:80:1c:aa:4c:16:a4:40:e8:d8:
                    e9:cd:0e:62:16:b2:01:3f:69:16:32:9c:81:5b:ce:
                    44:4b:c3:e2:ee:d7:d5:ac:fe:8e:0d:16:c0:bb:64:
                    2c:3e:25:ef:da:a1:83:65:3e:e8:07:d5:ed:ab:fb:
                    b8:48:25:46:e0:ad:f1:f0:87:ac:35:04:3d:a6:8b:
                    cd:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:16:7A:A9:62:51:95:FF:A1:22:12:3F:AC:B9:14:13:CA:9B:CE:DD
            X509v3 Authority Key Identifier:
                keyid:70:0A:12:31:D1:C2:7A:75:4E:46:EF:10:E9:2A:73:0A:E1:5D:0F:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cAoSMdHCenVORu8Q6SpzCuFdD1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/cRZ6qWJRlf-hIhI_rLkUE8qbzt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/dcc2b4-9ded-4678-8398-ab79a3789f8f/1/cAoSMdHCenVORu8Q6SpzCuFdD1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.11.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:e5:f5:7c:b7:d8:97:a4:2b:f8:1e:97:e1:65:28:cb:6a:58:
         26:fe:df:45:ed:ba:e2:f2:93:39:81:34:22:61:08:bb:ca:6b:
         df:c6:f8:f0:34:d4:4e:bd:47:1f:eb:6b:4a:52:dd:cf:3f:21:
         58:84:59:d2:0a:8a:50:a5:9f:81:d9:97:05:8d:ab:ea:73:dd:
         3f:1e:f9:04:6d:f9:ac:67:f1:e2:0e:ff:3e:df:b8:5c:e4:6e:
         76:10:85:83:b3:85:a5:3c:54:3c:20:c5:41:f0:51:d0:5f:91:
         0d:d3:7f:c6:0f:be:a4:73:d8:f8:e9:76:12:29:d7:07:f4:31:
         a5:7d:86:5c:4a:c5:b6:c1:5c:41:47:52:c7:44:72:e4:ad:ac:
         78:64:2c:ea:5e:c1:da:b6:9a:60:94:a9:87:aa:73:55:1b:39:
         f8:6b:b3:5f:a0:e1:b0:6e:f8:21:00:30:24:a3:69:10:b1:2e:
         11:1d:f0:d0:30:87:47:56:78:0b:2b:f8:0a:47:9f:4f:ae:ea:
         b6:9f:ec:89:87:b9:c0:b5:a0:35:a5:68:a0:8b:77:1c:ce:9c:
         da:f3:cb:b7:bc:51:ee:bb:51:22:f1:39:f0:82:9a:9f:a8:f7:
         46:45:de:07:17:c0:11:71:60:a8:d1:2a:9e:46:83:11:cc:15:
         eb:33:fc:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJUqk0QAKvVqvD5C3NHhtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMGExMjMxZDFjMjdhNzU0ZTQ2ZWYxMGU5MmE3MzBhZTE1
ZDBmNTUwHhcNMjQwMTAxMDgzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTE2N2FhOTYyNTE5NWZmYTEyMjEyM2ZhY2I5MTQxM2NhOWJjZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVowt26XhiQZQAJDv9T+ctoXKeNa
lqowPfChFYaHKOQN2l+whmd+c69yEtlh9SWBYw9wG0uZ3/86ksN26NUYJ5vkii6I
sNW6UEHyC8H9eq8S23nXoYMbofdJWRyTJ093j6VZOUjZ6Gt6KS4SDciFMdHoJ8ev
5EB4drd4SsXvLc9pLo30iRjOyjQHER+TK/v9eRvcnkZT+ueD37I644cxZHUpYrgL
2y/Sl+ZXD4nWVC6H7Ya1N3FsuhOAHKpMFqRA6NjpzQ5iFrIBP2kWMpyBW85ES8Pi
7tfVrP6ODRbAu2QsPiXv2qGDZT7oB9Xtq/u4SCVG4K3x8IesNQQ9povNXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEWeqliUZX/oSISP6y5FBPKm87dMB8GA1UdIwQY
MBaAFHAKEjHRwnp1TkbvEOkqcwrhXQ9VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0FvU01kSENlblZPUnU4UTZTcHpDdUZkRDFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9kY2MyYjQtOWRlZC00Njc4LTgzOTgt
YWI3OWEzNzg5ZjhmLzEvY1JaNnFXSlJsZi1oSWhJX3JMa1VFOHFienQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9kY2MyYjQtOWRlZC00Njc4LTgzOTgtYWI3OWEzNzg5Zjhm
LzEvY0FvU01kSENlblZPUnU4UTZTcHpDdUZkRDFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2QuMMA0G
CSqGSIb3DQEBCwUAA4IBAQBC5fV8t9iXpCv4HpfhZSjLalgm/t9F7bri8pM5gTQi
YQi7ymvfxvjwNNROvUcf62tKUt3PPyFYhFnSCopQpZ+B2ZcFjavqc90/HvkEbfms
Z/HiDv8+37hc5G52EIWDs4WlPFQ8IMVB8FHQX5EN03/GD76kc9j46XYSKdcH9DGl
fYZcSsW2wVxBR1LHRHLkrax4ZCzqXsHatppglKmHqnNVGzn4a7NfoOGwbvghADAk
o2kQsS4RHfDQMIdHVngLK/gKR59Pruq2n+yJh7nAtaA1pWigi3cczpza88u3vFHu
u1Ei8TnwgpqfqPdGRd4HF8ARcWCo0SqeRoMRzBXrM/ws
-----END CERTIFICATE-----