Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/13f5f1-45b6-4bc1-b5a5-521fa41dfc96/1/cbjd-F3gs5JTeJ8S-ecZX4S4OmY.roa
File:                     cbjd-F3gs5JTeJ8S-ecZX4S4OmY.roa (raw, json)
Hash identifier:          9KCJKJ0kO8IQUZscWXPdQnVpTYhh90n/ErAQhi58lVk=
Subject key identifier:   71:B8:DD:F8:5D:E0:B3:92:53:78:9F:12:F9:E7:19:5F:84:B8:3A:66
Certificate issuer:       /CN=f970049cba7f39aeed31d65313c7b953f3fda135
Certificate serial:       01961F52A488FD411270574360057E6683FD
Authority key identifier: F9:70:04:9C:BA:7F:39:AE:ED:31:D6:53:13:C7:B9:53:F3:FD:A1:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-XAEnLp_Oa7tMdZTE8e5U_P9oTU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/13f5f1-45b6-4bc1-b5a5-521fa41dfc96/1/cbjd-F3gs5JTeJ8S-ecZX4S4OmY.roa
Signing time:             Thu 10 Apr 2025 10:50:31 +0000
ROA not before:           Thu 10 Apr 2025 10:50:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50757
IP address blocks:        212.70.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/13f5f1-45b6-4bc1-b5a5-521fa41dfc96/1/1-XAEnLp_Oa7tMdZTE8e5U_P9oTU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/13f5f1-45b6-4bc1-b5a5-521fa41dfc96/1/1-XAEnLp_Oa7tMdZTE8e5U_P9oTU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-XAEnLp_Oa7tMdZTE8e5U_P9oTU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 04:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1f:52:a4:88:fd:41:12:70:57:43:60:05:7e:66:83:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f970049cba7f39aeed31d65313c7b953f3fda135
        Validity
            Not Before: Apr 10 10:50:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=71b8ddf85de0b39253789f12f9e7195f84b83a66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:e8:ee:ef:d8:e5:c2:63:46:4f:11:ac:1a:76:
                    52:af:c7:73:06:b3:dd:ac:2d:bf:22:3c:43:0d:98:
                    3f:a5:10:79:87:73:4b:50:e2:75:4b:31:b4:bc:02:
                    5c:ba:4c:80:c0:49:d2:23:19:95:51:cd:9c:1e:aa:
                    22:d9:0d:c1:67:45:05:54:17:49:d5:74:d6:8b:0f:
                    ce:1e:a2:81:72:4d:18:91:91:20:ec:2b:fd:46:9d:
                    85:40:f0:4f:74:44:16:f4:62:52:75:44:b3:3e:bf:
                    94:81:a7:55:02:5b:73:d7:72:81:37:01:9c:b0:d3:
                    4c:f5:cd:ab:9c:ca:5f:76:86:4a:b5:7e:f5:b7:20:
                    4a:da:00:4a:8a:90:d0:cb:41:a6:55:3f:18:e6:03:
                    6b:db:fd:25:84:9a:af:bd:71:88:76:64:6a:08:9a:
                    90:75:40:a5:b9:ba:5d:81:ed:26:1e:71:b6:f9:6e:
                    fa:3d:e4:49:89:dc:39:f0:f9:57:53:bf:4e:1d:21:
                    c9:af:a7:b6:f9:49:b8:03:61:f9:8f:14:7d:86:6a:
                    e6:ab:e3:14:8c:45:28:31:7b:69:03:80:0d:76:28:
                    ca:02:bc:48:05:7e:a8:45:49:4b:20:83:77:ee:59:
                    60:f7:37:b1:a7:53:1d:47:44:3c:62:85:da:f4:cf:
                    2c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:B8:DD:F8:5D:E0:B3:92:53:78:9F:12:F9:E7:19:5F:84:B8:3A:66
            X509v3 Authority Key Identifier:
                keyid:F9:70:04:9C:BA:7F:39:AE:ED:31:D6:53:13:C7:B9:53:F3:FD:A1:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-XAEnLp_Oa7tMdZTE8e5U_P9oTU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/13f5f1-45b6-4bc1-b5a5-521fa41dfc96/1/cbjd-F3gs5JTeJ8S-ecZX4S4OmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/13f5f1-45b6-4bc1-b5a5-521fa41dfc96/1/1-XAEnLp_Oa7tMdZTE8e5U_P9oTU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.70.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:f9:d8:a5:eb:3b:c9:d0:16:50:61:35:48:7a:c2:a5:5e:37:
         e8:c0:da:b9:e7:28:40:21:1e:ff:93:20:1e:aa:b8:02:13:53:
         ab:0f:a3:de:3a:cc:95:4b:a2:fd:56:af:86:7b:90:e0:b2:9a:
         bf:4d:e9:07:47:59:66:e4:08:e8:79:d1:29:e6:98:dc:e1:eb:
         ce:0f:81:b9:52:c2:ae:da:1d:81:54:52:41:b7:6a:8c:97:7d:
         21:d1:3b:01:47:58:1e:72:1a:b5:f3:1b:60:91:c3:fa:b7:a1:
         4d:bd:2c:44:c7:d4:1a:b0:6f:68:d7:50:58:7b:a9:46:ba:a2:
         c0:b5:bd:32:32:dc:02:a1:bc:34:7d:6c:09:d4:6e:38:a3:90:
         cb:20:96:f6:11:4a:56:83:2a:fc:d4:13:cc:66:69:28:7f:ea:
         36:7b:11:0e:b4:7a:0d:89:79:18:f4:a4:be:aa:1f:32:60:c2:
         e6:bd:e7:3f:b8:59:ac:d7:e5:31:4d:c5:04:16:3d:58:44:eb:
         6d:b5:e8:66:34:af:39:44:af:f6:fc:6e:2a:b6:b8:bb:1d:68:
         06:62:b8:d6:64:fa:b7:24:e2:de:69:cf:95:8e:87:f5:64:16:
         a9:8c:51:c0:9e:2b:27:ca:fb:38:1c:f2:82:c7:88:e2:1a:d1:
         0a:3a:d4:e4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZYfUqSI/UEScFdDYAV+ZoP9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5NzAwNDljYmE3ZjM5YWVlZDMxZDY1MzEzYzdiOTUzZjNm
ZGExMzUwHhcNMjUwNDEwMTA1MDMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWI4ZGRmODVkZTBiMzkyNTM3ODlmMTJmOWU3MTk1Zjg0YjgzYTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhuju79jlwmNGTxGsGnZSr8dzBrPd
rC2/IjxDDZg/pRB5h3NLUOJ1SzG0vAJcukyAwEnSIxmVUc2cHqoi2Q3BZ0UFVBdJ
1XTWiw/OHqKBck0YkZEg7Cv9Rp2FQPBPdEQW9GJSdUSzPr+UgadVAltz13KBNwGc
sNNM9c2rnMpfdoZKtX71tyBK2gBKipDQy0GmVT8Y5gNr2/0lhJqvvXGIdmRqCJqQ
dUClubpdge0mHnG2+W76PeRJidw58PlXU79OHSHJr6e2+Um4A2H5jxR9hmrmq+MU
jEUoMXtpA4ANdijKArxIBX6oRUlLIIN37llg9zexp1MdR0Q8YoXa9M8s9QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHG43fhd4LOSU3ifEvnnGV+EuDpmMB8GA1UdIwQY
MBaAFPlwBJy6fzmu7THWUxPHuVPz/aE1MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1YQUVuTHBfT2E3dE1kWlRFOGU1VV9QOW9UVS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTIvMTNmNWYxLTQ1YjYtNGJjMS1iNWE1
LTUyMWZhNDFkZmM5Ni8xL2NiamQtRjNnczVKVGVKOFMtZWNaWDRTNE9tWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTIvMTNmNWYxLTQ1YjYtNGJjMS1iNWE1LTUyMWZhNDFkZmM5
Ni8xLzEtWEFFbkxwX09hN3RNZFpURThlNVVfUDlvVFUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADURgIw
DQYJKoZIhvcNAQELBQADggEBAIP52KXrO8nQFlBhNUh6wqVeN+jA2rnnKEAhHv+T
IB6quAITU6sPo946zJVLov1Wr4Z7kOCymr9N6QdHWWbkCOh50SnmmNzh684PgblS
wq7aHYFUUkG3aoyXfSHROwFHWB5yGrXzG2CRw/q3oU29LETH1Bqwb2jXUFh7qUa6
osC1vTIy3AKhvDR9bAnUbjijkMsglvYRSlaDKvzUE8xmaSh/6jZ7EQ60eg2JeRj0
pL6qHzJgwua95z+4WazX5TFNxQQWPVhE62216GY0rzlEr/b8biq2uLsdaAZiuNZk
+rck4t5pz5WOh/VkFqmMUcCeKyfK+zgc8oLHiOIa0Qo61OQ=
-----END CERTIFICATE-----