Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/BCCPLzHNIsF4JllqyHfmppyvJfA.roa
File:                     BCCPLzHNIsF4JllqyHfmppyvJfA.roa (raw, json)
Hash identifier:          sLubBMsXTdeyLQE0LoUe73DdS3zMKBIO+6OLP0f03rI=
Subject key identifier:   04:20:8F:2F:31:CD:22:C1:78:26:59:6A:C8:77:E6:A6:9C:AF:25:F0
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5011768FD60FC3FCA70458D30F0533B
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/BCCPLzHNIsF4JllqyHfmppyvJfA.roa
Signing time:             Mon 01 Jan 2024 12:30:32 +0000
ROA not before:           Mon 01 Jan 2024 12:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        188.212.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:03:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:17:68:fd:60:fc:3f:ca:70:45:8d:30:f0:53:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04208f2f31cd22c17826596ac877e6a69caf25f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:6e:a6:cd:29:91:09:8d:46:01:5f:f6:63:3b:
                    a8:d5:0d:35:8f:2a:08:37:61:6b:0e:11:27:07:e5:
                    29:41:92:24:52:a9:56:b2:e0:25:67:a2:b5:e5:05:
                    12:50:53:05:af:15:b6:c2:4a:3d:a3:ae:8e:d4:a6:
                    f9:10:9e:74:e8:cb:cd:49:8a:c9:70:e1:d8:65:df:
                    43:43:fa:4c:23:88:c3:9c:6b:77:36:3a:7e:c6:fb:
                    13:52:14:9d:77:33:8e:d5:86:c4:06:08:db:5a:a1:
                    a5:a1:36:64:68:64:26:ba:3d:2c:7d:77:bc:1a:15:
                    55:7b:b2:04:88:86:0f:5b:4b:42:bf:a8:a8:c2:9c:
                    b1:7a:ed:3f:03:8f:0d:17:84:d5:e8:d7:89:fd:bf:
                    99:88:99:0e:49:32:23:13:74:09:4f:bb:77:7d:00:
                    8a:c8:7d:0f:f0:67:2b:52:af:e3:98:cc:92:8b:c0:
                    1c:97:49:1d:28:05:05:d7:48:b5:9c:cc:8b:ac:59:
                    25:a3:e8:39:bb:cc:5f:d5:06:7b:5d:76:ad:81:36:
                    7d:79:fe:a4:8c:70:da:c1:79:90:dd:66:37:3b:92:
                    e4:2e:67:64:6a:0b:b8:d8:a5:17:ff:ea:5b:03:94:
                    92:1c:3a:69:83:10:1b:8f:35:43:eb:28:25:06:c4:
                    d1:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:20:8F:2F:31:CD:22:C1:78:26:59:6A:C8:77:E6:A6:9C:AF:25:F0
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/BCCPLzHNIsF4JllqyHfmppyvJfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.212.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:3c:b9:61:a1:42:6f:e5:f8:cd:1c:e5:f2:6f:1a:23:41:e0:
         b7:51:5d:f0:0f:5b:dc:60:51:40:56:bf:df:4a:47:6e:4a:e3:
         10:e0:1e:c4:bc:a6:d7:3f:55:24:da:a3:b1:ea:c9:a9:ed:75:
         43:c7:b5:32:5a:0d:a8:f4:fc:3e:cb:a6:c7:95:cd:62:36:77:
         75:19:d2:b8:c9:29:ea:20:a2:8e:56:6b:bd:7a:1a:a1:fd:a0:
         fd:ad:4f:89:03:0b:4c:82:71:a3:29:78:1e:ae:ce:34:03:2b:
         78:92:6b:2e:66:6c:d9:cd:4c:d4:78:f9:b7:04:69:c7:4d:50:
         2d:f3:b4:c5:5c:e5:a3:9e:10:91:fa:3f:3c:8e:eb:9e:ec:66:
         53:2f:d9:ef:eb:c9:53:57:30:65:49:47:03:8e:9c:d4:59:a5:
         d7:9f:00:41:cb:ec:21:83:e2:50:66:31:c4:fa:d6:96:13:ec:
         44:24:ef:88:1f:80:59:0f:a7:50:32:5e:d5:87:e5:7e:03:e9:
         a1:62:e7:17:ef:d1:df:77:4a:e2:fe:65:3f:9e:47:13:30:fb:
         48:d0:e6:d1:03:51:a1:a5:38:b9:52:d2:28:2f:c0:65:37:bc:
         01:93:1a:21:72:58:77:bd:b7:9f:2a:56:16:58:01:b8:d2:f6:
         44:69:69:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFARdo/WD8P8pwRY0w8FM7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDIwOGYyZjMxY2QyMmMxNzgyNjU5NmFjODc3ZTZhNjljYWYyNWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhG6mzSmRCY1GAV/2Yzuo1Q01jyoI
N2FrDhEnB+UpQZIkUqlWsuAlZ6K15QUSUFMFrxW2wko9o66O1Kb5EJ506MvNSYrJ
cOHYZd9DQ/pMI4jDnGt3Njp+xvsTUhSddzOO1YbEBgjbWqGloTZkaGQmuj0sfXe8
GhVVe7IEiIYPW0tCv6iowpyxeu0/A48NF4TV6NeJ/b+ZiJkOSTIjE3QJT7t3fQCK
yH0P8GcrUq/jmMySi8Acl0kdKAUF10i1nMyLrFklo+g5u8xf1QZ7XXatgTZ9ef6k
jHDawXmQ3WY3O5LkLmdkagu42KUX/+pbA5SSHDppgxAbjzVD6yglBsTRcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQgjy8xzSLBeCZZash35qacryXwMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvQkNDUEx6SE5Jc0Y0SmxscXlIZm1wcHl2SmZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNSEMA0G
CSqGSIb3DQEBCwUAA4IBAQCIPLlhoUJv5fjNHOXybxojQeC3UV3wD1vcYFFAVr/f
SkduSuMQ4B7EvKbXP1Uk2qOx6smp7XVDx7UyWg2o9Pw+y6bHlc1iNnd1GdK4ySnq
IKKOVmu9ehqh/aD9rU+JAwtMgnGjKXgers40Ayt4kmsuZmzZzUzUePm3BGnHTVAt
87TFXOWjnhCR+j88juue7GZTL9nv68lTVzBlSUcDjpzUWaXXnwBBy+whg+JQZjHE
+taWE+xEJO+IH4BZD6dQMl7Vh+V+A+mhYucX79Hfd0ri/mU/nkcTMPtI0ObRA1Gh
pTi5UtIoL8BlN7wBkxohclh3vbefKlYWWAG40vZEaWlb
-----END CERTIFICATE-----