Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/_DNu35fOuTEpmLweKNXRez9gVzo.roa
File:                     _DNu35fOuTEpmLweKNXRez9gVzo.roa (raw, json)
Hash identifier:          G2HzbBiq0H79ScFjZ8OiL/jcb9g85Hu35rpS9IJRy9Q=
Subject key identifier:   FC:33:6E:DF:97:CE:B9:31:29:98:BC:1E:28:D5:D1:7B:3F:60:57:3A
Certificate issuer:       /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial:       018CC7959141712242ED5B1EB726B7EF020E
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/_DNu35fOuTEpmLweKNXRez9gVzo.roa
Signing time:             Tue 02 Jan 2024 00:31:57 +0000
ROA not before:           Tue 02 Jan 2024 00:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210574
IP address blocks:        213.142.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:91:41:71:22:42:ed:5b:1e:b7:26:b7:ef:02:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
        Validity
            Not Before: Jan  2 00:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc336edf97ceb9312998bc1e28d5d17b3f60573a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b4:53:4b:c1:6e:ae:17:f7:7f:ae:ff:21:7a:
                    a6:3c:16:ea:af:1f:c3:7a:dd:59:2c:d9:a7:bd:aa:
                    5f:fe:49:d3:9c:24:24:dd:e0:6d:cd:07:ac:ce:0a:
                    5a:94:45:d2:bc:00:a3:41:93:66:83:5d:28:6b:19:
                    c0:17:e4:49:b2:cf:15:9c:2b:a1:88:a3:c5:24:b7:
                    2c:32:0e:3e:a4:a2:72:ed:f4:cf:cc:69:f6:87:8d:
                    6d:22:12:1f:ca:5c:55:b5:16:d8:07:2f:c2:a7:24:
                    38:36:3b:bb:61:70:6b:fd:59:a9:da:db:78:c5:19:
                    d0:34:75:29:53:a8:2c:e5:b7:e4:01:70:e6:26:f9:
                    a9:88:c7:1a:0d:7d:7a:78:e4:c3:f8:87:c9:3c:90:
                    8e:1f:d7:f6:24:c5:8d:78:a3:20:ea:96:91:78:fd:
                    cd:45:33:10:24:12:84:1c:ca:72:20:2b:a4:29:28:
                    29:c1:6f:dc:ff:6d:39:e4:54:c4:a8:19:f4:28:11:
                    cb:8f:37:ed:55:a5:74:27:56:28:2a:20:fb:d8:5c:
                    b7:cd:61:1a:0f:dc:43:fa:10:79:9f:40:8a:bd:5c:
                    2e:80:ee:89:1e:22:93:71:39:4f:e4:b9:fb:72:cf:
                    16:0d:a0:e8:10:29:16:d9:2a:ed:8b:a2:52:1c:db:
                    83:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:33:6E:DF:97:CE:B9:31:29:98:BC:1E:28:D5:D1:7B:3F:60:57:3A
            X509v3 Authority Key Identifier:
                keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/_DNu35fOuTEpmLweKNXRez9gVzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.142.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:a7:65:ad:0a:4b:bc:92:51:b8:82:89:a2:b1:d4:57:fb:24:
         b2:c9:f4:18:ae:03:e4:1e:95:54:6a:ee:73:61:6a:c1:40:6b:
         d6:c7:5c:c1:74:f3:83:e7:8d:af:1e:b3:05:31:f3:af:15:e9:
         23:f4:76:04:f1:3a:30:d9:de:99:0e:f9:7d:01:3f:05:e8:b4:
         40:33:ab:92:98:15:a7:38:88:d0:ff:6a:ea:70:88:c9:fb:dd:
         52:8e:8a:e7:b4:aa:d6:68:a0:5c:06:b5:29:e8:a0:f4:3f:1b:
         92:49:de:31:4f:0e:55:96:96:5a:b4:7c:0b:44:7c:bf:42:06:
         ca:2a:76:3a:78:f5:e3:d2:8e:57:10:b6:58:86:64:5d:6f:18:
         50:8e:f7:78:21:5e:02:46:74:81:20:e2:88:5c:6d:e8:35:55:
         1d:63:6d:52:23:fa:92:39:a4:8c:b5:00:26:ed:2b:cf:3a:0c:
         c7:7f:92:01:c3:25:bf:ae:c1:1e:d4:f8:4d:2e:aa:96:59:0c:
         af:fd:dd:83:c0:06:78:d6:69:7d:10:58:b8:13:68:ac:8e:d3:
         f3:42:6c:bc:a2:81:d2:c3:3c:c2:0d:2a:43:02:21:b6:f5:48:
         08:6b:39:46:77:38:5a:77:82:8c:23:2d:46:c3:8a:7a:bd:25:
         46:42:cf:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlZFBcSJC7Vsetya37wIOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjQwMTAyMDAzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzMzNmVkZjk3Y2ViOTMxMjk5OGJjMWUyOGQ1ZDE3YjNmNjA1NzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbRTS8Furhf3f67/IXqmPBbqrx/D
et1ZLNmnvapf/knTnCQk3eBtzQeszgpalEXSvACjQZNmg10oaxnAF+RJss8VnCuh
iKPFJLcsMg4+pKJy7fTPzGn2h41tIhIfylxVtRbYBy/CpyQ4Nju7YXBr/Vmp2tt4
xRnQNHUpU6gs5bfkAXDmJvmpiMcaDX16eOTD+IfJPJCOH9f2JMWNeKMg6paReP3N
RTMQJBKEHMpyICukKSgpwW/c/2055FTEqBn0KBHLjzftVaV0J1YoKiD72Fy3zWEa
D9xD+hB5n0CKvVwugO6JHiKTcTlP5Ln7cs8WDaDoECkW2Srti6JSHNuDtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwzbt+XzrkxKZi8HijV0Xs/YFc6MB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvX0ROdTM1Zk91VEVwbUx3ZUtOWFJlejlnVnpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Y6dMA0G
CSqGSIb3DQEBCwUAA4IBAQBmp2WtCku8klG4gomisdRX+ySyyfQYrgPkHpVUau5z
YWrBQGvWx1zBdPOD542vHrMFMfOvFekj9HYE8Tow2d6ZDvl9AT8F6LRAM6uSmBWn
OIjQ/2rqcIjJ+91SjorntKrWaKBcBrUp6KD0PxuSSd4xTw5VlpZatHwLRHy/QgbK
KnY6ePXj0o5XELZYhmRdbxhQjvd4IV4CRnSBIOKIXG3oNVUdY21SI/qSOaSMtQAm
7SvPOgzHf5IBwyW/rsEe1PhNLqqWWQyv/d2DwAZ41ml9EFi4E2isjtPzQmy8ooHS
wzzCDSpDAiG29UgIazlGdzhad4KMIy1Gw4p6vSVGQs+o
-----END CERTIFICATE-----