Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/529b28-3a39-49bf-8ef2-a47fb9a94ffd/1/cG78UDIdpCeydMsdYVz1mgNE3IA.roa
File:                     cG78UDIdpCeydMsdYVz1mgNE3IA.roa (raw, json)
Hash identifier:          Q2t7km09E2u1jijGQs5OQkzXqaUABPZw4QrG33/Ddv8=
Subject key identifier:   70:6E:FC:50:32:1D:A4:27:B2:74:CB:1D:61:5C:F5:9A:03:44:DC:80
Certificate issuer:       /CN=bf54dbf00d74590c8913dec8b1cf084d8fcf693c
Certificate serial:       019025DA30526F308E6E21823DF07EC4FCF7
Authority key identifier: BF:54:DB:F0:0D:74:59:0C:89:13:DE:C8:B1:CF:08:4D:8F:CF:69:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v1Tb8A10WQyJE97Isc8ITY_PaTw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/529b28-3a39-49bf-8ef2-a47fb9a94ffd/1/cG78UDIdpCeydMsdYVz1mgNE3IA.roa
Signing time:             Mon 17 Jun 2024 10:59:34 +0000
ROA not before:           Mon 17 Jun 2024 10:59:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47485
IP address blocks:        139.28.252.0/22 maxlen: 22
                          2a09:dc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/529b28-3a39-49bf-8ef2-a47fb9a94ffd/1/v1Tb8A10WQyJE97Isc8ITY_PaTw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/529b28-3a39-49bf-8ef2-a47fb9a94ffd/1/v1Tb8A10WQyJE97Isc8ITY_PaTw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v1Tb8A10WQyJE97Isc8ITY_PaTw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:25:da:30:52:6f:30:8e:6e:21:82:3d:f0:7e:c4:fc:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf54dbf00d74590c8913dec8b1cf084d8fcf693c
        Validity
            Not Before: Jun 17 10:59:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=706efc50321da427b274cb1d615cf59a0344dc80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c0:a5:32:a2:08:72:1f:f8:b6:89:e0:33:c7:
                    84:6f:e5:4f:74:c5:be:ff:7d:d1:6f:24:d8:52:b8:
                    e6:2a:90:7f:9e:21:83:58:6d:0b:fe:e4:3b:da:36:
                    41:5c:29:ed:20:27:4c:9b:f4:a9:ff:12:8e:76:13:
                    b7:c3:e6:6f:0c:bc:6f:23:d4:44:69:37:7c:42:41:
                    73:78:15:fc:d6:e3:b8:56:af:d5:43:b6:a8:9b:60:
                    9c:8c:78:8d:a8:ee:eb:9c:75:0d:1a:90:c5:16:35:
                    5c:82:e7:ce:8b:15:8e:8e:50:3b:67:2c:27:ed:96:
                    ff:e4:27:54:ef:df:8f:32:da:cd:fa:37:7f:b8:1c:
                    ce:b3:e6:bb:a3:e1:8a:ea:90:ed:c5:83:0c:03:37:
                    3f:b8:5c:62:97:22:54:21:8c:6f:0a:0c:45:f8:67:
                    d3:5a:fd:0f:a6:30:5b:61:f1:e9:9b:54:7d:65:f8:
                    b2:62:e7:d8:61:9a:ac:72:2d:78:a4:1f:b0:df:af:
                    de:1d:89:95:13:1a:21:14:37:74:c8:45:74:4b:dd:
                    0d:68:c0:70:7f:b7:a1:aa:64:5e:3d:77:c4:f7:ee:
                    91:92:d1:58:75:f8:a3:bc:79:53:8e:df:7c:da:56:
                    97:4b:65:b3:85:2e:75:2e:70:4e:30:3f:ff:28:13:
                    6d:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:6E:FC:50:32:1D:A4:27:B2:74:CB:1D:61:5C:F5:9A:03:44:DC:80
            X509v3 Authority Key Identifier:
                keyid:BF:54:DB:F0:0D:74:59:0C:89:13:DE:C8:B1:CF:08:4D:8F:CF:69:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v1Tb8A10WQyJE97Isc8ITY_PaTw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/529b28-3a39-49bf-8ef2-a47fb9a94ffd/1/cG78UDIdpCeydMsdYVz1mgNE3IA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/529b28-3a39-49bf-8ef2-a47fb9a94ffd/1/v1Tb8A10WQyJE97Isc8ITY_PaTw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.252.0/22
                IPv6:
                  2a09:dc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         cc:ac:95:f6:4b:87:71:e5:62:71:88:d4:09:10:fa:bc:d8:ca:
         c9:60:f7:7c:a4:9f:87:b5:12:4f:38:f1:9c:7c:da:58:a8:df:
         e2:a2:e7:2c:72:d7:f2:49:ab:03:89:75:db:16:71:f9:92:d9:
         72:26:1b:ef:1e:27:91:4f:f8:d6:ef:89:c8:f3:35:82:54:9d:
         2b:82:8d:5c:34:2c:66:74:10:1e:cc:79:8b:13:75:05:48:74:
         11:9d:74:ee:1b:6f:6d:47:81:01:3a:c3:ec:1e:f8:b6:3d:b2:
         07:ac:b8:58:b2:ad:dc:da:03:61:4c:15:7b:91:50:da:60:3e:
         92:77:49:82:e8:06:18:81:7f:2f:06:5a:f1:0f:66:db:46:9a:
         cf:f0:bd:af:a4:05:62:9d:41:6d:28:29:13:b9:80:95:af:ac:
         e4:5f:02:3c:94:0d:43:c2:c8:6f:1e:f3:81:b0:59:7c:2f:97:
         5f:33:3f:aa:6a:53:c0:a9:13:32:b8:c2:f5:f9:1f:39:62:49:
         b2:5e:7e:f2:3e:b6:44:87:df:dd:63:35:3e:39:5a:3a:2b:81:
         7a:ec:0e:ca:da:a1:a8:5a:57:46:68:ec:7e:ef:54:68:a1:ae:
         ed:a5:55:b6:f8:da:7a:4a:0c:40:b9:68:ff:2b:7c:09:5d:fb:
         eb:81:46:3c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZAl2jBSbzCObiGCPfB+xPz3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNTRkYmYwMGQ3NDU5MGM4OTEzZGVjOGIxY2YwODRkOGZj
ZjY5M2MwHhcNMjQwNjE3MTA1OTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDZlZmM1MDMyMWRhNDI3YjI3NGNiMWQ2MTVjZjU5YTAzNDRkYzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8ClMqIIch/4tongM8eEb+VPdMW+
/33RbyTYUrjmKpB/niGDWG0L/uQ72jZBXCntICdMm/Sp/xKOdhO3w+ZvDLxvI9RE
aTd8QkFzeBX81uO4Vq/VQ7aom2CcjHiNqO7rnHUNGpDFFjVcgufOixWOjlA7Zywn
7Zb/5CdU79+PMtrN+jd/uBzOs+a7o+GK6pDtxYMMAzc/uFxilyJUIYxvCgxF+GfT
Wv0PpjBbYfHpm1R9ZfiyYufYYZqsci14pB+w36/eHYmVExohFDd0yEV0S90NaMBw
f7ehqmRePXfE9+6RktFYdfijvHlTjt982laXS2WzhS51LnBOMD//KBNtNQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHBu/FAyHaQnsnTLHWFc9ZoDRNyAMB8GA1UdIwQY
MBaAFL9U2/ANdFkMiRPeyLHPCE2Pz2k8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjFUYjhBMTBXUXlKRTk3SXNjOElUWV9QYVR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS81MjliMjgtM2EzOS00OWJmLThlZjIt
YTQ3ZmI5YTk0ZmZkLzEvY0c3OFVESWRwQ2V5ZE1zZFlWejFtZ05FM0lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS81MjliMjgtM2EzOS00OWJmLThlZjItYTQ3ZmI5YTk0ZmZk
LzEvdjFUYjhBMTBXUXlKRTk3SXNjOElUWV9QYVR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCixz8MA0E
AgACMAcDBQAqCQ3AMA0GCSqGSIb3DQEBCwUAA4IBAQDMrJX2S4dx5WJxiNQJEPq8
2MrJYPd8pJ+HtRJPOPGcfNpYqN/ioucsctfySasDiXXbFnH5ktlyJhvvHieRT/jW
74nI8zWCVJ0rgo1cNCxmdBAezHmLE3UFSHQRnXTuG29tR4EBOsPsHvi2PbIHrLhY
sq3c2gNhTBV7kVDaYD6Sd0mC6AYYgX8vBlrxD2bbRprP8L2vpAVinUFtKCkTuYCV
r6zkXwI8lA1DwshvHvOBsFl8L5dfMz+qalPAqRMyuML1+R85YkmyXn7yPrZEh9/d
YzU+OVo6K4F67A7K2qGoWldGaOx+71Rooa7tpVW2+Np6SgxAuWj/K3wJXfvrgUY8
-----END CERTIFICATE-----