Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/BlaK2VutUA__Y2ui7WchuNe9dqo.roa
File:                     BlaK2VutUA__Y2ui7WchuNe9dqo.roa (raw, json)
Hash identifier:          7G2zdfpVm1LaBZubpQXQpAmChuJ6Fs2r3xTZrPgmfso=
Subject key identifier:   06:56:8A:D9:5B:AD:50:0F:FF:63:6B:A2:ED:67:21:B8:D7:BD:76:AA
Certificate issuer:       /CN=2050df51f0e5bc81db4b05f449f74308d7fcfa2e
Certificate serial:       018CC9BCE461D7EF37C26296D84C027C0792
Authority key identifier: 20:50:DF:51:F0:E5:BC:81:DB:4B:05:F4:49:F7:43:08:D7:FC:FA:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IFDfUfDlvIHbSwX0SfdDCNf8-i4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/BlaK2VutUA__Y2ui7WchuNe9dqo.roa
Signing time:             Tue 02 Jan 2024 10:34:08 +0000
ROA not before:           Tue 02 Jan 2024 10:34:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199484
IP address blocks:        212.101.96.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/IFDfUfDlvIHbSwX0SfdDCNf8-i4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/IFDfUfDlvIHbSwX0SfdDCNf8-i4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IFDfUfDlvIHbSwX0SfdDCNf8-i4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e4:61:d7:ef:37:c2:62:96:d8:4c:02:7c:07:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2050df51f0e5bc81db4b05f449f74308d7fcfa2e
        Validity
            Not Before: Jan  2 10:34:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06568ad95bad500fff636ba2ed6721b8d7bd76aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:26:c0:48:7b:d5:cd:94:df:72:b6:1a:5b:91:
                    3f:56:ca:bb:a7:34:f0:38:e6:3b:d0:2c:51:e5:9c:
                    88:a9:b9:f9:fe:d6:04:5d:72:74:c7:34:7d:b2:ab:
                    65:37:44:da:7b:da:85:e1:b7:73:78:4d:75:a5:fc:
                    15:fe:d2:79:21:f3:a8:c4:bb:5a:c8:83:90:af:f2:
                    1a:c1:15:45:de:a1:37:64:04:d5:1e:8a:95:0d:90:
                    20:5b:cb:95:16:e4:53:7a:2d:f4:85:c5:d8:c9:38:
                    58:d3:f8:fc:96:83:eb:a3:92:3b:8c:b9:dc:01:84:
                    07:13:72:67:9f:04:96:4d:da:2d:6b:68:e8:9b:38:
                    96:9d:82:c1:e2:38:59:30:ac:48:40:1c:b1:44:20:
                    6c:da:e6:fa:13:1d:19:c0:7f:ac:8b:c2:54:ee:c7:
                    c1:ce:3c:a5:9d:cd:fe:7d:95:43:75:cd:5c:0e:2d:
                    99:42:93:27:76:fe:e0:47:7f:cc:87:ee:4e:01:9d:
                    68:e3:ef:c7:65:39:8a:eb:96:46:9d:df:65:67:27:
                    4b:cb:21:21:57:e5:04:f9:58:e7:cc:00:49:f3:78:
                    c5:0c:a8:65:1a:92:bc:21:5a:23:e6:6d:f6:8e:16:
                    c3:5e:5e:74:e2:7a:c4:7e:9f:76:93:74:6a:f1:51:
                    75:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:56:8A:D9:5B:AD:50:0F:FF:63:6B:A2:ED:67:21:B8:D7:BD:76:AA
            X509v3 Authority Key Identifier:
                keyid:20:50:DF:51:F0:E5:BC:81:DB:4B:05:F4:49:F7:43:08:D7:FC:FA:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IFDfUfDlvIHbSwX0SfdDCNf8-i4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/BlaK2VutUA__Y2ui7WchuNe9dqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/IFDfUfDlvIHbSwX0SfdDCNf8-i4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.101.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         5f:6a:c4:6e:78:18:10:45:fc:9a:50:92:41:aa:bc:9f:8c:f0:
         59:fe:e5:e9:b7:4c:93:28:47:d9:1d:ab:6a:9b:82:d3:a0:6b:
         37:45:2d:c7:fa:fa:22:ae:84:dc:00:c5:f3:95:31:2e:f1:23:
         b5:7a:78:47:5f:ea:26:e0:f8:05:2f:d5:5a:c9:f6:dc:a9:e4:
         42:bf:25:45:9b:45:e8:23:8d:7a:5a:c9:76:31:59:26:50:f0:
         bb:bb:6c:9b:3f:54:aa:95:d1:83:86:9d:97:b2:c4:82:54:5d:
         9e:1a:22:da:78:49:6a:a6:04:d7:ea:0e:35:55:16:8c:0a:e9:
         51:1a:1b:20:22:c6:82:ea:7d:00:53:80:f7:bc:5a:41:82:ed:
         43:bd:00:d5:e5:c0:61:9e:3d:11:24:90:d6:57:77:12:86:fd:
         a3:b8:82:04:a5:67:c4:d7:09:f5:d2:57:8f:c8:1f:be:f4:f8:
         6f:43:ec:09:0d:f3:b3:60:1b:4f:be:7f:6f:24:ee:24:11:e3:
         b5:13:8e:2d:c7:77:16:1f:09:d7:55:20:ce:4c:bf:a9:be:a6:
         2e:ff:c0:38:a3:03:33:8c:a0:8c:4d:cc:1c:e6:2c:18:ef:c5:
         28:89:d2:d4:84:64:33:6b:9e:62:40:fe:87:8e:b2:32:57:cb:
         20:39:d7:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvORh1+83wmKW2EwCfAeSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNTBkZjUxZjBlNWJjODFkYjRiMDVmNDQ5Zjc0MzA4ZDdm
Y2ZhMmUwHhcNMjQwMTAyMTAzNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjU2OGFkOTViYWQ1MDBmZmY2MzZiYTJlZDY3MjFiOGQ3YmQ3NmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgybASHvVzZTfcrYaW5E/Vsq7pzTw
OOY70CxR5ZyIqbn5/tYEXXJ0xzR9sqtlN0Tae9qF4bdzeE11pfwV/tJ5IfOoxLta
yIOQr/IawRVF3qE3ZATVHoqVDZAgW8uVFuRTei30hcXYyThY0/j8loPro5I7jLnc
AYQHE3JnnwSWTdota2jomziWnYLB4jhZMKxIQByxRCBs2ub6Ex0ZwH+si8JU7sfB
zjylnc3+fZVDdc1cDi2ZQpMndv7gR3/Mh+5OAZ1o4+/HZTmK65ZGnd9lZydLyyEh
V+UE+VjnzABJ83jFDKhlGpK8IVoj5m32jhbDXl504nrEfp92k3Rq8VF1HQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZWitlbrVAP/2Nrou1nIbjXvXaqMB8GA1UdIwQY
MBaAFCBQ31Hw5byB20sF9En3QwjX/PouMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUZEZlVmRGx2SUhiU3dYMFNmZERDTmY4LWk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS82MGUzNzYtOTkzYy00YmFmLWI1OTAt
NmU2NDgxZTU3NjVjLzEvQmxhSzJWdXRVQV9fWTJ1aTdXY2h1TmU5ZHFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS82MGUzNzYtOTkzYy00YmFmLWI1OTAtNmU2NDgxZTU3NjVj
LzEvSUZEZlVmRGx2SUhiU3dYMFNmZERDTmY4LWk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1GVgMA0G
CSqGSIb3DQEBCwUAA4IBAQBfasRueBgQRfyaUJJBqryfjPBZ/uXpt0yTKEfZHatq
m4LToGs3RS3H+voiroTcAMXzlTEu8SO1enhHX+om4PgFL9VayfbcqeRCvyVFm0Xo
I416Wsl2MVkmUPC7u2ybP1SqldGDhp2XssSCVF2eGiLaeElqpgTX6g41VRaMCulR
GhsgIsaC6n0AU4D3vFpBgu1DvQDV5cBhnj0RJJDWV3cShv2juIIEpWfE1wn10leP
yB++9PhvQ+wJDfOzYBtPvn9vJO4kEeO1E44tx3cWHwnXVSDOTL+pvqYu/8A4owMz
jKCMTcwc5iwY78UoidLUhGQza55iQP6HjrIyV8sgOdfn
-----END CERTIFICATE-----