Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/9DLNUmRJ_3LuIchOkWxxnu5rqUQ.roa
File:                     9DLNUmRJ_3LuIchOkWxxnu5rqUQ.roa (raw, json)
Hash identifier:          2NAkMtrKhgbuVSV77slRSdAGaE+4wTFFMBjT5FDbS5A=
Subject key identifier:   F4:32:CD:52:64:49:FF:72:EE:21:C8:4E:91:6C:71:9E:EE:6B:A9:44
Certificate issuer:       /CN=f0ff2c6229af763a99f5349a32510df4a4526143
Certificate serial:       018CC94D35A325061F0853B10FBB3ED67B4F
Authority key identifier: F0:FF:2C:62:29:AF:76:3A:99:F5:34:9A:32:51:0D:F4:A4:52:61:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/9DLNUmRJ_3LuIchOkWxxnu5rqUQ.roa
Signing time:             Tue 02 Jan 2024 08:32:09 +0000
ROA not before:           Tue 02 Jan 2024 08:32:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203878
IP address blocks:        212.54.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:35:a3:25:06:1f:08:53:b1:0f:bb:3e:d6:7b:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0ff2c6229af763a99f5349a32510df4a4526143
        Validity
            Not Before: Jan  2 08:32:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f432cd526449ff72ee21c84e916c719eee6ba944
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:7f:53:f1:9c:51:95:5b:65:c9:05:fa:7d:55:
                    a5:e5:d9:e1:31:ce:ca:1a:7f:c0:7a:0b:c0:15:14:
                    23:e7:91:47:94:ca:95:b6:1f:47:cc:5f:71:20:f4:
                    11:4f:1c:11:47:c9:82:55:35:c9:20:38:b2:37:bf:
                    73:89:b9:38:2e:df:f3:1a:84:46:7a:73:ce:54:49:
                    ab:e7:62:73:05:19:95:ce:d6:83:4f:4b:3f:c0:94:
                    83:6f:07:30:dd:5f:2b:8e:97:5c:28:da:c4:b5:81:
                    05:b9:08:78:6a:d4:3a:7b:ee:da:fd:7a:85:7d:12:
                    4d:0b:87:df:35:c0:2c:2a:f7:b1:d8:3b:15:33:5b:
                    7a:f8:29:94:1b:9a:df:e0:f1:0e:1b:2d:2a:f2:77:
                    8e:ec:79:66:f0:5c:64:3c:f9:3f:a6:52:ed:e5:67:
                    e3:d4:5a:66:2c:94:2a:d7:fb:c2:72:a7:09:71:e9:
                    ad:f5:fd:62:96:a8:4f:5e:fc:7d:6f:41:f7:2d:0e:
                    46:43:79:15:4c:39:01:cc:60:38:e2:64:76:59:d0:
                    f4:4c:73:5b:3c:44:f4:d0:ef:ed:58:cf:b7:99:ed:
                    70:c8:33:a3:26:cd:d0:d1:b2:80:b0:65:6a:8a:06:
                    fc:2e:33:c8:ba:d9:c9:b9:fe:d1:d9:30:f9:8b:20:
                    40:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:32:CD:52:64:49:FF:72:EE:21:C8:4E:91:6C:71:9E:EE:6B:A9:44
            X509v3 Authority Key Identifier:
                keyid:F0:FF:2C:62:29:AF:76:3A:99:F5:34:9A:32:51:0D:F4:A4:52:61:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/9DLNUmRJ_3LuIchOkWxxnu5rqUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.54.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:06:c3:e3:5a:74:6b:9e:a7:ad:0f:da:28:ca:3e:09:51:53:
         02:59:df:2a:e6:e7:5c:5b:61:c7:80:e3:b5:7a:05:2d:10:e7:
         58:62:d5:41:9c:a2:d3:6c:50:14:d4:79:59:fb:11:a1:8b:e3:
         1a:91:24:35:59:79:95:5f:e8:28:c7:2d:e6:4c:0b:c6:9b:2c:
         78:aa:0c:f3:75:62:b8:41:4c:1b:e5:a6:ff:d6:9c:1c:1a:c9:
         dc:07:e8:fb:85:c6:bc:0b:61:6a:3d:02:40:89:4b:ae:fb:33:
         00:e8:25:e8:bd:ff:8f:d9:e6:46:24:e9:3d:8f:be:b3:14:5a:
         67:5a:de:97:3e:ad:c3:13:5c:bf:59:02:09:e7:82:ed:f9:6e:
         0a:04:11:fc:91:96:ec:57:dd:71:10:a0:7f:f0:62:cc:2a:af:
         3c:a0:9a:64:91:03:3c:82:c4:62:b7:a7:4f:b7:8e:cb:f4:01:
         1c:e8:da:62:f0:71:69:c9:02:17:11:55:a9:8d:22:1d:d8:bc:
         76:dd:cf:d7:46:c4:fa:29:9e:de:86:e0:f8:d8:04:07:d0:21:
         f6:c8:8b:a7:26:c6:bc:39:38:80:c3:ae:62:1f:64:d8:63:97:
         6b:c0:69:66:2d:0a:76:9e:70:df:d7:dd:42:91:45:a6:cc:77:
         5d:35:c2:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTTWjJQYfCFOxD7s+1ntPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZmYyYzYyMjlhZjc2M2E5OWY1MzQ5YTMyNTEwZGY0YTQ1
MjYxNDMwHhcNMjQwMTAyMDgzMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDMyY2Q1MjY0NDlmZjcyZWUyMWM4NGU5MTZjNzE5ZWVlNmJhOTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAon9T8ZxRlVtlyQX6fVWl5dnhMc7K
Gn/AegvAFRQj55FHlMqVth9HzF9xIPQRTxwRR8mCVTXJIDiyN79zibk4Lt/zGoRG
enPOVEmr52JzBRmVztaDT0s/wJSDbwcw3V8rjpdcKNrEtYEFuQh4atQ6e+7a/XqF
fRJNC4ffNcAsKvex2DsVM1t6+CmUG5rf4PEOGy0q8neO7Hlm8FxkPPk/plLt5Wfj
1FpmLJQq1/vCcqcJcemt9f1ilqhPXvx9b0H3LQ5GQ3kVTDkBzGA44mR2WdD0THNb
PET00O/tWM+3me1wyDOjJs3Q0bKAsGVqigb8LjPIutnJuf7R2TD5iyBAEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPQyzVJkSf9y7iHITpFscZ7ua6lEMB8GA1UdIwQY
MBaAFPD/LGIpr3Y6mfU0mjJRDfSkUmFDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFA4c1lpbXZkanFaOVRTYU1sRU45S1JTWVVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNTFmYTItYzU4MC00YTAyLWExODYt
ZTY5ZjdhNWQyZDkwLzEvOURMTlVtUkpfM0x1SWNoT2tXeHhudTVycVVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNTFmYTItYzU4MC00YTAyLWExODYtZTY5ZjdhNWQyZDkw
LzEvOFA4c1lpbXZkanFaOVRTYU1sRU45S1JTWVVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1DbVMA0G
CSqGSIb3DQEBCwUAA4IBAQAPBsPjWnRrnqetD9ooyj4JUVMCWd8q5udcW2HHgOO1
egUtEOdYYtVBnKLTbFAU1HlZ+xGhi+MakSQ1WXmVX+goxy3mTAvGmyx4qgzzdWK4
QUwb5ab/1pwcGsncB+j7hca8C2FqPQJAiUuu+zMA6CXovf+P2eZGJOk9j76zFFpn
Wt6XPq3DE1y/WQIJ54Lt+W4KBBH8kZbsV91xEKB/8GLMKq88oJpkkQM8gsRit6dP
t47L9AEc6Npi8HFpyQIXEVWpjSId2Lx23c/XRsT6KZ7ehuD42AQH0CH2yIunJsa8
OTiAw65iH2TYY5drwGlmLQp2nnDf191CkUWmzHddNcIW
-----END CERTIFICATE-----