Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/deb70d-1ffd-4da0-a097-d8a0b41f46e8/1/Ksw42LpqmwNoTQz3VpBVhb0qYlE.roa
File:                     Ksw42LpqmwNoTQz3VpBVhb0qYlE.roa (raw, json)
Hash identifier:          S7N489V2KhG0Oq2XUlOTEAxINQl9qcz7CWHaSbZmW54=
Subject key identifier:   2A:CC:38:D8:BA:6A:9B:03:68:4D:0C:F7:56:90:55:85:BD:2A:62:51
Certificate issuer:       /CN=c5a1fb5bbc2fa8571e3d5f8cae4196a8d7e96c35
Certificate serial:       018CC8025B7EF813665CC26DAF6678D38CF8
Authority key identifier: C5:A1:FB:5B:BC:2F:A8:57:1E:3D:5F:8C:AE:41:96:A8:D7:E9:6C:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xaH7W7wvqFcePV-MrkGWqNfpbDU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/deb70d-1ffd-4da0-a097-d8a0b41f46e8/1/Ksw42LpqmwNoTQz3VpBVhb0qYlE.roa
Signing time:             Tue 02 Jan 2024 02:30:46 +0000
ROA not before:           Tue 02 Jan 2024 02:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1715
IP address blocks:        141.115.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/deb70d-1ffd-4da0-a097-d8a0b41f46e8/1/xaH7W7wvqFcePV-MrkGWqNfpbDU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/deb70d-1ffd-4da0-a097-d8a0b41f46e8/1/xaH7W7wvqFcePV-MrkGWqNfpbDU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xaH7W7wvqFcePV-MrkGWqNfpbDU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:5b:7e:f8:13:66:5c:c2:6d:af:66:78:d3:8c:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5a1fb5bbc2fa8571e3d5f8cae4196a8d7e96c35
        Validity
            Not Before: Jan  2 02:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2acc38d8ba6a9b03684d0cf756905585bd2a6251
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d4:63:6c:3b:1c:34:ed:9b:a5:82:01:67:18:
                    ef:21:b6:75:c5:bc:6b:30:a8:a3:54:f1:37:a5:48:
                    a1:5f:ff:c0:42:ff:28:be:ef:85:3c:c5:7e:65:5c:
                    8b:ad:35:43:ea:2b:8f:a7:75:59:8d:d9:1f:2d:d8:
                    03:e9:3a:a8:cd:84:79:93:30:a7:05:b3:02:27:af:
                    e1:f3:9b:34:b2:2d:a9:f0:ec:15:ac:1d:82:dd:ce:
                    d1:6b:f3:00:53:69:7e:05:ba:a0:a2:97:26:f4:1a:
                    e4:9e:19:5f:ec:12:94:b7:18:80:36:82:92:30:de:
                    25:8a:b1:a6:5a:f5:be:96:f2:b0:fb:42:ad:f5:14:
                    8f:2a:5a:20:3c:0e:15:03:7f:f5:d7:4e:32:d2:4d:
                    5f:50:2d:af:d9:c8:b4:11:4b:1c:cb:c9:47:e1:a6:
                    26:ad:b8:c0:73:9c:4e:3d:a9:5c:d8:7c:33:13:ed:
                    47:d4:c5:69:21:42:75:75:9c:f1:40:a4:31:bd:87:
                    61:d7:a3:bc:4b:1b:13:7d:2a:cc:69:97:b9:94:a8:
                    d7:f4:c0:73:ea:e5:cd:b7:d2:56:a9:ec:45:64:21:
                    8d:ad:2a:b0:9e:fe:53:89:26:8e:57:84:b5:ab:09:
                    f0:71:16:37:b7:a1:9d:54:1b:15:e5:cd:b1:2c:39:
                    ca:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:CC:38:D8:BA:6A:9B:03:68:4D:0C:F7:56:90:55:85:BD:2A:62:51
            X509v3 Authority Key Identifier:
                keyid:C5:A1:FB:5B:BC:2F:A8:57:1E:3D:5F:8C:AE:41:96:A8:D7:E9:6C:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xaH7W7wvqFcePV-MrkGWqNfpbDU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/deb70d-1ffd-4da0-a097-d8a0b41f46e8/1/Ksw42LpqmwNoTQz3VpBVhb0qYlE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/deb70d-1ffd-4da0-a097-d8a0b41f46e8/1/xaH7W7wvqFcePV-MrkGWqNfpbDU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.115.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         8e:c3:e1:14:f3:cc:81:72:2c:88:64:3f:c0:5a:29:a2:53:c5:
         da:d4:85:4b:32:56:46:7f:bb:00:66:c3:6f:3b:89:a2:02:a7:
         8b:57:bd:2b:17:40:14:3f:2b:5d:df:63:c3:b8:93:7b:3d:30:
         31:45:a3:3b:2b:2d:bc:91:79:88:ad:94:e4:85:18:8a:6a:98:
         d7:98:f0:ea:98:96:5f:19:3c:57:f0:89:78:69:cd:83:78:92:
         98:97:94:a8:8b:53:a9:7d:ed:69:00:8f:aa:82:d3:c7:26:29:
         2c:c9:64:34:57:44:db:76:39:c0:68:b4:06:3d:2c:3c:d7:de:
         a0:55:e8:f7:3f:91:45:5b:91:b2:e4:c8:30:2d:5a:c4:d9:5d:
         ff:33:28:aa:35:9b:26:96:5c:fc:06:0d:2f:19:bb:c2:62:79:
         4a:b0:61:93:b8:37:7e:17:70:84:86:18:c7:df:48:28:1a:34:
         77:af:90:58:ad:c6:6f:f4:87:ae:dd:73:3b:52:3f:93:be:55:
         fd:df:f6:5a:71:14:d1:d6:16:ec:d4:d3:f3:be:20:41:73:f6:
         96:f4:8f:63:e5:43:4e:e2:cb:bb:03:35:2a:2d:60:07:5a:85:
         a6:b9:ff:2d:b8:d5:a1:ef:a7:8a:69:c7:de:dd:e4:01:d0:02:
         fa:41:6d:8f
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzIAlt++BNmXMJtr2Z404z4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1YTFmYjViYmMyZmE4NTcxZTNkNWY4Y2FlNDE5NmE4ZDdl
OTZjMzUwHhcNMjQwMTAyMDIzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWNjMzhkOGJhNmE5YjAzNjg0ZDBjZjc1NjkwNTU4NWJkMmE2MjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9RjbDscNO2bpYIBZxjvIbZ1xbxr
MKijVPE3pUihX//AQv8ovu+FPMV+ZVyLrTVD6iuPp3VZjdkfLdgD6TqozYR5kzCn
BbMCJ6/h85s0si2p8OwVrB2C3c7Ra/MAU2l+Bbqgopcm9Brknhlf7BKUtxiANoKS
MN4lirGmWvW+lvKw+0Kt9RSPKlogPA4VA3/1104y0k1fUC2v2ci0EUscy8lH4aYm
rbjAc5xOPalc2HwzE+1H1MVpIUJ1dZzxQKQxvYdh16O8SxsTfSrMaZe5lKjX9MBz
6uXNt9JWqexFZCGNrSqwnv5TiSaOV4S1qwnwcRY3t6GdVBsV5c2xLDnKWwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFCrMONi6apsDaE0M91aQVYW9KmJRMB8GA1UdIwQY
MBaAFMWh+1u8L6hXHj1fjK5BlqjX6Ww1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGFIN1c3d3ZxRmNlUFYtTXJrR1dxTmZwYkRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9kZWI3MGQtMWZmZC00ZGEwLWEwOTct
ZDhhMGI0MWY0NmU4LzEvS3N3NDJMcHFtd05vVFF6M1ZwQlZoYjBxWWxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9kZWI3MGQtMWZmZC00ZGEwLWEwOTctZDhhMGI0MWY0NmU4
LzEveGFIN1c3d3ZxRmNlUFYtTXJrR1dxTmZwYkRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjXMwDQYJ
KoZIhvcNAQELBQADggEBAI7D4RTzzIFyLIhkP8BaKaJTxdrUhUsyVkZ/uwBmw287
iaICp4tXvSsXQBQ/K13fY8O4k3s9MDFFozsrLbyReYitlOSFGIpqmNeY8OqYll8Z
PFfwiXhpzYN4kpiXlKiLU6l97WkAj6qC08cmKSzJZDRXRNt2OcBotAY9LDzX3qBV
6Pc/kUVbkbLkyDAtWsTZXf8zKKo1myaWXPwGDS8Zu8JieUqwYZO4N34XcISGGMff
SCgaNHevkFitxm/0h67dcztSP5O+Vf3f9lpxFNHWFuzU0/O+IEFz9pb0j2PlQ07i
y7sDNSotYAdahaa5/y241aHvp4ppx97d5AHQAvpBbY8=
-----END CERTIFICATE-----