Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/bCSLKJvZXNNFLYvW7QoKnnAdBJ0.roa
File:                     bCSLKJvZXNNFLYvW7QoKnnAdBJ0.roa (raw, json)
Hash identifier:          8ocvgqsLZncNFhevIuGKH93prmdrD2POSgMHD4h/VuI=
Subject key identifier:   6C:24:8B:28:9B:D9:5C:D3:45:2D:8B:D6:ED:0A:0A:9E:70:1D:04:9D
Certificate issuer:       /CN=d9fc0bec60d0bace1889677bd9bb90190cc4fd22
Certificate serial:       018CC9BB954A1C161D53F54BBB419FDBA0CF
Authority key identifier: D9:FC:0B:EC:60:D0:BA:CE:18:89:67:7B:D9:BB:90:19:0C:C4:FD:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/bCSLKJvZXNNFLYvW7QoKnnAdBJ0.roa
Signing time:             Tue 02 Jan 2024 10:32:43 +0000
ROA not before:           Tue 02 Jan 2024 10:32:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56798
IP address blocks:        212.102.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:95:4a:1c:16:1d:53:f5:4b:bb:41:9f:db:a0:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9fc0bec60d0bace1889677bd9bb90190cc4fd22
        Validity
            Not Before: Jan  2 10:32:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c248b289bd95cd3452d8bd6ed0a0a9e701d049d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:94:5d:de:01:53:a8:f7:15:76:16:bf:69:e0:
                    0b:70:18:4d:93:29:e9:95:0a:9e:c4:c3:8c:91:cf:
                    60:95:a1:89:2f:87:28:86:da:aa:b4:27:fc:eb:c2:
                    00:b0:b6:a9:c8:b2:73:9f:f7:74:f2:2c:01:92:42:
                    f1:da:7a:f1:22:6c:4a:b0:57:be:d1:d7:40:af:11:
                    24:d8:47:4f:aa:67:9f:b1:6e:85:61:76:85:0a:ae:
                    a3:26:aa:4e:d0:c8:d1:22:43:0f:6e:ce:6d:b9:8a:
                    ff:ba:1c:86:9b:f2:0c:46:02:11:b3:95:4c:97:60:
                    ee:a7:ce:64:23:b3:7d:ac:21:ff:af:16:69:96:53:
                    97:2c:38:04:bc:8f:c0:c1:76:3d:9b:21:66:25:ff:
                    06:62:ac:85:12:e5:75:c3:58:ad:b0:e2:d5:0a:98:
                    ae:01:61:c0:94:39:63:47:d8:97:8c:17:f9:c2:6d:
                    f1:ef:25:a3:74:9c:86:87:3b:88:36:a1:09:a4:77:
                    3f:7d:3c:fe:44:5f:99:99:e3:ff:2a:14:79:7c:fe:
                    01:56:23:31:c1:42:c9:8f:6e:c0:34:80:f0:51:8f:
                    f3:3c:1f:c0:b7:7c:83:a8:fb:d3:4d:15:0c:55:db:
                    2d:44:87:5b:42:91:32:d3:02:ef:58:dc:3b:ed:f9:
                    fc:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:24:8B:28:9B:D9:5C:D3:45:2D:8B:D6:ED:0A:0A:9E:70:1D:04:9D
            X509v3 Authority Key Identifier:
                keyid:D9:FC:0B:EC:60:D0:BA:CE:18:89:67:7B:D9:BB:90:19:0C:C4:FD:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/bCSLKJvZXNNFLYvW7QoKnnAdBJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.102.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:4c:e4:73:f1:e5:56:e4:eb:b6:f0:00:ee:5e:5b:9b:87:9b:
         8f:f3:ed:1f:58:77:bf:b9:70:13:1d:a1:3e:c8:fb:6d:b8:75:
         8c:69:eb:cc:52:7f:78:c8:80:b4:63:10:77:7f:da:91:8e:72:
         35:3f:d5:64:15:44:a9:7d:81:b5:86:83:0b:90:a4:af:7f:2c:
         c2:9b:e1:b6:c4:d0:9c:42:07:ce:8c:bf:5a:ca:9b:19:e3:9e:
         07:c8:01:0e:14:84:a3:67:5a:2a:b8:d2:ab:17:f0:73:ed:be:
         47:ca:4c:1c:60:b3:56:3d:b9:b0:ae:23:dc:cc:99:a3:8d:45:
         62:5a:51:e7:ca:86:16:bb:9c:2e:53:16:b7:73:41:66:0c:79:
         0f:5b:80:22:9d:c4:68:c7:1c:e0:0a:7e:a1:48:7a:cd:08:7b:
         c0:56:96:ec:fe:8f:40:92:10:5a:58:b6:be:1c:65:c2:d3:0d:
         16:0e:b8:d1:6c:ed:4b:b5:cb:03:0f:83:7c:36:d9:f5:94:d5:
         87:53:cb:a0:bb:fa:0c:41:7a:a5:76:99:ce:cf:25:25:e3:60:
         81:0e:d8:5f:45:84:6a:30:e7:c2:a6:35:60:7b:34:43:05:27:
         61:64:f4:e0:b8:b5:95:4e:ea:b1:02:5d:29:fe:5e:4e:62:07:
         10:13:ce:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu5VKHBYdU/VLu0Gf26DPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZmMwYmVjNjBkMGJhY2UxODg5Njc3YmQ5YmI5MDE5MGNj
NGZkMjIwHhcNMjQwMTAyMTAzMjQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzI0OGIyODliZDk1Y2QzNDUyZDhiZDZlZDBhMGE5ZTcwMWQwNDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZRd3gFTqPcVdha/aeALcBhNkynp
lQqexMOMkc9glaGJL4cohtqqtCf868IAsLapyLJzn/d08iwBkkLx2nrxImxKsFe+
0ddArxEk2EdPqmefsW6FYXaFCq6jJqpO0MjRIkMPbs5tuYr/uhyGm/IMRgIRs5VM
l2Dup85kI7N9rCH/rxZpllOXLDgEvI/AwXY9myFmJf8GYqyFEuV1w1itsOLVCpiu
AWHAlDljR9iXjBf5wm3x7yWjdJyGhzuINqEJpHc/fTz+RF+ZmeP/KhR5fP4BViMx
wULJj27ANIDwUY/zPB/At3yDqPvTTRUMVdstRIdbQpEy0wLvWNw77fn8qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGwkiyib2VzTRS2L1u0KCp5wHQSdMB8GA1UdIwQY
MBaAFNn8C+xg0LrOGIlne9m7kBkMxP0iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmZ3TDdHRFF1czRZaVdkNzJidVFHUXpFX1NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9iMGQ2ZTYtMmVkNy00OTI4LWFkNjkt
MzQ2OTAzNGZhNDQxLzEvYkNTTEtKdlpYTk5GTFl2VzdRb0tubkFkQkowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9iMGQ2ZTYtMmVkNy00OTI4LWFkNjktMzQ2OTAzNGZhNDQx
LzEvMmZ3TDdHRFF1czRZaVdkNzJidVFHUXpFX1NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GZ+MA0G
CSqGSIb3DQEBCwUAA4IBAQCWTORz8eVW5Ou28ADuXlubh5uP8+0fWHe/uXATHaE+
yPttuHWMaevMUn94yIC0YxB3f9qRjnI1P9VkFUSpfYG1hoMLkKSvfyzCm+G2xNCc
QgfOjL9aypsZ454HyAEOFISjZ1oquNKrF/Bz7b5HykwcYLNWPbmwriPczJmjjUVi
WlHnyoYWu5wuUxa3c0FmDHkPW4AincRoxxzgCn6hSHrNCHvAVpbs/o9AkhBaWLa+
HGXC0w0WDrjRbO1LtcsDD4N8Ntn1lNWHU8ugu/oMQXqldpnOzyUl42CBDthfRYRq
MOfCpjVgezRDBSdhZPTguLWVTuqxAl0p/l5OYgcQE84G
-----END CERTIFICATE-----