Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/i0LWFovCXoHOVuxht0Gy17Et-8U.roa
File:                     i0LWFovCXoHOVuxht0Gy17Et-8U.roa (raw, json)
Hash identifier:          S0ROy7BhnN/VGAxlIMt5pGgrnddODL6pugHXQfH75qE=
Subject key identifier:   8B:42:D6:16:8B:C2:5E:81:CE:56:EC:61:B7:41:B2:D7:B1:2D:FB:C5
Certificate issuer:       /CN=f2e2810f49b36fdd641c326bd1de4e42d128b046
Certificate serial:       018CCA29BAB2245014768E5C42A1CB6B097B
Authority key identifier: F2:E2:81:0F:49:B3:6F:DD:64:1C:32:6B:D1:DE:4E:42:D1:28:B0:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8uKBD0mzb91kHDJr0d5OQtEosEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/i0LWFovCXoHOVuxht0Gy17Et-8U.roa
Signing time:             Tue 02 Jan 2024 12:33:01 +0000
ROA not before:           Tue 02 Jan 2024 12:33:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49961
IP address blocks:        212.99.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/8uKBD0mzb91kHDJr0d5OQtEosEY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/8uKBD0mzb91kHDJr0d5OQtEosEY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8uKBD0mzb91kHDJr0d5OQtEosEY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 21:44:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:ba:b2:24:50:14:76:8e:5c:42:a1:cb:6b:09:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2e2810f49b36fdd641c326bd1de4e42d128b046
        Validity
            Not Before: Jan  2 12:33:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b42d6168bc25e81ce56ec61b741b2d7b12dfbc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:92:22:74:b0:f5:5b:df:75:18:05:5c:87:e2:
                    3a:a5:1a:40:b3:79:f0:09:37:3f:1d:5a:ad:1d:da:
                    e7:3b:fe:10:bc:8e:c3:9e:31:dc:7a:72:43:55:08:
                    fd:9b:eb:e3:77:39:cb:e6:4d:a4:7a:66:5e:90:5d:
                    28:0f:a2:f5:cb:72:20:ed:5b:7b:2c:3f:06:41:f6:
                    e6:91:e5:4b:80:3d:25:ac:fc:85:6e:32:d5:ea:b7:
                    fe:d5:ae:41:4e:cb:6b:1e:4d:e7:68:66:26:28:d1:
                    06:18:d9:f5:ec:5b:93:79:de:93:3a:d5:b4:8e:dd:
                    90:b7:67:ae:0c:d3:cb:89:32:34:96:b2:b8:1a:9e:
                    39:c8:23:c4:fd:56:33:27:02:e6:e5:c1:42:49:36:
                    b3:f1:af:f5:e0:15:eb:61:a4:5f:84:d7:b0:1f:41:
                    cc:09:da:e8:cf:08:f2:0a:2b:2d:3f:e0:d7:43:e1:
                    8c:e9:ff:68:a8:30:7d:b4:31:fd:fb:a5:39:40:29:
                    26:ae:36:86:54:60:95:25:2f:e9:27:32:c9:7b:ed:
                    c5:1d:08:48:39:17:2e:69:79:dc:20:f4:2a:7c:3b:
                    13:ff:37:bd:d5:74:9f:01:b5:e5:59:6e:69:02:cb:
                    57:a5:05:f3:b6:9a:85:b9:93:66:0e:af:28:13:6e:
                    dc:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:42:D6:16:8B:C2:5E:81:CE:56:EC:61:B7:41:B2:D7:B1:2D:FB:C5
            X509v3 Authority Key Identifier:
                keyid:F2:E2:81:0F:49:B3:6F:DD:64:1C:32:6B:D1:DE:4E:42:D1:28:B0:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8uKBD0mzb91kHDJr0d5OQtEosEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/i0LWFovCXoHOVuxht0Gy17Et-8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/79e905-fb0d-4b8b-9390-50d2b70bcf31/1/8uKBD0mzb91kHDJr0d5OQtEosEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.99.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:b8:c5:1e:dd:02:31:f0:ba:ad:ad:cf:f7:d6:8f:51:38:6a:
         e8:5d:6a:c0:26:31:bd:ce:83:61:22:ed:57:c2:d2:6b:8b:05:
         17:26:91:cb:c1:1b:04:b8:b8:82:d6:f4:05:aa:22:9a:07:ac:
         eb:8f:06:f0:30:ae:24:5f:95:97:a6:6b:66:6b:2b:90:f3:c0:
         c7:67:c6:2e:ee:24:25:2c:db:b4:08:53:d2:aa:53:0a:85:39:
         2f:2f:4c:71:20:ea:5d:23:16:3b:7b:55:0a:1b:aa:a0:11:4f:
         70:d7:4e:5d:3e:84:e2:e8:d3:21:92:58:c2:bf:71:94:ff:9d:
         e5:ce:36:17:38:42:a3:02:81:65:b0:25:24:74:a8:1d:10:19:
         5b:b9:c4:20:a1:84:c0:19:f9:dd:ed:74:e4:27:a8:b6:54:48:
         33:4a:04:86:8d:53:fc:86:80:b3:37:e6:83:58:5e:96:e8:56:
         63:54:f2:0b:66:0b:45:c5:8d:6d:40:94:29:88:86:82:57:af:
         63:ce:e1:9c:b9:c9:bd:8f:73:bd:99:78:94:03:af:b4:4c:72:
         b5:e8:53:6a:bd:17:4c:78:2b:41:0c:dc:50:9d:88:4a:a3:b2:
         ba:cb:e9:07:63:46:17:d5:44:94:c5:6e:4d:7d:c8:1f:fe:3d:
         f0:95:4a:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKbqyJFAUdo5cQqHLawl7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyZTI4MTBmNDliMzZmZGQ2NDFjMzI2YmQxZGU0ZTQyZDEy
OGIwNDYwHhcNMjQwMTAyMTIzMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjQyZDYxNjhiYzI1ZTgxY2U1NmVjNjFiNzQxYjJkN2IxMmRmYmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpIidLD1W991GAVch+I6pRpAs3nw
CTc/HVqtHdrnO/4QvI7DnjHcenJDVQj9m+vjdznL5k2kemZekF0oD6L1y3Ig7Vt7
LD8GQfbmkeVLgD0lrPyFbjLV6rf+1a5BTstrHk3naGYmKNEGGNn17FuTed6TOtW0
jt2Qt2euDNPLiTI0lrK4Gp45yCPE/VYzJwLm5cFCSTaz8a/14BXrYaRfhNewH0HM
CdrozwjyCistP+DXQ+GM6f9oqDB9tDH9+6U5QCkmrjaGVGCVJS/pJzLJe+3FHQhI
ORcuaXncIPQqfDsT/ze91XSfAbXlWW5pAstXpQXztpqFuZNmDq8oE27crwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFItC1haLwl6BzlbsYbdBstexLfvFMB8GA1UdIwQY
MBaAFPLigQ9Js2/dZBwya9HeTkLRKLBGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHVLQkQwbXpiOTFrSERKcjBkNU9RdEVvc0VZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi83OWU5MDUtZmIwZC00YjhiLTkzOTAt
NTBkMmI3MGJjZjMxLzEvaTBMV0ZvdkNYb0hPVnV4aHQwR3kxN0V0LThVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi83OWU5MDUtZmIwZC00YjhiLTkzOTAtNTBkMmI3MGJjZjMx
LzEvOHVLQkQwbXpiOTFrSERKcjBkNU9RdEVvc0VZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GMPMA0G
CSqGSIb3DQEBCwUAA4IBAQCAuMUe3QIx8Lqtrc/31o9ROGroXWrAJjG9zoNhIu1X
wtJriwUXJpHLwRsEuLiC1vQFqiKaB6zrjwbwMK4kX5WXpmtmayuQ88DHZ8Yu7iQl
LNu0CFPSqlMKhTkvL0xxIOpdIxY7e1UKG6qgEU9w105dPoTi6NMhkljCv3GU/53l
zjYXOEKjAoFlsCUkdKgdEBlbucQgoYTAGfnd7XTkJ6i2VEgzSgSGjVP8hoCzN+aD
WF6W6FZjVPILZgtFxY1tQJQpiIaCV69jzuGcucm9j3O9mXiUA6+0THK16FNqvRdM
eCtBDNxQnYhKo7K6y+kHY0YX1USUxW5Nfcgf/j3wlUpG
-----END CERTIFICATE-----