Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/3ccaff-71f2-4982-b534-36e39fed7bed/1/vs81DAzz8TtCU6KLFn9q0GBGM8E.roa
File:                     vs81DAzz8TtCU6KLFn9q0GBGM8E.roa (raw, json)
Hash identifier:          3dF4yXIWWVGznGRXj2+4WluXD4thndbxYeSMDTGwvvw=
Subject key identifier:   BE:CF:35:0C:0C:F3:F1:3B:42:53:A2:8B:16:7F:6A:D0:60:46:33:C1
Certificate issuer:       /CN=eea475d08b6f8b78ed11b0ca4d136deb38bc991b
Certificate serial:       018CC9BB3F7BD3ED59EBC7717F543F05B622
Authority key identifier: EE:A4:75:D0:8B:6F:8B:78:ED:11:B0:CA:4D:13:6D:EB:38:BC:99:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qR10Itvi3jtEbDKTRNt6zi8mRs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/3ccaff-71f2-4982-b534-36e39fed7bed/1/vs81DAzz8TtCU6KLFn9q0GBGM8E.roa
Signing time:             Tue 02 Jan 2024 10:32:21 +0000
ROA not before:           Tue 02 Jan 2024 10:32:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34308
IP address blocks:        84.246.248.0/21 maxlen: 24
                          185.63.212.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/3ccaff-71f2-4982-b534-36e39fed7bed/1/7qR10Itvi3jtEbDKTRNt6zi8mRs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/3ccaff-71f2-4982-b534-36e39fed7bed/1/7qR10Itvi3jtEbDKTRNt6zi8mRs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7qR10Itvi3jtEbDKTRNt6zi8mRs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:3f:7b:d3:ed:59:eb:c7:71:7f:54:3f:05:b6:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea475d08b6f8b78ed11b0ca4d136deb38bc991b
        Validity
            Not Before: Jan  2 10:32:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=becf350c0cf3f13b4253a28b167f6ad0604633c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:6e:24:d7:f5:92:7b:b8:1a:ed:3b:fb:a3:88:
                    b2:57:d6:b6:5e:da:e3:78:2b:90:00:31:d3:be:3a:
                    ca:c9:5c:1f:c2:ec:83:d2:7f:6c:56:30:1b:63:6e:
                    36:50:20:61:19:46:e7:5d:49:14:bb:54:a6:db:1b:
                    f3:b9:b8:b6:94:8c:95:f0:8f:0d:42:67:7f:e0:2c:
                    af:64:62:07:4a:e4:44:94:b4:19:c0:e2:9d:42:68:
                    0a:5c:e6:68:02:07:61:d5:76:69:76:2a:eb:54:1e:
                    11:88:71:40:cd:7d:b4:4e:e5:d0:1d:a6:79:d6:8e:
                    37:5e:16:83:05:c1:d3:85:01:ac:ce:eb:57:b9:a9:
                    e8:44:fa:dd:70:42:7d:34:32:02:5f:b3:07:79:40:
                    dc:b2:61:73:fa:79:9b:08:86:f7:4a:fe:3d:ac:fb:
                    e9:0d:86:3e:2d:d0:84:28:3b:95:e2:a6:ed:97:f7:
                    4c:ce:32:39:a8:fc:ac:27:03:4e:3c:ca:b5:1d:f7:
                    ba:cf:47:a1:9a:fd:c1:95:10:ba:a8:89:cc:63:78:
                    de:e2:69:53:8a:fb:a6:1b:1d:3a:49:91:6d:b2:ad:
                    6f:8c:bd:67:7b:0f:e3:83:06:56:fa:80:76:82:32:
                    b1:e7:bd:66:e2:b1:23:6c:1b:f9:18:0e:87:3d:5d:
                    82:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:CF:35:0C:0C:F3:F1:3B:42:53:A2:8B:16:7F:6A:D0:60:46:33:C1
            X509v3 Authority Key Identifier:
                keyid:EE:A4:75:D0:8B:6F:8B:78:ED:11:B0:CA:4D:13:6D:EB:38:BC:99:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qR10Itvi3jtEbDKTRNt6zi8mRs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/3ccaff-71f2-4982-b534-36e39fed7bed/1/vs81DAzz8TtCU6KLFn9q0GBGM8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/3ccaff-71f2-4982-b534-36e39fed7bed/1/7qR10Itvi3jtEbDKTRNt6zi8mRs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.246.248.0/21
                  185.63.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:17:06:56:a4:05:44:03:6f:58:20:59:d2:d6:d6:06:f9:df:
         2d:50:4a:de:67:54:f3:90:81:f0:8c:66:9b:71:7c:f4:d3:b9:
         20:92:ea:7b:d8:a0:0d:29:74:15:43:03:db:30:af:ea:59:af:
         d3:ce:d7:66:d6:5e:f1:36:84:b5:72:b4:72:82:3a:8e:ee:ec:
         7a:14:b8:0d:cf:52:0b:8f:1d:87:ef:92:ba:17:79:f6:ec:4f:
         a8:6e:f3:14:2c:5a:bd:9d:e3:76:ca:a5:64:7d:d8:ca:56:9b:
         7f:0e:70:de:2e:b5:ff:4b:d9:f9:47:0a:c1:72:ec:0c:42:d2:
         7d:48:57:61:f3:ae:26:ff:ae:a3:b4:5e:cc:02:0c:b2:98:26:
         4b:ef:c3:36:7a:37:64:b5:e2:ba:16:43:8c:b7:4b:a5:1b:35:
         d6:b3:a2:ec:85:e0:b9:12:d2:fb:fc:92:53:4a:02:ff:60:cf:
         da:92:0a:b4:7b:80:84:02:b9:9f:1e:98:f2:c0:ae:f0:cb:21:
         89:0a:d3:9d:f0:dd:01:ab:cd:f7:2a:d7:9a:f9:59:fa:78:aa:
         cb:60:0e:15:e8:a7:d0:ee:91:7a:c9:e4:14:a4:37:25:23:a8:
         3c:6a:f1:d1:8a:d0:3f:06:d4:e0:37:50:85:eb:d8:c2:d4:0b:
         8c:85:fe:bd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJuz970+1Z68dxf1Q/BbYiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTQ3NWQwOGI2ZjhiNzhlZDExYjBjYTRkMTM2ZGViMzhi
Yzk5MWIwHhcNMjQwMTAyMTAzMjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWNmMzUwYzBjZjNmMTNiNDI1M2EyOGIxNjdmNmFkMDYwNDYzM2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp24k1/WSe7ga7Tv7o4iyV9a2Xtrj
eCuQADHTvjrKyVwfwuyD0n9sVjAbY242UCBhGUbnXUkUu1Sm2xvzubi2lIyV8I8N
Qmd/4CyvZGIHSuRElLQZwOKdQmgKXOZoAgdh1XZpdirrVB4RiHFAzX20TuXQHaZ5
1o43XhaDBcHThQGszutXuanoRPrdcEJ9NDICX7MHeUDcsmFz+nmbCIb3Sv49rPvp
DYY+LdCEKDuV4qbtl/dMzjI5qPysJwNOPMq1Hfe6z0ehmv3BlRC6qInMY3je4mlT
ivumGx06SZFtsq1vjL1new/jgwZW+oB2gjKx571m4rEjbBv5GA6HPV2CRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL7PNQwM8/E7QlOiixZ/atBgRjPBMB8GA1UdIwQY
MBaAFO6kddCLb4t47RGwyk0Tbes4vJkbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FSMTBJdHZpM2p0RWJES1RSTnQ2emk4bVJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zY2NhZmYtNzFmMi00OTgyLWI1MzQt
MzZlMzlmZWQ3YmVkLzEvdnM4MURBeno4VHRDVTZLTEZuOXEwR0JHTThFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zY2NhZmYtNzFmMi00OTgyLWI1MzQtMzZlMzlmZWQ3YmVk
LzEvN3FSMTBJdHZpM2p0RWJES1RSTnQ2emk4bVJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDVPb4AwQC
uT/UMA0GCSqGSIb3DQEBCwUAA4IBAQARFwZWpAVEA29YIFnS1tYG+d8tUEreZ1Tz
kIHwjGabcXz007kgkup72KANKXQVQwPbMK/qWa/Tztdm1l7xNoS1crRygjqO7ux6
FLgNz1ILjx2H75K6F3n27E+obvMULFq9neN2yqVkfdjKVpt/DnDeLrX/S9n5RwrB
cuwMQtJ9SFdh864m/66jtF7MAgyymCZL78M2ejdkteK6FkOMt0ulGzXWs6LsheC5
EtL7/JJTSgL/YM/akgq0e4CEArmfHpjywK7wyyGJCtOd8N0Bq833Ktea+Vn6eKrL
YA4V6KfQ7pF6yeQUpDclI6g8avHRitA/BtTgN1CF69jC1AuMhf69
-----END CERTIFICATE-----