Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/8992b1-1600-4b92-99a5-8140c116f0c8/1/8QnX23Z3yjD9sXUlb-E9NU7UmxU.roa
File:                     8QnX23Z3yjD9sXUlb-E9NU7UmxU.roa (raw, json)
Hash identifier:          2YdSH9JL55Ekn5S4m/uetxwS0326rArVHani1LjSFxA=
Subject key identifier:   F1:09:D7:DB:76:77:CA:30:FD:B1:75:25:6F:E1:3D:35:4E:D4:9B:15
Certificate issuer:       /CN=56f722a885abeb9aaffb32da764ef091b5b20340
Certificate serial:       018CC726E4C6D608B1B099E61B8CF7DEEE18
Authority key identifier: 56:F7:22:A8:85:AB:EB:9A:AF:FB:32:DA:76:4E:F0:91:B5:B2:03:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VvciqIWr65qv-zLadk7wkbWyA0A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/8992b1-1600-4b92-99a5-8140c116f0c8/1/8QnX23Z3yjD9sXUlb-E9NU7UmxU.roa
Signing time:             Mon 01 Jan 2024 22:31:04 +0000
ROA not before:           Mon 01 Jan 2024 22:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15547
IP address blocks:        185.201.216.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/8992b1-1600-4b92-99a5-8140c116f0c8/1/VvciqIWr65qv-zLadk7wkbWyA0A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/8992b1-1600-4b92-99a5-8140c116f0c8/1/VvciqIWr65qv-zLadk7wkbWyA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VvciqIWr65qv-zLadk7wkbWyA0A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:e4:c6:d6:08:b1:b0:99:e6:1b:8c:f7:de:ee:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56f722a885abeb9aaffb32da764ef091b5b20340
        Validity
            Not Before: Jan  1 22:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f109d7db7677ca30fdb175256fe13d354ed49b15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:4f:21:ce:bd:21:8f:03:cc:f9:9e:5d:42:cf:
                    5c:5c:4b:1b:08:3b:cf:ad:de:12:af:2e:4e:5c:55:
                    e8:68:0c:4f:bb:19:6f:ac:96:d9:d3:25:f5:97:7b:
                    5d:22:ef:2a:33:18:81:2c:66:0f:aa:dd:67:36:b2:
                    ce:e2:60:63:cc:df:8e:2d:b2:d9:03:ea:3f:b3:f2:
                    1f:60:2f:74:89:b8:32:50:1c:5b:3b:05:96:45:e5:
                    7d:67:a2:6b:51:f5:e3:34:69:5b:03:ce:32:04:a8:
                    ae:99:ab:70:a8:fb:5f:67:5f:f9:a5:9c:33:22:9b:
                    85:9d:91:a9:20:73:b8:6b:f7:f9:1b:8d:bd:04:2a:
                    73:53:c0:ae:33:99:2d:a8:d2:25:40:f9:c9:e9:64:
                    6f:37:14:35:8c:7d:a2:15:12:9c:9d:52:0e:c0:51:
                    fb:fa:fc:50:46:40:92:f8:c4:c6:30:be:59:2d:17:
                    65:45:88:a1:f2:45:18:e6:0e:ce:5c:f7:cc:c0:c8:
                    f9:98:94:42:56:a3:85:92:66:6e:3b:80:e5:84:f0:
                    85:b7:95:5b:ee:0f:a8:86:12:b5:ff:95:a0:c0:ac:
                    9d:09:13:87:83:9b:c8:a2:24:40:99:df:90:9d:a6:
                    b0:e2:73:00:05:94:9b:8c:78:91:82:50:c2:62:e2:
                    97:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:09:D7:DB:76:77:CA:30:FD:B1:75:25:6F:E1:3D:35:4E:D4:9B:15
            X509v3 Authority Key Identifier:
                keyid:56:F7:22:A8:85:AB:EB:9A:AF:FB:32:DA:76:4E:F0:91:B5:B2:03:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VvciqIWr65qv-zLadk7wkbWyA0A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/8992b1-1600-4b92-99a5-8140c116f0c8/1/8QnX23Z3yjD9sXUlb-E9NU7UmxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/8992b1-1600-4b92-99a5-8140c116f0c8/1/VvciqIWr65qv-zLadk7wkbWyA0A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:94:03:50:73:be:b0:84:c9:3b:7c:f6:07:8d:c4:ca:76:eb:
         a9:9e:b4:2a:9c:98:90:1e:76:ec:e9:34:3c:8e:73:a4:76:02:
         3b:c0:9c:89:ba:e5:2a:fc:56:f1:65:a6:56:de:38:99:cd:13:
         67:80:8d:28:d3:34:ea:69:87:7b:cc:8a:e0:5d:ad:6a:42:9f:
         b8:25:8d:67:50:5f:01:dc:b6:28:a0:47:70:a1:9b:2e:55:dd:
         45:f4:2e:10:e3:ac:39:7a:7b:4c:09:b8:dc:e9:8c:1e:d9:e0:
         fc:ff:70:e2:54:8b:f5:36:87:28:83:35:ff:e3:87:cf:54:bf:
         06:bd:fc:26:7f:db:b9:6e:76:f1:f4:d2:df:e2:be:c2:9f:02:
         b9:32:77:af:7e:25:94:ab:90:22:af:44:ce:97:80:ff:84:c7:
         18:03:97:36:9b:fd:91:f2:a2:de:cc:52:66:d0:c1:40:dd:cf:
         42:6f:39:c2:6c:cb:aa:43:74:d2:4c:a8:6b:39:a4:27:40:f4:
         9e:f0:46:8d:b2:b2:19:5b:32:50:82:67:38:53:7e:03:ee:b0:
         8a:5e:64:ac:cc:25:8e:5f:26:98:fc:ba:f0:8f:17:23:78:06:
         f9:de:f0:52:b5:63:86:5c:b0:0b:50:92:4a:7e:ee:e5:56:c7:
         3e:3d:71:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJuTG1gixsJnmG4z33u4YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2ZjcyMmE4ODVhYmViOWFhZmZiMzJkYTc2NGVmMDkxYjVi
MjAzNDAwHhcNMjQwMTAxMjIzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTA5ZDdkYjc2NzdjYTMwZmRiMTc1MjU2ZmUxM2QzNTRlZDQ5YjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkk8hzr0hjwPM+Z5dQs9cXEsbCDvP
rd4Sry5OXFXoaAxPuxlvrJbZ0yX1l3tdIu8qMxiBLGYPqt1nNrLO4mBjzN+OLbLZ
A+o/s/IfYC90ibgyUBxbOwWWReV9Z6JrUfXjNGlbA84yBKiumatwqPtfZ1/5pZwz
IpuFnZGpIHO4a/f5G429BCpzU8CuM5ktqNIlQPnJ6WRvNxQ1jH2iFRKcnVIOwFH7
+vxQRkCS+MTGML5ZLRdlRYih8kUY5g7OXPfMwMj5mJRCVqOFkmZuO4DlhPCFt5Vb
7g+ohhK1/5WgwKydCROHg5vIoiRAmd+Qnaaw4nMABZSbjHiRglDCYuKXzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPEJ19t2d8ow/bF1JW/hPTVO1JsVMB8GA1UdIwQY
MBaAFFb3IqiFq+uar/sy2nZO8JG1sgNAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnZjaXFJV3I2NXF2LXpMYWRrN3drYld5QTBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni84OTkyYjEtMTYwMC00YjkyLTk5YTUt
ODE0MGMxMTZmMGM4LzEvOFFuWDIzWjN5akQ5c1hVbGItRTlOVTdVbXhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni84OTkyYjEtMTYwMC00YjkyLTk5YTUtODE0MGMxMTZmMGM4
LzEvVnZjaXFJV3I2NXF2LXpMYWRrN3drYld5QTBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucnYMA0G
CSqGSIb3DQEBCwUAA4IBAQADlANQc76whMk7fPYHjcTKduupnrQqnJiQHnbs6TQ8
jnOkdgI7wJyJuuUq/FbxZaZW3jiZzRNngI0o0zTqaYd7zIrgXa1qQp+4JY1nUF8B
3LYooEdwoZsuVd1F9C4Q46w5entMCbjc6Ywe2eD8/3DiVIv1NocogzX/44fPVL8G
vfwmf9u5bnbx9NLf4r7CnwK5MnevfiWUq5Air0TOl4D/hMcYA5c2m/2R8qLezFJm
0MFA3c9CbznCbMuqQ3TSTKhrOaQnQPSe8EaNsrIZWzJQgmc4U34D7rCKXmSszCWO
XyaY/LrwjxcjeAb53vBStWOGXLALUJJKfu7lVsc+PXEl
-----END CERTIFICATE-----