Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/8wecmOPJDujqI_z7s1lR8n96ReI.roa
File:                     8wecmOPJDujqI_z7s1lR8n96ReI.roa (raw, json)
Hash identifier:          pd7ZxxOfJt0SSP57RvQrAtS1qEhOQb6qFq0QTe6Ngbg=
Subject key identifier:   F3:07:9C:98:E3:C9:0E:E8:EA:23:FC:FB:B3:59:51:F2:7F:7A:45:E2
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       018CCA29CFC65E00769E655A372E80F7CE32
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/8wecmOPJDujqI_z7s1lR8n96ReI.roa
Signing time:             Tue 02 Jan 2024 12:33:06 +0000
ROA not before:           Tue 02 Jan 2024 12:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        185.81.174.0/23 maxlen: 24
                          185.96.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:cf:c6:5e:00:76:9e:65:5a:37:2e:80:f7:ce:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jan  2 12:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3079c98e3c90ee8ea23fcfbb35951f27f7a45e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:25:f5:c9:66:f0:98:0d:b9:97:71:b4:a3:df:
                    be:82:bd:19:e5:76:15:a3:83:ee:19:a4:ee:54:52:
                    a4:a7:3b:cd:75:2a:67:e5:8b:4b:b6:96:b8:36:1f:
                    1d:04:e7:25:f2:b4:3d:9f:d8:60:d0:e0:b7:d0:b8:
                    ee:73:ac:89:ed:5b:a7:ae:dc:64:05:60:f1:70:62:
                    ad:77:a5:f2:45:b7:54:05:6d:91:bc:10:22:39:98:
                    d5:e6:d1:8d:c8:83:3f:31:97:d1:96:21:b4:cf:a5:
                    23:9a:59:03:8d:00:fd:1e:13:8c:2e:24:b0:9c:2c:
                    1b:48:ae:25:c2:68:73:1a:b0:c2:d1:14:9e:91:fc:
                    e8:ba:fb:57:9a:0c:18:f7:ed:4b:58:75:2f:01:4d:
                    19:87:f3:6c:c4:7b:1e:02:b2:e0:1b:1c:d6:a2:cf:
                    7f:ca:9d:c3:d8:3e:4c:67:46:56:dc:37:f7:68:16:
                    23:28:c0:fe:5b:b7:51:81:4a:86:50:52:1c:ce:cb:
                    36:d4:04:e5:bb:98:71:f0:ea:76:a5:25:e1:2f:46:
                    de:e1:62:03:ef:63:0c:ef:8f:62:0a:29:cf:61:44:
                    b0:91:b9:c5:2f:9e:ee:59:71:7f:e0:89:40:29:da:
                    56:10:75:3e:50:74:36:ae:d3:ba:e8:71:1e:8b:35:
                    cd:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:07:9C:98:E3:C9:0E:E8:EA:23:FC:FB:B3:59:51:F2:7F:7A:45:E2
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/8wecmOPJDujqI_z7s1lR8n96ReI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.174.0/23
                  185.96.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:75:71:26:d0:8f:d8:f0:3d:71:56:d4:b0:6e:b2:bb:51:23:
         48:25:8c:14:a1:34:8c:65:c3:a5:14:da:ba:54:cc:1b:dd:71:
         87:30:0a:97:4b:42:8e:95:88:04:b4:fb:47:14:4c:a9:46:03:
         6f:e6:36:13:26:3c:98:07:c2:cf:2f:f9:9a:0e:0b:a6:6c:1f:
         09:97:c1:7d:b1:3d:df:2c:e3:96:37:4d:09:53:71:7f:3a:3a:
         c3:60:66:41:cc:7c:91:bd:ae:2f:62:bc:13:3a:53:c7:b7:97:
         c2:74:a0:55:b5:b4:22:24:c1:9d:78:46:47:6b:6e:8f:c2:c9:
         90:cb:86:b0:35:2e:d9:b1:94:97:30:69:b0:9d:2e:26:b7:d5:
         ea:51:f5:7a:96:cf:b5:ed:a0:74:64:c9:f1:e1:2a:3d:91:8e:
         05:1f:e4:0b:47:56:1c:66:f5:23:48:2f:19:88:8b:0a:5b:3f:
         53:8e:fe:7f:d3:b0:61:84:86:86:f1:22:fc:3d:ba:a7:f9:d0:
         c5:26:70:e8:be:b2:44:95:19:bf:c0:65:21:c0:48:b6:77:77:
         93:14:18:80:92:47:c1:bd:a5:ac:86:0d:9a:85:e1:17:30:b9:
         ef:7e:df:da:fe:f5:9f:47:4e:f8:ea:84:34:03:63:fb:0e:58:
         03:fb:63:9d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKc/GXgB2nmVaNy6A984yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjQwMTAyMTIzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzA3OWM5OGUzYzkwZWU4ZWEyM2ZjZmJiMzU5NTFmMjdmN2E0NWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmiX1yWbwmA25l3G0o9++gr0Z5XYV
o4PuGaTuVFKkpzvNdSpn5YtLtpa4Nh8dBOcl8rQ9n9hg0OC30Ljuc6yJ7Vunrtxk
BWDxcGKtd6XyRbdUBW2RvBAiOZjV5tGNyIM/MZfRliG0z6UjmlkDjQD9HhOMLiSw
nCwbSK4lwmhzGrDC0RSekfzouvtXmgwY9+1LWHUvAU0Zh/NsxHseArLgGxzWos9/
yp3D2D5MZ0ZW3Df3aBYjKMD+W7dRgUqGUFIczss21ATlu5hx8Op2pSXhL0be4WID
72MM749iCinPYUSwkbnFL57uWXF/4IlAKdpWEHU+UHQ2rtO66HEeizXNUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPMHnJjjyQ7o6iP8+7NZUfJ/ekXiMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvOHdlY21PUEpEdWpxSV96N3MxbFI4bjk2UmVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuVGuAwQA
uWAmMA0GCSqGSIb3DQEBCwUAA4IBAQCndXEm0I/Y8D1xVtSwbrK7USNIJYwUoTSM
ZcOlFNq6VMwb3XGHMAqXS0KOlYgEtPtHFEypRgNv5jYTJjyYB8LPL/maDgumbB8J
l8F9sT3fLOOWN00JU3F/OjrDYGZBzHyRva4vYrwTOlPHt5fCdKBVtbQiJMGdeEZH
a26PwsmQy4awNS7ZsZSXMGmwnS4mt9XqUfV6ls+17aB0ZMnx4So9kY4FH+QLR1Yc
ZvUjSC8ZiIsKWz9Tjv5/07BhhIaG8SL8Pbqn+dDFJnDovrJElRm/wGUhwEi2d3eT
FBiAkkfBvaWshg2aheEXMLnvft/a/vWfR0746oQ0A2P7DlgD+2Od
-----END CERTIFICATE-----