Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/uRZzWrdzvVwK7CXw9hWsfuttkwo.roa
File:                     uRZzWrdzvVwK7CXw9hWsfuttkwo.roa (raw, json)
Hash identifier:          uhulexUSdiSKNwUApSDXwwhoPVWzJNJyB4sGjQQ8+8Y=
Subject key identifier:   B9:16:73:5A:B7:73:BD:5C:0A:EC:25:F0:F6:15:AC:7E:EB:6D:93:0A
Certificate issuer:       /CN=c7c24de99101fafdf74bca293fd6d95060d50a63
Certificate serial:       018CC5DC498ECF69181374AF6E5097DB667E
Authority key identifier: C7:C2:4D:E9:91:01:FA:FD:F7:4B:CA:29:3F:D6:D9:50:60:D5:0A:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x8JN6ZEB-v33S8opP9bZUGDVCmM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/uRZzWrdzvVwK7CXw9hWsfuttkwo.roa
Signing time:             Mon 01 Jan 2024 16:29:57 +0000
ROA not before:           Mon 01 Jan 2024 16:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34659
IP address blocks:        87.89.96.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/x8JN6ZEB-v33S8opP9bZUGDVCmM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/x8JN6ZEB-v33S8opP9bZUGDVCmM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x8JN6ZEB-v33S8opP9bZUGDVCmM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:49:8e:cf:69:18:13:74:af:6e:50:97:db:66:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7c24de99101fafdf74bca293fd6d95060d50a63
        Validity
            Not Before: Jan  1 16:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b916735ab773bd5c0aec25f0f615ac7eeb6d930a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:16:5a:70:8d:01:88:92:00:be:00:76:61:ba:
                    05:a6:d5:d3:9a:5d:fc:21:b2:e3:f8:3a:c3:39:23:
                    c0:e1:a7:73:ec:38:97:57:8e:9e:37:df:0c:68:cb:
                    6e:3a:be:e1:19:24:15:e4:0e:9e:38:a7:0d:f3:18:
                    7d:cd:b2:ee:ab:df:5a:8d:f4:49:e1:3a:04:c3:f4:
                    61:cd:d7:16:8b:dc:52:2f:db:7c:3e:f1:b3:e4:ab:
                    32:96:d2:ed:0c:36:ed:ee:2d:cb:39:70:b3:ee:d3:
                    fb:08:46:45:97:ee:71:77:e0:1e:8d:21:ce:5f:5f:
                    6e:67:cb:70:9e:93:1a:3e:20:28:8e:1d:58:ec:bc:
                    3d:b4:31:12:ad:9d:7d:42:0e:03:e1:64:20:e7:db:
                    cc:85:58:05:27:7f:b7:79:ad:32:54:cd:33:6e:80:
                    6c:c3:4f:00:e1:1a:80:89:d8:a8:df:aa:c8:04:05:
                    b2:0e:8f:ef:59:41:36:14:7c:a4:c5:fd:b5:64:23:
                    ba:bd:db:6b:78:b6:15:59:76:26:ae:f2:3d:01:33:
                    5e:05:0f:da:91:2e:a4:c7:47:ca:ea:8a:be:10:68:
                    92:59:52:44:04:d8:93:b8:b7:61:5f:dc:8b:f6:c2:
                    42:f9:a2:83:01:0e:e6:e5:9a:8b:22:e8:59:7e:12:
                    5f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:16:73:5A:B7:73:BD:5C:0A:EC:25:F0:F6:15:AC:7E:EB:6D:93:0A
            X509v3 Authority Key Identifier:
                keyid:C7:C2:4D:E9:91:01:FA:FD:F7:4B:CA:29:3F:D6:D9:50:60:D5:0A:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x8JN6ZEB-v33S8opP9bZUGDVCmM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/uRZzWrdzvVwK7CXw9hWsfuttkwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/x8JN6ZEB-v33S8opP9bZUGDVCmM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.89.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         6a:50:ab:98:1e:b9:0b:8b:74:3e:44:b7:8c:4c:9a:5c:72:87:
         1f:27:6c:74:df:b0:34:5c:a3:6e:01:11:b2:3c:d4:1d:77:05:
         72:28:ad:34:60:e2:9a:a9:e0:4f:6c:28:a7:1e:52:db:67:d4:
         1d:2a:49:c4:2b:9d:e9:d8:bc:bf:7d:cb:fc:a8:61:74:91:16:
         a1:00:75:63:0c:f6:18:f6:ef:35:07:3a:ee:ca:71:1e:f9:eb:
         c7:0f:00:99:2a:3e:0a:ed:87:fe:57:61:04:d8:7a:b2:1f:a2:
         ab:62:96:07:a9:ec:b4:d2:95:15:1f:55:31:cc:0e:9b:46:08:
         ed:56:61:53:13:70:8a:16:f5:4f:58:76:dc:c8:30:8f:51:5c:
         ac:45:76:14:8d:d6:69:cf:a4:22:d0:f1:dc:a5:db:9b:24:a9:
         13:77:d3:40:0f:34:8d:ff:80:06:d2:81:df:fb:50:36:38:9f:
         db:66:72:d7:8c:69:ac:50:97:7e:9a:0b:aa:be:1d:50:e1:2f:
         02:70:c4:16:f6:5a:a5:b0:9e:e9:52:20:da:95:d1:f9:90:92:
         4f:84:b3:97:f9:5c:37:59:09:7a:a3:49:50:0f:d2:87:1c:26:
         67:6f:86:73:02:22:1b:eb:ff:84:18:9b:46:25:cf:cf:8d:b4:
         3c:8b:67:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3EmOz2kYE3SvblCX22Z+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3YzI0ZGU5OTEwMWZhZmRmNzRiY2EyOTNmZDZkOTUwNjBk
NTBhNjMwHhcNMjQwMTAxMTYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTE2NzM1YWI3NzNiZDVjMGFlYzI1ZjBmNjE1YWM3ZWViNmQ5MzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgBZacI0BiJIAvgB2YboFptXTml38
IbLj+DrDOSPA4adz7DiXV46eN98MaMtuOr7hGSQV5A6eOKcN8xh9zbLuq99ajfRJ
4ToEw/RhzdcWi9xSL9t8PvGz5KsyltLtDDbt7i3LOXCz7tP7CEZFl+5xd+AejSHO
X19uZ8twnpMaPiAojh1Y7Lw9tDESrZ19Qg4D4WQg59vMhVgFJ3+3ea0yVM0zboBs
w08A4RqAidio36rIBAWyDo/vWUE2FHykxf21ZCO6vdtreLYVWXYmrvI9ATNeBQ/a
kS6kx0fK6oq+EGiSWVJEBNiTuLdhX9yL9sJC+aKDAQ7m5ZqLIuhZfhJf0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLkWc1q3c71cCuwl8PYVrH7rbZMKMB8GA1UdIwQY
MBaAFMfCTemRAfr990vKKT/W2VBg1QpjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDhKTjZaRUItdjMzUzhvcFA5YlpVR0RWQ21NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9lYjAxM2YtNTc3NC00ZTA2LWE1ZDQt
ZWQ1ZDZjZThkN2U4LzEvdVJaeldyZHp2VndLN0NYdzloV3NmdXR0a3dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9lYjAxM2YtNTc3NC00ZTA2LWE1ZDQtZWQ1ZDZjZThkN2U4
LzEveDhKTjZaRUItdjMzUzhvcFA5YlpVR0RWQ21NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEV1lgMA0G
CSqGSIb3DQEBCwUAA4IBAQBqUKuYHrkLi3Q+RLeMTJpccocfJ2x037A0XKNuARGy
PNQddwVyKK00YOKaqeBPbCinHlLbZ9QdKknEK53p2Ly/fcv8qGF0kRahAHVjDPYY
9u81BzruynEe+evHDwCZKj4K7Yf+V2EE2HqyH6KrYpYHqey00pUVH1UxzA6bRgjt
VmFTE3CKFvVPWHbcyDCPUVysRXYUjdZpz6Qi0PHcpdubJKkTd9NADzSN/4AG0oHf
+1A2OJ/bZnLXjGmsUJd+mguqvh1Q4S8CcMQW9lqlsJ7pUiDaldH5kJJPhLOX+Vw3
WQl6o0lQD9KHHCZnb4ZzAiIb6/+EGJtGJc/PjbQ8i2ey
-----END CERTIFICATE-----