Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/_I1-i6IZGCeN7LPwKnpNfshmo80.roa
File:                     _I1-i6IZGCeN7LPwKnpNfshmo80.roa (raw, json)
Hash identifier:          lY6mi9OM1c+wvW1OBnAZR3N+HNzrJ463MUoh/E7WqpA=
Subject key identifier:   FC:8D:7E:8B:A2:19:18:27:8D:EC:B3:F0:2A:7A:4D:7E:C8:66:A3:CD
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       018CC64B62B8BF3525F711D128DC3D1CB80F
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/_I1-i6IZGCeN7LPwKnpNfshmo80.roa
Signing time:             Mon 01 Jan 2024 18:31:18 +0000
ROA not before:           Mon 01 Jan 2024 18:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        178.212.230.0/24 maxlen: 24
                          194.26.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 02:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:62:b8:bf:35:25:f7:11:d1:28:dc:3d:1c:b8:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jan  1 18:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc8d7e8ba21918278decb3f02a7a4d7ec866a3cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:15:09:d0:e0:18:86:41:f4:0d:49:df:7b:b9:
                    bf:49:51:ed:8e:bf:63:90:42:b0:ba:1a:63:0a:e8:
                    04:84:57:1c:fe:22:fd:99:f8:38:15:e5:5f:76:a0:
                    db:5f:52:43:4c:1c:a6:f8:d4:ca:b6:fb:29:b3:84:
                    1c:35:42:25:2a:18:c9:e2:f1:d5:7c:20:a9:65:19:
                    f2:d7:39:53:45:d7:06:6b:8f:dd:c9:0c:6c:0e:a4:
                    39:c9:59:45:a2:a4:f8:08:27:83:a1:7b:29:23:63:
                    6a:7d:ea:b4:a6:32:ba:ed:21:1c:0e:fb:16:f3:b7:
                    dd:9d:32:1d:79:5c:c0:f1:a2:88:2a:12:fd:03:6a:
                    71:06:09:4c:de:5e:c2:c5:94:6a:76:98:4c:5e:50:
                    58:aa:8d:11:bd:9a:16:c2:cf:2d:f0:70:dc:34:bd:
                    66:05:7f:23:83:ae:63:ad:df:27:f9:02:8c:1a:bc:
                    7c:55:ff:90:7f:6c:e8:ef:c6:30:58:ff:99:e5:c4:
                    2f:b2:45:85:fe:99:b9:29:03:a6:93:f7:21:fc:16:
                    76:6b:5c:56:c4:47:b4:8d:df:24:0e:7b:55:1c:3a:
                    33:be:2f:c9:ea:11:91:00:70:44:cb:64:1a:70:19:
                    13:3b:ab:5c:cb:ec:99:c9:0e:9c:ff:21:89:25:3c:
                    6a:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:8D:7E:8B:A2:19:18:27:8D:EC:B3:F0:2A:7A:4D:7E:C8:66:A3:CD
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/_I1-i6IZGCeN7LPwKnpNfshmo80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.212.230.0/24
                  194.26.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:8e:fa:9b:6c:9d:98:1a:24:46:35:9d:93:f5:b1:d5:61:a6:
         fd:2a:1f:80:7a:1f:7c:19:96:9b:db:68:29:5c:aa:d3:77:49:
         8e:66:6a:67:39:25:92:ad:28:62:73:56:5f:76:f0:74:ce:09:
         de:68:85:0e:69:43:2a:42:11:94:d6:6c:27:77:7e:00:de:2b:
         7e:c5:f9:fb:65:a0:90:72:fd:14:a7:c5:a4:67:a9:de:75:a5:
         59:e2:2e:27:db:46:96:2d:9e:0c:72:79:90:65:90:3c:21:d4:
         a6:dc:b6:a8:59:db:7e:57:28:c2:04:fb:1d:8f:09:36:22:0b:
         3e:e6:19:c8:6d:63:5d:3b:2c:5b:cf:a6:90:d5:92:9a:d7:8f:
         11:b4:26:04:64:83:78:d5:ab:f3:8d:1e:d2:24:b3:c2:50:e5:
         45:0e:ae:31:b7:87:ee:17:e9:78:17:ae:f7:b1:92:41:ed:3b:
         67:c0:45:7e:21:93:10:1f:a8:42:b2:99:ec:56:01:c8:ce:90:
         77:bc:b6:90:15:61:59:4e:3d:bd:d9:3f:03:50:64:ad:5c:73:
         01:37:db:e8:c3:c7:a0:42:ce:9c:ad:2e:f8:b6:e4:5a:ff:2f:
         27:99:33:4a:d7:d5:5e:27:b0:8f:bb:fe:27:1f:5a:3b:6f:03:
         ec:88:d9:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGS2K4vzUl9xHRKNw9HLgPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjQwMTAxMTgzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzhkN2U4YmEyMTkxODI3OGRlY2IzZjAyYTdhNGQ3ZWM4NjZhM2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBUJ0OAYhkH0DUnfe7m/SVHtjr9j
kEKwuhpjCugEhFcc/iL9mfg4FeVfdqDbX1JDTBym+NTKtvsps4QcNUIlKhjJ4vHV
fCCpZRny1zlTRdcGa4/dyQxsDqQ5yVlFoqT4CCeDoXspI2Nqfeq0pjK67SEcDvsW
87fdnTIdeVzA8aKIKhL9A2pxBglM3l7CxZRqdphMXlBYqo0RvZoWws8t8HDcNL1m
BX8jg65jrd8n+QKMGrx8Vf+Qf2zo78YwWP+Z5cQvskWF/pm5KQOmk/ch/BZ2a1xW
xEe0jd8kDntVHDozvi/J6hGRAHBEy2QacBkTO6tcy+yZyQ6c/yGJJTxqbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPyNfouiGRgnjeyz8Cp6TX7IZqPNMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvX0kxLWk2SVpHQ2VON0xQd0tucE5mc2htbzgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAstTmAwQA
whrqMA0GCSqGSIb3DQEBCwUAA4IBAQB3jvqbbJ2YGiRGNZ2T9bHVYab9Kh+Aeh98
GZab22gpXKrTd0mOZmpnOSWSrShic1ZfdvB0zgneaIUOaUMqQhGU1mwnd34A3it+
xfn7ZaCQcv0Up8WkZ6nedaVZ4i4n20aWLZ4McnmQZZA8IdSm3LaoWdt+VyjCBPsd
jwk2Igs+5hnIbWNdOyxbz6aQ1ZKa148RtCYEZIN41avzjR7SJLPCUOVFDq4xt4fu
F+l4F673sZJB7TtnwEV+IZMQH6hCspnsVgHIzpB3vLaQFWFZTj292T8DUGStXHMB
N9vow8egQs6crS74tuRa/y8nmTNK19VeJ7CPu/4nH1o7bwPsiNlH
-----END CERTIFICATE-----