Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/3b8a40-7610-4e4d-9b37-741fa4e10e36/1/KICw7nNQh0jI5Mn3r7Y7-SXtxIw.roa
File:                     KICw7nNQh0jI5Mn3r7Y7-SXtxIw.roa (raw, json)
Hash identifier:          CJOFLgYEHcQqmQcYh9JPMInPPA34y5FPu2DwwTOL1cM=
Subject key identifier:   28:80:B0:EE:73:50:87:48:C8:E4:C9:F7:AF:B6:3B:F9:25:ED:C4:8C
Certificate issuer:       /CN=89ae220b4768da6e276e6a62edd6746d8fc3c1fb
Certificate serial:       018CC493387BFF84E19565ED36BDC63579A8
Authority key identifier: 89:AE:22:0B:47:68:DA:6E:27:6E:6A:62:ED:D6:74:6D:8F:C3:C1:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ia4iC0do2m4nbmpi7dZ0bY_Dwfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/3b8a40-7610-4e4d-9b37-741fa4e10e36/1/KICw7nNQh0jI5Mn3r7Y7-SXtxIw.roa
Signing time:             Mon 01 Jan 2024 10:30:31 +0000
ROA not before:           Mon 01 Jan 2024 10:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210711
IP address blocks:        94.154.121.0/24 maxlen: 24
                          2a11:48c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/3b8a40-7610-4e4d-9b37-741fa4e10e36/1/ia4iC0do2m4nbmpi7dZ0bY_Dwfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/3b8a40-7610-4e4d-9b37-741fa4e10e36/1/ia4iC0do2m4nbmpi7dZ0bY_Dwfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ia4iC0do2m4nbmpi7dZ0bY_Dwfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 12:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:38:7b:ff:84:e1:95:65:ed:36:bd:c6:35:79:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ae220b4768da6e276e6a62edd6746d8fc3c1fb
        Validity
            Not Before: Jan  1 10:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2880b0ee73508748c8e4c9f7afb63bf925edc48c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:c2:fc:4b:89:1b:e7:31:05:b8:27:6b:71:08:
                    17:e5:ea:89:05:e4:ae:82:73:8a:2e:a9:03:ba:80:
                    f7:f0:3b:cf:78:92:b9:46:01:bd:ac:6e:1a:cb:e8:
                    e6:24:ad:6f:5a:44:4e:f6:e4:47:80:d4:76:81:a6:
                    cd:38:54:6b:4a:3b:d6:c5:f7:5e:66:29:23:fc:f6:
                    bb:b7:5e:f9:1e:a0:dd:c0:29:37:e2:38:09:ae:9a:
                    3d:a8:d4:2e:1b:70:e2:a9:26:47:62:3f:ff:bf:51:
                    76:0c:8f:8e:64:46:70:2e:02:79:2d:c9:00:4a:34:
                    4e:66:a2:df:42:14:cf:03:3c:6b:8a:04:88:aa:bc:
                    7d:3a:52:8d:d8:5f:d2:e4:9a:c3:21:56:90:b2:c1:
                    d3:1d:ba:b4:e0:99:0c:fa:5e:09:ae:15:e2:ba:ee:
                    e6:cb:51:49:bd:a7:c3:af:c1:90:13:7f:88:40:e3:
                    1b:e0:8c:4d:c4:45:48:ec:21:2a:ec:d3:05:e6:12:
                    94:42:0e:c7:99:66:4c:91:b1:05:39:54:b6:e4:6b:
                    7c:01:fc:ba:f2:dd:32:51:f9:87:7d:25:d4:a2:da:
                    89:64:54:74:81:23:d2:76:c5:b8:d4:61:d3:c0:ee:
                    bd:03:1e:ae:f3:c4:e5:13:a3:32:01:c6:e7:fb:6e:
                    b0:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:80:B0:EE:73:50:87:48:C8:E4:C9:F7:AF:B6:3B:F9:25:ED:C4:8C
            X509v3 Authority Key Identifier:
                keyid:89:AE:22:0B:47:68:DA:6E:27:6E:6A:62:ED:D6:74:6D:8F:C3:C1:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ia4iC0do2m4nbmpi7dZ0bY_Dwfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/3b8a40-7610-4e4d-9b37-741fa4e10e36/1/KICw7nNQh0jI5Mn3r7Y7-SXtxIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/3b8a40-7610-4e4d-9b37-741fa4e10e36/1/ia4iC0do2m4nbmpi7dZ0bY_Dwfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.121.0/24
                IPv6:
                  2a11:48c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:39:9e:7d:01:3e:3a:0f:c0:ef:bc:e1:89:5f:cd:e3:7e:2d:
         d3:fc:eb:e9:9f:0b:be:da:a4:49:0e:74:f6:80:7e:f9:9a:dc:
         74:bf:f4:c4:2c:04:cd:f8:ae:b2:13:f7:78:02:de:56:17:39:
         42:8f:4e:b4:a0:a1:e2:ba:88:42:e2:7a:69:a0:1c:c2:9d:af:
         f2:c7:49:04:8d:b0:87:6e:a9:79:0c:fa:75:76:da:54:58:f6:
         f1:3b:23:92:4e:8f:de:b9:c1:80:a8:c6:d3:0f:ae:d6:ca:40:
         9f:10:0b:25:9a:30:8e:d4:46:46:50:99:63:78:ab:88:14:1c:
         44:68:b9:01:34:fc:fb:8a:98:89:68:d3:9a:bb:df:8f:d3:90:
         f1:69:26:5b:ab:01:53:09:1a:cc:04:81:9b:3b:66:1f:49:1a:
         05:eb:0f:0f:45:c5:b6:f8:3f:de:7a:2a:57:e9:53:b5:b5:71:
         14:93:10:46:8f:39:c1:db:2d:31:9d:60:ba:17:5a:8b:7c:6a:
         d1:b2:6c:bf:d1:ba:1c:e7:ea:f9:9d:15:9f:21:4c:ab:3b:11:
         95:d6:7a:3e:a9:35:f3:7c:ad:22:bf:92:4b:91:74:dc:bc:ce:
         4e:e7:f2:3f:ea:db:87:09:99:bd:bf:c9:b4:09:dd:f6:60:60:
         1d:59:39:e1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkzh7/4ThlWXtNr3GNXmoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWUyMjBiNDc2OGRhNmUyNzZlNmE2MmVkZDY3NDZkOGZj
M2MxZmIwHhcNMjQwMTAxMTAzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODgwYjBlZTczNTA4NzQ4YzhlNGM5ZjdhZmI2M2JmOTI1ZWRjNDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ML8S4kb5zEFuCdrcQgX5eqJBeSu
gnOKLqkDuoD38DvPeJK5RgG9rG4ay+jmJK1vWkRO9uRHgNR2gabNOFRrSjvWxfde
Zikj/Pa7t175HqDdwCk34jgJrpo9qNQuG3DiqSZHYj//v1F2DI+OZEZwLgJ5LckA
SjROZqLfQhTPAzxrigSIqrx9OlKN2F/S5JrDIVaQssHTHbq04JkM+l4JrhXiuu7m
y1FJvafDr8GQE3+IQOMb4IxNxEVI7CEq7NMF5hKUQg7HmWZMkbEFOVS25Gt8Afy6
8t0yUfmHfSXUotqJZFR0gSPSdsW41GHTwO69Ax6u88TlE6MyAcbn+26w+QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCiAsO5zUIdIyOTJ96+2O/kl7cSMMB8GA1UdIwQY
MBaAFImuIgtHaNpuJ25qYu3WdG2Pw8H7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWE0aUMwZG8ybTRuYm1waTdkWjBiWV9Ed2ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8zYjhhNDAtNzYxMC00ZTRkLTliMzct
NzQxZmE0ZTEwZTM2LzEvS0lDdzduTlFoMGpJNU1uM3I3WTctU1h0eEl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8zYjhhNDAtNzYxMC00ZTRkLTliMzctNzQxZmE0ZTEwZTM2
LzEvaWE0aUMwZG8ybTRuYm1waTdkWjBiWV9Ed2ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAXpp5MA0E
AgACMAcDBQMqEUjAMA0GCSqGSIb3DQEBCwUAA4IBAQBvOZ59AT46D8DvvOGJX83j
fi3T/Ovpnwu+2qRJDnT2gH75mtx0v/TELATN+K6yE/d4At5WFzlCj060oKHiuohC
4nppoBzCna/yx0kEjbCHbql5DPp1dtpUWPbxOyOSTo/eucGAqMbTD67WykCfEAsl
mjCO1EZGUJljeKuIFBxEaLkBNPz7ipiJaNOau9+P05DxaSZbqwFTCRrMBIGbO2Yf
SRoF6w8PRcW2+D/eeipX6VO1tXEUkxBGjznB2y0xnWC6F1qLfGrRsmy/0boc5+r5
nRWfIUyrOxGV1no+qTXzfK0iv5JLkXTcvM5O5/I/6tuHCZm9v8m0Cd32YGAdWTnh
-----END CERTIFICATE-----