Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/o8yXtimPpYW2I2ga8sv6F61VrAU.roa
File:                     o8yXtimPpYW2I2ga8sv6F61VrAU.roa (raw, json)
Hash identifier:          luCN8gFtn2uQaT0JDlg50KcaTUJ+kQWylQs5BIXe8GU=
Subject key identifier:   A3:CC:97:B6:29:8F:A5:85:B6:23:68:1A:F2:CB:FA:17:AD:55:AC:05
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       018CC6B93A58AEDCE65F2470C129F5187654
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/o8yXtimPpYW2I2ga8sv6F61VrAU.roa
Signing time:             Mon 01 Jan 2024 20:31:17 +0000
ROA not before:           Mon 01 Jan 2024 20:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202444
IP address blocks:        193.243.218.0/24 maxlen: 24
                          81.8.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3a:58:ae:dc:e6:5f:24:70:c1:29:f5:18:76:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 20:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3cc97b6298fa585b623681af2cbfa17ad55ac05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ce:6e:f4:e8:e0:d3:87:77:7b:9c:fc:21:c7:
                    d3:a3:5f:85:8d:f2:f3:8b:3b:7a:bf:fa:b7:60:ae:
                    bd:35:e1:eb:43:44:39:2e:f7:b3:0b:ea:1d:f5:51:
                    1f:f0:c9:6e:db:78:3d:b5:b1:a6:cb:3b:21:dc:9e:
                    c9:b0:11:c1:30:b5:c4:38:99:24:af:4a:24:d5:49:
                    ea:a5:a8:cf:2e:51:7e:fd:96:1f:6c:52:b9:a5:10:
                    ac:e7:f3:0a:6e:e1:aa:c9:2b:a1:0a:c4:e5:b4:6b:
                    e8:51:cc:46:6a:45:19:24:6d:d0:c5:a8:89:53:55:
                    59:b0:ae:22:df:37:57:c3:49:dd:0b:5a:c8:11:f8:
                    3d:63:b8:fc:51:d0:45:1f:ff:44:cb:2e:12:fc:d7:
                    11:1d:1f:e8:42:22:57:28:9a:12:20:95:0a:47:4b:
                    f1:2d:26:28:25:b0:4a:c7:9e:52:ac:94:0f:4f:b0:
                    0d:7e:dd:6c:73:78:ee:c9:f5:9c:8f:13:c2:fa:6d:
                    5c:b9:d6:2b:c6:1f:bd:ab:fa:28:d0:97:ad:a7:dd:
                    64:4a:ff:1d:03:67:42:14:6a:24:2b:53:ac:33:30:
                    9f:de:4b:95:e2:95:88:06:41:f4:66:58:d8:d2:ff:
                    99:00:be:11:76:ac:41:df:d8:76:0b:db:18:fc:bc:
                    29:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:CC:97:B6:29:8F:A5:85:B6:23:68:1A:F2:CB:FA:17:AD:55:AC:05
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/o8yXtimPpYW2I2ga8sv6F61VrAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.8.23.0/24
                  193.243.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:e3:07:8b:50:5c:d8:07:e4:09:9d:a7:0d:35:ef:62:29:0b:
         f5:5d:65:bd:a5:d6:5c:9c:c1:74:c0:1b:be:86:64:2e:d4:ad:
         6f:96:6b:f8:1c:58:55:09:f6:f2:cc:dc:45:1f:2f:1d:0e:70:
         34:eb:cd:9a:30:31:a0:94:94:fa:79:d9:c3:2e:43:72:1f:90:
         25:d7:f9:cd:29:69:98:91:96:aa:f2:fc:1c:20:84:b1:04:50:
         63:8c:bf:9e:e8:35:62:31:e1:a4:c3:f2:10:fe:26:23:2e:3f:
         72:f1:dc:45:a3:6b:7f:65:8e:df:d9:f5:6c:f2:3c:d9:a1:f4:
         24:31:98:f1:2d:f4:1f:2b:de:63:e9:c3:e8:49:0d:79:93:09:
         a7:ca:4d:02:d0:56:98:aa:cb:2e:55:b7:27:07:22:0c:67:79:
         69:3f:90:62:bb:56:2e:b0:33:e6:65:aa:00:88:b8:7d:ec:0d:
         c8:d0:f2:d8:5d:1e:05:92:4b:72:cf:50:81:b6:65:d5:50:b1:
         b8:48:c8:6b:1b:ac:55:1c:11:37:7e:9e:d2:a4:39:9b:92:01:
         2f:3d:3a:41:d1:6a:06:e3:48:d8:78:4b:3a:33:ef:50:c0:fa:
         86:4f:9c:94:53:06:ba:a4:7d:9a:88:48:c2:42:7e:16:71:0e:
         4c:f2:17:cd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuTpYrtzmXyRwwSn1GHZUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjQwMTAxMjAzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2NjOTdiNjI5OGZhNTg1YjYyMzY4MWFmMmNiZmExN2FkNTVhYzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoM5u9Ojg04d3e5z8IcfTo1+FjfLz
izt6v/q3YK69NeHrQ0Q5LvezC+od9VEf8Mlu23g9tbGmyzsh3J7JsBHBMLXEOJkk
r0ok1UnqpajPLlF+/ZYfbFK5pRCs5/MKbuGqySuhCsTltGvoUcxGakUZJG3QxaiJ
U1VZsK4i3zdXw0ndC1rIEfg9Y7j8UdBFH/9Eyy4S/NcRHR/oQiJXKJoSIJUKR0vx
LSYoJbBKx55SrJQPT7ANft1sc3juyfWcjxPC+m1cudYrxh+9q/oo0Jetp91kSv8d
A2dCFGokK1OsMzCf3kuV4pWIBkH0ZljY0v+ZAL4RdqxB39h2C9sY/LwpFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKPMl7Ypj6WFtiNoGvLL+hetVawFMB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvbzh5WHRpbVBwWVcySTJnYThzdjZGNjFWckFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUQgXAwQA
wfPaMA0GCSqGSIb3DQEBCwUAA4IBAQBi4weLUFzYB+QJnacNNe9iKQv1XWW9pdZc
nMF0wBu+hmQu1K1vlmv4HFhVCfbyzNxFHy8dDnA0682aMDGglJT6ednDLkNyH5Al
1/nNKWmYkZaq8vwcIISxBFBjjL+e6DViMeGkw/IQ/iYjLj9y8dxFo2t/ZY7f2fVs
8jzZofQkMZjxLfQfK95j6cPoSQ15kwmnyk0C0FaYqssuVbcnByIMZ3lpP5Biu1Yu
sDPmZaoAiLh97A3I0PLYXR4Fkktyz1CBtmXVULG4SMhrG6xVHBE3fp7SpDmbkgEv
PTpB0WoG40jYeEs6M+9QwPqGT5yUUwa6pH2aiEjCQn4WcQ5M8hfN
-----END CERTIFICATE-----