Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/lrWYFQ2jllpk5JZfrMkbA1_6PgU.roa
File:                     lrWYFQ2jllpk5JZfrMkbA1_6PgU.roa (raw, json)
Hash identifier:          XqTJjZtuLrkTux3xE+h/HUaU+CELbHn+205QoWwF/U0=
Subject key identifier:   96:B5:98:15:0D:A3:96:5A:64:E4:96:5F:AC:C9:1B:03:5F:FA:3E:05
Certificate issuer:       /CN=be40b3c2be7835d7b37b5826102f8746a5199d49
Certificate serial:       018CCA2A11C96873F0B945643780B34FD048
Authority key identifier: BE:40:B3:C2:BE:78:35:D7:B3:7B:58:26:10:2F:87:46:A5:19:9D:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vkCzwr54Ndeze1gmEC-HRqUZnUk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/lrWYFQ2jllpk5JZfrMkbA1_6PgU.roa
Signing time:             Tue 02 Jan 2024 12:33:23 +0000
ROA not before:           Tue 02 Jan 2024 12:33:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6830
IP address blocks:        185.87.77.0/24 maxlen: 24
                          185.87.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/vkCzwr54Ndeze1gmEC-HRqUZnUk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/vkCzwr54Ndeze1gmEC-HRqUZnUk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vkCzwr54Ndeze1gmEC-HRqUZnUk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:11:c9:68:73:f0:b9:45:64:37:80:b3:4f:d0:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be40b3c2be7835d7b37b5826102f8746a5199d49
        Validity
            Not Before: Jan  2 12:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96b598150da3965a64e4965facc91b035ffa3e05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b6:e3:2b:a9:d7:da:2c:d4:e9:be:ef:22:65:
                    aa:0c:58:57:96:3c:f1:31:35:f0:9f:9f:cf:31:49:
                    7b:e7:bc:d5:62:b2:96:42:4d:78:af:f7:b9:1a:68:
                    73:e1:8a:a9:4f:ac:fe:f2:f0:33:0a:a7:bc:d4:e6:
                    2b:b9:99:3b:8c:de:5c:2f:f5:a9:f5:21:fa:7f:c4:
                    cf:50:fc:ea:be:12:20:6a:14:b1:34:59:b1:d5:75:
                    74:62:9e:6a:c9:f7:78:49:19:01:9e:d9:41:ee:4f:
                    cc:e7:d8:b7:8c:93:9c:7b:05:00:b2:47:e3:74:2a:
                    14:63:14:f8:d3:70:43:0f:a6:a3:45:bd:c6:e7:f3:
                    e1:38:6c:7b:7a:3a:38:a4:cf:da:a5:46:12:22:4e:
                    53:db:46:05:23:b4:72:e3:48:da:53:b1:c7:62:f8:
                    ec:a3:ef:d8:c6:61:29:65:11:4b:ba:96:6c:25:62:
                    12:9d:5d:d4:d1:c6:54:2e:fe:84:de:bd:3c:21:04:
                    3b:15:3e:02:bc:5a:eb:b8:86:5b:02:c1:ea:5c:da:
                    ac:6d:5c:fd:0e:58:26:99:f5:86:b4:4f:f5:02:27:
                    94:9f:2c:31:2e:e1:a2:03:f2:e4:43:9f:0a:6e:16:
                    6a:fd:73:bc:bb:3a:71:21:66:72:d9:2d:7f:73:eb:
                    8e:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:B5:98:15:0D:A3:96:5A:64:E4:96:5F:AC:C9:1B:03:5F:FA:3E:05
            X509v3 Authority Key Identifier:
                keyid:BE:40:B3:C2:BE:78:35:D7:B3:7B:58:26:10:2F:87:46:A5:19:9D:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vkCzwr54Ndeze1gmEC-HRqUZnUk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/lrWYFQ2jllpk5JZfrMkbA1_6PgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/vkCzwr54Ndeze1gmEC-HRqUZnUk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         32:f7:98:71:7b:d3:50:21:08:65:be:aa:e6:1e:a0:d3:3b:7f:
         2f:09:39:ec:c3:31:57:b2:de:0c:ea:fe:d5:cb:e2:61:96:47:
         0d:c6:95:cc:95:a2:58:d6:75:19:e9:97:72:98:23:e8:b1:66:
         4d:17:e5:fd:ec:07:65:a4:ff:d6:95:4b:18:08:5e:77:e1:24:
         b7:ef:29:52:ea:71:2d:e9:bb:53:f6:8b:05:61:d3:ae:b2:d2:
         bf:45:f7:08:a7:e3:11:05:55:61:bf:1d:ae:18:3e:f3:f6:31:
         cb:09:89:48:fc:68:7f:35:92:cb:be:84:9c:fc:00:f7:cf:70:
         7b:cf:f5:c2:a6:31:96:8a:41:d9:2d:d8:49:25:30:5c:3a:e3:
         4e:d7:ee:e2:bf:ae:89:2d:3d:53:65:4b:ce:63:64:a4:23:48:
         57:17:cf:9c:40:58:66:c4:96:1d:cb:37:9e:43:ca:b6:5f:2b:
         7a:0f:00:f4:2f:33:af:cb:c1:b2:b1:f0:5c:8b:c0:95:d2:7b:
         74:09:9b:71:ca:b6:83:ad:23:f2:19:44:3f:70:b8:c9:2b:f4:
         ad:3e:cd:e5:ad:60:fe:d2:42:12:08:64:da:8f:d7:c6:c5:f6:
         60:29:49:6c:77:53:08:ae:a2:c3:4e:af:de:31:ea:9f:45:99:
         04:7d:5e:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKhHJaHPwuUVkN4CzT9BIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNDBiM2MyYmU3ODM1ZDdiMzdiNTgyNjEwMmY4NzQ2YTUx
OTlkNDkwHhcNMjQwMTAyMTIzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmI1OTgxNTBkYTM5NjVhNjRlNDk2NWZhY2M5MWIwMzVmZmEzZTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbbjK6nX2izU6b7vImWqDFhXljzx
MTXwn5/PMUl757zVYrKWQk14r/e5Gmhz4YqpT6z+8vAzCqe81OYruZk7jN5cL/Wp
9SH6f8TPUPzqvhIgahSxNFmx1XV0Yp5qyfd4SRkBntlB7k/M59i3jJOcewUAskfj
dCoUYxT403BDD6ajRb3G5/PhOGx7ejo4pM/apUYSIk5T20YFI7Ry40jaU7HHYvjs
o+/YxmEpZRFLupZsJWISnV3U0cZULv6E3r08IQQ7FT4CvFrruIZbAsHqXNqsbVz9
DlgmmfWGtE/1AieUnywxLuGiA/LkQ58KbhZq/XO8uzpxIWZy2S1/c+uOrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJa1mBUNo5ZaZOSWX6zJGwNf+j4FMB8GA1UdIwQY
MBaAFL5As8K+eDXXs3tYJhAvh0alGZ1JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmtDendyNTROZGV6ZTFnbUVDLUhScVVablVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9jNzE2MzYtZWRkOC00ZDExLTg1ZTgt
YjgzNGZhZjZhY2VkLzEvbHJXWUZRMmpsbHBrNUpaZnJNa2JBMV82UGdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9jNzE2MzYtZWRkOC00ZDExLTg1ZTgtYjgzNGZhZjZhY2Vk
LzEvdmtDendyNTROZGV6ZTFnbUVDLUhScVVablVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuVdMMA0G
CSqGSIb3DQEBCwUAA4IBAQAy95hxe9NQIQhlvqrmHqDTO38vCTnswzFXst4M6v7V
y+JhlkcNxpXMlaJY1nUZ6ZdymCPosWZNF+X97AdlpP/WlUsYCF534SS37ylS6nEt
6btT9osFYdOustK/RfcIp+MRBVVhvx2uGD7z9jHLCYlI/Gh/NZLLvoSc/AD3z3B7
z/XCpjGWikHZLdhJJTBcOuNO1+7iv66JLT1TZUvOY2SkI0hXF8+cQFhmxJYdyzee
Q8q2Xyt6DwD0LzOvy8GysfBci8CV0nt0CZtxyraDrSPyGUQ/cLjJK/StPs3lrWD+
0kISCGTaj9fGxfZgKUlsd1MIrqLDTq/eMeqfRZkEfV5J
-----END CERTIFICATE-----