Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/f852ac-9e98-45b7-877f-229e2cb0f66c/1/IT9XVXVQjP7pV3rAxzRA337GNwY.roa
File:                     IT9XVXVQjP7pV3rAxzRA337GNwY.roa (raw, json)
Hash identifier:          W7ibO8EaUe6P+kFtq5onsg140R2hJ5m2GkZ04HMvEpU=
Subject key identifier:   21:3F:57:55:75:50:8C:FE:E9:57:7A:C0:C7:34:40:DF:7E:C6:37:06
Certificate issuer:       /CN=fde76ca85e96541a5add3cacaf1e5e114faa47ef
Certificate serial:       018CC726ECD93A636AE158935EFD61F10841
Authority key identifier: FD:E7:6C:A8:5E:96:54:1A:5A:DD:3C:AC:AF:1E:5E:11:4F:AA:47:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_edsqF6WVBpa3Tysrx5eEU-qR-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/f852ac-9e98-45b7-877f-229e2cb0f66c/1/IT9XVXVQjP7pV3rAxzRA337GNwY.roa
Signing time:             Mon 01 Jan 2024 22:31:06 +0000
ROA not before:           Mon 01 Jan 2024 22:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209665
IP address blocks:        62.32.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/f852ac-9e98-45b7-877f-229e2cb0f66c/1/_edsqF6WVBpa3Tysrx5eEU-qR-8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/f852ac-9e98-45b7-877f-229e2cb0f66c/1/_edsqF6WVBpa3Tysrx5eEU-qR-8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_edsqF6WVBpa3Tysrx5eEU-qR-8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 12:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:ec:d9:3a:63:6a:e1:58:93:5e:fd:61:f1:08:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fde76ca85e96541a5add3cacaf1e5e114faa47ef
        Validity
            Not Before: Jan  1 22:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=213f575575508cfee9577ac0c73440df7ec63706
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:2e:04:61:27:4c:64:9c:c8:fa:66:ff:5c:6c:
                    a4:f8:12:20:dc:25:c3:5f:f0:79:7d:dc:48:e6:ca:
                    2e:32:41:f3:cc:58:61:72:bc:69:53:f9:ed:a5:07:
                    3d:d4:8e:9a:1e:d0:f8:0d:7c:92:dd:2e:12:82:46:
                    b9:90:c9:83:8e:e0:7b:d3:eb:3f:2b:46:c2:41:4c:
                    cc:d1:ba:85:54:ec:a2:17:05:fe:87:8a:ff:4b:23:
                    8d:15:1b:b1:60:01:1a:4f:70:7e:7e:4e:55:b4:b6:
                    0a:a3:52:f4:08:67:76:64:8e:9e:10:8e:03:79:eb:
                    f1:61:57:54:2a:a7:79:5c:a9:c7:1a:ad:6b:bf:1f:
                    ca:13:6a:7d:98:92:40:c3:0a:09:dc:2a:2c:80:f8:
                    c3:62:9b:b0:68:be:3f:24:87:cb:62:16:f6:b6:56:
                    ec:be:a3:0c:39:57:c7:8a:d5:00:7a:01:d5:d8:45:
                    c0:29:c9:55:05:e7:7b:48:1c:13:8d:86:b8:92:f7:
                    a9:13:c0:7f:f8:f3:07:73:1f:3a:1e:7e:82:6a:66:
                    5e:81:8a:89:83:58:4e:58:69:97:05:84:27:32:cd:
                    dc:48:04:93:2d:7b:db:7d:58:85:c0:6f:c1:0e:54:
                    80:00:49:90:a3:ab:04:be:7b:26:f9:89:7c:dc:f3:
                    69:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:3F:57:55:75:50:8C:FE:E9:57:7A:C0:C7:34:40:DF:7E:C6:37:06
            X509v3 Authority Key Identifier:
                keyid:FD:E7:6C:A8:5E:96:54:1A:5A:DD:3C:AC:AF:1E:5E:11:4F:AA:47:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_edsqF6WVBpa3Tysrx5eEU-qR-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/f852ac-9e98-45b7-877f-229e2cb0f66c/1/IT9XVXVQjP7pV3rAxzRA337GNwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/f852ac-9e98-45b7-877f-229e2cb0f66c/1/_edsqF6WVBpa3Tysrx5eEU-qR-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.32.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:20:3e:7d:c0:e6:bd:e3:2b:df:cd:da:71:98:6d:7d:0d:4b:
         e8:be:5f:d6:60:2a:7c:20:49:aa:9d:45:f2:f1:d4:4c:ec:15:
         ff:0f:09:a0:4b:e8:55:79:8f:90:7a:31:0a:d5:9d:80:f9:52:
         25:96:31:2f:8a:4c:c2:ca:73:15:2b:07:11:e9:e8:db:c8:9b:
         58:5d:9d:92:a3:18:bc:f2:9b:a2:a8:8a:e9:17:92:0f:26:d8:
         5d:43:3b:ae:83:b8:3f:23:73:b3:9c:02:34:ce:54:ae:e0:79:
         f4:fe:90:a4:33:cd:6b:cf:6e:ef:e2:9b:ae:e4:be:53:47:bd:
         06:c7:3d:f9:cc:2e:99:4f:e3:fd:c8:79:23:df:4d:69:2f:99:
         76:b4:0e:84:3a:67:10:0a:ce:41:2c:8c:3e:1d:34:dc:a0:a7:
         54:4d:5f:58:3c:1b:c7:88:ec:3c:a2:51:41:c2:15:45:91:4d:
         99:da:37:ef:cf:9c:89:af:e0:f2:0c:75:c3:dc:d8:05:15:a3:
         0e:2b:33:1b:77:1b:26:29:90:97:43:38:be:7a:24:72:2b:b8:
         5a:17:c8:58:54:f4:9a:49:89:e9:5b:a0:c7:88:08:1d:be:00:
         58:2d:c3:5d:56:8f:4a:87:2c:df:b4:b2:cd:11:04:01:ab:e3:
         01:ce:db:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJuzZOmNq4ViTXv1h8QhBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZTc2Y2E4NWU5NjU0MWE1YWRkM2NhY2FmMWU1ZTExNGZh
YTQ3ZWYwHhcNMjQwMTAxMjIzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTNmNTc1NTc1NTA4Y2ZlZTk1NzdhYzBjNzM0NDBkZjdlYzYzNzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxC4EYSdMZJzI+mb/XGyk+BIg3CXD
X/B5fdxI5souMkHzzFhhcrxpU/ntpQc91I6aHtD4DXyS3S4Sgka5kMmDjuB70+s/
K0bCQUzM0bqFVOyiFwX+h4r/SyONFRuxYAEaT3B+fk5VtLYKo1L0CGd2ZI6eEI4D
eevxYVdUKqd5XKnHGq1rvx/KE2p9mJJAwwoJ3CosgPjDYpuwaL4/JIfLYhb2tlbs
vqMMOVfHitUAegHV2EXAKclVBed7SBwTjYa4kvepE8B/+PMHcx86Hn6CamZegYqJ
g1hOWGmXBYQnMs3cSASTLXvbfViFwG/BDlSAAEmQo6sEvnsm+Yl83PNpgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCE/V1V1UIz+6Vd6wMc0QN9+xjcGMB8GA1UdIwQY
MBaAFP3nbKhellQaWt08rK8eXhFPqkfvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2Vkc3FGNldWQnBhM1R5c3J4NWVFVS1xUi04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9mODUyYWMtOWU5OC00NWI3LTg3N2Yt
MjI5ZTJjYjBmNjZjLzEvSVQ5WFZYVlFqUDdwVjNyQXh6UkEzMzdHTndZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9mODUyYWMtOWU5OC00NWI3LTg3N2YtMjI5ZTJjYjBmNjZj
LzEvX2Vkc3FGNldWQnBhM1R5c3J4NWVFVS1xUi04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPiBOMA0G
CSqGSIb3DQEBCwUAA4IBAQBnID59wOa94yvfzdpxmG19DUvovl/WYCp8IEmqnUXy
8dRM7BX/DwmgS+hVeY+QejEK1Z2A+VIlljEvikzCynMVKwcR6ejbyJtYXZ2Soxi8
8puiqIrpF5IPJthdQzuug7g/I3OznAI0zlSu4Hn0/pCkM81rz27v4puu5L5TR70G
xz35zC6ZT+P9yHkj301pL5l2tA6EOmcQCs5BLIw+HTTcoKdUTV9YPBvHiOw8olFB
whVFkU2Z2jfvz5yJr+DyDHXD3NgFFaMOKzMbdxsmKZCXQzi+eiRyK7haF8hYVPSa
SYnpW6DHiAgdvgBYLcNdVo9KhyzftLLNEQQBq+MBztvh
-----END CERTIFICATE-----