Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/8f0218-543d-4943-8e3c-aef1b34a287d/1/Ic7zTnfXoP3buabFFxUlc9UBgkM.roa
File:                     Ic7zTnfXoP3buabFFxUlc9UBgkM.roa (raw, json)
Hash identifier:          0hLRM0jVZUVbwPst+dvZ7mxqrrgs+2jJp0cWSGuI2Rs=
Subject key identifier:   21:CE:F3:4E:77:D7:A0:FD:DB:B9:A6:C5:17:15:25:73:D5:01:82:43
Certificate issuer:       /CN=ca58aeb4129f8e2c9bc42cd19185c8d7f0e6eaf9
Certificate serial:       018CC94D66109B08DB474F16C7707AF00096
Authority key identifier: CA:58:AE:B4:12:9F:8E:2C:9B:C4:2C:D1:91:85:C8:D7:F0:E6:EA:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yliutBKfjiybxCzRkYXI1_Dm6vk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/8f0218-543d-4943-8e3c-aef1b34a287d/1/Ic7zTnfXoP3buabFFxUlc9UBgkM.roa
Signing time:             Tue 02 Jan 2024 08:32:21 +0000
ROA not before:           Tue 02 Jan 2024 08:32:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208709
IP address blocks:        194.113.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/8f0218-543d-4943-8e3c-aef1b34a287d/1/yliutBKfjiybxCzRkYXI1_Dm6vk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/8f0218-543d-4943-8e3c-aef1b34a287d/1/yliutBKfjiybxCzRkYXI1_Dm6vk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yliutBKfjiybxCzRkYXI1_Dm6vk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:66:10:9b:08:db:47:4f:16:c7:70:7a:f0:00:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca58aeb4129f8e2c9bc42cd19185c8d7f0e6eaf9
        Validity
            Not Before: Jan  2 08:32:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21cef34e77d7a0fddbb9a6c517152573d5018243
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:97:8f:b4:ea:62:f4:98:75:9f:8e:1e:99:72:
                    32:4e:32:9d:07:85:7a:6d:fe:ee:7d:08:91:a6:fa:
                    55:c0:a6:62:8b:3c:d1:50:a8:ec:96:bd:96:6f:56:
                    5f:74:88:6c:6f:a3:d4:db:2e:b8:9b:32:4e:e6:5b:
                    ab:ab:0d:59:9a:23:ab:bb:4f:7e:26:02:da:33:ce:
                    7a:94:16:68:63:d1:5d:52:5e:b9:4f:f0:61:c7:cc:
                    07:00:5f:2f:76:90:50:e0:c0:e9:05:61:8a:1a:e4:
                    fc:22:4b:57:0a:cf:43:52:d8:f3:fb:90:fb:35:b5:
                    33:90:1d:00:84:4e:a7:f3:7d:d5:97:8f:73:f5:cf:
                    9a:ac:97:a9:9f:29:50:23:b0:b4:11:4e:de:cf:f7:
                    8d:5d:19:ce:5a:b6:9d:d9:6d:73:8b:89:12:c6:a1:
                    b4:1f:7e:01:97:0c:47:df:07:54:b1:a0:6e:b3:9f:
                    ee:f9:af:1e:0c:c0:58:21:6d:58:d0:aa:85:5a:7b:
                    26:0c:fb:e1:be:27:8f:64:c7:60:3c:1a:b0:e5:1e:
                    cc:f6:93:32:77:86:50:7d:63:ed:ba:54:21:d6:33:
                    b0:04:51:c5:db:d9:eb:df:36:d0:60:77:45:82:97:
                    17:32:2a:09:d1:dc:f3:79:37:01:c9:d2:82:7f:d0:
                    13:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:CE:F3:4E:77:D7:A0:FD:DB:B9:A6:C5:17:15:25:73:D5:01:82:43
            X509v3 Authority Key Identifier:
                keyid:CA:58:AE:B4:12:9F:8E:2C:9B:C4:2C:D1:91:85:C8:D7:F0:E6:EA:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yliutBKfjiybxCzRkYXI1_Dm6vk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/8f0218-543d-4943-8e3c-aef1b34a287d/1/Ic7zTnfXoP3buabFFxUlc9UBgkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/8f0218-543d-4943-8e3c-aef1b34a287d/1/yliutBKfjiybxCzRkYXI1_Dm6vk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:01:d4:74:38:15:da:7f:56:14:33:09:79:34:73:1d:ef:37:
         cf:6e:f5:b8:19:ef:75:0e:72:c2:32:a0:64:e5:fa:d7:2b:d5:
         6e:db:f5:59:bf:c9:dd:29:e2:bc:f6:2a:4d:55:c1:55:3e:b4:
         36:50:fc:1a:df:b8:6b:21:68:00:34:59:15:2d:15:14:e7:f8:
         56:a3:76:a1:0f:5d:9f:ad:8e:49:50:a2:22:df:0b:bb:25:21:
         8d:6f:24:ad:13:8d:77:e0:58:fd:1b:08:5b:38:b1:e6:84:b8:
         d2:e1:aa:2e:c5:e9:21:ad:cc:af:19:f2:0a:fc:03:50:35:68:
         84:11:f9:98:59:e5:cc:22:35:f9:dc:36:6e:1f:96:9a:f9:a0:
         60:9b:6e:d7:97:5a:84:0e:b6:0b:5d:6e:c4:e7:9f:88:d3:28:
         0f:42:a3:99:ae:4a:52:89:30:b6:d7:6d:0f:c8:d5:f8:8c:ae:
         b2:e6:27:7a:7a:9c:53:bb:53:69:fc:b2:a0:23:6c:52:14:7c:
         2d:2e:8d:27:67:39:a6:e5:c0:6e:d8:83:ff:ae:39:e0:01:3a:
         bf:21:ab:4e:8d:8f:8d:61:3a:50:11:83:96:65:90:67:2e:ae:
         23:96:d6:fa:4f:0b:c4:97:bf:cb:39:af:4e:a2:fc:6e:08:e6:
         5c:81:d5:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTWYQmwjbR08Wx3B68ACWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNThhZWI0MTI5ZjhlMmM5YmM0MmNkMTkxODVjOGQ3ZjBl
NmVhZjkwHhcNMjQwMTAyMDgzMjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWNlZjM0ZTc3ZDdhMGZkZGJiOWE2YzUxNzE1MjU3M2Q1MDE4MjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpePtOpi9Jh1n44emXIyTjKdB4V6
bf7ufQiRpvpVwKZiizzRUKjslr2Wb1ZfdIhsb6PU2y64mzJO5lurqw1ZmiOru09+
JgLaM856lBZoY9FdUl65T/Bhx8wHAF8vdpBQ4MDpBWGKGuT8IktXCs9DUtjz+5D7
NbUzkB0AhE6n833Vl49z9c+arJepnylQI7C0EU7ez/eNXRnOWrad2W1zi4kSxqG0
H34BlwxH3wdUsaBus5/u+a8eDMBYIW1Y0KqFWnsmDPvhviePZMdgPBqw5R7M9pMy
d4ZQfWPtulQh1jOwBFHF29nr3zbQYHdFgpcXMioJ0dzzeTcBydKCf9ATdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCHO805316D927mmxRcVJXPVAYJDMB8GA1UdIwQY
MBaAFMpYrrQSn44sm8Qs0ZGFyNfw5ur5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWxpdXRCS2ZqaXlieEN6UmtZWEkxX0RtNnZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS84ZjAyMTgtNTQzZC00OTQzLThlM2Mt
YWVmMWIzNGEyODdkLzEvSWM3elRuZlhvUDNidWFiRkZ4VWxjOVVCZ2tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS84ZjAyMTgtNTQzZC00OTQzLThlM2MtYWVmMWIzNGEyODdk
LzEveWxpdXRCS2ZqaXlieEN6UmtZWEkxX0RtNnZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnF0MA0G
CSqGSIb3DQEBCwUAA4IBAQCHAdR0OBXaf1YUMwl5NHMd7zfPbvW4Ge91DnLCMqBk
5frXK9Vu2/VZv8ndKeK89ipNVcFVPrQ2UPwa37hrIWgANFkVLRUU5/hWo3ahD12f
rY5JUKIi3wu7JSGNbyStE4134Fj9GwhbOLHmhLjS4aouxekhrcyvGfIK/ANQNWiE
EfmYWeXMIjX53DZuH5aa+aBgm27Xl1qEDrYLXW7E55+I0ygPQqOZrkpSiTC2120P
yNX4jK6y5id6epxTu1Np/LKgI2xSFHwtLo0nZzmm5cBu2IP/rjngATq/IatOjY+N
YTpQEYOWZZBnLq4jltb6TwvEl7/LOa9OovxuCOZcgdWL
-----END CERTIFICATE-----