Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/2753dd-7444-4b97-b73b-0b34edc418d8/1/d9pbXLJu_AUK0dAPk-kybpPDWtk.roa
File:                     d9pbXLJu_AUK0dAPk-kybpPDWtk.roa (raw, json)
Hash identifier:          01rgo6OFKBopMqnqJAhwpX/twD6uW4EMn+almXTo/X0=
Subject key identifier:   77:DA:5B:5C:B2:6E:FC:05:0A:D1:D0:0F:93:E9:32:6E:93:C3:5A:D9
Certificate issuer:       /CN=6279db14ac018be3b67d20b67e0d9ba376dbd9bf
Certificate serial:       018CC79519E390D4CD77CB5868D5E773C626
Authority key identifier: 62:79:DB:14:AC:01:8B:E3:B6:7D:20:B6:7E:0D:9B:A3:76:DB:D9:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YnnbFKwBi-O2fSC2fg2bo3bb2b8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/2753dd-7444-4b97-b73b-0b34edc418d8/1/d9pbXLJu_AUK0dAPk-kybpPDWtk.roa
Signing time:             Tue 02 Jan 2024 00:31:26 +0000
ROA not before:           Tue 02 Jan 2024 00:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200043
IP address blocks:        217.18.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/2753dd-7444-4b97-b73b-0b34edc418d8/1/YnnbFKwBi-O2fSC2fg2bo3bb2b8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/2753dd-7444-4b97-b73b-0b34edc418d8/1/YnnbFKwBi-O2fSC2fg2bo3bb2b8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YnnbFKwBi-O2fSC2fg2bo3bb2b8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:19:e3:90:d4:cd:77:cb:58:68:d5:e7:73:c6:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6279db14ac018be3b67d20b67e0d9ba376dbd9bf
        Validity
            Not Before: Jan  2 00:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77da5b5cb26efc050ad1d00f93e9326e93c35ad9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:34:e9:e8:1c:86:b2:48:49:e6:8e:fb:f2:24:
                    1a:f0:90:1e:7d:96:ad:ab:9b:13:e5:00:9d:91:cd:
                    ac:bd:eb:5a:89:9c:64:97:aa:29:54:a1:bd:ce:8b:
                    5c:1b:de:92:d3:bd:59:f4:d3:b4:1e:81:43:58:14:
                    12:e6:a4:52:d0:68:c1:62:d6:6c:41:30:7c:ba:76:
                    79:9e:97:93:a4:80:53:cf:ed:aa:aa:a7:8d:eb:74:
                    a9:bb:66:0f:80:a3:d7:7c:fd:8c:7f:88:c0:7a:59:
                    38:b2:cf:a5:7a:5c:ce:1f:25:3a:9e:9e:be:c9:b6:
                    94:9e:7d:5c:6f:11:19:54:2a:49:3f:ce:05:3b:81:
                    31:0e:26:6e:e3:d0:54:6d:c0:ae:bf:35:c4:81:4e:
                    cd:3e:80:95:35:e6:9d:1e:3a:f9:39:ff:4e:f7:a8:
                    5c:c1:ab:77:a2:4d:c8:6b:da:8d:b4:30:86:76:41:
                    4c:12:69:57:8b:fb:47:93:a9:06:1f:8d:4c:6a:b2:
                    64:81:49:01:b5:33:b4:47:e7:48:8d:e0:a1:9d:fa:
                    d6:7f:a8:fa:23:08:92:d5:4c:f9:d6:ed:55:0e:81:
                    58:ae:79:ad:8f:fd:38:8f:1f:14:fa:58:c0:35:05:
                    cf:10:0e:9c:58:1b:48:75:42:40:a8:35:cc:bc:14:
                    ad:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:DA:5B:5C:B2:6E:FC:05:0A:D1:D0:0F:93:E9:32:6E:93:C3:5A:D9
            X509v3 Authority Key Identifier:
                keyid:62:79:DB:14:AC:01:8B:E3:B6:7D:20:B6:7E:0D:9B:A3:76:DB:D9:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YnnbFKwBi-O2fSC2fg2bo3bb2b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/2753dd-7444-4b97-b73b-0b34edc418d8/1/d9pbXLJu_AUK0dAPk-kybpPDWtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/2753dd-7444-4b97-b73b-0b34edc418d8/1/YnnbFKwBi-O2fSC2fg2bo3bb2b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:c5:b2:62:ee:fd:f2:57:d6:27:70:0e:64:6a:23:7a:70:e3:
         93:2b:a4:11:2e:a3:4b:2a:78:a6:52:d7:59:54:e3:d1:06:8b:
         12:24:f4:42:1a:7c:73:10:b7:9a:f2:e5:d4:7c:67:50:72:cb:
         79:59:98:bd:ac:b6:fd:a4:e5:e6:1d:df:45:b2:f7:1c:46:f8:
         4e:80:b4:30:f3:64:0b:9b:43:2f:74:0f:8a:d1:49:0a:5b:a9:
         04:a1:50:ac:ea:c6:26:f4:22:19:86:7a:58:0e:f4:a8:6b:09:
         47:d0:ae:51:87:ab:35:5a:34:98:4b:8a:86:66:1b:2a:8d:b8:
         0d:2f:5e:f1:a6:7f:17:7c:bd:0e:26:d8:8c:fd:b6:7d:b7:fc:
         41:25:3c:38:41:e9:15:ae:8f:fd:ad:58:1c:d2:8e:55:7f:7b:
         f5:db:82:6b:b3:8c:2d:37:23:07:dd:fc:c1:e8:eb:e7:11:c6:
         5e:58:ee:b0:48:f0:f1:1b:6c:bd:1d:b3:5a:f3:89:f4:13:0e:
         86:2f:79:eb:ab:c4:cd:c7:d6:a0:b5:f7:66:64:3a:66:58:d3:
         f0:69:a6:dd:49:a8:92:26:ff:d2:e6:11:f8:25:c1:52:3d:8f:
         d4:02:62:86:4f:ec:d6:ac:b2:e3:43:28:23:d3:f0:e9:1b:b1:
         2f:1e:15:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlRnjkNTNd8tYaNXnc8YmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzlkYjE0YWMwMThiZTNiNjdkMjBiNjdlMGQ5YmEzNzZk
YmQ5YmYwHhcNMjQwMTAyMDAzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2RhNWI1Y2IyNmVmYzA1MGFkMWQwMGY5M2U5MzI2ZTkzYzM1YWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTTp6ByGskhJ5o778iQa8JAefZat
q5sT5QCdkc2svetaiZxkl6opVKG9zotcG96S071Z9NO0HoFDWBQS5qRS0GjBYtZs
QTB8unZ5npeTpIBTz+2qqqeN63Spu2YPgKPXfP2Mf4jAelk4ss+lelzOHyU6np6+
ybaUnn1cbxEZVCpJP84FO4ExDiZu49BUbcCuvzXEgU7NPoCVNeadHjr5Of9O96hc
wat3ok3Ia9qNtDCGdkFMEmlXi/tHk6kGH41MarJkgUkBtTO0R+dIjeChnfrWf6j6
IwiS1Uz51u1VDoFYrnmtj/04jx8U+ljANQXPEA6cWBtIdUJAqDXMvBStWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHfaW1yybvwFCtHQD5PpMm6Tw1rZMB8GA1UdIwQY
MBaAFGJ52xSsAYvjtn0gtn4Nm6N229m/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5uYkZLd0JpLU8yZlNDMmZnMmJvM2JiMmI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8yNzUzZGQtNzQ0NC00Yjk3LWI3M2It
MGIzNGVkYzQxOGQ4LzEvZDlwYlhMSnVfQVVLMGRBUGsta3licFBEV3RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8yNzUzZGQtNzQ0NC00Yjk3LWI3M2ItMGIzNGVkYzQxOGQ4
LzEvWW5uYkZLd0JpLU8yZlNDMmZnMmJvM2JiMmI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RJcMA0G
CSqGSIb3DQEBCwUAA4IBAQAUxbJi7v3yV9YncA5kaiN6cOOTK6QRLqNLKnimUtdZ
VOPRBosSJPRCGnxzELea8uXUfGdQcst5WZi9rLb9pOXmHd9FsvccRvhOgLQw82QL
m0MvdA+K0UkKW6kEoVCs6sYm9CIZhnpYDvSoawlH0K5Rh6s1WjSYS4qGZhsqjbgN
L17xpn8XfL0OJtiM/bZ9t/xBJTw4QekVro/9rVgc0o5Vf3v124Jrs4wtNyMH3fzB
6OvnEcZeWO6wSPDxG2y9HbNa84n0Ew6GL3nrq8TNx9agtfdmZDpmWNPwaabdSaiS
Jv/S5hH4JcFSPY/UAmKGT+zWrLLjQygj0/DpG7EvHhUK
-----END CERTIFICATE-----