Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/xuF2W_JTaTbbnE4s7hpvXPjVKrs.roa
File:                     xuF2W_JTaTbbnE4s7hpvXPjVKrs.roa (raw, json)
Hash identifier:          Pv0WtladW979bxTn0V4VCUShu0QiEkjuK0fNjP+uh0o=
Subject key identifier:   C6:E1:76:5B:F2:53:69:36:DB:9C:4E:2C:EE:1A:6F:5C:F8:D5:2A:BB
Certificate issuer:       /CN=181e4d608152fc244afffba2dc72b851b19b2527
Certificate serial:       018CC8017E629537CD4D41A400A303ED14D4
Authority key identifier: 18:1E:4D:60:81:52:FC:24:4A:FF:FB:A2:DC:72:B8:51:B1:9B:25:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GB5NYIFS_CRK__ui3HK4UbGbJSc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/xuF2W_JTaTbbnE4s7hpvXPjVKrs.roa
Signing time:             Tue 02 Jan 2024 02:29:50 +0000
ROA not before:           Tue 02 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31257
IP address blocks:        86.62.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/GB5NYIFS_CRK__ui3HK4UbGbJSc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/GB5NYIFS_CRK__ui3HK4UbGbJSc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GB5NYIFS_CRK__ui3HK4UbGbJSc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:7e:62:95:37:cd:4d:41:a4:00:a3:03:ed:14:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=181e4d608152fc244afffba2dc72b851b19b2527
        Validity
            Not Before: Jan  2 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6e1765bf2536936db9c4e2cee1a6f5cf8d52abb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:07:c8:cd:5c:31:be:0b:27:8d:41:fe:7e:13:
                    78:dd:85:3c:2f:e0:5c:e5:a4:7e:96:91:5a:3d:8a:
                    09:5f:3c:92:80:10:e4:1c:c6:1a:81:71:48:fc:3f:
                    77:89:7d:99:c0:4c:e1:b2:f9:5b:02:a0:d9:1f:e5:
                    a0:28:b2:3e:fe:54:d0:65:43:db:3b:79:4d:7f:da:
                    65:bd:b0:83:d2:5d:26:4a:d4:ae:b1:81:66:6c:0f:
                    7b:9f:59:28:7a:12:80:38:b0:e7:a2:f1:e8:e3:7a:
                    16:36:6b:ce:5a:81:d7:ff:6b:de:ed:12:41:4f:ea:
                    a4:30:c7:2e:c7:23:f2:27:40:fa:ae:3b:36:9e:89:
                    57:ea:fd:ee:69:25:77:d2:7f:52:91:18:ac:c1:02:
                    38:b8:02:a0:7b:7e:e1:a1:a3:3b:ee:02:c9:5d:3c:
                    76:69:be:e5:f9:87:c5:08:74:58:8c:19:de:54:9f:
                    ef:8a:d9:de:4e:da:04:5d:46:38:c7:b9:06:b5:cb:
                    ab:17:9e:05:cd:a2:37:9d:9d:df:19:d1:eb:40:92:
                    52:72:8e:f7:24:5c:07:cf:94:fb:10:74:55:1b:e3:
                    e1:72:e1:37:0d:35:ac:43:f3:f1:66:e8:df:37:25:
                    13:14:de:34:d7:37:52:f2:f5:25:23:87:5e:34:d2:
                    a0:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:E1:76:5B:F2:53:69:36:DB:9C:4E:2C:EE:1A:6F:5C:F8:D5:2A:BB
            X509v3 Authority Key Identifier:
                keyid:18:1E:4D:60:81:52:FC:24:4A:FF:FB:A2:DC:72:B8:51:B1:9B:25:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GB5NYIFS_CRK__ui3HK4UbGbJSc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/xuF2W_JTaTbbnE4s7hpvXPjVKrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9217f9-813d-47af-ad62-32208d544a84/1/GB5NYIFS_CRK__ui3HK4UbGbJSc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.62.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:97:23:33:ab:80:0c:62:64:96:56:60:5d:3a:de:fc:1c:f7:
         e3:9a:dd:f9:52:79:41:fe:51:d9:cb:bd:9c:b1:59:c3:30:fc:
         9e:eb:60:da:3e:37:c1:94:a6:60:56:40:16:4f:1d:3d:90:90:
         77:d6:ae:c2:af:f5:32:52:38:c5:1a:82:58:f8:5c:08:f1:b8:
         02:de:3d:1f:e4:e1:38:97:50:69:ef:42:54:f7:7f:50:f1:0f:
         a3:32:cb:b8:4f:f4:d9:e3:01:6f:1f:a1:a3:31:b4:ef:d3:7b:
         d4:97:d6:5b:b6:fd:ed:5f:34:cb:f7:2c:bd:35:bb:8f:df:c7:
         67:2c:4d:22:a7:c3:7e:f1:01:33:0d:5b:3a:a4:d0:0f:6c:92:
         f9:00:6e:47:5d:39:29:7d:19:54:1f:42:3d:ab:3c:ae:0b:92:
         80:fb:85:ba:33:e8:b1:47:33:f3:5d:95:05:da:06:ed:0c:f7:
         07:75:42:46:b1:27:d5:4d:46:14:1a:c8:df:dc:b8:c7:00:d8:
         2f:82:f4:f4:f6:a2:b4:73:93:a1:06:c3:0a:a4:36:46:e4:3d:
         b5:3d:a6:e3:3c:cc:f2:f8:23:f5:df:fb:34:33:d1:fb:2d:ac:
         91:5f:6a:86:d0:be:ab:9e:7d:80:cb:9d:7c:64:18:4b:7f:0e:
         6e:81:d1:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAX5ilTfNTUGkAKMD7RTUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MWU0ZDYwODE1MmZjMjQ0YWZmZmJhMmRjNzJiODUxYjE5
YjI1MjcwHhcNMjQwMTAyMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmUxNzY1YmYyNTM2OTM2ZGI5YzRlMmNlZTFhNmY1Y2Y4ZDUyYWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwfIzVwxvgsnjUH+fhN43YU8L+Bc
5aR+lpFaPYoJXzySgBDkHMYagXFI/D93iX2ZwEzhsvlbAqDZH+WgKLI+/lTQZUPb
O3lNf9plvbCD0l0mStSusYFmbA97n1koehKAOLDnovHo43oWNmvOWoHX/2ve7RJB
T+qkMMcuxyPyJ0D6rjs2nolX6v3uaSV30n9SkRiswQI4uAKge37hoaM77gLJXTx2
ab7l+YfFCHRYjBneVJ/vitneTtoEXUY4x7kGtcurF54FzaI3nZ3fGdHrQJJSco73
JFwHz5T7EHRVG+PhcuE3DTWsQ/PxZujfNyUTFN401zdS8vUlI4deNNKgQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMbhdlvyU2k225xOLO4ab1z41Sq7MB8GA1UdIwQY
MBaAFBgeTWCBUvwkSv/7otxyuFGxmyUnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0I1TllJRlNfQ1JLX191aTNISzRVYkdiSlNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85MjE3ZjktODEzZC00N2FmLWFkNjIt
MzIyMDhkNTQ0YTg0LzEveHVGMldfSlRhVGJibkU0czdocHZYUGpWS3JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85MjE3ZjktODEzZC00N2FmLWFkNjItMzIyMDhkNTQ0YTg0
LzEvR0I1TllJRlNfQ1JLX191aTNISzRVYkdiSlNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVj4GMA0G
CSqGSIb3DQEBCwUAA4IBAQBjlyMzq4AMYmSWVmBdOt78HPfjmt35UnlB/lHZy72c
sVnDMPye62DaPjfBlKZgVkAWTx09kJB31q7Cr/UyUjjFGoJY+FwI8bgC3j0f5OE4
l1Bp70JU939Q8Q+jMsu4T/TZ4wFvH6GjMbTv03vUl9Zbtv3tXzTL9yy9NbuP38dn
LE0ip8N+8QEzDVs6pNAPbJL5AG5HXTkpfRlUH0I9qzyuC5KA+4W6M+ixRzPzXZUF
2gbtDPcHdUJGsSfVTUYUGsjf3LjHANgvgvT09qK0c5OhBsMKpDZG5D21PabjPMzy
+CP13/s0M9H7LayRX2qG0L6rnn2Ay518ZBhLfw5ugdES
-----END CERTIFICATE-----