Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/ecb45e-2db6-4b54-bc91-0596296f12de/1/Ib8cF5Jom4NVuuNaPDdC0cG5uq4.roa
File:                     Ib8cF5Jom4NVuuNaPDdC0cG5uq4.roa (raw, json)
Hash identifier:          a2awHEXwt9jgfUPahLgjToekzZgtBO3kpVx0RR8to60=
Subject key identifier:   21:BF:1C:17:92:68:9B:83:55:BA:E3:5A:3C:37:42:D1:C1:B9:BA:AE
Certificate issuer:       /CN=b45e62270d20f9467a6afc78963dbcfb80fbf52a
Certificate serial:       018CC94E5D95DB0F16EABF69574D4E99F2FC
Authority key identifier: B4:5E:62:27:0D:20:F9:46:7A:6A:FC:78:96:3D:BC:FB:80:FB:F5:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tF5iJw0g-UZ6avx4lj28-4D79So.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/ecb45e-2db6-4b54-bc91-0596296f12de/1/Ib8cF5Jom4NVuuNaPDdC0cG5uq4.roa
Signing time:             Tue 02 Jan 2024 08:33:25 +0000
ROA not before:           Tue 02 Jan 2024 08:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2607
IP address blocks:        193.87.0.0/16 maxlen: 17
                          194.160.0.0/16 maxlen: 17
                          2001:4118::/32 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/ecb45e-2db6-4b54-bc91-0596296f12de/1/tF5iJw0g-UZ6avx4lj28-4D79So.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/ecb45e-2db6-4b54-bc91-0596296f12de/1/tF5iJw0g-UZ6avx4lj28-4D79So.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tF5iJw0g-UZ6avx4lj28-4D79So.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jul 2024 20:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:5d:95:db:0f:16:ea:bf:69:57:4d:4e:99:f2:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b45e62270d20f9467a6afc78963dbcfb80fbf52a
        Validity
            Not Before: Jan  2 08:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21bf1c1792689b8355bae35a3c3742d1c1b9baae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ad:76:34:df:63:75:ad:d3:87:7f:73:18:fd:
                    71:cf:ff:0e:06:0b:bf:a6:59:2b:e9:a3:ce:2a:db:
                    a7:bb:9f:83:6c:72:dc:52:93:a6:b4:c9:1c:79:62:
                    3c:d0:0d:b1:71:da:f4:f3:33:a3:bd:29:63:13:23:
                    dd:81:cf:a1:5d:9f:18:41:5b:b3:fb:0f:d5:83:a2:
                    23:60:3e:12:9b:f6:64:1f:ac:fd:32:b7:e4:d1:e4:
                    a4:af:d3:ec:a1:c0:ac:82:3b:33:ae:c8:a7:2b:59:
                    4c:60:3a:78:5f:23:45:30:be:dd:ce:97:21:99:25:
                    bd:f2:b9:51:f9:60:ae:f8:a2:d9:8b:54:9a:12:82:
                    28:59:30:55:b1:94:8e:84:22:42:5a:85:45:ac:d7:
                    12:07:15:cd:a0:93:eb:5f:a1:a3:fb:58:93:24:f2:
                    5d:14:fe:a0:a8:83:d4:47:09:ce:9b:0c:a8:22:99:
                    aa:17:7f:87:de:d1:5a:d8:e1:07:70:3d:68:83:3b:
                    1f:d1:6e:df:9f:aa:11:5a:46:ee:f6:ed:b6:f8:28:
                    06:7f:e8:9c:95:1c:65:47:ff:d1:75:81:6e:0b:19:
                    7a:d6:92:88:35:ed:53:65:ca:03:0a:7e:f0:94:d3:
                    72:08:57:14:b7:86:7d:fa:76:9c:b1:bb:ed:92:7c:
                    b3:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:BF:1C:17:92:68:9B:83:55:BA:E3:5A:3C:37:42:D1:C1:B9:BA:AE
            X509v3 Authority Key Identifier:
                keyid:B4:5E:62:27:0D:20:F9:46:7A:6A:FC:78:96:3D:BC:FB:80:FB:F5:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tF5iJw0g-UZ6avx4lj28-4D79So.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/ecb45e-2db6-4b54-bc91-0596296f12de/1/Ib8cF5Jom4NVuuNaPDdC0cG5uq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/ecb45e-2db6-4b54-bc91-0596296f12de/1/tF5iJw0g-UZ6avx4lj28-4D79So.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.87.0.0/16
                  194.160.0.0/16
                IPv6:
                  2001:4118::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:e7:3c:17:c9:d2:c7:94:4f:23:52:4d:3f:97:8e:4d:50:78:
         f7:b9:f4:55:60:ef:04:a9:09:7d:ae:c5:a4:7a:8d:47:7b:f9:
         47:fd:d4:8e:70:8e:cc:b6:04:27:75:a9:65:c6:f5:27:1e:3f:
         b1:bc:30:e3:35:0b:32:d3:92:bd:a5:eb:ca:d3:d6:0c:d7:12:
         73:fa:ce:b4:b0:fd:ae:02:1a:0b:2c:1f:19:24:df:14:d1:cb:
         a2:09:47:1e:d4:79:63:19:09:b3:a9:f3:75:97:47:35:13:df:
         4a:ae:aa:a5:61:93:14:11:8b:52:d5:df:66:d1:55:9a:02:64:
         b7:bd:cf:6a:fe:65:11:b4:fc:8e:6e:04:5b:28:fd:1c:57:16:
         e0:f1:df:15:bc:6a:ce:2d:92:f6:ba:90:9f:e8:51:54:df:25:
         84:9c:e8:54:9e:15:99:74:31:e4:b6:85:0f:02:14:aa:31:6c:
         a8:75:d0:ea:c6:49:ef:eb:c0:36:14:f2:b3:ce:bf:81:6c:91:
         75:2a:d8:a5:c2:30:d1:96:b9:3e:5d:47:f9:b8:97:30:4a:16:
         c2:a2:34:25:e2:3e:e9:ed:31:9d:34:05:58:96:35:33:c4:99:
         8e:77:4d:4d:5b:0e:79:75:70:6a:a7:8a:a2:28:b2:d3:38:85:
         a3:d1:fb:04
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAYzJTl2V2w8W6r9pV01OmfL8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NWU2MjI3MGQyMGY5NDY3YTZhZmM3ODk2M2RiY2ZiODBm
YmY1MmEwHhcNMjQwMTAyMDgzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWJmMWMxNzkyNjg5YjgzNTViYWUzNWEzYzM3NDJkMWMxYjliYWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkq12NN9jda3Th39zGP1xz/8OBgu/
plkr6aPOKtunu5+DbHLcUpOmtMkceWI80A2xcdr08zOjvSljEyPdgc+hXZ8YQVuz
+w/Vg6IjYD4Sm/ZkH6z9Mrfk0eSkr9PsocCsgjszrsinK1lMYDp4XyNFML7dzpch
mSW98rlR+WCu+KLZi1SaEoIoWTBVsZSOhCJCWoVFrNcSBxXNoJPrX6Gj+1iTJPJd
FP6gqIPURwnOmwyoIpmqF3+H3tFa2OEHcD1ogzsf0W7fn6oRWkbu9u22+CgGf+ic
lRxlR//RdYFuCxl61pKINe1TZcoDCn7wlNNyCFcUt4Z9+nacsbvtknyzWQIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFCG/HBeSaJuDVbrjWjw3QtHBubquMB8GA1UdIwQY
MBaAFLReYicNIPlGemr8eJY9vPuA+/UqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEY1aUp3MGctVVo2YXZ4NGxqMjgtNEQ3OVNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9lY2I0NWUtMmRiNi00YjU0LWJjOTEt
MDU5NjI5NmYxMmRlLzEvSWI4Y0Y1Sm9tNE5WdXVOYVBEZEMwY0c1dXE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9lY2I0NWUtMmRiNi00YjU0LWJjOTEtMDU5NjI5NmYxMmRl
LzEvdEY1aUp3MGctVVo2YXZ4NGxqMjgtNEQ3OVNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAQBAIAATAKAwMAwVcDAwDC
oDANBAIAAjAHAwUAIAFBGDANBgkqhkiG9w0BAQsFAAOCAQEAROc8F8nSx5RPI1JN
P5eOTVB497n0VWDvBKkJfa7FpHqNR3v5R/3UjnCOzLYEJ3WpZcb1Jx4/sbww4zUL
MtOSvaXrytPWDNcSc/rOtLD9rgIaCywfGSTfFNHLoglHHtR5YxkJs6nzdZdHNRPf
Sq6qpWGTFBGLUtXfZtFVmgJkt73Pav5lEbT8jm4EWyj9HFcW4PHfFbxqzi2S9rqQ
n+hRVN8lhJzoVJ4VmXQx5LaFDwIUqjFsqHXQ6sZJ7+vANhTys86/gWyRdSrYpcIw
0Za5Pl1H+biXMEoWwqI0JeI+6e0xnTQFWJY1M8SZjndNTVsOeXVwaqeKoiiy0ziF
o9H7BA==
-----END CERTIFICATE-----