Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/92d33c-8a69-4db3-b628-b62db772bbfa/1/b8CnwcTjntG0-Alt96VXzfGGyTY.roa
File:                     b8CnwcTjntG0-Alt96VXzfGGyTY.roa (raw, json)
Hash identifier:          auDVd8z9U/irNOMeX2f098v4YLx62lGJAjyR+lXqk/s=
Subject key identifier:   6F:C0:A7:C1:C4:E3:9E:D1:B4:F8:09:6D:F7:A5:57:CD:F1:86:C9:36
Certificate issuer:       /CN=078ed1a0153762a922e55e0f948cd1a5411c7a89
Certificate serial:       018CC94E65400A76F67612C9F3EA20234760
Authority key identifier: 07:8E:D1:A0:15:37:62:A9:22:E5:5E:0F:94:8C:D1:A5:41:1C:7A:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B47RoBU3Yqki5V4PlIzRpUEceok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/92d33c-8a69-4db3-b628-b62db772bbfa/1/b8CnwcTjntG0-Alt96VXzfGGyTY.roa
Signing time:             Tue 02 Jan 2024 08:33:27 +0000
ROA not before:           Tue 02 Jan 2024 08:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211741
IP address blocks:        31.43.188.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/92d33c-8a69-4db3-b628-b62db772bbfa/1/B47RoBU3Yqki5V4PlIzRpUEceok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/92d33c-8a69-4db3-b628-b62db772bbfa/1/B47RoBU3Yqki5V4PlIzRpUEceok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B47RoBU3Yqki5V4PlIzRpUEceok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:65:40:0a:76:f6:76:12:c9:f3:ea:20:23:47:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=078ed1a0153762a922e55e0f948cd1a5411c7a89
        Validity
            Not Before: Jan  2 08:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fc0a7c1c4e39ed1b4f8096df7a557cdf186c936
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:15:21:a4:a5:36:9e:6d:ba:b6:bc:ce:ce:d0:
                    bb:0d:be:1e:31:12:1c:f5:84:b8:39:4a:72:3c:ee:
                    f7:13:20:5f:e7:2a:33:2c:ec:7d:f5:34:64:17:de:
                    f5:8f:45:dc:29:0e:1e:a0:56:83:bc:e5:d5:6e:e7:
                    6b:9b:7a:62:8d:0c:bc:29:54:ec:cb:8c:69:db:5f:
                    e5:2c:76:8c:f1:3b:42:93:47:97:8c:f7:78:87:57:
                    f8:7f:01:f5:f1:c5:49:56:5a:fa:66:00:ae:c8:04:
                    e4:20:b2:5a:4d:cd:23:2e:b2:a7:82:c8:62:79:e5:
                    1a:ed:34:9a:7a:21:b9:95:d3:b5:c9:74:04:98:e4:
                    4e:0e:61:b3:75:82:d7:e4:cc:44:bd:a2:29:94:69:
                    87:4b:39:c0:60:16:bb:42:1c:d6:ee:95:2c:60:b6:
                    4d:a1:3c:e2:ab:00:59:ac:3e:c6:04:7d:fc:8c:c8:
                    92:49:7c:14:e1:ef:82:34:49:d0:30:24:90:9e:e6:
                    e5:88:61:8e:04:dd:6d:38:9c:98:04:b8:0c:58:6f:
                    be:b6:0a:64:b8:da:10:cf:ea:53:ea:b5:39:71:c5:
                    b4:87:aa:6d:7f:e2:38:e2:08:df:2b:f0:3f:bc:da:
                    1f:fd:3d:6e:63:49:75:67:f2:db:d1:6f:e9:40:a7:
                    0f:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:C0:A7:C1:C4:E3:9E:D1:B4:F8:09:6D:F7:A5:57:CD:F1:86:C9:36
            X509v3 Authority Key Identifier:
                keyid:07:8E:D1:A0:15:37:62:A9:22:E5:5E:0F:94:8C:D1:A5:41:1C:7A:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B47RoBU3Yqki5V4PlIzRpUEceok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/92d33c-8a69-4db3-b628-b62db772bbfa/1/b8CnwcTjntG0-Alt96VXzfGGyTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/92d33c-8a69-4db3-b628-b62db772bbfa/1/B47RoBU3Yqki5V4PlIzRpUEceok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.43.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1e:a5:c8:e6:1d:f0:b5:b8:6f:7a:6c:2d:65:4a:53:21:0b:b2:
         c6:7d:06:6b:7b:8d:75:7d:5c:5e:cf:ce:88:7f:04:9d:79:9f:
         1a:ce:ac:c1:08:5c:3d:f6:18:a8:ff:87:32:3d:7b:c4:76:a3:
         94:17:1b:8a:b3:5e:03:f9:e8:2c:0f:b3:a5:d7:23:0e:2b:34:
         ff:e3:38:4d:e2:18:5e:3c:87:c2:81:9d:bb:6f:7c:4d:43:40:
         69:52:24:ab:d6:36:d2:52:ec:db:63:18:d5:eb:f5:2b:e7:17:
         b5:f3:a6:dd:14:e1:cc:1e:51:59:92:c4:ea:ea:81:b1:d3:34:
         12:44:f3:0f:b0:3a:00:e3:ec:2c:61:4a:9d:f0:02:37:15:52:
         ba:a9:7e:d4:cd:0c:1b:d2:cf:e9:2a:f9:a6:d9:29:28:c8:d5:
         bd:ca:50:35:2e:ef:2f:8f:ed:c8:b5:3a:c2:b1:eb:ff:76:a0:
         8b:ed:b5:3d:e8:9f:1e:4a:22:87:c3:f8:e8:50:12:bb:2c:dd:
         4b:3d:3d:39:17:01:95:c4:3f:a7:8c:1a:0a:93:14:2a:fe:0f:
         3e:1d:f6:4a:90:57:4c:c6:4e:a7:59:b3:1c:41:96:4a:3c:44:
         fc:b2:e5:b8:16:05:33:a5:79:56:a0:81:f7:4d:bf:6b:f4:08:
         03:5e:ed:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTmVACnb2dhLJ8+ogI0dgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3OGVkMWEwMTUzNzYyYTkyMmU1NWUwZjk0OGNkMWE1NDEx
YzdhODkwHhcNMjQwMTAyMDgzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmMwYTdjMWM0ZTM5ZWQxYjRmODA5NmRmN2E1NTdjZGYxODZjOTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRUhpKU2nm26trzOztC7Db4eMRIc
9YS4OUpyPO73EyBf5yozLOx99TRkF971j0XcKQ4eoFaDvOXVbudrm3pijQy8KVTs
y4xp21/lLHaM8TtCk0eXjPd4h1f4fwH18cVJVlr6ZgCuyATkILJaTc0jLrKngshi
eeUa7TSaeiG5ldO1yXQEmORODmGzdYLX5MxEvaIplGmHSznAYBa7QhzW7pUsYLZN
oTziqwBZrD7GBH38jMiSSXwU4e+CNEnQMCSQnubliGGOBN1tOJyYBLgMWG++tgpk
uNoQz+pT6rU5ccW0h6ptf+I44gjfK/A/vNof/T1uY0l1Z/Lb0W/pQKcPYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/Ap8HE457RtPgJbfelV83xhsk2MB8GA1UdIwQY
MBaAFAeO0aAVN2KpIuVeD5SM0aVBHHqJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjQ3Um9CVTNZcWtpNVY0UGxJelJwVUVjZW9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy85MmQzM2MtOGE2OS00ZGIzLWI2Mjgt
YjYyZGI3NzJiYmZhLzEvYjhDbndjVGpudEcwLUFsdDk2Vlh6ZkdHeVRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy85MmQzM2MtOGE2OS00ZGIzLWI2MjgtYjYyZGI3NzJiYmZh
LzEvQjQ3Um9CVTNZcWtpNVY0UGxJelJwVUVjZW9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHyu8MA0G
CSqGSIb3DQEBCwUAA4IBAQAepcjmHfC1uG96bC1lSlMhC7LGfQZre411fVxez86I
fwSdeZ8azqzBCFw99hio/4cyPXvEdqOUFxuKs14D+egsD7Ol1yMOKzT/4zhN4hhe
PIfCgZ27b3xNQ0BpUiSr1jbSUuzbYxjV6/Ur5xe186bdFOHMHlFZksTq6oGx0zQS
RPMPsDoA4+wsYUqd8AI3FVK6qX7UzQwb0s/pKvmm2SkoyNW9ylA1Lu8vj+3ItTrC
sev/dqCL7bU96J8eSiKHw/joUBK7LN1LPT05FwGVxD+njBoKkxQq/g8+HfZKkFdM
xk6nWbMcQZZKPET8suW4FgUzpXlWoIH3Tb9r9AgDXu0Y
-----END CERTIFICATE-----