Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/8VCyoJ9FigNLsHF9XCcWuxQIcVs.roa
File:                     8VCyoJ9FigNLsHF9XCcWuxQIcVs.roa (raw, json)
Hash identifier:          BlHI74Hb4groyAv/Uzv1tdHWg4++rc0sSsEvC4Avwh4=
Subject key identifier:   F1:50:B2:A0:9F:45:8A:03:4B:B0:71:7D:5C:27:16:BB:14:08:71:5B
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB312B6BA53408AC991820B873D6FC
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/8VCyoJ9FigNLsHF9XCcWuxQIcVs.roa
Signing time:             Mon 01 Jan 2024 02:29:54 +0000
ROA not before:           Mon 01 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202470
IP address blocks:        193.30.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:31:2b:6b:a5:34:08:ac:99:18:20:b8:73:d6:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f150b2a09f458a034bb0717d5c2716bb1408715b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:67:6e:fe:f9:a0:4e:10:84:9a:26:a1:ee:a4:
                    f3:7f:53:74:a3:36:6a:9c:e1:4d:3f:da:23:b7:3a:
                    18:27:01:1f:35:2c:ec:f1:a0:dd:ba:c1:27:2a:be:
                    ab:2a:5b:f4:4e:ba:73:59:70:20:c3:dd:0f:37:be:
                    74:87:2f:52:3b:e1:ea:6a:51:9c:e0:ff:0e:9c:5c:
                    af:b0:38:41:b9:f6:88:21:d6:54:fa:7a:8a:67:8f:
                    2d:42:31:71:78:86:dc:33:84:dd:08:f6:06:79:7b:
                    3d:c4:45:5c:13:e6:de:30:f4:08:ed:2b:5d:8d:a4:
                    f9:cc:7b:31:17:92:a7:da:f7:1b:fb:ba:75:c4:3a:
                    f5:6b:ff:5b:bd:34:6b:03:7e:df:1a:a4:02:43:42:
                    81:9e:e9:86:6b:ff:09:81:c8:62:b5:87:5f:e9:9a:
                    f1:55:ef:f3:bc:8c:52:51:d0:b8:6c:f1:c3:29:77:
                    40:71:cb:41:83:d7:1a:c5:4e:9a:88:f1:1a:cb:31:
                    11:8c:cd:fc:94:cf:a3:c9:39:29:aa:9f:13:35:9e:
                    e1:d1:cb:aa:99:14:6e:d0:be:16:d3:e5:ab:80:7d:
                    0e:77:dc:89:3a:be:98:e3:f1:99:fe:bd:6f:c7:1f:
                    6d:2a:c9:87:ef:e1:aa:e6:6e:1e:04:af:93:74:c8:
                    e2:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:50:B2:A0:9F:45:8A:03:4B:B0:71:7D:5C:27:16:BB:14:08:71:5B
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/8VCyoJ9FigNLsHF9XCcWuxQIcVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:ac:35:8e:34:8d:0c:7c:18:16:0c:49:d4:ba:05:00:cf:d7:
         5c:b8:bb:cb:8d:8d:bb:8b:cc:95:bb:76:e4:ae:d5:39:ec:de:
         b1:c0:72:36:55:75:96:8c:d3:76:9b:51:f9:0f:e0:fb:4b:44:
         df:87:72:55:8d:46:bc:86:8f:56:c0:10:b5:a2:b9:8e:11:2f:
         9c:be:5e:ec:7d:c2:16:6a:3a:73:f2:3b:0d:b9:13:ce:be:10:
         30:a4:a6:23:b5:ba:d0:de:c9:96:2e:ec:e1:a0:2d:0a:b5:1e:
         c1:a6:83:dd:60:9c:44:01:14:6a:69:43:dd:55:b1:9d:fd:8a:
         8b:89:79:ab:29:8f:16:93:fb:95:51:1f:0b:b2:e5:39:27:a6:
         b4:b1:3a:d0:11:7f:e4:01:98:92:f2:31:6f:62:cf:23:c3:39:
         c2:3f:b9:43:73:0e:b0:ac:c1:ea:7b:17:f5:67:b5:66:48:ef:
         d6:c8:86:be:c3:9e:9c:57:04:ec:0d:1a:6f:6a:29:44:b7:05:
         5e:f9:f8:92:31:6c:f1:d6:1f:c9:9e:c3:3d:41:4b:9b:19:4e:
         7d:a0:54:a7:ea:d6:96:a9:55:5f:c2:92:a0:3b:85:25:0a:5b:
         31:59:c7:3d:ee:63:1e:d9:3f:e8:76:49:49:dc:93:ec:bf:0c:
         66:63:8f:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zEra6U0CKyZGCC4c9b8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTUwYjJhMDlmNDU4YTAzNGJiMDcxN2Q1YzI3MTZiYjE0MDg3MTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWdu/vmgThCEmiah7qTzf1N0ozZq
nOFNP9ojtzoYJwEfNSzs8aDdusEnKr6rKlv0TrpzWXAgw90PN750hy9SO+HqalGc
4P8OnFyvsDhBufaIIdZU+nqKZ48tQjFxeIbcM4TdCPYGeXs9xEVcE+beMPQI7Std
jaT5zHsxF5Kn2vcb+7p1xDr1a/9bvTRrA37fGqQCQ0KBnumGa/8JgchitYdf6Zrx
Ve/zvIxSUdC4bPHDKXdAcctBg9caxU6aiPEayzERjM38lM+jyTkpqp8TNZ7h0cuq
mRRu0L4W0+WrgH0Od9yJOr6Y4/GZ/r1vxx9tKsmH7+Gq5m4eBK+TdMjiHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPFQsqCfRYoDS7BxfVwnFrsUCHFbMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvOFZDeW9KOUZpZ05Mc0hGOVhDY1d1eFFJY1ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR4eMA0G
CSqGSIb3DQEBCwUAA4IBAQADrDWONI0MfBgWDEnUugUAz9dcuLvLjY27i8yVu3bk
rtU57N6xwHI2VXWWjNN2m1H5D+D7S0Tfh3JVjUa8ho9WwBC1ormOES+cvl7sfcIW
ajpz8jsNuRPOvhAwpKYjtbrQ3smWLuzhoC0KtR7BpoPdYJxEARRqaUPdVbGd/YqL
iXmrKY8Wk/uVUR8LsuU5J6a0sTrQEX/kAZiS8jFvYs8jwznCP7lDcw6wrMHqexf1
Z7VmSO/WyIa+w56cVwTsDRpvailEtwVe+fiSMWzx1h/JnsM9QUubGU59oFSn6taW
qVVfwpKgO4UlClsxWcc97mMe2T/odklJ3JPsvwxmY4/Y
-----END CERTIFICATE-----