Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/8d991e-3ece-4a11-b463-751cf3a5e1e1/1/84H5G0xqA4nXqK4R_lquOLmqwM8.roa
File:                     84H5G0xqA4nXqK4R_lquOLmqwM8.roa (raw, json)
Hash identifier:          Cd35MO9Kcp+NxZviFBQM4inb8qnlBmznDPvn6kqxnGA=
Subject key identifier:   F3:81:F9:1B:4C:6A:03:89:D7:A8:AE:11:FE:5A:AE:38:B9:AA:C0:CF
Certificate issuer:       /CN=14a6b0862b2b303b302c3c2349a5ac8d0f906b06
Certificate serial:       018CC4938295D49ED62E2DDD7F4113160883
Authority key identifier: 14:A6:B0:86:2B:2B:30:3B:30:2C:3C:23:49:A5:AC:8D:0F:90:6B:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FKawhisrMDswLDwjSaWsjQ-QawY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/8d991e-3ece-4a11-b463-751cf3a5e1e1/1/84H5G0xqA4nXqK4R_lquOLmqwM8.roa
Signing time:             Mon 01 Jan 2024 10:30:50 +0000
ROA not before:           Mon 01 Jan 2024 10:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209318
IP address blocks:        77.95.115.0/24 maxlen: 24
                          85.209.208.0/22 maxlen: 24
                          2a09:9fc0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/8d991e-3ece-4a11-b463-751cf3a5e1e1/1/FKawhisrMDswLDwjSaWsjQ-QawY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/8d991e-3ece-4a11-b463-751cf3a5e1e1/1/FKawhisrMDswLDwjSaWsjQ-QawY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FKawhisrMDswLDwjSaWsjQ-QawY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:82:95:d4:9e:d6:2e:2d:dd:7f:41:13:16:08:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14a6b0862b2b303b302c3c2349a5ac8d0f906b06
        Validity
            Not Before: Jan  1 10:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f381f91b4c6a0389d7a8ae11fe5aae38b9aac0cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:0f:dd:d3:63:90:8c:ab:a5:da:ee:b1:53:de:
                    a2:b0:aa:b3:c0:79:f0:9a:5b:63:3c:dc:b5:34:6b:
                    04:7b:b7:4c:9b:7d:23:8e:91:7e:f7:14:6c:75:bc:
                    86:30:e9:ac:0b:7f:e4:d2:67:ad:7f:eb:0d:45:96:
                    f0:b2:5c:3e:8c:5c:a1:0c:9b:df:64:e1:3e:87:de:
                    57:ec:41:5a:74:b5:5b:dd:2f:c7:4f:8d:10:b8:f4:
                    45:dd:7d:8f:c9:5b:1e:c4:6f:56:c7:fa:84:d0:ce:
                    aa:44:77:cc:f1:4b:eb:6f:38:31:76:18:99:5f:8f:
                    dd:8e:5c:84:6b:bb:84:a1:13:39:a8:59:30:89:89:
                    e7:2e:0d:aa:18:a9:f7:2c:35:27:09:08:c9:48:24:
                    f2:85:32:2a:05:82:fa:50:6c:f4:5c:05:a7:cc:2f:
                    15:54:a2:03:98:44:28:9e:21:db:82:b7:1e:04:d9:
                    79:44:c8:8f:fe:9e:a1:c6:65:f4:10:ec:54:13:dd:
                    b0:e3:74:68:f2:25:9f:d2:67:29:9c:22:69:70:9c:
                    5a:46:4c:58:24:d5:01:84:b6:f8:96:e7:ff:5e:d1:
                    53:a4:f9:6b:7f:42:d1:be:79:53:c7:b6:60:97:5e:
                    d5:32:93:04:df:dd:b9:d4:a5:56:de:d8:02:96:ee:
                    5a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:81:F9:1B:4C:6A:03:89:D7:A8:AE:11:FE:5A:AE:38:B9:AA:C0:CF
            X509v3 Authority Key Identifier:
                keyid:14:A6:B0:86:2B:2B:30:3B:30:2C:3C:23:49:A5:AC:8D:0F:90:6B:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FKawhisrMDswLDwjSaWsjQ-QawY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/8d991e-3ece-4a11-b463-751cf3a5e1e1/1/84H5G0xqA4nXqK4R_lquOLmqwM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/8d991e-3ece-4a11-b463-751cf3a5e1e1/1/FKawhisrMDswLDwjSaWsjQ-QawY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.95.115.0/24
                  85.209.208.0/22
                IPv6:
                  2a09:9fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:43:eb:75:a9:d5:05:3a:10:c7:ff:fd:6a:6e:df:a6:ba:a3:
         e9:5b:04:1e:27:38:50:b0:ef:96:eb:e8:a5:e5:45:bd:e1:34:
         59:92:46:bc:7b:8a:68:a5:b7:24:80:1f:36:26:2d:4d:f2:20:
         2e:39:d1:94:2a:62:4d:93:43:9f:f6:27:f6:20:e9:10:0c:e0:
         14:0f:16:e5:b8:d1:55:bf:9e:10:7d:ad:be:89:29:9e:dd:73:
         26:cf:04:d5:64:28:6c:3c:c1:65:0a:bc:c2:98:49:98:80:e0:
         43:6c:3b:6a:c7:cf:3a:0e:24:6e:d9:f8:a4:10:82:6d:e6:3f:
         17:60:cc:5c:41:09:ab:9f:d8:77:4d:97:23:d5:f5:66:ad:6f:
         d4:86:cb:fa:3a:f7:17:b3:8f:e8:16:ee:cf:c3:91:98:c2:2a:
         2a:85:39:40:e8:20:81:a2:2d:f7:78:40:a2:ec:15:f5:8f:5d:
         98:5d:d3:d9:32:a7:ed:3a:03:22:c6:8f:ba:59:06:ac:49:f7:
         15:ef:89:fd:55:94:bf:f5:c7:a0:84:3f:bb:93:c8:3a:ce:a8:
         a2:4a:29:e4:69:88:1e:ec:94:66:79:87:ce:17:03:a0:99:c4:
         ac:71:33:2c:d4:50:54:74:05:a8:3a:f6:6b:31:cb:a5:26:68:
         07:f8:c7:f8
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEk4KV1J7WLi3df0ETFgiDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0YTZiMDg2MmIyYjMwM2IzMDJjM2MyMzQ5YTVhYzhkMGY5
MDZiMDYwHhcNMjQwMTAxMTAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzgxZjkxYjRjNmEwMzg5ZDdhOGFlMTFmZTVhYWUzOGI5YWFjMGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmg/d02OQjKul2u6xU96isKqzwHnw
mltjPNy1NGsEe7dMm30jjpF+9xRsdbyGMOmsC3/k0metf+sNRZbwslw+jFyhDJvf
ZOE+h95X7EFadLVb3S/HT40QuPRF3X2PyVsexG9Wx/qE0M6qRHfM8UvrbzgxdhiZ
X4/djlyEa7uEoRM5qFkwiYnnLg2qGKn3LDUnCQjJSCTyhTIqBYL6UGz0XAWnzC8V
VKIDmEQoniHbgrceBNl5RMiP/p6hxmX0EOxUE92w43Ro8iWf0mcpnCJpcJxaRkxY
JNUBhLb4luf/XtFTpPlrf0LRvnlTx7Zgl17VMpME39251KVW3tgClu5acQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPOB+RtMagOJ16iuEf5arji5qsDPMB8GA1UdIwQY
MBaAFBSmsIYrKzA7MCw8I0mlrI0PkGsGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkthd2hpc3JNRHN3TER3alNhV3NqUS1RYXdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS84ZDk5MWUtM2VjZS00YTExLWI0NjMt
NzUxY2YzYTVlMWUxLzEvODRINUcweHFBNG5YcUs0Ul9scXVPTG1xd004LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS84ZDk5MWUtM2VjZS00YTExLWI0NjMtNzUxY2YzYTVlMWUx
LzEvRkthd2hpc3JNRHN3TER3alNhV3NqUS1RYXdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQATV9zAwQC
VdHQMA0EAgACMAcDBQMqCZ/AMA0GCSqGSIb3DQEBCwUAA4IBAQCJQ+t1qdUFOhDH
//1qbt+muqPpWwQeJzhQsO+W6+il5UW94TRZkka8e4popbckgB82Ji1N8iAuOdGU
KmJNk0Of9if2IOkQDOAUDxbluNFVv54Qfa2+iSme3XMmzwTVZChsPMFlCrzCmEmY
gOBDbDtqx886DiRu2fikEIJt5j8XYMxcQQmrn9h3TZcj1fVmrW/Uhsv6OvcXs4/o
Fu7Pw5GYwioqhTlA6CCBoi33eECi7BX1j12YXdPZMqftOgMixo+6WQasSfcV74n9
VZS/9ceghD+7k8g6zqiiSinkaYge7JRmeYfOFwOgmcSscTMs1FBUdAWoOvZrMcul
JmgH+Mf4
-----END CERTIFICATE-----