Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/i8NbONvs5xhBWus_MB-NQZP3my8.roa
File:                     i8NbONvs5xhBWus_MB-NQZP3my8.roa (raw, json)
Hash identifier:          EsQoRAscEkFhvzOIZAFyfg8yYTrMYfGLEKEj6fCJ+d0=
Subject key identifier:   8B:C3:5B:38:DB:EC:E7:18:41:5A:EB:3F:30:1F:8D:41:93:F7:9B:2F
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       018CC500C7C94DF1A6E2F05A28EB83CE1436
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/i8NbONvs5xhBWus_MB-NQZP3my8.roa
Signing time:             Mon 01 Jan 2024 12:30:11 +0000
ROA not before:           Mon 01 Jan 2024 12:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211190
IP address blocks:        176.126.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c7:c9:4d:f1:a6:e2:f0:5a:28:eb:83:ce:14:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  1 12:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bc35b38dbece718415aeb3f301f8d4193f79b2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:1d:17:52:f0:cc:03:65:6a:bd:59:e4:9b:2e:
                    38:41:2d:a9:c1:24:7d:37:36:d7:16:68:d2:29:15:
                    71:2a:ba:3c:6b:95:2d:9a:fb:f9:ca:f8:60:ce:44:
                    dd:d4:a0:5e:a9:2b:ab:32:03:29:f8:e8:d5:87:8a:
                    a6:cb:9c:c5:50:e1:b2:53:e5:3d:a9:73:5c:ff:bf:
                    86:27:21:2f:c4:85:e2:a5:6e:62:9f:3d:2e:7f:07:
                    fc:49:bb:e7:1a:09:6f:cf:03:37:b6:53:33:24:ef:
                    0b:d5:0e:d5:04:a1:2f:5d:77:01:34:05:17:f3:49:
                    d0:79:91:1e:cc:85:6b:34:54:09:ea:89:a3:c5:9a:
                    c0:c8:70:15:41:8d:4e:1f:46:4f:02:8c:98:2f:0d:
                    05:5b:bb:fc:17:4f:a9:e7:7e:a6:f5:04:b5:4d:89:
                    07:0e:a7:d6:b4:fa:93:cf:fc:4c:7e:98:0a:8d:98:
                    78:eb:73:43:14:47:27:12:49:72:7d:75:48:df:a2:
                    62:12:4c:b5:e5:6c:b9:de:d4:bd:11:d0:2d:b3:15:
                    e1:cf:3a:46:bc:b3:34:f7:7e:9f:4d:3b:a1:7e:92:
                    d2:e1:e0:ca:de:40:cf:07:8e:06:04:b0:47:28:85:
                    d1:ca:79:c2:c8:f7:87:4f:1b:b6:a4:b4:5d:bb:9b:
                    ad:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:C3:5B:38:DB:EC:E7:18:41:5A:EB:3F:30:1F:8D:41:93:F7:9B:2F
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/i8NbONvs5xhBWus_MB-NQZP3my8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.126.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:a0:e9:80:ea:d5:59:b3:e4:03:2e:0e:19:17:be:38:14:ef:
         0f:9b:12:e0:62:46:c0:64:82:a4:79:aa:c6:2c:e6:6f:ad:68:
         25:46:cc:d6:6c:34:58:96:7b:fc:2c:04:41:e2:8b:33:07:3f:
         7d:72:49:88:e8:ca:4b:f7:90:3f:2f:2c:7b:4e:a2:b9:45:62:
         29:b3:51:fb:2e:c7:29:77:76:cd:41:92:39:f8:a0:3e:e6:0f:
         f8:92:8e:51:b9:74:d2:50:e6:e3:28:e9:62:ea:bc:b7:c1:93:
         98:2f:53:50:f8:9d:c0:ef:d2:0a:5b:b3:0c:5a:c8:e2:1a:40:
         e3:75:43:b3:7c:6c:a1:18:6d:a3:8b:07:4d:5f:03:d2:8a:60:
         8a:ee:bf:35:71:af:db:6a:71:35:83:9e:f9:b6:9d:8e:23:5c:
         70:30:cb:0f:95:79:7e:3e:04:f9:0f:f0:54:da:c8:dd:db:31:
         c5:c2:3e:38:06:5b:39:f8:f4:dd:5f:b3:69:58:72:ca:ac:44:
         66:4b:da:ee:cb:58:fd:6e:19:0b:09:a4:b5:8a:2b:0a:41:a6:
         7f:07:93:d7:a2:a0:be:ed:e4:1d:e0:ed:83:3e:56:d4:0e:c5:
         1c:a2:14:13:6a:04:03:b2:77:24:7c:1b:b2:87:ef:96:30:6d:
         4b:10:d1:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAMfJTfGm4vBaKOuDzhQ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQwMTAxMTIzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmMzNWIzOGRiZWNlNzE4NDE1YWViM2YzMDFmOGQ0MTkzZjc5YjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhh0XUvDMA2VqvVnkmy44QS2pwSR9
NzbXFmjSKRVxKro8a5Utmvv5yvhgzkTd1KBeqSurMgMp+OjVh4qmy5zFUOGyU+U9
qXNc/7+GJyEvxIXipW5inz0ufwf8SbvnGglvzwM3tlMzJO8L1Q7VBKEvXXcBNAUX
80nQeZEezIVrNFQJ6omjxZrAyHAVQY1OH0ZPAoyYLw0FW7v8F0+p536m9QS1TYkH
DqfWtPqTz/xMfpgKjZh463NDFEcnEklyfXVI36JiEky15Wy53tS9EdAtsxXhzzpG
vLM0936fTTuhfpLS4eDK3kDPB44GBLBHKIXRynnCyPeHTxu2pLRdu5utmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIvDWzjb7OcYQVrrPzAfjUGT95svMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvaThOYk9OdnM1eGhCV3VzX01CLU5RWlAzbXk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsH57MA0G
CSqGSIb3DQEBCwUAA4IBAQCMoOmA6tVZs+QDLg4ZF744FO8PmxLgYkbAZIKkearG
LOZvrWglRszWbDRYlnv8LARB4oszBz99ckmI6MpL95A/Lyx7TqK5RWIps1H7Lscp
d3bNQZI5+KA+5g/4ko5RuXTSUObjKOli6ry3wZOYL1NQ+J3A79IKW7MMWsjiGkDj
dUOzfGyhGG2jiwdNXwPSimCK7r81ca/banE1g575tp2OI1xwMMsPlXl+PgT5D/BU
2sjd2zHFwj44Bls5+PTdX7NpWHLKrERmS9ruy1j9bhkLCaS1iisKQaZ/B5PXoqC+
7eQd4O2DPlbUDsUcohQTagQDsnckfBuyh++WMG1LENGZ
-----END CERTIFICATE-----