Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/NI8EIpLNyXvkps8FaloX-nUgNY0.roa
File:                     NI8EIpLNyXvkps8FaloX-nUgNY0.roa (raw, json)
Hash identifier:          O1+gk36+/YKlL+NfXUy4LjdFB3IqusdA12lEeEEwV+o=
Subject key identifier:   34:8F:04:22:92:CD:C9:7B:E4:A6:CF:05:6A:5A:17:FA:75:20:35:8D
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       018CCA2A37999763C71784F199B0DEEA0AA3
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/NI8EIpLNyXvkps8FaloX-nUgNY0.roa
Signing time:             Tue 02 Jan 2024 12:33:33 +0000
ROA not before:           Tue 02 Jan 2024 12:33:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209043
IP address blocks:        185.65.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:37:99:97:63:c7:17:84:f1:99:b0:de:ea:0a:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Jan  2 12:33:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=348f042292cdc97be4a6cf056a5a17fa7520358d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:27:9a:cf:6d:71:83:cd:1b:38:59:0f:4c:2e:
                    ff:cd:c1:a0:e2:5a:59:bf:10:28:98:b0:54:63:e0:
                    13:38:88:7f:79:3a:ca:4c:83:c3:ba:0a:cc:35:0a:
                    ea:b0:09:b7:a4:a5:81:2c:8f:a0:96:69:cb:45:f9:
                    38:d6:9b:fe:09:c5:3e:09:41:df:d2:cf:80:50:91:
                    27:7d:77:d4:20:7b:24:43:3f:7e:68:af:d1:02:cc:
                    60:bd:f4:1d:ca:55:df:9c:38:e4:51:60:eb:4e:af:
                    72:08:7f:05:94:0f:d2:cd:75:c9:b4:45:15:63:96:
                    db:70:72:a2:18:41:3a:44:a1:e3:4a:4b:67:55:74:
                    a0:77:94:e1:62:f7:50:1e:d9:3f:4e:c1:59:14:9b:
                    c6:70:66:f1:d1:03:05:80:4a:6b:a5:73:1f:ed:5c:
                    ae:17:b7:b7:8f:be:1e:81:b1:4d:eb:d4:d2:d3:dd:
                    6a:02:5e:47:c0:59:6b:ed:10:6c:bb:a1:b8:42:0d:
                    4d:72:c9:2f:10:45:20:5a:bc:f2:ea:5c:cf:65:c4:
                    b0:f3:a9:f5:ee:d7:ee:73:fb:3b:44:1a:0d:64:3e:
                    a2:6f:51:16:c2:bb:66:41:aa:a9:a6:08:dd:76:34:
                    6d:09:71:12:33:db:0f:20:fa:af:ec:4f:fa:33:c1:
                    1d:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:8F:04:22:92:CD:C9:7B:E4:A6:CF:05:6A:5A:17:FA:75:20:35:8D
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/NI8EIpLNyXvkps8FaloX-nUgNY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:68:20:1a:58:06:12:0f:38:cd:d4:38:6a:ee:bf:f5:68:f7:
         e4:06:2c:8b:0a:5d:99:2e:e4:1d:a9:9e:86:86:e1:a4:a2:c9:
         67:b5:95:f2:4b:b0:48:01:a5:fa:2a:f0:b4:07:95:c7:1d:45:
         0e:a9:48:52:85:82:92:19:9c:c0:00:a7:d6:b0:de:9b:d7:aa:
         0f:2b:1f:74:31:33:19:56:9f:5e:69:93:6d:af:35:a5:8e:dc:
         54:87:a0:13:a4:b7:a8:d6:d6:f4:cd:25:ee:05:e5:2c:d2:af:
         6a:a8:d9:50:31:9b:ef:da:8f:6a:6f:0f:48:a4:1f:0f:c8:00:
         be:75:6d:27:9d:96:7b:19:dc:d7:3c:48:ab:83:cc:72:88:cb:
         80:61:7e:02:20:b9:b0:af:7b:0f:36:f6:d0:66:31:d1:78:df:
         a5:53:22:ea:c8:0a:73:89:09:0f:2f:bd:d8:2d:27:0e:1c:80:
         92:b4:5f:3b:5a:02:e7:ac:70:bf:70:6e:7d:ea:8f:d6:de:6e:
         5a:7b:b1:58:e1:6c:68:ab:1e:17:cb:3a:aa:fc:b6:b6:d4:d8:
         37:eb:0e:90:d0:f0:fe:b9:12:a9:d8:ba:c9:fa:28:59:dd:91:
         21:a8:8b:60:09:ed:9d:83:a6:89:28:94:be:e2:56:d0:da:7f:
         7d:52:ae:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKjeZl2PHF4TxmbDe6gqjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwMTAyMTIzMzMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDhmMDQyMjkyY2RjOTdiZTRhNmNmMDU2YTVhMTdmYTc1MjAzNThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuieaz21xg80bOFkPTC7/zcGg4lpZ
vxAomLBUY+ATOIh/eTrKTIPDugrMNQrqsAm3pKWBLI+glmnLRfk41pv+CcU+CUHf
0s+AUJEnfXfUIHskQz9+aK/RAsxgvfQdylXfnDjkUWDrTq9yCH8FlA/SzXXJtEUV
Y5bbcHKiGEE6RKHjSktnVXSgd5ThYvdQHtk/TsFZFJvGcGbx0QMFgEprpXMf7Vyu
F7e3j74egbFN69TS091qAl5HwFlr7RBsu6G4Qg1NcskvEEUgWrzy6lzPZcSw86n1
7tfuc/s7RBoNZD6ib1EWwrtmQaqppgjddjRtCXESM9sPIPqv7E/6M8EdaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSPBCKSzcl75KbPBWpaF/p1IDWNMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvTkk4RUlwTE55WHZrcHM4RmFsb1gtblVnTlkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUE/MA0G
CSqGSIb3DQEBCwUAA4IBAQAFaCAaWAYSDzjN1Dhq7r/1aPfkBiyLCl2ZLuQdqZ6G
huGkoslntZXyS7BIAaX6KvC0B5XHHUUOqUhShYKSGZzAAKfWsN6b16oPKx90MTMZ
Vp9eaZNtrzWljtxUh6ATpLeo1tb0zSXuBeUs0q9qqNlQMZvv2o9qbw9IpB8PyAC+
dW0nnZZ7GdzXPEirg8xyiMuAYX4CILmwr3sPNvbQZjHReN+lUyLqyApziQkPL73Y
LScOHICStF87WgLnrHC/cG596o/W3m5ae7FY4Wxoqx4Xyzqq/La21Ng36w6Q0PD+
uRKp2LrJ+ihZ3ZEhqItgCe2dg6aJKJS+4lbQ2n99Uq4E
-----END CERTIFICATE-----