Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/kCGg57lqsn5R_T0U6vlFfa575Uk.roa
File:                     kCGg57lqsn5R_T0U6vlFfa575Uk.roa (raw, json)
Hash identifier:          MTKxuf/cX4UCoCa1GaeVHXlfcTF8xSWLo2ADx62wWDA=
Subject key identifier:   90:21:A0:E7:B9:6A:B2:7E:51:FD:3D:14:EA:F9:45:7D:AE:7B:E5:49
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       018CC94DAFBC35756B1773EA3AB30EDF44D6
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/kCGg57lqsn5R_T0U6vlFfa575Uk.roa
Signing time:             Tue 02 Jan 2024 08:32:40 +0000
ROA not before:           Tue 02 Jan 2024 08:32:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198192
IP address blocks:        84.232.124.0/24 maxlen: 24
                          88.148.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:af:bc:35:75:6b:17:73:ea:3a:b3:0e:df:44:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  2 08:32:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9021a0e7b96ab27e51fd3d14eaf9457dae7be549
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:8d:75:e8:01:a0:c8:f7:39:df:7d:78:c0:90:
                    2d:76:16:b7:65:4b:12:d2:5f:dc:9a:51:ad:a8:c8:
                    33:76:59:06:da:7f:2e:74:fd:cd:6b:08:1b:69:c7:
                    8d:a4:33:3c:e5:6e:f6:84:75:9a:be:ad:32:6f:68:
                    95:4f:bd:f3:b0:1c:ca:2a:e8:da:86:d8:1e:6d:08:
                    7c:9d:38:81:bd:e4:e5:c2:dc:ff:aa:93:3d:c0:98:
                    2d:ff:e2:39:a2:53:32:f0:e0:42:f1:93:97:f6:60:
                    e1:9c:60:7d:2e:ed:4c:37:43:8b:16:93:e7:bc:c1:
                    eb:b2:60:a0:8e:6a:ed:bb:7a:e5:4c:26:c5:38:72:
                    5c:a1:34:66:13:29:4b:2a:91:9a:d3:9a:39:34:7a:
                    0a:55:b3:c6:fb:77:c8:cb:b4:2c:76:87:fc:2f:5b:
                    fc:14:8c:b9:1b:43:3a:30:dd:80:69:c3:61:e9:d4:
                    d3:37:b0:69:76:42:ed:64:85:26:75:b4:8d:f7:b3:
                    25:9a:3f:a9:4f:cb:25:31:53:16:c7:9d:a9:d4:b9:
                    22:d5:07:d9:7d:9d:8e:98:70:34:d7:80:98:34:11:
                    d4:8e:49:99:76:56:1b:8c:a9:09:2a:95:cf:37:61:
                    af:03:b2:06:d6:c1:a1:44:75:98:cc:6f:e9:62:6c:
                    c1:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:21:A0:E7:B9:6A:B2:7E:51:FD:3D:14:EA:F9:45:7D:AE:7B:E5:49
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/kCGg57lqsn5R_T0U6vlFfa575Uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.232.124.0/24
                  88.148.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:34:ab:14:7c:94:cb:c4:21:f7:ea:0e:48:c8:10:d8:32:4a:
         53:7a:87:43:1c:2d:b1:59:d6:ae:af:71:71:fe:1c:d8:f4:5f:
         29:e5:c2:75:d5:88:ae:b2:61:b0:b6:a8:55:da:d3:43:71:95:
         7b:bd:14:da:b4:a4:e4:2d:5a:43:73:c6:14:62:94:01:cc:5a:
         a2:0a:4c:59:7a:72:bb:c1:62:b6:2d:49:42:c4:7c:64:94:6e:
         1f:20:36:54:01:59:3c:df:7e:f0:12:f0:53:e6:21:80:61:fc:
         63:1d:7d:40:8e:ff:2e:21:22:37:86:d7:9d:c8:43:89:99:3c:
         05:0f:09:7c:c0:7c:bc:46:6e:ee:d0:44:df:93:a0:f6:79:ac:
         33:d9:d3:12:e0:88:a5:5b:7e:46:d5:f7:8f:73:c9:d1:a4:b3:
         6c:9a:be:57:ae:f8:7a:ee:b0:33:22:bc:b6:e3:05:8e:f7:03:
         20:95:c2:02:20:d9:51:de:b2:b8:80:8d:0d:6c:67:4d:78:fe:
         34:44:ba:57:70:43:79:d1:c4:cf:44:fa:43:1f:55:6f:78:75:
         f0:aa:5a:88:62:37:9a:bb:93:90:1c:ed:00:a4:dc:2e:69:97:
         c6:08:6d:23:94:8c:a6:34:92:54:ec:f7:2f:71:7f:0b:b2:a8:
         0c:cf:8a:d5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTa+8NXVrF3PqOrMO30TWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjQwMTAyMDgzMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDIxYTBlN2I5NmFiMjdlNTFmZDNkMTRlYWY5NDU3ZGFlN2JlNTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqY116AGgyPc53314wJAtdha3ZUsS
0l/cmlGtqMgzdlkG2n8udP3NawgbaceNpDM85W72hHWavq0yb2iVT73zsBzKKuja
htgebQh8nTiBveTlwtz/qpM9wJgt/+I5olMy8OBC8ZOX9mDhnGB9Lu1MN0OLFpPn
vMHrsmCgjmrtu3rlTCbFOHJcoTRmEylLKpGa05o5NHoKVbPG+3fIy7Qsdof8L1v8
FIy5G0M6MN2AacNh6dTTN7BpdkLtZIUmdbSN97Mlmj+pT8slMVMWx52p1Lki1QfZ
fZ2OmHA014CYNBHUjkmZdlYbjKkJKpXPN2GvA7IG1sGhRHWYzG/pYmzBJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJAhoOe5arJ+Uf09FOr5RX2ue+VJMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEva0NHZzU3bHFzbjVSX1QwVTZ2bEZmYTU3NVVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVOh8AwQA
WJRKMA0GCSqGSIb3DQEBCwUAA4IBAQC1NKsUfJTLxCH36g5IyBDYMkpTeodDHC2x
Wdaur3Fx/hzY9F8p5cJ11YiusmGwtqhV2tNDcZV7vRTatKTkLVpDc8YUYpQBzFqi
CkxZenK7wWK2LUlCxHxklG4fIDZUAVk8337wEvBT5iGAYfxjHX1Ajv8uISI3hted
yEOJmTwFDwl8wHy8Rm7u0ETfk6D2eawz2dMS4IilW35G1fePc8nRpLNsmr5Xrvh6
7rAzIry24wWO9wMglcICINlR3rK4gI0NbGdNeP40RLpXcEN50cTPRPpDH1VveHXw
qlqIYjeau5OQHO0ApNwuaZfGCG0jlIymNJJU7PcvcX8LsqgMz4rV
-----END CERTIFICATE-----