Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/W86APHniX1uZcdWa2Pvs6Rj-Ebo.roa
File:                     W86APHniX1uZcdWa2Pvs6Rj-Ebo.roa (raw, json)
Hash identifier:          6dTm+lZ7dsRDVqXDdD4O3h8NxwSEUt9qj9iVCx6qjXs=
Subject key identifier:   5B:CE:80:3C:79:E2:5F:5B:99:71:D5:9A:D8:FB:EC:E9:18:FE:11:BA
Certificate issuer:       /CN=8d11cb015df9baab61228dbbce17dd4e00e63c13
Certificate serial:       018CC3B6D3CD275276BFD73F20A5A4D381B2
Authority key identifier: 8D:11:CB:01:5D:F9:BA:AB:61:22:8D:BB:CE:17:DD:4E:00:E6:3C:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/W86APHniX1uZcdWa2Pvs6Rj-Ebo.roa
Signing time:             Mon 01 Jan 2024 06:29:48 +0000
ROA not before:           Mon 01 Jan 2024 06:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197328
IP address blocks:        178.171.36.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/jRHLAV35uqthIo27zhfdTgDmPBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/jRHLAV35uqthIo27zhfdTgDmPBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d3:cd:27:52:76:bf:d7:3f:20:a5:a4:d3:81:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d11cb015df9baab61228dbbce17dd4e00e63c13
        Validity
            Not Before: Jan  1 06:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5bce803c79e25f5b9971d59ad8fbece918fe11ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:bf:f7:44:23:c7:ef:4d:39:98:f9:a2:b8:85:
                    9f:12:fd:34:4c:f9:58:d1:c9:2d:2d:93:26:f1:1c:
                    7b:82:3a:3f:f6:b1:ad:c2:f9:a5:a1:1c:8d:68:82:
                    39:aa:26:9b:d3:70:2e:9b:39:52:31:5d:c6:89:ad:
                    fb:01:19:e6:1d:e9:54:72:24:7d:c4:a2:2f:3e:52:
                    ad:1e:2d:88:e0:98:ab:ff:d9:df:ad:0e:0f:22:db:
                    a6:51:79:9c:0e:a1:1c:52:04:15:e2:3d:72:85:7a:
                    51:12:c0:39:b1:ea:78:93:cc:8c:04:16:95:46:d9:
                    97:f7:6c:69:f0:39:b4:62:a7:bd:57:ec:92:aa:d1:
                    be:c7:62:72:69:5c:c1:53:5a:80:65:b3:36:c2:87:
                    bd:23:b6:83:22:0c:3f:bb:19:13:9f:0e:9f:72:12:
                    30:11:0c:0a:86:49:10:bc:66:18:08:d5:a0:95:83:
                    60:a1:80:76:25:f9:9a:5d:4a:0e:7f:8c:79:70:f7:
                    8c:e8:a6:5d:03:9b:8f:b9:39:d5:40:24:36:75:40:
                    a3:5a:9d:6e:54:e7:00:47:49:1c:66:2e:1f:b3:97:
                    f2:d7:2b:08:14:b7:ad:b4:5a:c8:90:82:8b:2f:4d:
                    c5:87:b0:cc:0d:16:cd:f9:54:40:19:5d:2d:65:ab:
                    f4:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:CE:80:3C:79:E2:5F:5B:99:71:D5:9A:D8:FB:EC:E9:18:FE:11:BA
            X509v3 Authority Key Identifier:
                keyid:8D:11:CB:01:5D:F9:BA:AB:61:22:8D:BB:CE:17:DD:4E:00:E6:3C:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/W86APHniX1uZcdWa2Pvs6Rj-Ebo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/jRHLAV35uqthIo27zhfdTgDmPBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.171.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:1f:70:fd:53:1b:a9:8e:12:b2:aa:5d:a9:4f:1c:2e:f4:07:
         11:7f:97:0b:bf:42:d8:90:69:4b:d9:75:2f:c0:2c:3d:2e:f9:
         57:82:14:d7:78:8c:37:ae:c3:75:d1:2f:09:15:a4:75:1e:b5:
         09:36:81:bb:85:6a:54:a7:34:6d:4b:4b:ea:67:c9:5b:65:e9:
         ee:b1:95:9a:ee:66:0e:6f:1b:c7:c3:05:bf:e2:42:f7:9a:88:
         60:40:4f:f8:cd:d3:d8:32:ce:d4:a9:3d:e2:fa:0c:e7:a7:b2:
         12:c5:fa:f7:f8:01:9e:0a:2b:35:29:8f:26:5b:fa:23:c3:4e:
         5c:b7:90:8a:aa:a7:8a:fe:2c:f0:4f:9a:75:df:2a:15:14:d4:
         51:b4:23:70:c6:e4:ef:a3:bc:19:30:22:ba:e0:61:8f:2e:d7:
         89:0e:3f:99:61:92:89:8b:a7:66:72:7e:ad:1b:0e:92:42:47:
         d4:2c:06:a8:13:cd:3a:19:a5:29:28:08:33:f9:cd:9c:03:c3:
         01:71:86:93:1f:b3:c0:53:cc:37:ba:94:0d:50:67:b3:7f:e7:
         1a:75:ea:72:26:56:80:65:3d:8d:2d:17:3b:75:47:ac:78:39:
         fc:8b:f7:1a:c0:e8:a3:37:e9:71:f3:c1:c0:64:cb:44:a3:67:
         c7:6d:fd:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttPNJ1J2v9c/IKWk04GyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMTFjYjAxNWRmOWJhYWI2MTIyOGRiYmNlMTdkZDRlMDBl
NjNjMTMwHhcNMjQwMTAxMDYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmNlODAzYzc5ZTI1ZjViOTk3MWQ1OWFkOGZiZWNlOTE4ZmUxMWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7/3RCPH7005mPmiuIWfEv00TPlY
0cktLZMm8Rx7gjo/9rGtwvmloRyNaII5qiab03AumzlSMV3Gia37ARnmHelUciR9
xKIvPlKtHi2I4Jir/9nfrQ4PItumUXmcDqEcUgQV4j1yhXpREsA5sep4k8yMBBaV
RtmX92xp8Dm0Yqe9V+ySqtG+x2JyaVzBU1qAZbM2woe9I7aDIgw/uxkTnw6fchIw
EQwKhkkQvGYYCNWglYNgoYB2JfmaXUoOf4x5cPeM6KZdA5uPuTnVQCQ2dUCjWp1u
VOcAR0kcZi4fs5fy1ysIFLettFrIkIKLL03Fh7DMDRbN+VRAGV0tZav0eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvOgDx54l9bmXHVmtj77OkY/hG6MB8GA1UdIwQY
MBaAFI0RywFd+bqrYSKNu84X3U4A5jwTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJITEFWMzV1cXRoSW8yN3poZmRUZ0RtUEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni81ZDg5MTUtYzQ0OC00MGU3LThjYWEt
YmE3NzFmZmQyNjljLzEvVzg2QVBIbmlYMXVaY2RXYTJQdnM2UmotRWJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni81ZDg5MTUtYzQ0OC00MGU3LThjYWEtYmE3NzFmZmQyNjlj
LzEvalJITEFWMzV1cXRoSW8yN3poZmRUZ0RtUEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsqskMA0G
CSqGSIb3DQEBCwUAA4IBAQCQH3D9UxupjhKyql2pTxwu9AcRf5cLv0LYkGlL2XUv
wCw9LvlXghTXeIw3rsN10S8JFaR1HrUJNoG7hWpUpzRtS0vqZ8lbZenusZWa7mYO
bxvHwwW/4kL3mohgQE/4zdPYMs7UqT3i+gznp7ISxfr3+AGeCis1KY8mW/ojw05c
t5CKqqeK/izwT5p13yoVFNRRtCNwxuTvo7wZMCK64GGPLteJDj+ZYZKJi6dmcn6t
Gw6SQkfULAaoE806GaUpKAgz+c2cA8MBcYaTH7PAU8w3upQNUGezf+cadepyJlaA
ZT2NLRc7dUeseDn8i/cawOijN+lx88HAZMtEo2fHbf2A
-----END CERTIFICATE-----