Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/8mFOo6DhIudSk_vo-Muowo2cSz4.roa
File:                     8mFOo6DhIudSk_vo-Muowo2cSz4.roa (raw, json)
Hash identifier:          LpvKcOnYUjyuzgyAAPtZMwoJqM22rsKZ3/VIrDMC4Vc=
Subject key identifier:   F2:61:4E:A3:A0:E1:22:E7:52:93:FB:E8:F8:CB:A8:C2:8D:9C:4B:3E
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018CC424F4049EBA55EC1952C1DAC5626C28
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/8mFOo6DhIudSk_vo-Muowo2cSz4.roa
Signing time:             Mon 01 Jan 2024 08:30:05 +0000
ROA not before:           Mon 01 Jan 2024 08:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51791
IP address blocks:        185.88.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 03:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:f4:04:9e:ba:55:ec:19:52:c1:da:c5:62:6c:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 08:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2614ea3a0e122e75293fbe8f8cba8c28d9c4b3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:8b:bf:ce:66:35:f1:3c:6d:cc:4f:2d:8a:df:
                    83:76:e2:6c:f4:e8:65:1d:94:3f:5f:f9:36:11:f4:
                    9f:cc:bd:d6:af:3b:b3:ad:80:2a:7f:08:0b:ee:12:
                    c4:3c:a3:de:5a:d7:a4:19:3f:b6:7c:1d:05:82:dd:
                    09:64:2e:e2:9a:98:30:a6:52:7c:ae:50:6b:80:c1:
                    36:ec:a9:e5:75:68:43:57:75:49:0c:26:42:d1:e1:
                    57:52:a8:6d:b6:c6:34:17:92:ef:56:a2:24:f8:d8:
                    db:3d:e0:3c:b9:1c:90:e5:38:04:9c:9d:a1:f1:91:
                    b9:23:b1:b1:6e:22:86:e7:17:5d:77:7c:22:0c:58:
                    13:f7:68:89:8a:76:46:8d:f3:b5:58:aa:50:70:43:
                    b2:0b:3a:bc:35:6e:95:3e:e5:0a:c1:3d:10:bf:53:
                    06:23:46:86:ea:2e:5f:02:16:69:c0:b6:87:55:63:
                    8c:ea:02:b5:ad:f7:d2:2f:4c:fd:15:e9:62:0e:dd:
                    4d:cb:a1:93:ec:f4:65:73:94:55:3b:1c:bc:fb:49:
                    ae:d2:cb:eb:32:ea:43:c8:2e:e2:5e:aa:41:da:d7:
                    92:47:9e:8c:be:0f:44:e0:38:3b:3c:96:2c:58:58:
                    9f:ab:d5:28:32:da:aa:f9:80:99:0e:1a:37:62:f7:
                    7e:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:61:4E:A3:A0:E1:22:E7:52:93:FB:E8:F8:CB:A8:C2:8D:9C:4B:3E
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/8mFOo6DhIudSk_vo-Muowo2cSz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:4d:a4:0a:88:d2:e1:87:a2:59:18:19:18:81:a5:71:8f:c6:
         41:d1:6c:c4:9f:0f:eb:9f:df:5d:c8:6f:1e:6b:22:56:14:74:
         7c:1b:ed:a4:a8:47:52:5c:f7:ae:27:ed:bd:53:b8:34:d2:54:
         08:e9:02:da:6f:3d:b5:c3:34:64:bf:23:ac:be:74:cb:e0:d7:
         cc:01:4b:ab:9f:83:ee:c3:ef:0f:52:b9:92:1f:3c:85:67:9f:
         30:1b:6f:18:06:ca:68:11:6f:32:e6:8c:6b:71:12:a7:7b:76:
         4c:28:e5:48:a7:5b:ab:e7:30:a3:0e:1b:92:1e:61:ea:75:52:
         d8:4d:93:76:25:77:78:86:86:28:a1:ba:81:7a:d9:35:83:37:
         4d:6f:e9:97:15:7a:74:18:ca:3d:41:2c:b5:83:ad:a2:5b:88:
         db:ca:16:44:ae:e9:f5:0f:22:47:78:e0:36:80:52:21:5b:3c:
         dd:58:be:4b:33:9f:1c:e0:5a:dd:66:d4:2d:29:61:64:eb:c7:
         77:25:99:32:7a:1f:d9:66:26:5f:d0:51:cd:63:2c:58:00:74:
         00:ce:cc:fb:67:4c:29:66:26:a9:6c:35:83:5f:65:21:0d:f0:
         74:4e:dc:18:bc:e4:a7:d5:65:2b:b8:e0:d0:6a:ae:03:98:79:
         79:51:05:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJPQEnrpV7BlSwdrFYmwoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMTAxMDgzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjYxNGVhM2EwZTEyMmU3NTI5M2ZiZThmOGNiYThjMjhkOWM0YjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhou/zmY18TxtzE8tit+DduJs9Ohl
HZQ/X/k2EfSfzL3WrzuzrYAqfwgL7hLEPKPeWtekGT+2fB0Fgt0JZC7impgwplJ8
rlBrgME27KnldWhDV3VJDCZC0eFXUqhttsY0F5LvVqIk+NjbPeA8uRyQ5TgEnJ2h
8ZG5I7GxbiKG5xddd3wiDFgT92iJinZGjfO1WKpQcEOyCzq8NW6VPuUKwT0Qv1MG
I0aG6i5fAhZpwLaHVWOM6gK1rffSL0z9FeliDt1Ny6GT7PRlc5RVOxy8+0mu0svr
MupDyC7iXqpB2teSR56Mvg9E4Dg7PJYsWFifq9UoMtqq+YCZDho3Yvd+uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJhTqOg4SLnUpP76PjLqMKNnEs+MB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvOG1GT282RGhJdWRTa192by1NdW93bzJjU3o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuViuMA0G
CSqGSIb3DQEBCwUAA4IBAQByTaQKiNLhh6JZGBkYgaVxj8ZB0WzEnw/rn99dyG8e
ayJWFHR8G+2kqEdSXPeuJ+29U7g00lQI6QLabz21wzRkvyOsvnTL4NfMAUurn4Pu
w+8PUrmSHzyFZ58wG28YBspoEW8y5oxrcRKne3ZMKOVIp1ur5zCjDhuSHmHqdVLY
TZN2JXd4hoYoobqBetk1gzdNb+mXFXp0GMo9QSy1g62iW4jbyhZErun1DyJHeOA2
gFIhWzzdWL5LM58c4FrdZtQtKWFk68d3JZkyeh/ZZiZf0FHNYyxYAHQAzsz7Z0wp
ZiapbDWDX2UhDfB0TtwYvOSn1WUruODQaq4DmHl5UQWT
-----END CERTIFICATE-----