Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/g9ix0MukKOx3zrmeoUpfUm6swQs.roa
File:                     g9ix0MukKOx3zrmeoUpfUm6swQs.roa (raw, json)
Hash identifier:          AKSALheN6VReooa2VKrbZc0/8QRKQwSjDBYGwes0Phk=
Subject key identifier:   83:D8:B1:D0:CB:A4:28:EC:77:CE:B9:9E:A1:4A:5F:52:6E:AC:C1:0B
Certificate issuer:       /CN=a865bae25778beed8880c08df2d3f37fc37abc1e
Certificate serial:       018CCA2BCF5A82F7FD9062A02B7E44750E61
Authority key identifier: A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/g9ix0MukKOx3zrmeoUpfUm6swQs.roa
Signing time:             Tue 02 Jan 2024 12:35:17 +0000
ROA not before:           Tue 02 Jan 2024 12:35:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202538
IP address blocks:        212.79.122.0/24 maxlen: 24
                          212.87.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:cf:5a:82:f7:fd:90:62:a0:2b:7e:44:75:0e:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a865bae25778beed8880c08df2d3f37fc37abc1e
        Validity
            Not Before: Jan  2 12:35:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83d8b1d0cba428ec77ceb99ea14a5f526eacc10b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:39:f0:6e:20:ff:7d:49:b7:99:b2:fa:c0:48:
                    17:44:08:e3:69:af:a3:a6:ec:6a:56:f2:24:fa:89:
                    22:8d:f3:99:f7:2d:74:91:97:ec:f6:87:a3:e9:40:
                    65:42:b4:47:ca:6d:56:fc:5a:eb:a3:67:9a:ac:c6:
                    e5:bc:06:86:d1:0a:17:79:2d:1a:65:f8:38:59:8e:
                    1f:e6:a7:26:70:35:80:2a:82:35:33:c4:a4:30:3a:
                    83:fb:c7:ba:89:ea:13:c8:e2:5f:ab:ba:fb:cb:bd:
                    22:62:d1:58:9d:df:9f:52:f1:49:41:f0:04:fd:a8:
                    e2:6f:60:cb:81:d8:0d:76:6c:56:5a:2c:02:1e:45:
                    b4:10:7f:6f:1c:a1:47:74:3b:63:64:41:a3:cb:c8:
                    c2:70:4e:6c:c1:06:f8:76:84:af:bf:84:49:46:70:
                    8b:d6:37:b5:2b:49:0b:41:94:95:29:55:5e:dd:dd:
                    24:4f:09:e8:54:0a:e5:01:23:f0:f8:fa:08:46:34:
                    d0:ed:15:e0:17:b7:de:93:17:c5:82:c9:7e:ff:dd:
                    12:5d:21:8c:d1:ce:e9:ee:cc:57:1d:8d:ae:a5:c1:
                    fd:32:3a:ab:cc:30:5f:3c:ef:de:7f:9c:7e:f2:9f:
                    4d:b7:be:30:15:20:0e:a4:41:46:04:53:7e:22:5b:
                    17:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:D8:B1:D0:CB:A4:28:EC:77:CE:B9:9E:A1:4A:5F:52:6E:AC:C1:0B
            X509v3 Authority Key Identifier:
                keyid:A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/g9ix0MukKOx3zrmeoUpfUm6swQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.79.122.0/24
                  212.87.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:b3:5b:44:02:68:78:6c:92:1f:cd:7d:2f:4d:11:62:c4:83:
         44:86:0b:20:ea:d9:b1:8c:15:dc:74:ec:b9:17:f5:ad:d0:05:
         e4:40:a4:6a:ca:5e:e7:63:c5:3a:79:94:90:00:8e:8f:71:f2:
         f9:6e:e8:a9:21:ee:27:7e:d7:d7:ed:18:18:6b:f8:83:7f:7c:
         0d:bd:d5:ce:bc:63:7d:7a:b9:a0:38:14:e7:df:b1:31:30:fc:
         2c:8d:a5:74:55:40:6e:c7:6d:c1:98:29:c0:b9:74:ae:b6:f0:
         bf:39:52:cb:4f:4b:6e:71:1c:38:5e:e7:86:aa:6a:fc:3e:de:
         ff:73:d4:70:7b:e7:f4:d0:60:47:66:9d:6e:f3:a3:bb:62:65:
         e7:d8:37:25:b8:9e:9d:3f:53:57:b0:0b:bb:0b:ab:4d:d6:b1:
         c9:d0:4e:0a:04:eb:21:aa:3e:6a:02:4d:6f:f7:d7:94:52:c5:
         b0:9c:be:d5:02:e4:cc:e4:bb:db:02:1b:1a:a1:5e:2c:4b:31:
         ce:63:2a:44:7e:d7:df:00:86:76:30:8d:46:94:04:46:63:f1:
         70:b2:b8:92:ae:e2:ac:e8:a6:57:58:0b:94:1e:66:51:66:0c:
         6f:24:37:d6:50:41:43:d9:88:0f:93:44:1b:62:9b:f1:00:7a:
         be:54:fc:68
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKK89agvf9kGKgK35EdQ5hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjViYWUyNTc3OGJlZWQ4ODgwYzA4ZGYyZDNmMzdmYzM3
YWJjMWUwHhcNMjQwMTAyMTIzNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2Q4YjFkMGNiYTQyOGVjNzdjZWI5OWVhMTRhNWY1MjZlYWNjMTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DnwbiD/fUm3mbL6wEgXRAjjaa+j
puxqVvIk+okijfOZ9y10kZfs9oej6UBlQrRHym1W/Frro2earMblvAaG0QoXeS0a
Zfg4WY4f5qcmcDWAKoI1M8SkMDqD+8e6ieoTyOJfq7r7y70iYtFYnd+fUvFJQfAE
/ajib2DLgdgNdmxWWiwCHkW0EH9vHKFHdDtjZEGjy8jCcE5swQb4doSvv4RJRnCL
1je1K0kLQZSVKVVe3d0kTwnoVArlASPw+PoIRjTQ7RXgF7fekxfFgsl+/90SXSGM
0c7p7sxXHY2upcH9MjqrzDBfPO/ef5x+8p9Nt74wFSAOpEFGBFN+IlsXuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIPYsdDLpCjsd865nqFKX1JurMELMB8GA1UdIwQY
MBaAFKhluuJXeL7tiIDAjfLT83/DerweMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTkt
MWI2Zjc1MGNmOWEyLzEvZzlpeDBNdWtLT3gzenJtZW9VcGZVbTZzd1FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTktMWI2Zjc1MGNmOWEy
LzEvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1E96AwQA
1FepMA0GCSqGSIb3DQEBCwUAA4IBAQCDs1tEAmh4bJIfzX0vTRFixINEhgsg6tmx
jBXcdOy5F/Wt0AXkQKRqyl7nY8U6eZSQAI6PcfL5buipIe4nftfX7RgYa/iDf3wN
vdXOvGN9ermgOBTn37ExMPwsjaV0VUBux23BmCnAuXSutvC/OVLLT0tucRw4XueG
qmr8Pt7/c9Rwe+f00GBHZp1u86O7YmXn2DcluJ6dP1NXsAu7C6tN1rHJ0E4KBOsh
qj5qAk1v99eUUsWwnL7VAuTM5LvbAhsaoV4sSzHOYypEftffAIZ2MI1GlARGY/Fw
sriSruKs6KZXWAuUHmZRZgxvJDfWUEFD2YgPk0QbYpvxAHq+VPxo
-----END CERTIFICATE-----