Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/ec25bd-219e-4d02-a532-0799a52a6387/1/sQ8gskyL-Imc2VtWM8KPVt0wV4g.roa
File:                     sQ8gskyL-Imc2VtWM8KPVt0wV4g.roa (raw, json)
Hash identifier:          UUQCzz3SduBR0VgHlMrKJSziTbHmfG7SF+KJxVSsK2A=
Subject key identifier:   B1:0F:20:B2:4C:8B:F8:89:9C:D9:5B:56:33:C2:8F:56:DD:30:57:88
Certificate issuer:       /CN=6a17de1887fcfa9244b931d96da82678c0147663
Certificate serial:       018CC8DF755BB8608BDD77250256053C2C31
Authority key identifier: 6A:17:DE:18:87:FC:FA:92:44:B9:31:D9:6D:A8:26:78:C0:14:76:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ahfeGIf8-pJEuTHZbagmeMAUdmM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/ec25bd-219e-4d02-a532-0799a52a6387/1/sQ8gskyL-Imc2VtWM8KPVt0wV4g.roa
Signing time:             Tue 02 Jan 2024 06:32:16 +0000
ROA not before:           Tue 02 Jan 2024 06:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35361
IP address blocks:        89.239.0.0/19 maxlen: 19
                          85.119.88.0/21 maxlen: 21
                          2a02:4000::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/ec25bd-219e-4d02-a532-0799a52a6387/1/ahfeGIf8-pJEuTHZbagmeMAUdmM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/ec25bd-219e-4d02-a532-0799a52a6387/1/ahfeGIf8-pJEuTHZbagmeMAUdmM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ahfeGIf8-pJEuTHZbagmeMAUdmM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:75:5b:b8:60:8b:dd:77:25:02:56:05:3c:2c:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a17de1887fcfa9244b931d96da82678c0147663
        Validity
            Not Before: Jan  2 06:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b10f20b24c8bf8899cd95b5633c28f56dd305788
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:20:f3:83:50:79:01:c2:ce:03:90:2a:24:6c:
                    1f:01:6e:e0:42:60:f5:b8:fd:da:a6:7c:99:6b:69:
                    23:84:75:80:cc:dd:98:0c:e0:7a:8b:87:f8:44:32:
                    6b:8a:33:76:d2:30:05:cf:b8:95:77:3b:00:5e:b9:
                    f2:0f:23:89:53:03:fb:97:42:24:50:6c:71:c8:2c:
                    52:00:8d:6e:db:54:bf:5f:57:d8:1e:69:9f:08:9c:
                    88:d3:c6:3f:fb:f1:c3:ca:76:40:bc:93:7e:d2:a4:
                    03:63:b3:fe:10:3b:fd:a0:0b:88:7f:23:96:61:14:
                    6e:9f:a5:93:c5:54:cd:7d:d6:00:f2:a1:f4:be:cf:
                    c2:17:85:c9:63:24:5c:f3:76:eb:a7:60:fb:61:22:
                    cf:4f:06:37:d8:21:f3:04:83:08:f0:81:a1:6e:72:
                    56:14:e0:09:ae:af:9b:33:33:ca:4a:31:ec:1e:a5:
                    be:ad:c2:37:7f:bf:6a:f5:a9:7d:cb:d4:f5:8b:f8:
                    38:87:c1:c0:86:67:d4:29:f7:ef:8e:98:bc:fe:f3:
                    84:2e:ed:83:b7:91:a3:af:d8:a6:a3:3a:cb:e8:2a:
                    b0:14:54:37:cb:99:e0:85:55:a7:0f:d7:d4:78:2d:
                    33:d1:ba:30:ef:74:78:b0:a7:e3:12:ca:0f:9f:57:
                    85:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:0F:20:B2:4C:8B:F8:89:9C:D9:5B:56:33:C2:8F:56:DD:30:57:88
            X509v3 Authority Key Identifier:
                keyid:6A:17:DE:18:87:FC:FA:92:44:B9:31:D9:6D:A8:26:78:C0:14:76:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ahfeGIf8-pJEuTHZbagmeMAUdmM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/ec25bd-219e-4d02-a532-0799a52a6387/1/sQ8gskyL-Imc2VtWM8KPVt0wV4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/ec25bd-219e-4d02-a532-0799a52a6387/1/ahfeGIf8-pJEuTHZbagmeMAUdmM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.119.88.0/21
                  89.239.0.0/19
                IPv6:
                  2a02:4000::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:23:87:ba:3f:08:4c:f1:69:37:29:3e:ee:39:23:c3:93:9e:
         0f:5a:4e:02:73:fb:20:5a:f7:b2:5b:3a:d6:0a:f0:9d:a7:21:
         0a:d4:d5:a1:41:e6:b2:be:52:86:b6:9b:5a:fe:52:47:8b:55:
         33:b5:d8:8c:ab:cb:04:1d:fd:d7:84:3a:d9:fe:e9:00:fd:df:
         da:3b:ea:51:14:d5:2e:e6:c5:27:39:e6:4c:22:f2:3b:94:24:
         39:af:1d:6c:21:68:17:05:5e:a4:6b:91:c1:67:0b:c7:88:25:
         5e:e6:d0:10:43:3e:92:74:52:f0:d7:e2:55:79:c9:76:c8:05:
         a6:86:d7:b3:98:9b:6d:3a:fb:36:12:77:39:73:48:ce:1e:ac:
         87:20:b0:99:13:9d:58:1e:94:1e:af:22:e5:9c:0c:e6:9a:81:
         35:07:1f:ec:54:10:21:52:03:dd:6f:40:ae:b7:2b:fc:2e:a5:
         1c:85:f4:b7:a2:67:2e:2e:16:08:2a:6e:87:87:31:6b:4e:62:
         78:37:5c:d9:50:d1:9f:f8:39:5e:78:c2:d3:e9:f5:a4:65:2e:
         ea:c6:82:de:8d:02:30:bc:c1:f1:df:e3:3b:c9:33:37:cf:87:
         ef:66:b7:7f:ee:7d:84:4c:f4:c3:9a:84:ba:d0:ee:d6:93:36:
         d4:b1:7a:0f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzI33VbuGCL3XclAlYFPCwxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhMTdkZTE4ODdmY2ZhOTI0NGI5MzFkOTZkYTgyNjc4YzAx
NDc2NjMwHhcNMjQwMTAyMDYzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTBmMjBiMjRjOGJmODg5OWNkOTViNTYzM2MyOGY1NmRkMzA1Nzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiDzg1B5AcLOA5AqJGwfAW7gQmD1
uP3apnyZa2kjhHWAzN2YDOB6i4f4RDJrijN20jAFz7iVdzsAXrnyDyOJUwP7l0Ik
UGxxyCxSAI1u21S/X1fYHmmfCJyI08Y/+/HDynZAvJN+0qQDY7P+EDv9oAuIfyOW
YRRun6WTxVTNfdYA8qH0vs/CF4XJYyRc83brp2D7YSLPTwY32CHzBIMI8IGhbnJW
FOAJrq+bMzPKSjHsHqW+rcI3f79q9al9y9T1i/g4h8HAhmfUKffvjpi8/vOELu2D
t5Gjr9imozrL6CqwFFQ3y5nghVWnD9fUeC0z0bow73R4sKfjEsoPn1eF0wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLEPILJMi/iJnNlbVjPCj1bdMFeIMB8GA1UdIwQY
MBaAFGoX3hiH/PqSRLkx2W2oJnjAFHZjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWhmZUdJZjgtcEpFdVRIWmJhZ21lTUFVZG1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9lYzI1YmQtMjE5ZS00ZDAyLWE1MzIt
MDc5OWE1MmE2Mzg3LzEvc1E4Z3NreUwtSW1jMlZ0V004S1BWdDB3VjRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9lYzI1YmQtMjE5ZS00ZDAyLWE1MzItMDc5OWE1MmE2Mzg3
LzEvYWhmZUdJZjgtcEpFdVRIWmJhZ21lTUFVZG1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDVXdYAwQF
We8AMA0EAgACMAcDBQAqAkAAMA0GCSqGSIb3DQEBCwUAA4IBAQAyI4e6PwhM8Wk3
KT7uOSPDk54PWk4Cc/sgWveyWzrWCvCdpyEK1NWhQeayvlKGtpta/lJHi1UztdiM
q8sEHf3XhDrZ/ukA/d/aO+pRFNUu5sUnOeZMIvI7lCQ5rx1sIWgXBV6ka5HBZwvH
iCVe5tAQQz6SdFLw1+JVecl2yAWmhtezmJttOvs2Enc5c0jOHqyHILCZE51YHpQe
ryLlnAzmmoE1Bx/sVBAhUgPdb0Cutyv8LqUchfS3omcuLhYIKm6HhzFrTmJ4N1zZ
UNGf+DleeMLT6fWkZS7qxoLejQIwvMHx3+M7yTM3z4fvZrd/7n2ETPTDmoS60O7W
kzbUsXoP
-----END CERTIFICATE-----