Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/AhY_gdjV3lDstMyTG5DG8psifOg.roa
File:                     AhY_gdjV3lDstMyTG5DG8psifOg.roa (raw, json)
Hash identifier:          qVPtDnOmOV8UdB+Ym7EPPYdXtQaSnEofF0PtRUcAggE=
Subject key identifier:   02:16:3F:81:D8:D5:DE:50:EC:B4:CC:93:1B:90:C6:F2:9B:22:7C:E8
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       01917622E1F72ECB49386AB1C0004C588790
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/AhY_gdjV3lDstMyTG5DG8psifOg.roa
Signing time:             Wed 21 Aug 2024 18:11:23 +0000
ROA not before:           Wed 21 Aug 2024 18:11:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     996
IP address blocks:        80.71.150.0/24 maxlen: 24
                          80.71.152.0/24 maxlen: 24
                          80.71.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:76:22:e1:f7:2e:cb:49:38:6a:b1:c0:00:4c:58:87:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Aug 21 18:11:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02163f81d8d5de50ecb4cc931b90c6f29b227ce8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:8d:20:50:9c:46:34:2b:51:c9:1a:ad:cb:26:
                    8d:4c:15:53:54:5d:14:f7:3c:32:09:96:05:9b:b9:
                    db:e3:09:3f:a1:dd:1d:02:63:e7:3c:5e:f6:34:6d:
                    0a:93:f0:be:a7:d2:34:76:d8:02:fd:08:3a:91:99:
                    20:b3:ed:dd:bf:81:88:8f:ac:32:bd:ed:e8:3a:36:
                    a2:6b:c8:4f:fb:3c:87:04:f9:86:b2:de:ff:9e:0c:
                    58:88:9d:06:3d:bd:41:20:8a:32:41:46:9e:cd:4b:
                    53:fe:7e:11:c9:8e:5d:a5:dc:02:00:78:29:79:5b:
                    8a:6c:cb:a6:9c:4d:d7:d2:6d:91:a7:76:af:90:e3:
                    4a:17:c5:7a:3d:b4:ff:22:ee:9f:5c:1d:6e:ee:ec:
                    d3:ff:c4:e3:d1:e5:1f:38:08:6b:1e:0d:8b:93:eb:
                    39:e1:91:90:b5:8a:73:40:fe:c9:0b:51:04:18:e7:
                    8c:26:0b:7f:3d:df:dd:0d:f3:e3:6b:7d:77:f1:07:
                    99:8f:b3:30:65:95:57:71:bc:68:47:7d:99:a3:b7:
                    04:a5:04:ac:1c:14:5a:db:f3:21:d6:08:90:c8:70:
                    43:ea:24:9c:bb:b4:88:94:40:18:55:88:af:cd:96:
                    ce:3b:84:65:5c:70:75:04:03:21:98:2e:ee:dd:ee:
                    78:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:16:3F:81:D8:D5:DE:50:EC:B4:CC:93:1B:90:C6:F2:9B:22:7C:E8
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/AhY_gdjV3lDstMyTG5DG8psifOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.150.0/24
                  80.71.152.0/24
                  80.71.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:92:53:df:33:e5:4b:c3:76:8c:ec:a9:7e:2a:22:7f:56:4b:
         15:f6:fa:b5:99:bc:bc:09:98:41:75:75:1b:f7:6a:b9:36:cc:
         a8:97:27:37:25:34:28:88:58:b0:35:4e:c5:66:9b:2c:35:27:
         67:2e:51:76:d4:db:f6:de:e4:36:b7:13:e5:8c:07:5e:74:0b:
         49:c1:b0:a2:eb:a2:e9:23:51:b8:9f:1a:f4:ee:6c:e9:9c:24:
         81:b2:dc:b6:94:56:7a:a2:a1:e7:32:2a:b8:f1:eb:65:1d:69:
         84:67:93:2d:0b:5c:59:30:32:c9:bf:8b:41:f2:c6:67:7e:2c:
         03:26:d3:a4:33:ff:ac:a8:a7:36:59:52:2a:b9:df:d7:c0:b8:
         40:1f:8c:cd:60:c8:53:f3:f8:4c:ed:fa:06:40:e0:a5:be:60:
         52:b3:08:b0:5b:0a:15:72:9b:bd:d8:38:d4:d5:a2:d3:9a:0b:
         04:3f:96:bd:7a:63:ce:fe:d9:38:2f:93:f1:a3:7c:bd:cc:c2:
         05:95:99:7e:bd:04:be:02:fc:5e:ff:4d:ac:e5:00:96:9a:ea:
         56:63:e4:40:fe:c5:f0:e0:32:b7:75:05:97:dc:7e:b9:ad:98:
         a9:d1:47:97:a5:c3:e6:b8:f7:5f:83:df:a9:e3:73:68:b5:83:
         81:59:08:26
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZF2IuH3LstJOGqxwABMWIeQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwODIxMTgxMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjE2M2Y4MWQ4ZDVkZTUwZWNiNGNjOTMxYjkwYzZmMjliMjI3Y2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmI0gUJxGNCtRyRqtyyaNTBVTVF0U
9zwyCZYFm7nb4wk/od0dAmPnPF72NG0Kk/C+p9I0dtgC/Qg6kZkgs+3dv4GIj6wy
ve3oOjaia8hP+zyHBPmGst7/ngxYiJ0GPb1BIIoyQUaezUtT/n4RyY5dpdwCAHgp
eVuKbMumnE3X0m2Rp3avkONKF8V6PbT/Iu6fXB1u7uzT/8Tj0eUfOAhrHg2Lk+s5
4ZGQtYpzQP7JC1EEGOeMJgt/Pd/dDfPja3138QeZj7MwZZVXcbxoR32Zo7cEpQSs
HBRa2/Mh1giQyHBD6iScu7SIlEAYVYivzZbOO4RlXHB1BAMhmC7u3e54gQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAIWP4HY1d5Q7LTMkxuQxvKbInzoMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvQWhZX2dkalYzbERzdE15VEc1REc4cHNpZk9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUEeWAwQA
UEeYAwQAUEefMA0GCSqGSIb3DQEBCwUAA4IBAQBXklPfM+VLw3aM7Kl+KiJ/VksV
9vq1mby8CZhBdXUb92q5Nsyolyc3JTQoiFiwNU7FZpssNSdnLlF21Nv23uQ2txPl
jAdedAtJwbCi66LpI1G4nxr07mzpnCSBsty2lFZ6oqHnMiq48etlHWmEZ5MtC1xZ
MDLJv4tB8sZnfiwDJtOkM/+sqKc2WVIqud/XwLhAH4zNYMhT8/hM7foGQOClvmBS
swiwWwoVcpu92DjU1aLTmgsEP5a9emPO/tk4L5Pxo3y9zMIFlZl+vQS+Avxe/02s
5QCWmupWY+RA/sXw4DK3dQWX3H65rZip0UeXpcPmuPdfg9+p43NotYOBWQgm
-----END CERTIFICATE-----