Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/9a50f1-294b-48e4-beaf-1dcad8e68ed9/1/vkn5gONUx-f2w6Tq2MKxhzRigMs.roa
File:                     vkn5gONUx-f2w6Tq2MKxhzRigMs.roa (raw, json)
Hash identifier:          z/mH1g/upb7s/cBw0MlaAxR2HwY3KoOnpxu7v99G/GQ=
Subject key identifier:   BE:49:F9:80:E3:54:C7:E7:F6:C3:A4:EA:D8:C2:B1:87:34:62:80:CB
Certificate issuer:       /CN=9ed0c4ff4a90073288b97674694142721f5b8435
Certificate serial:       018CC9BC5868DF4A2147F60FE73E75CB4AA8
Authority key identifier: 9E:D0:C4:FF:4A:90:07:32:88:B9:76:74:69:41:42:72:1F:5B:84:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ntDE_0qQBzKIuXZ0aUFCch9bhDU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/9a50f1-294b-48e4-beaf-1dcad8e68ed9/1/vkn5gONUx-f2w6Tq2MKxhzRigMs.roa
Signing time:             Tue 02 Jan 2024 10:33:33 +0000
ROA not before:           Tue 02 Jan 2024 10:33:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        86.106.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/9a50f1-294b-48e4-beaf-1dcad8e68ed9/1/ntDE_0qQBzKIuXZ0aUFCch9bhDU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/9a50f1-294b-48e4-beaf-1dcad8e68ed9/1/ntDE_0qQBzKIuXZ0aUFCch9bhDU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ntDE_0qQBzKIuXZ0aUFCch9bhDU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 13:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:58:68:df:4a:21:47:f6:0f:e7:3e:75:cb:4a:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ed0c4ff4a90073288b97674694142721f5b8435
        Validity
            Not Before: Jan  2 10:33:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be49f980e354c7e7f6c3a4ead8c2b187346280cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:6e:aa:da:7a:d1:2a:b9:9f:50:f9:2c:12:6d:
                    17:3a:cf:e8:55:c2:b3:55:6f:05:8e:13:e0:c0:dc:
                    d6:d5:cd:44:2c:c5:4a:5b:f4:f2:48:87:ff:23:08:
                    76:8b:19:f7:a2:03:74:7a:8c:72:f1:e6:17:01:17:
                    b4:54:78:96:f8:bd:0d:b7:ab:1d:01:d1:53:f3:fe:
                    92:04:7d:77:26:38:90:24:4c:bf:b1:4d:03:00:7e:
                    6b:af:c6:25:8e:c7:ec:ff:8c:92:4b:60:bd:37:16:
                    f4:c0:e3:f3:ac:bf:15:0b:4f:02:87:55:69:7a:60:
                    71:93:49:d7:9b:c1:f8:28:75:1e:45:42:7b:7c:e5:
                    fb:4e:24:8f:da:71:22:6e:c6:a3:9d:64:0f:59:5e:
                    f2:8f:a3:79:e8:09:e8:38:b3:30:4f:31:60:51:00:
                    0f:c6:54:7b:87:2a:90:0f:27:95:60:b0:ab:e9:68:
                    fa:0c:d2:af:8c:dc:f0:36:eb:70:21:e2:a7:dd:77:
                    ae:19:ac:a2:bf:e5:9c:ef:fe:2b:5f:ea:35:6c:51:
                    e6:b0:7d:1f:a4:c3:25:32:70:06:2c:f0:5a:6d:2d:
                    8d:f7:99:f8:ac:c9:51:2f:fe:d0:39:5d:98:f3:7c:
                    57:b7:e8:60:48:50:9f:c7:f3:29:96:ee:21:03:63:
                    0d:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:49:F9:80:E3:54:C7:E7:F6:C3:A4:EA:D8:C2:B1:87:34:62:80:CB
            X509v3 Authority Key Identifier:
                keyid:9E:D0:C4:FF:4A:90:07:32:88:B9:76:74:69:41:42:72:1F:5B:84:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ntDE_0qQBzKIuXZ0aUFCch9bhDU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9a50f1-294b-48e4-beaf-1dcad8e68ed9/1/vkn5gONUx-f2w6Tq2MKxhzRigMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9a50f1-294b-48e4-beaf-1dcad8e68ed9/1/ntDE_0qQBzKIuXZ0aUFCch9bhDU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.106.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:ba:1f:02:9b:38:d9:06:84:65:9d:e9:e6:8c:3c:35:67:aa:
         7c:80:bc:e4:a2:b4:c5:45:f4:84:46:2d:6c:4e:5e:fd:f0:d4:
         02:33:25:0f:0c:5f:39:51:4e:c1:6e:da:81:6b:7a:ea:27:74:
         45:50:00:3c:4f:06:74:e5:0d:ad:e3:d2:b4:88:6f:24:13:01:
         32:28:c0:42:7f:97:0a:56:de:24:7b:99:af:66:44:31:3d:ec:
         91:ef:5e:b9:bc:07:fc:44:7e:b1:5b:dc:2b:f8:73:bb:aa:b4:
         03:91:38:61:29:d9:ac:36:33:a1:f9:93:b0:b7:ba:a6:ab:b4:
         36:8d:0d:d8:8a:57:d5:12:31:a5:65:2e:20:8a:2d:e7:ab:b6:
         48:eb:e5:87:57:f4:d2:c7:6b:cf:46:96:2c:81:84:e0:cd:e8:
         84:8a:28:f9:cf:64:d7:71:32:d0:2c:a9:4a:3f:ef:19:0a:30:
         a9:6a:f1:f4:4a:18:6b:b3:79:d1:07:58:43:9e:02:89:5b:bf:
         69:f0:3b:c3:3e:05:d6:0b:1b:0b:cd:72:18:75:6f:e1:29:82:
         f5:85:cf:2d:30:8a:74:c6:6d:12:ad:f3:74:ed:ad:c6:60:62:
         b9:cd:34:33:69:94:8e:ad:4c:c7:21:2a:24:dc:27:76:81:0c:
         ce:17:0e:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvFho30ohR/YP5z51y0qoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllZDBjNGZmNGE5MDA3MzI4OGI5NzY3NDY5NDE0MjcyMWY1
Yjg0MzUwHhcNMjQwMTAyMTAzMzMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTQ5Zjk4MGUzNTRjN2U3ZjZjM2E0ZWFkOGMyYjE4NzM0NjI4MGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxW6q2nrRKrmfUPksEm0XOs/oVcKz
VW8FjhPgwNzW1c1ELMVKW/TySIf/Iwh2ixn3ogN0eoxy8eYXARe0VHiW+L0Nt6sd
AdFT8/6SBH13JjiQJEy/sU0DAH5rr8Yljsfs/4ySS2C9Nxb0wOPzrL8VC08Ch1Vp
emBxk0nXm8H4KHUeRUJ7fOX7TiSP2nEibsajnWQPWV7yj6N56AnoOLMwTzFgUQAP
xlR7hyqQDyeVYLCr6Wj6DNKvjNzwNutwIeKn3XeuGayiv+Wc7/4rX+o1bFHmsH0f
pMMlMnAGLPBabS2N95n4rMlRL/7QOV2Y83xXt+hgSFCfx/Mplu4hA2MN/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL5J+YDjVMfn9sOk6tjCsYc0YoDLMB8GA1UdIwQY
MBaAFJ7QxP9KkAcyiLl2dGlBQnIfW4Q1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnRERV8wcVFCektJdVhaMGFVRkNjaDliaERVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi85YTUwZjEtMjk0Yi00OGU0LWJlYWYt
MWRjYWQ4ZTY4ZWQ5LzEvdmtuNWdPTlV4LWYydzZUcTJNS3hoelJpZ01zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi85YTUwZjEtMjk0Yi00OGU0LWJlYWYtMWRjYWQ4ZTY4ZWQ5
LzEvbnRERV8wcVFCektJdVhaMGFVRkNjaDliaERVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVmpNMA0G
CSqGSIb3DQEBCwUAA4IBAQANuh8CmzjZBoRlnenmjDw1Z6p8gLzkorTFRfSERi1s
Tl798NQCMyUPDF85UU7BbtqBa3rqJ3RFUAA8TwZ05Q2t49K0iG8kEwEyKMBCf5cK
Vt4ke5mvZkQxPeyR7165vAf8RH6xW9wr+HO7qrQDkThhKdmsNjOh+ZOwt7qmq7Q2
jQ3YilfVEjGlZS4gii3nq7ZI6+WHV/TSx2vPRpYsgYTgzeiEiij5z2TXcTLQLKlK
P+8ZCjCpavH0Shhrs3nRB1hDngKJW79p8DvDPgXWCxsLzXIYdW/hKYL1hc8tMIp0
xm0SrfN07a3GYGK5zTQzaZSOrUzHISok3Cd2gQzOFw5k
-----END CERTIFICATE-----