Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/fD8E8A0sQR2MWdNFfcD-BAFnboI.roa
File:                     fD8E8A0sQR2MWdNFfcD-BAFnboI.roa (raw, json)
Hash identifier:          Xeu0Bc+3H8ET3ldgLZi5OuvqTT9anGF5psIxrujIbHA=
Subject key identifier:   7C:3F:04:F0:0D:2C:41:1D:8C:59:D3:45:7D:C0:FE:04:01:67:6E:82
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018CC6B7AB373BCA87B8ADA4F6FFC52AC99A
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/fD8E8A0sQR2MWdNFfcD-BAFnboI.roa
Signing time:             Mon 01 Jan 2024 20:29:34 +0000
ROA not before:           Mon 01 Jan 2024 20:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211440
IP address blocks:        176.57.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:ab:37:3b:ca:87:b8:ad:a4:f6:ff:c5:2a:c9:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 20:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c3f04f00d2c411d8c59d3457dc0fe0401676e82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:55:fe:7a:18:98:99:62:ac:76:ad:b0:23:d3:
                    a9:e8:3e:e3:f2:10:ec:fc:a1:25:97:1c:e9:ad:e3:
                    48:35:78:ca:4b:ba:8d:5c:26:24:51:ed:b9:e9:cc:
                    7a:75:0b:8b:93:d4:11:18:90:62:3f:52:f5:37:df:
                    94:20:a7:c0:f2:ea:24:f0:ca:16:62:7b:41:a8:cf:
                    47:d8:16:1c:3d:66:9e:dd:4b:94:ae:44:a1:d8:c8:
                    46:23:f5:9d:cd:6d:35:75:61:21:fa:76:69:b8:87:
                    3a:4c:cd:f8:41:41:49:fa:d4:38:6c:cc:a4:05:48:
                    2b:78:3e:d0:1b:da:60:6e:b6:6e:55:84:08:f9:f7:
                    57:de:39:ea:2f:55:58:6e:a3:e4:4e:3f:8a:ef:f1:
                    80:d6:0c:fa:19:ae:08:ba:d3:35:67:bb:a4:16:d2:
                    95:b9:93:f9:85:19:62:72:85:c7:c3:2c:19:d8:45:
                    98:4e:51:a5:34:e9:45:0d:18:e5:98:f5:cd:1c:3d:
                    f8:b1:9b:2d:38:64:0c:af:ab:7a:df:ce:bc:fc:43:
                    fa:aa:b7:1c:fc:80:84:33:ed:18:e4:bc:e6:ad:03:
                    27:00:90:5d:d8:7a:c9:de:1b:93:6c:c1:5c:c8:b8:
                    eb:bc:1c:45:e3:88:32:f2:2e:ff:45:63:18:17:81:
                    6a:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:3F:04:F0:0D:2C:41:1D:8C:59:D3:45:7D:C0:FE:04:01:67:6E:82
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/fD8E8A0sQR2MWdNFfcD-BAFnboI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:56:d7:3d:41:0a:e7:c0:f6:2e:17:ed:57:12:49:a3:4e:b1:
         74:12:c8:f0:33:e9:ec:29:09:42:5f:81:e2:30:02:3f:c8:60:
         bf:01:7e:8a:19:00:ef:32:67:b1:29:21:d7:48:a8:05:96:67:
         e0:f2:3b:ec:d2:c8:c4:9e:45:e3:35:21:fd:ce:98:71:b2:67:
         bb:c4:ad:95:84:37:13:74:38:47:18:80:30:0d:87:60:35:2e:
         4e:10:b9:6d:84:22:a2:7a:ee:55:f4:61:6f:ca:ca:16:4d:11:
         13:18:e4:ca:45:f2:20:e6:39:80:81:67:a3:bc:a7:2c:a9:41:
         0e:8d:64:06:e7:45:45:9e:5e:27:17:78:45:6f:09:36:b3:6d:
         fe:95:dd:ea:29:ea:19:2e:8f:48:7b:d6:46:f7:e3:af:60:7f:
         02:24:6a:7c:71:3d:18:db:44:b1:b8:18:4f:57:be:10:ec:a6:
         d9:12:5e:ec:3e:20:00:e3:a1:dc:a5:d0:16:0b:c8:eb:ed:ad:
         30:91:13:45:04:69:a3:aa:7d:8d:98:13:ae:04:ba:2d:84:99:
         a2:11:f0:9e:bf:7b:d3:28:7e:5d:e5:15:c8:9a:62:e8:91:83:
         7f:f9:7e:39:87:f7:37:09:c6:d0:2f:08:a6:f2:00:0c:70:9b:
         43:95:65:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6s3O8qHuK2k9v/FKsmaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTAxMjAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzNmMDRmMDBkMmM0MTFkOGM1OWQzNDU3ZGMwZmUwNDAxNjc2ZTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFX+ehiYmWKsdq2wI9Op6D7j8hDs
/KEllxzpreNINXjKS7qNXCYkUe256cx6dQuLk9QRGJBiP1L1N9+UIKfA8uok8MoW
YntBqM9H2BYcPWae3UuUrkSh2MhGI/WdzW01dWEh+nZpuIc6TM34QUFJ+tQ4bMyk
BUgreD7QG9pgbrZuVYQI+fdX3jnqL1VYbqPkTj+K7/GA1gz6Ga4IutM1Z7ukFtKV
uZP5hRlicoXHwywZ2EWYTlGlNOlFDRjlmPXNHD34sZstOGQMr6t63868/EP6qrcc
/ICEM+0Y5LzmrQMnAJBd2HrJ3huTbMFcyLjrvBxF44gy8i7/RWMYF4FqTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHw/BPANLEEdjFnTRX3A/gQBZ26CMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvZkQ4RThBMHNRUjJNV2RORmZjRC1CQUZuYm9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDk/MA0G
CSqGSIb3DQEBCwUAA4IBAQB5Vtc9QQrnwPYuF+1XEkmjTrF0EsjwM+nsKQlCX4Hi
MAI/yGC/AX6KGQDvMmexKSHXSKgFlmfg8jvs0sjEnkXjNSH9zphxsme7xK2VhDcT
dDhHGIAwDYdgNS5OELlthCKieu5V9GFvysoWTRETGOTKRfIg5jmAgWejvKcsqUEO
jWQG50VFnl4nF3hFbwk2s23+ld3qKeoZLo9Ie9ZG9+OvYH8CJGp8cT0Y20SxuBhP
V74Q7KbZEl7sPiAA46HcpdAWC8jr7a0wkRNFBGmjqn2NmBOuBLothJmiEfCev3vT
KH5d5RXImmLokYN/+X45h/c3CcbQLwim8gAMcJtDlWWC
-----END CERTIFICATE-----