Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/742340-8cf8-4460-85cc-aa2b3bea08bf/1/qOfTk8fTv0wkZc-eSKwDM2xlEV0.roa
File:                     qOfTk8fTv0wkZc-eSKwDM2xlEV0.roa (raw, json)
Hash identifier:          XEGMnW6vAY0DnDcSzhpmwglayuuZWrBQK3MfSrX0OpM=
Subject key identifier:   A8:E7:D3:93:C7:D3:BF:4C:24:65:CF:9E:48:AC:03:33:6C:65:11:5D
Certificate issuer:       /CN=8f0a2bb8813b74d78283b1728fdb9bbc5d57845d
Certificate serial:       018FC021F9135DE7B98633B391D421817B97
Authority key identifier: 8F:0A:2B:B8:81:3B:74:D7:82:83:B1:72:8F:DB:9B:BC:5D:57:84:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jworuIE7dNeCg7Fyj9ubvF1XhF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/742340-8cf8-4460-85cc-aa2b3bea08bf/1/qOfTk8fTv0wkZc-eSKwDM2xlEV0.roa
Signing time:             Tue 28 May 2024 16:56:42 +0000
ROA not before:           Tue 28 May 2024 16:56:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210756
IP address blocks:        176.57.66.0/24 maxlen: 24
                          176.57.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/742340-8cf8-4460-85cc-aa2b3bea08bf/1/jworuIE7dNeCg7Fyj9ubvF1XhF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/742340-8cf8-4460-85cc-aa2b3bea08bf/1/jworuIE7dNeCg7Fyj9ubvF1XhF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jworuIE7dNeCg7Fyj9ubvF1XhF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c0:21:f9:13:5d:e7:b9:86:33:b3:91:d4:21:81:7b:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f0a2bb8813b74d78283b1728fdb9bbc5d57845d
        Validity
            Not Before: May 28 16:56:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8e7d393c7d3bf4c2465cf9e48ac03336c65115d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:b7:a5:e0:71:07:3a:8e:ea:8f:cd:a8:26:6e:
                    f2:e5:c7:c9:98:a5:9b:52:d8:fd:a6:d4:0d:45:db:
                    97:9e:c1:92:f8:d7:84:63:d6:b7:a4:59:0d:bc:62:
                    3f:74:35:b8:68:03:2a:54:d2:d7:57:8b:df:81:14:
                    42:73:bc:ac:cf:d3:42:e4:f6:16:0e:3b:b7:9e:8a:
                    71:13:f0:95:6d:a4:45:7c:1b:9a:7e:97:ce:c1:f6:
                    f3:83:9e:ad:17:07:94:82:0e:34:a8:be:67:32:51:
                    17:ae:84:dd:95:e9:9a:28:9b:36:5e:13:c7:63:2e:
                    20:76:5d:f9:ef:ab:39:0b:48:28:6e:92:6a:9c:c6:
                    63:6f:e0:e0:e5:6a:0f:98:d9:46:03:4b:d7:de:79:
                    67:b5:b1:94:43:0b:3b:01:39:68:43:fe:57:b2:ee:
                    c2:53:c1:1e:96:be:a9:1f:be:69:66:84:b6:e1:dd:
                    fa:7e:ee:f1:e0:43:01:54:7e:66:2e:ef:2d:e2:ab:
                    6e:bc:e1:aa:16:09:b0:d7:26:c5:04:14:67:7d:84:
                    f4:6a:c2:f0:d1:f3:de:92:2d:5b:a9:3a:44:1c:f3:
                    7e:b4:32:b7:22:d1:0d:7a:eb:0d:c2:65:d9:74:f5:
                    bf:ed:f3:7b:8e:cb:30:0c:0e:8e:7f:41:08:17:1e:
                    cd:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:E7:D3:93:C7:D3:BF:4C:24:65:CF:9E:48:AC:03:33:6C:65:11:5D
            X509v3 Authority Key Identifier:
                keyid:8F:0A:2B:B8:81:3B:74:D7:82:83:B1:72:8F:DB:9B:BC:5D:57:84:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jworuIE7dNeCg7Fyj9ubvF1XhF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/742340-8cf8-4460-85cc-aa2b3bea08bf/1/qOfTk8fTv0wkZc-eSKwDM2xlEV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/742340-8cf8-4460-85cc-aa2b3bea08bf/1/jworuIE7dNeCg7Fyj9ubvF1XhF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:4c:aa:65:c6:82:4c:10:1b:66:9e:e7:39:23:47:7f:b7:8a:
         a7:2e:7e:d6:2b:07:aa:57:98:c6:59:80:68:47:f8:54:66:80:
         f1:96:eb:a1:fb:4a:a3:f7:f7:4a:14:c6:b8:b7:5c:97:0b:e2:
         04:c0:69:3d:84:ba:c4:c7:8d:b8:9e:d8:48:f2:06:11:36:4a:
         7d:fd:30:01:0f:97:ab:b5:e0:cd:37:f2:06:2f:53:5b:b1:84:
         55:9b:54:d5:58:e9:21:ba:40:60:9d:fc:dc:b3:e5:c1:78:da:
         21:62:36:21:69:b8:5f:fa:b8:35:c5:2a:6c:76:21:f7:d8:be:
         4a:69:f1:75:b0:71:88:13:f0:f3:26:00:6f:01:d4:6b:1d:41:
         8d:0a:6d:1f:b9:58:9b:c1:4a:b8:9f:1d:cf:a6:8d:7c:15:f7:
         3b:8f:af:17:f8:60:23:c6:c6:4b:44:c8:6b:5f:90:7e:ff:68:
         92:8e:54:b1:cb:77:40:26:32:08:ca:4b:7c:6c:f8:3e:ba:ef:
         0b:23:7b:a6:4d:06:87:20:3b:0a:8c:b0:b5:07:da:c6:4d:2c:
         91:83:f4:d0:e8:32:84:4a:61:d0:49:db:e4:ed:8d:01:ad:db:
         0e:c1:17:65:d2:bd:0b:ea:8d:22:41:fe:31:2d:c3:1a:8e:fc:
         49:e4:55:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/AIfkTXee5hjOzkdQhgXuXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMGEyYmI4ODEzYjc0ZDc4MjgzYjE3MjhmZGI5YmJjNWQ1
Nzg0NWQwHhcNMjQwNTI4MTY1NjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGU3ZDM5M2M3ZDNiZjRjMjQ2NWNmOWU0OGFjMDMzMzZjNjUxMTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobel4HEHOo7qj82oJm7y5cfJmKWb
Utj9ptQNRduXnsGS+NeEY9a3pFkNvGI/dDW4aAMqVNLXV4vfgRRCc7ysz9NC5PYW
Dju3nopxE/CVbaRFfBuafpfOwfbzg56tFweUgg40qL5nMlEXroTdlemaKJs2XhPH
Yy4gdl3576s5C0gobpJqnMZjb+Dg5WoPmNlGA0vX3nlntbGUQws7ATloQ/5Xsu7C
U8Eelr6pH75pZoS24d36fu7x4EMBVH5mLu8t4qtuvOGqFgmw1ybFBBRnfYT0asLw
0fPeki1bqTpEHPN+tDK3ItENeusNwmXZdPW/7fN7jsswDA6Of0EIFx7NWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKjn05PH079MJGXPnkisAzNsZRFdMB8GA1UdIwQY
MBaAFI8KK7iBO3TXgoOxco/bm7xdV4RdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvandvcnVJRTdkTmVDZzdGeWo5dWJ2RjFYaEYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83NDIzNDAtOGNmOC00NDYwLTg1Y2Mt
YWEyYjNiZWEwOGJmLzEvcU9mVGs4ZlR2MHdrWmMtZVNLd0RNMnhsRVYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny83NDIzNDAtOGNmOC00NDYwLTg1Y2MtYWEyYjNiZWEwOGJm
LzEvandvcnVJRTdkTmVDZzdGeWo5dWJ2RjFYaEYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsDlCMA0G
CSqGSIb3DQEBCwUAA4IBAQA2TKplxoJMEBtmnuc5I0d/t4qnLn7WKweqV5jGWYBo
R/hUZoDxluuh+0qj9/dKFMa4t1yXC+IEwGk9hLrEx424nthI8gYRNkp9/TABD5er
teDNN/IGL1NbsYRVm1TVWOkhukBgnfzcs+XBeNohYjYhabhf+rg1xSpsdiH32L5K
afF1sHGIE/DzJgBvAdRrHUGNCm0fuVibwUq4nx3Ppo18Ffc7j68X+GAjxsZLRMhr
X5B+/2iSjlSxy3dAJjIIykt8bPg+uu8LI3umTQaHIDsKjLC1B9rGTSyRg/TQ6DKE
SmHQSdvk7Y0BrdsOwRdl0r0L6o0iQf4xLcMajvxJ5FWV
-----END CERTIFICATE-----