Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/731f56-a2a1-4c75-95c3-5e7dc828d05d/1/d-wnIbCJjngA0QwyINvW9vKSHek.roa
File:                     d-wnIbCJjngA0QwyINvW9vKSHek.roa (raw, json)
Hash identifier:          oJmqZkQBA0jEBQPwuKyR87NtKFHqt+VcNWj0qwC1DxY=
Subject key identifier:   77:EC:27:21:B0:89:8E:78:00:D1:0C:32:20:DB:D6:F6:F2:92:1D:E9
Certificate issuer:       /CN=8a7b09ab545851c789d2caa8942ba39cea13e93e
Certificate serial:       018CC6B8C0794D62ADA51AF7D1CF91A0D471
Authority key identifier: 8A:7B:09:AB:54:58:51:C7:89:D2:CA:A8:94:2B:A3:9C:EA:13:E9:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/insJq1RYUceJ0sqolCujnOoT6T4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/731f56-a2a1-4c75-95c3-5e7dc828d05d/1/d-wnIbCJjngA0QwyINvW9vKSHek.roa
Signing time:             Mon 01 Jan 2024 20:30:45 +0000
ROA not before:           Mon 01 Jan 2024 20:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12337
IP address blocks:        185.176.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/731f56-a2a1-4c75-95c3-5e7dc828d05d/1/insJq1RYUceJ0sqolCujnOoT6T4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/731f56-a2a1-4c75-95c3-5e7dc828d05d/1/insJq1RYUceJ0sqolCujnOoT6T4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/insJq1RYUceJ0sqolCujnOoT6T4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 Nov 2024 17:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:c0:79:4d:62:ad:a5:1a:f7:d1:cf:91:a0:d4:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a7b09ab545851c789d2caa8942ba39cea13e93e
        Validity
            Not Before: Jan  1 20:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77ec2721b0898e7800d10c3220dbd6f6f2921de9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:30:18:54:07:37:c6:d6:39:4d:d5:4c:1d:42:
                    c2:e0:a9:80:84:d1:73:78:7d:f4:63:ad:26:8a:f9:
                    7d:44:a0:d9:a3:8e:4e:5f:97:b8:19:08:db:cd:9b:
                    db:ac:cf:a2:e7:5d:52:17:ed:27:4b:b4:2f:63:a1:
                    11:05:1f:27:33:cd:e1:e9:c8:eb:49:b2:a2:a4:72:
                    6e:e5:49:e9:c3:7d:2d:27:4a:c6:46:7f:02:33:09:
                    c9:76:c8:6f:0f:dd:97:6e:a3:cb:93:fc:85:6f:2a:
                    ca:e8:c4:95:f0:7c:2c:83:9e:2d:ed:f5:3f:60:ef:
                    d2:8d:97:6b:69:dd:9e:2e:d6:5e:67:cc:12:3a:79:
                    a6:e9:8a:31:17:ca:32:c1:ba:f0:16:d5:7f:9b:f1:
                    d3:a6:76:18:c9:7e:99:4c:75:23:3a:80:77:27:f6:
                    41:23:8b:d9:c2:c7:dd:09:a2:50:f2:67:d7:f6:7b:
                    84:72:1f:58:3f:55:c0:67:21:72:c4:c6:f5:99:f1:
                    ad:1d:bf:8b:2d:b9:74:f2:2c:aa:38:20:3c:67:de:
                    e1:cb:11:4b:52:4b:94:e0:04:59:c0:bc:0b:76:94:
                    64:c3:82:c4:22:c4:41:83:ea:54:41:f4:40:f5:1e:
                    13:23:19:50:1d:d1:24:b4:de:e5:ef:a7:ff:06:d1:
                    e8:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:EC:27:21:B0:89:8E:78:00:D1:0C:32:20:DB:D6:F6:F2:92:1D:E9
            X509v3 Authority Key Identifier:
                keyid:8A:7B:09:AB:54:58:51:C7:89:D2:CA:A8:94:2B:A3:9C:EA:13:E9:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/insJq1RYUceJ0sqolCujnOoT6T4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/731f56-a2a1-4c75-95c3-5e7dc828d05d/1/d-wnIbCJjngA0QwyINvW9vKSHek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/731f56-a2a1-4c75-95c3-5e7dc828d05d/1/insJq1RYUceJ0sqolCujnOoT6T4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:90:3b:fd:41:19:cb:ec:64:a4:4e:06:e1:64:12:5d:cf:c8:
         eb:49:d3:33:94:81:8b:0f:6e:81:58:3c:88:1a:3f:53:2f:b0:
         6d:a5:a0:d2:1c:4d:b6:e8:05:02:f5:22:7a:90:1c:71:48:04:
         ab:6b:e6:81:8c:be:6e:2e:0b:7c:b3:33:31:0b:69:62:11:f6:
         e2:26:f5:66:84:86:3a:45:a8:7e:a6:95:fc:d7:b6:4f:59:ee:
         87:63:a4:50:d0:e9:0d:0a:87:96:f6:5b:b2:61:e7:4b:5a:71:
         cb:e1:6a:4a:19:26:78:8d:b9:7e:90:5d:4c:e1:7e:2d:06:a7:
         24:f6:1d:0e:00:29:c5:0c:cf:bb:2f:61:5f:01:f3:e5:87:f6:
         56:c3:48:71:1f:e7:8f:69:c5:26:bd:d5:a2:e6:26:62:68:d5:
         3a:0f:a5:9d:76:ee:94:e2:0e:33:e9:d4:8f:fa:1f:8a:ad:cd:
         b8:31:80:a7:ce:d9:ae:3b:2f:26:01:ef:a8:c6:d0:aa:fe:fd:
         fc:d2:fc:93:0f:b8:b8:f7:c1:16:d5:17:b2:5e:a9:f2:3d:e9:
         d3:11:bd:ce:88:5c:a8:99:76:7c:bd:c4:ce:fe:13:6c:b5:12:
         b2:3c:21:14:83:f7:9b:27:ec:17:1d:08:fc:90:22:dd:da:51:
         b8:6e:d9:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuMB5TWKtpRr30c+RoNRxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhN2IwOWFiNTQ1ODUxYzc4OWQyY2FhODk0MmJhMzljZWEx
M2U5M2UwHhcNMjQwMTAxMjAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2VjMjcyMWIwODk4ZTc4MDBkMTBjMzIyMGRiZDZmNmYyOTIxZGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0TAYVAc3xtY5TdVMHULC4KmAhNFz
eH30Y60mivl9RKDZo45OX5e4GQjbzZvbrM+i511SF+0nS7QvY6ERBR8nM83h6cjr
SbKipHJu5Unpw30tJ0rGRn8CMwnJdshvD92XbqPLk/yFbyrK6MSV8Hwsg54t7fU/
YO/SjZdrad2eLtZeZ8wSOnmm6YoxF8oywbrwFtV/m/HTpnYYyX6ZTHUjOoB3J/ZB
I4vZwsfdCaJQ8mfX9nuEch9YP1XAZyFyxMb1mfGtHb+LLbl08iyqOCA8Z97hyxFL
UkuU4ARZwLwLdpRkw4LEIsRBg+pUQfRA9R4TIxlQHdEktN7l76f/BtHo5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHfsJyGwiY54ANEMMiDb1vbykh3pMB8GA1UdIwQY
MBaAFIp7CatUWFHHidLKqJQro5zqE+k+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW5zSnExUllVY2VKMHNxb2xDdWpuT29UNlQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83MzFmNTYtYTJhMS00Yzc1LTk1YzMt
NWU3ZGM4MjhkMDVkLzEvZC13bkliQ0pqbmdBMFF3eUlOdlc5dktTSGVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83MzFmNTYtYTJhMS00Yzc1LTk1YzMtNWU3ZGM4MjhkMDVk
LzEvaW5zSnExUllVY2VKMHNxb2xDdWpuT29UNlQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubCnMA0G
CSqGSIb3DQEBCwUAA4IBAQBDkDv9QRnL7GSkTgbhZBJdz8jrSdMzlIGLD26BWDyI
Gj9TL7BtpaDSHE226AUC9SJ6kBxxSASra+aBjL5uLgt8szMxC2liEfbiJvVmhIY6
Rah+ppX817ZPWe6HY6RQ0OkNCoeW9luyYedLWnHL4WpKGSZ4jbl+kF1M4X4tBqck
9h0OACnFDM+7L2FfAfPlh/ZWw0hxH+ePacUmvdWi5iZiaNU6D6Wddu6U4g4z6dSP
+h+Krc24MYCnztmuOy8mAe+oxtCq/v380vyTD7i498EW1ReyXqnyPenTEb3OiFyo
mXZ8vcTO/hNstRKyPCEUg/ebJ+wXHQj8kCLd2lG4btl5
-----END CERTIFICATE-----