Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/8l83pUsd4d_4Sz6vaVmq3tXHJAw.roa
File:                     8l83pUsd4d_4Sz6vaVmq3tXHJAw.roa (raw, json)
Hash identifier:          oiMCdWu/asfwaTCtFVDZxHP7pLB2rRT7a2Nuw1CzyHM=
Subject key identifier:   F2:5F:37:A5:4B:1D:E1:DF:F8:4B:3E:AF:69:59:AA:DE:D5:C7:24:0C
Certificate issuer:       /CN=330fe971b3e36b16a92be85f59985be45968b864
Certificate serial:       018CC9BC10524D34BCABAE2A85B64E0C10DB
Authority key identifier: 33:0F:E9:71:B3:E3:6B:16:A9:2B:E8:5F:59:98:5B:E4:59:68:B8:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mw_pcbPjaxapK-hfWZhb5FlouGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/8l83pUsd4d_4Sz6vaVmq3tXHJAw.roa
Signing time:             Tue 02 Jan 2024 10:33:14 +0000
ROA not before:           Tue 02 Jan 2024 10:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.112.0/24 maxlen: 24
                          2001:7f8:83::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/Mw_pcbPjaxapK-hfWZhb5FlouGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/Mw_pcbPjaxapK-hfWZhb5FlouGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mw_pcbPjaxapK-hfWZhb5FlouGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:10:52:4d:34:bc:ab:ae:2a:85:b6:4e:0c:10:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=330fe971b3e36b16a92be85f59985be45968b864
        Validity
            Not Before: Jan  2 10:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f25f37a54b1de1dff84b3eaf6959aaded5c7240c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:4e:35:0d:a3:05:c7:c7:be:41:8b:b4:ee:21:
                    cb:fc:85:0c:f8:36:c8:3e:8c:fd:a1:53:18:c1:90:
                    af:0d:0f:ec:fb:7b:93:ed:e1:14:17:ca:44:13:c6:
                    66:8f:8f:94:2c:80:71:bb:db:13:e1:78:9e:88:a1:
                    73:00:d0:32:32:8a:62:9d:fc:ab:e7:9f:4b:cd:de:
                    0e:1a:b9:d9:ec:3e:e6:51:00:83:9c:ec:05:c5:79:
                    75:87:46:b4:9b:ec:08:30:3e:4d:ef:9d:34:1e:5b:
                    3a:0f:5a:d1:37:0c:1d:e1:a0:33:0b:d2:58:c6:48:
                    c1:e2:43:1f:fd:70:72:1b:bb:59:ee:c5:8a:43:b8:
                    04:e1:e4:11:f5:50:0a:d8:b3:b1:ac:8d:ab:7d:70:
                    90:6c:fe:db:12:b7:a0:1c:c5:47:a5:05:f2:b4:2e:
                    5b:c8:45:05:01:b1:67:d6:42:47:41:fd:dc:eb:a1:
                    dd:1e:75:b7:d8:89:8f:09:32:27:9d:bd:3c:94:f4:
                    8d:ca:16:f9:0f:88:95:8d:de:b5:ae:6a:fc:10:46:
                    8d:e0:04:ce:21:b7:20:1c:37:ec:c8:21:92:ee:2d:
                    c3:3a:57:f3:39:7f:ad:b3:0b:4d:da:cf:5b:99:46:
                    be:0c:82:3a:4d:4f:b6:2d:89:d8:05:4e:24:9a:7c:
                    dc:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:5F:37:A5:4B:1D:E1:DF:F8:4B:3E:AF:69:59:AA:DE:D5:C7:24:0C
            X509v3 Authority Key Identifier:
                keyid:33:0F:E9:71:B3:E3:6B:16:A9:2B:E8:5F:59:98:5B:E4:59:68:B8:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mw_pcbPjaxapK-hfWZhb5FlouGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/8l83pUsd4d_4Sz6vaVmq3tXHJAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/Mw_pcbPjaxapK-hfWZhb5FlouGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.112.0/24
                IPv6:
                  2001:7f8:83::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:2e:85:fc:3b:a2:8d:c4:c0:fe:df:56:a2:a5:20:1c:58:f8:
         4a:b8:48:99:95:85:af:e9:f1:31:4c:82:15:b1:bc:8c:9d:a0:
         d9:0b:35:15:ee:0b:a4:b6:0f:60:61:db:f9:b1:7f:c5:f3:a5:
         a7:77:66:af:16:35:e7:88:49:eb:15:03:ce:17:ba:a0:dd:88:
         68:b7:a4:b5:6b:fa:09:52:24:0f:aa:e4:e6:e3:a8:3a:6c:1e:
         ee:0a:ef:97:71:f0:06:ce:f1:d7:c2:b6:cd:93:6a:b1:08:18:
         e7:37:10:8c:d5:f0:b5:31:4a:63:79:fd:b8:a8:b3:a0:c1:55:
         32:14:ff:8d:0f:5e:6a:a4:c7:49:03:db:6a:36:97:fa:dc:0d:
         18:a7:0f:e4:f2:c1:3e:ae:55:9b:98:62:76:17:95:dc:11:49:
         f1:05:32:2c:ea:28:eb:da:d9:ac:42:c8:5e:65:91:6b:ac:36:
         26:e8:c9:99:52:ee:7d:67:c8:08:33:c1:41:33:33:bf:6f:c2:
         f6:d0:81:ab:4b:d6:42:8e:18:4c:ac:a7:11:01:99:c5:03:13:
         14:54:3a:06:a6:46:e2:5e:8e:ee:1f:4f:6d:66:2f:ca:0d:e2:
         9a:41:d0:17:c2:bf:e3:dc:4f:b4:0c:7e:e5:56:77:16:fc:0b:
         81:bc:48:6c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJvBBSTTS8q64qhbZODBDbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMGZlOTcxYjNlMzZiMTZhOTJiZTg1ZjU5OTg1YmU0NTk2
OGI4NjQwHhcNMjQwMTAyMTAzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjVmMzdhNTRiMWRlMWRmZjg0YjNlYWY2OTU5YWFkZWQ1YzcyNDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgE41DaMFx8e+QYu07iHL/IUM+DbI
Poz9oVMYwZCvDQ/s+3uT7eEUF8pEE8Zmj4+ULIBxu9sT4XieiKFzANAyMopinfyr
559Lzd4OGrnZ7D7mUQCDnOwFxXl1h0a0m+wIMD5N7500Hls6D1rRNwwd4aAzC9JY
xkjB4kMf/XByG7tZ7sWKQ7gE4eQR9VAK2LOxrI2rfXCQbP7bEregHMVHpQXytC5b
yEUFAbFn1kJHQf3c66HdHnW32ImPCTInnb08lPSNyhb5D4iVjd61rmr8EEaN4ATO
IbcgHDfsyCGS7i3DOlfzOX+tswtN2s9bmUa+DII6TU+2LYnYBU4kmnzc7QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPJfN6VLHeHf+Es+r2lZqt7VxyQMMB8GA1UdIwQY
MBaAFDMP6XGz42sWqSvoX1mYW+RZaLhkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXdfcGNiUGpheGFwSy1oZldaaGI1RmxvdUdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9hMzg2OTMtY2ZhMC00M2U4LWE1MWIt
MTFlOWU5ZjAxMzQzLzEvOGw4M3BVc2Q0ZF80U3o2dmFWbXEzdFhISkF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9hMzg2OTMtY2ZhMC00M2U4LWE1MWItMTFlOWU5ZjAxMzQz
LzEvTXdfcGNiUGpheGFwSy1oZldaaGI1RmxvdUdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQFwMA8E
AgACMAkDBwAgAQf4AIMwDQYJKoZIhvcNAQELBQADggEBAIsuhfw7oo3EwP7fVqKl
IBxY+Eq4SJmVha/p8TFMghWxvIydoNkLNRXuC6S2D2Bh2/mxf8Xzpad3Zq8WNeeI
SesVA84XuqDdiGi3pLVr+glSJA+q5ObjqDpsHu4K75dx8AbO8dfCts2TarEIGOc3
EIzV8LUxSmN5/bios6DBVTIU/40PXmqkx0kD22o2l/rcDRinD+TywT6uVZuYYnYX
ldwRSfEFMizqKOva2axCyF5lkWusNiboyZlS7n1nyAgzwUEzM79vwvbQgatL1kKO
GEyspxEBmcUDExRUOgamRuJeju4fT21mL8oN4ppB0BfCv+PcT7QMfuVWdxb8C4G8
SGw=
-----END CERTIFICATE-----