Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/84d026-17e4-4787-a439-473d74a5e20f/1/8nY5C9uhCQ0T0S2Ro30Cr1K6vGc.roa
File:                     8nY5C9uhCQ0T0S2Ro30Cr1K6vGc.roa (raw, json)
Hash identifier:          6/w9F4jUNR9ir2GkupRGmKtVn3eZe1Y9FMPxRUfyp00=
Subject key identifier:   F2:76:39:0B:DB:A1:09:0D:13:D1:2D:91:A3:7D:02:AF:52:BA:BC:67
Certificate issuer:       /CN=ae83f7879c2c74a11652b5e08af64aac90800b04
Certificate serial:       018CC26D14D902DB6971F01088F4496E0D50
Authority key identifier: AE:83:F7:87:9C:2C:74:A1:16:52:B5:E0:8A:F6:4A:AC:90:80:0B:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/roP3h5wsdKEWUrXgivZKrJCACwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/84d026-17e4-4787-a439-473d74a5e20f/1/8nY5C9uhCQ0T0S2Ro30Cr1K6vGc.roa
Signing time:             Mon 01 Jan 2024 00:29:37 +0000
ROA not before:           Mon 01 Jan 2024 00:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     786
IP address blocks:        136.206.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/84d026-17e4-4787-a439-473d74a5e20f/1/roP3h5wsdKEWUrXgivZKrJCACwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/84d026-17e4-4787-a439-473d74a5e20f/1/roP3h5wsdKEWUrXgivZKrJCACwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/roP3h5wsdKEWUrXgivZKrJCACwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:14:d9:02:db:69:71:f0:10:88:f4:49:6e:0d:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae83f7879c2c74a11652b5e08af64aac90800b04
        Validity
            Not Before: Jan  1 00:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f276390bdba1090d13d12d91a37d02af52babc67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:88:38:a6:97:a8:fa:7d:16:1b:0d:cb:86:f4:
                    e9:26:db:0d:02:a2:50:d7:7e:7f:72:36:59:67:69:
                    02:d5:20:2a:9e:df:28:08:8a:4d:18:63:49:32:c4:
                    04:1a:c9:7d:c7:ad:2a:04:76:66:a1:e5:df:22:52:
                    54:18:4a:fd:b1:2d:62:98:db:d8:fb:d9:4e:5d:e8:
                    b6:14:e8:6e:1d:0c:2b:f9:a7:3c:02:12:70:48:e4:
                    09:2a:71:de:d7:70:b8:53:b0:6f:f3:4c:17:f9:e2:
                    cb:01:27:5f:0c:1a:99:9b:6e:8f:9a:47:fc:27:72:
                    66:fa:c4:18:53:b3:eb:13:47:ab:4e:82:6a:93:f5:
                    8e:38:3b:5a:cd:d0:61:c6:41:18:c8:47:1f:2f:ca:
                    d3:75:9b:ae:3d:d1:71:a3:27:a3:25:a9:28:42:f7:
                    6c:e9:ad:f6:6d:b6:44:07:36:44:92:59:d0:30:18:
                    48:92:e6:fa:88:33:16:ac:3b:84:b9:96:e6:eb:0d:
                    ba:66:58:c5:5c:53:a0:5d:f4:83:70:7c:d1:27:20:
                    e6:df:4f:2d:84:f5:29:9f:4e:d4:97:f8:ae:f9:7c:
                    20:54:97:a1:a3:d1:fe:22:af:59:08:96:6c:eb:86:
                    bb:02:dc:1f:75:52:55:61:0f:b8:dd:3c:7e:45:2c:
                    67:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:76:39:0B:DB:A1:09:0D:13:D1:2D:91:A3:7D:02:AF:52:BA:BC:67
            X509v3 Authority Key Identifier:
                keyid:AE:83:F7:87:9C:2C:74:A1:16:52:B5:E0:8A:F6:4A:AC:90:80:0B:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/roP3h5wsdKEWUrXgivZKrJCACwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/84d026-17e4-4787-a439-473d74a5e20f/1/8nY5C9uhCQ0T0S2Ro30Cr1K6vGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/84d026-17e4-4787-a439-473d74a5e20f/1/roP3h5wsdKEWUrXgivZKrJCACwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.206.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         44:4e:8b:c1:f9:da:53:db:38:21:ff:ab:77:9a:0e:9f:03:30:
         6c:af:9b:d5:6f:8f:5d:1a:a9:23:e8:00:93:11:0f:6f:98:b8:
         8f:a3:33:9c:04:d6:ff:00:e1:2b:2b:c0:b4:98:11:51:49:cb:
         30:e4:4d:0f:b3:00:ba:e3:4f:1e:ec:ce:06:a1:c7:5f:01:45:
         a1:32:3c:f0:13:3c:8e:3e:ac:5d:54:a8:1e:7d:99:22:38:07:
         9a:7f:9e:ef:d3:02:b0:58:3f:72:52:d6:1b:5c:40:68:ae:d9:
         2d:05:3b:d8:31:86:5d:26:3d:2f:e7:46:4d:ba:c2:a2:a0:57:
         1f:bc:af:0d:7b:92:db:6b:9f:cc:ee:d6:bd:95:93:0d:34:53:
         7d:0a:59:15:0d:95:a0:f9:65:ad:b9:e7:1c:b8:ed:77:85:c0:
         4e:0f:c4:1c:e6:26:1a:45:ef:d2:6e:b1:a0:0d:0e:45:98:e5:
         f2:75:4f:74:b9:89:75:54:cf:fc:d6:aa:8d:94:24:77:77:cc:
         c8:9e:4a:77:69:35:7b:3f:d7:86:82:62:6b:88:9d:68:a3:e7:
         5c:87:51:11:68:d8:71:8e:1c:3b:dc:5f:0d:e5:30:63:17:de:
         83:a0:f0:52:96:a0:f0:86:83:69:f4:49:6f:c6:22:34:d9:be:
         69:ea:a7:4c
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzCbRTZAttpcfAQiPRJbg1QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlODNmNzg3OWMyYzc0YTExNjUyYjVlMDhhZjY0YWFjOTA4
MDBiMDQwHhcNMjQwMTAxMDAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjc2MzkwYmRiYTEwOTBkMTNkMTJkOTFhMzdkMDJhZjUyYmFiYzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIg4ppeo+n0WGw3LhvTpJtsNAqJQ
135/cjZZZ2kC1SAqnt8oCIpNGGNJMsQEGsl9x60qBHZmoeXfIlJUGEr9sS1imNvY
+9lOXei2FOhuHQwr+ac8AhJwSOQJKnHe13C4U7Bv80wX+eLLASdfDBqZm26Pmkf8
J3Jm+sQYU7PrE0erToJqk/WOODtazdBhxkEYyEcfL8rTdZuuPdFxoyejJakoQvds
6a32bbZEBzZEklnQMBhIkub6iDMWrDuEuZbm6w26ZljFXFOgXfSDcHzRJyDm308t
hPUpn07Ul/iu+XwgVJeho9H+Iq9ZCJZs64a7AtwfdVJVYQ+43Tx+RSxnTwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFPJ2OQvboQkNE9EtkaN9Aq9SurxnMB8GA1UdIwQY
MBaAFK6D94ecLHShFlK14Ir2SqyQgAsEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm9QM2g1d3NkS0VXVXJYZ2l2WktySkNBQ3dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC84NGQwMjYtMTdlNC00Nzg3LWE0Mzkt
NDczZDc0YTVlMjBmLzEvOG5ZNUM5dWhDUTBUMFMyUm8zMENyMUs2dkdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC84NGQwMjYtMTdlNC00Nzg3LWE0MzktNDczZDc0YTVlMjBm
LzEvcm9QM2g1d3NkS0VXVXJYZ2l2WktySkNBQ3dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAiM4wDQYJ
KoZIhvcNAQELBQADggEBAEROi8H52lPbOCH/q3eaDp8DMGyvm9Vvj10aqSPoAJMR
D2+YuI+jM5wE1v8A4SsrwLSYEVFJyzDkTQ+zALrjTx7szgahx18BRaEyPPATPI4+
rF1UqB59mSI4B5p/nu/TArBYP3JS1htcQGiu2S0FO9gxhl0mPS/nRk26wqKgVx+8
rw17kttrn8zu1r2Vkw00U30KWRUNlaD5Za255xy47XeFwE4PxBzmJhpF79JusaAN
DkWY5fJ1T3S5iXVUz/zWqo2UJHd3zMieSndpNXs/14aCYmuInWij51yHURFo2HGO
HDvcXw3lMGMX3oOg8FKWoPCGg2n0SW/GIjTZvmnqp0w=
-----END CERTIFICATE-----