Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/ItkG2Ru0VKf1KAvcscLgsTXYbdw.roa
File:                     ItkG2Ru0VKf1KAvcscLgsTXYbdw.roa (raw, json)
Hash identifier:          i9XBYsEXnSHW25Z0cxpy6XQeaAOoOcvkcLwJmG1ckBk=
Subject key identifier:   22:D9:06:D9:1B:B4:54:A7:F5:28:0B:DC:B1:C2:E0:B1:35:D8:6D:DC
Certificate issuer:       /CN=9e459aa4602bffa2d2650ba66818458c89fc4582
Certificate serial:       019234838AB3CF7C0D331CE844E261B3DC27
Authority key identifier: 9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/ItkG2Ru0VKf1KAvcscLgsTXYbdw.roa
Signing time:             Fri 27 Sep 2024 17:24:48 +0000
ROA not before:           Fri 27 Sep 2024 17:24:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23470
IP address blocks:        83.166.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:34:83:8a:b3:cf:7c:0d:33:1c:e8:44:e2:61:b3:dc:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e459aa4602bffa2d2650ba66818458c89fc4582
        Validity
            Not Before: Sep 27 17:24:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22d906d91bb454a7f5280bdcb1c2e0b135d86ddc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:15:80:63:ef:2e:dc:d6:de:96:18:4f:f2:ed:
                    ad:7a:60:58:bb:7c:ad:59:70:b7:0f:b1:6a:ea:68:
                    73:40:20:d5:80:d0:0d:ad:89:3a:11:49:41:92:af:
                    b1:02:b7:c7:36:ba:28:55:fe:dd:bc:89:f0:28:02:
                    e3:22:8f:93:a2:00:b5:91:a4:23:4a:34:f0:23:20:
                    21:db:4c:0d:82:e3:42:49:7a:48:82:6e:52:5b:a4:
                    28:bd:6e:af:a7:e1:e8:33:a4:74:e2:60:cb:b3:92:
                    5d:bb:e3:98:3b:df:2e:e3:cf:94:af:dc:9c:50:86:
                    7a:61:da:b2:9c:a7:df:8d:1c:01:c8:22:ba:7e:df:
                    56:3c:38:db:12:9d:2a:a6:7f:48:52:59:8b:ce:fd:
                    d3:d3:99:a2:90:46:b5:26:60:59:2b:83:dc:80:42:
                    90:20:21:2c:07:ce:d5:13:4b:60:52:22:dd:4c:e5:
                    eb:f5:98:f8:f3:f2:97:67:a4:89:26:1b:7c:00:35:
                    72:3b:9f:16:d2:03:38:ec:a8:14:6e:38:3d:c4:82:
                    87:47:6c:db:67:45:3c:05:4a:17:20:e3:e2:79:dc:
                    31:a0:0a:81:3d:c9:e6:fd:29:7b:9f:dc:19:0c:f2:
                    90:ec:e8:a7:74:cd:4a:04:45:73:36:30:10:8c:45:
                    75:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:D9:06:D9:1B:B4:54:A7:F5:28:0B:DC:B1:C2:E0:B1:35:D8:6D:DC
            X509v3 Authority Key Identifier:
                keyid:9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/ItkG2Ru0VKf1KAvcscLgsTXYbdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.166.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:f0:47:37:93:d8:3b:71:85:ff:42:a2:85:d3:2e:56:4c:c7:
         6c:ae:e5:38:da:f4:2d:7c:e5:8e:27:ea:6d:25:c2:5a:80:f6:
         8f:aa:8f:af:5e:21:3b:3e:e6:a7:fc:56:fb:75:33:f4:7d:de:
         32:f8:d0:6a:1b:01:e3:72:cb:0e:47:ed:ea:6c:6c:e0:e7:76:
         e2:b0:79:48:e2:f7:df:04:2e:fc:81:d2:65:a6:da:c0:18:2a:
         0f:e1:bb:0e:06:42:5d:b3:eb:0c:1b:6f:e0:08:13:c6:e7:6f:
         ed:e7:15:9d:84:3d:60:cb:06:92:d1:68:79:78:21:51:19:91:
         88:23:a6:1c:21:0d:21:b3:52:6e:ce:11:c4:0a:21:c2:1b:4e:
         07:61:19:5a:73:58:35:94:31:b5:08:b9:4c:c1:25:93:a9:2e:
         cc:04:78:c3:65:73:7e:25:e8:6c:f3:4d:8a:f8:b1:85:46:04:
         20:c7:3a:65:af:35:c2:c3:01:77:be:64:ea:1c:14:2d:d1:3a:
         c4:89:37:c0:be:c1:e5:46:fe:53:9a:9d:d0:97:7f:84:6e:d3:
         ee:00:a8:79:a6:cc:5d:1a:26:7b:2f:ae:2c:06:ef:61:91:39:
         c3:25:7c:ad:df:54:19:39:92:50:06:5f:cc:fd:86:c4:12:2a:
         71:98:b7:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZI0g4qzz3wNMxzoROJhs9wnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDU5YWE0NjAyYmZmYTJkMjY1MGJhNjY4MTg0NThjODlm
YzQ1ODIwHhcNMjQwOTI3MTcyNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmQ5MDZkOTFiYjQ1NGE3ZjUyODBiZGNiMWMyZTBiMTM1ZDg2ZGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5BWAY+8u3NbelhhP8u2temBYu3yt
WXC3D7Fq6mhzQCDVgNANrYk6EUlBkq+xArfHNrooVf7dvInwKALjIo+TogC1kaQj
SjTwIyAh20wNguNCSXpIgm5SW6QovW6vp+HoM6R04mDLs5Jdu+OYO98u48+Ur9yc
UIZ6YdqynKffjRwByCK6ft9WPDjbEp0qpn9IUlmLzv3T05mikEa1JmBZK4PcgEKQ
ICEsB87VE0tgUiLdTOXr9Zj48/KXZ6SJJht8ADVyO58W0gM47KgUbjg9xIKHR2zb
Z0U8BUoXIOPiedwxoAqBPcnm/Sl7n9wZDPKQ7OindM1KBEVzNjAQjEV12QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCLZBtkbtFSn9SgL3LHC4LE12G3cMB8GA1UdIwQY
MBaAFJ5FmqRgK/+i0mULpmgYRYyJ/EWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWIt
MjhhODQxZGEwYmZkLzEvSXRrRzJSdTBWS2YxS0F2Y3NjTGdzVFhZYmR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWItMjhhODQxZGEwYmZk
LzEvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU6bNMA0G
CSqGSIb3DQEBCwUAA4IBAQAB8Ec3k9g7cYX/QqKF0y5WTMdsruU42vQtfOWOJ+pt
JcJagPaPqo+vXiE7Puan/Fb7dTP0fd4y+NBqGwHjcssOR+3qbGzg53bisHlI4vff
BC78gdJlptrAGCoP4bsOBkJds+sMG2/gCBPG52/t5xWdhD1gywaS0Wh5eCFRGZGI
I6YcIQ0hs1JuzhHECiHCG04HYRlac1g1lDG1CLlMwSWTqS7MBHjDZXN+Jehs802K
+LGFRgQgxzplrzXCwwF3vmTqHBQt0TrEiTfAvsHlRv5Tmp3Ql3+EbtPuAKh5psxd
GiZ7L64sBu9hkTnDJXyt31QZOZJQBl/M/YbEEipxmLeB
-----END CERTIFICATE-----