Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/DoAFmvOhcrvcLwU7DebJkS837Ug.roa
File:                     DoAFmvOhcrvcLwU7DebJkS837Ug.roa (raw, json)
Hash identifier:          lTXDZk5Ffi2GDsxdQJdD13SeMO/zq/6kC7Mmy5qlJjQ=
Subject key identifier:   0E:80:05:9A:F3:A1:72:BB:DC:2F:05:3B:0D:E6:C9:91:2F:37:ED:48
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       018CC9BBC5F38C421599095911665415B88B
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/DoAFmvOhcrvcLwU7DebJkS837Ug.roa
Signing time:             Tue 02 Jan 2024 10:32:55 +0000
ROA not before:           Tue 02 Jan 2024 10:32:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1902
IP address blocks:        145.236.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:c5:f3:8c:42:15:99:09:59:11:66:54:15:b8:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  2 10:32:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e80059af3a172bbdc2f053b0de6c9912f37ed48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:70:8e:98:4d:39:1d:46:8a:c7:a3:02:79:92:
                    82:98:d2:d3:22:02:ad:3f:d3:90:42:0b:3b:e3:a2:
                    9d:93:76:bd:90:08:7f:92:b1:39:df:4e:09:b4:9a:
                    9c:ca:92:b4:5d:0a:5b:fe:b2:bb:d7:37:a3:13:ef:
                    d2:69:75:f5:d6:fe:ec:01:c6:c6:29:80:aa:37:d7:
                    2a:af:86:de:33:42:d8:16:22:f9:f9:b1:ac:2f:2c:
                    40:2d:74:73:51:87:cb:de:61:4a:bf:71:92:cc:ff:
                    f1:41:52:53:2a:2d:12:71:39:3a:c4:7f:9a:e2:4e:
                    b0:ec:6d:01:2b:a9:c4:b3:53:e6:78:67:51:36:a8:
                    09:9d:de:08:51:d0:73:f8:7d:bd:e6:c7:3c:03:85:
                    0e:86:67:f9:b9:d1:0f:f2:7a:7b:df:76:18:7a:24:
                    d6:f0:9b:a8:69:dc:fe:56:be:72:60:dd:7a:1b:21:
                    2a:c5:a9:50:6d:60:6f:53:48:3f:02:98:a3:8a:5c:
                    56:b8:ec:2d:2e:0d:c8:7a:04:ad:9d:09:b2:e9:0b:
                    00:66:ad:e8:da:f1:28:48:9f:5e:cd:39:db:2a:46:
                    90:e4:7a:9a:cb:d8:00:1e:ee:ce:ed:42:cf:2e:0c:
                    45:f8:8b:3f:be:20:c6:24:b5:75:36:8e:a1:ae:b8:
                    09:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:80:05:9A:F3:A1:72:BB:DC:2F:05:3B:0D:E6:C9:91:2F:37:ED:48
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/DoAFmvOhcrvcLwU7DebJkS837Ug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.236.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:70:3d:47:62:18:6a:fb:52:b2:8a:5f:61:14:e4:5b:5e:71:
         0a:52:ba:49:14:15:9d:c9:34:e7:e4:6e:bb:d3:80:df:8b:48:
         60:c4:fe:d7:e7:61:0d:18:3c:5b:35:31:e9:05:0c:74:11:63:
         9d:2e:80:fd:bf:72:90:fe:f7:f7:a9:67:5a:bb:84:1c:6d:00:
         7d:a3:41:a1:12:5e:b4:57:6b:b7:f8:75:e3:01:f6:43:6e:5b:
         45:8b:5a:03:49:c1:f9:3f:21:52:d3:b5:45:e7:d2:84:4f:c4:
         37:89:c7:19:bc:8c:0d:67:cc:13:6b:c1:1b:ff:de:1b:d5:2c:
         ee:0e:07:d9:4a:9a:ea:70:ec:76:41:46:6a:2e:bb:5d:84:a6:
         a4:bd:c3:ce:24:a7:b5:6f:0a:ad:41:c8:5b:16:5b:02:22:d7:
         6d:a8:ad:a3:8b:73:26:04:ad:06:05:01:a1:6e:21:2d:c7:e2:
         ec:32:54:9c:06:49:17:07:88:b1:d5:3d:4e:c6:d7:32:c4:9e:
         3c:99:a4:0c:58:02:f1:50:6c:d2:b3:da:1c:16:d7:92:e3:a7:
         d9:78:ca:ca:09:60:5c:2a:a2:77:4b:d5:12:a1:bb:47:20:bf:
         31:d5:08:a8:c0:3d:63:b8:21:0f:38:97:c4:f5:86:bf:3f:ec:
         fe:8b:7f:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu8XzjEIVmQlZEWZUFbiLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjQwMTAyMTAzMjU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTgwMDU5YWYzYTE3MmJiZGMyZjA1M2IwZGU2Yzk5MTJmMzdlZDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXCOmE05HUaKx6MCeZKCmNLTIgKt
P9OQQgs746Kdk3a9kAh/krE5304JtJqcypK0XQpb/rK71zejE+/SaXX11v7sAcbG
KYCqN9cqr4beM0LYFiL5+bGsLyxALXRzUYfL3mFKv3GSzP/xQVJTKi0ScTk6xH+a
4k6w7G0BK6nEs1PmeGdRNqgJnd4IUdBz+H295sc8A4UOhmf5udEP8np733YYeiTW
8Juoadz+Vr5yYN16GyEqxalQbWBvU0g/ApijilxWuOwtLg3IegStnQmy6QsAZq3o
2vEoSJ9ezTnbKkaQ5Hqay9gAHu7O7ULPLgxF+Is/viDGJLV1No6hrrgJPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA6ABZrzoXK73C8FOw3myZEvN+1IMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvRG9BRm12T2hjcnZjTHdVN0RlYkprUzgzN1VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkewYMA0G
CSqGSIb3DQEBCwUAA4IBAQBhcD1HYhhq+1Kyil9hFORbXnEKUrpJFBWdyTTn5G67
04Dfi0hgxP7X52ENGDxbNTHpBQx0EWOdLoD9v3KQ/vf3qWdau4QcbQB9o0GhEl60
V2u3+HXjAfZDbltFi1oDScH5PyFS07VF59KET8Q3iccZvIwNZ8wTa8Eb/94b1Szu
DgfZSprqcOx2QUZqLrtdhKakvcPOJKe1bwqtQchbFlsCItdtqK2ji3MmBK0GBQGh
biEtx+LsMlScBkkXB4ix1T1OxtcyxJ48maQMWALxUGzSs9ocFteS46fZeMrKCWBc
KqJ3S9USobtHIL8x1QiowD1juCEPOJfE9Ya/P+z+i39c
-----END CERTIFICATE-----