Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/igsiJ9SdTkhYf8AWJLlIkSUxyiA.roa
File:                     igsiJ9SdTkhYf8AWJLlIkSUxyiA.roa (raw, json)
Hash identifier:          EgwM6ZJpK8xDctV2OooWWKyTE1yX1qs/rQwJxUVR1Kw=
Subject key identifier:   8A:0B:22:27:D4:9D:4E:48:58:7F:C0:16:24:B9:48:91:25:31:CA:20
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       01941FFA0B7206F8F949EA46F0A3B19BA3C1
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/igsiJ9SdTkhYf8AWJLlIkSUxyiA.roa
Signing time:             Wed 01 Jan 2025 03:47:47 +0000
ROA not before:           Wed 01 Jan 2025 03:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212913
IP address blocks:        80.76.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:0b:72:06:f8:f9:49:ea:46:f0:a3:b1:9b:a3:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Jan  1 03:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a0b2227d49d4e48587fc01624b948912531ca20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:3e:03:e8:5f:54:b6:0e:3a:9d:f5:5b:6e:ed:
                    9f:22:19:a1:08:3e:14:7b:e1:95:fe:f7:fc:0e:b8:
                    fc:7c:a5:30:47:28:e5:00:10:1b:08:1d:07:5f:f6:
                    9f:bf:dc:e7:86:f4:25:b9:59:61:4e:2f:2c:f0:8f:
                    e8:01:c8:64:a6:1d:f6:0a:86:7b:c1:d0:eb:7f:45:
                    96:67:c1:b9:41:77:4e:26:8b:93:ce:d0:d4:1b:43:
                    1f:51:86:2f:bc:82:22:ee:22:d2:d5:e0:c2:f0:b3:
                    08:d7:bb:05:82:ef:e7:8b:6d:7d:22:4c:93:6e:ab:
                    7b:a9:d3:45:87:f5:cc:5a:d2:c3:93:c1:92:71:ee:
                    fd:61:5b:77:62:9f:f9:aa:0e:84:93:0a:0f:52:89:
                    02:13:2f:d0:db:cd:61:fa:67:06:a8:94:b6:db:34:
                    a2:db:00:07:27:87:68:54:a1:69:54:b4:22:be:05:
                    26:08:3f:fc:c0:25:74:c3:e8:4d:04:7f:5a:a2:0e:
                    23:23:ad:11:f2:97:47:b4:f0:3c:f7:7d:11:77:9b:
                    7d:32:c5:9d:34:d8:73:ec:f7:5a:6f:88:87:cf:b5:
                    4f:2f:e1:14:71:20:a8:e9:21:35:e0:b8:3e:51:85:
                    0f:04:f3:56:c4:0f:c5:a3:12:13:ae:f0:ce:85:84:
                    cf:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:0B:22:27:D4:9D:4E:48:58:7F:C0:16:24:B9:48:91:25:31:CA:20
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/igsiJ9SdTkhYf8AWJLlIkSUxyiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.76.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:cb:d7:3e:ce:bd:29:15:ed:f2:fd:de:e5:0d:cf:06:2e:29:
         1f:e2:d6:8f:fc:46:a1:d5:19:a8:38:e7:10:e2:c5:e4:96:ec:
         4f:0f:75:8f:f2:bb:9a:a5:a2:fa:fa:15:f5:4d:69:18:60:f6:
         f1:46:ee:2c:13:e6:bd:a9:6b:36:af:aa:e8:51:b6:55:13:03:
         e3:09:d3:05:ba:75:5b:18:1f:52:3f:56:6a:24:c4:7c:1c:b4:
         ab:ae:c8:bc:3c:b7:93:7c:80:dc:ac:68:73:83:3f:64:12:0e:
         83:cf:ea:03:4a:87:84:c9:fb:4a:50:51:4e:cb:38:4e:83:42:
         12:e9:75:b4:d0:e5:6c:a1:b5:90:fc:ea:ab:99:f4:fa:85:b8:
         1c:91:19:4f:58:52:e8:dd:87:3d:93:12:e5:76:c6:0e:bf:d6:
         97:83:5d:c6:63:ab:2a:de:40:92:f0:03:90:99:cb:c3:de:0b:
         fa:62:44:02:13:9e:bd:d0:1f:d1:0e:04:84:b4:3f:10:7a:35:
         b7:e4:bc:ec:c4:a5:49:ea:ea:24:fe:62:92:6d:0f:c7:9f:b8:
         a5:66:f2:cc:8c:7e:e9:e5:40:de:75:3f:a3:33:7d:46:4b:21:
         12:d4:4f:8f:7f:d9:1f:04:16:94:9d:05:eb:ef:64:46:97:db:
         a8:58:f5:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+gtyBvj5SepG8KOxm6PBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjUwMTAxMDM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTBiMjIyN2Q0OWQ0ZTQ4NTg3ZmMwMTYyNGI5NDg5MTI1MzFjYTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjz4D6F9Utg46nfVbbu2fIhmhCD4U
e+GV/vf8Drj8fKUwRyjlABAbCB0HX/afv9znhvQluVlhTi8s8I/oAchkph32CoZ7
wdDrf0WWZ8G5QXdOJouTztDUG0MfUYYvvIIi7iLS1eDC8LMI17sFgu/ni219IkyT
bqt7qdNFh/XMWtLDk8GSce79YVt3Yp/5qg6EkwoPUokCEy/Q281h+mcGqJS22zSi
2wAHJ4doVKFpVLQivgUmCD/8wCV0w+hNBH9aog4jI60R8pdHtPA8930Rd5t9MsWd
NNhz7Pdab4iHz7VPL+EUcSCo6SE14Lg+UYUPBPNWxA/FoxITrvDOhYTP6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIoLIifUnU5IWH/AFiS5SJElMcogMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvaWdzaUo5U2RUa2hZZjhBV0pMbElrU1V4eWlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEwqMA0G
CSqGSIb3DQEBCwUAA4IBAQCry9c+zr0pFe3y/d7lDc8GLikf4taP/Eah1RmoOOcQ
4sXkluxPD3WP8ruapaL6+hX1TWkYYPbxRu4sE+a9qWs2r6roUbZVEwPjCdMFunVb
GB9SP1ZqJMR8HLSrrsi8PLeTfIDcrGhzgz9kEg6Dz+oDSoeEyftKUFFOyzhOg0IS
6XW00OVsobWQ/OqrmfT6hbgckRlPWFLo3Yc9kxLldsYOv9aXg13GY6sq3kCS8AOQ
mcvD3gv6YkQCE5690B/RDgSEtD8QejW35LzsxKVJ6uok/mKSbQ/Hn7ilZvLMjH7p
5UDedT+jM31GSyES1E+Pf9kfBBaUnQXr72RGl9uoWPVy
-----END CERTIFICATE-----