Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/b73bd2-ab94-4ac3-93c4-6cbcb7e3d8d2/1/8fXifpYUmZunD4cldMTXH0HwNiU.roa
File:                     8fXifpYUmZunD4cldMTXH0HwNiU.roa (raw, json)
Hash identifier:          9ne0cMhSLjvTbXcwp/Oxy+NJk8gUq99YhfdrhI+aJgU=
Subject key identifier:   F1:F5:E2:7E:96:14:99:9B:A7:0F:87:25:74:C4:D7:1F:41:F0:36:25
Certificate issuer:       /CN=2ace126fa5830911083e45f583cadb08a63ec6f9
Certificate serial:       018CC79517F538BE8997C78C809B5340FC01
Authority key identifier: 2A:CE:12:6F:A5:83:09:11:08:3E:45:F5:83:CA:DB:08:A6:3E:C6:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ks4Sb6WDCREIPkX1g8rbCKY-xvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/b73bd2-ab94-4ac3-93c4-6cbcb7e3d8d2/1/8fXifpYUmZunD4cldMTXH0HwNiU.roa
Signing time:             Tue 02 Jan 2024 00:31:26 +0000
ROA not before:           Tue 02 Jan 2024 00:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206984
IP address blocks:        185.169.244.0/22 maxlen: 22
                          2a0a:7700::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/b73bd2-ab94-4ac3-93c4-6cbcb7e3d8d2/1/Ks4Sb6WDCREIPkX1g8rbCKY-xvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/b73bd2-ab94-4ac3-93c4-6cbcb7e3d8d2/1/Ks4Sb6WDCREIPkX1g8rbCKY-xvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ks4Sb6WDCREIPkX1g8rbCKY-xvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:17:f5:38:be:89:97:c7:8c:80:9b:53:40:fc:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ace126fa5830911083e45f583cadb08a63ec6f9
        Validity
            Not Before: Jan  2 00:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1f5e27e9614999ba70f872574c4d71f41f03625
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:b6:20:3a:e9:c8:5a:0b:da:96:43:64:c8:c0:
                    6d:ae:72:46:94:04:62:bb:af:2c:2a:21:00:27:d4:
                    22:5d:67:ad:bb:5b:5a:4e:9c:65:f4:62:cd:0c:d0:
                    17:91:af:5c:c1:1c:f0:9e:4f:9d:6f:9d:16:1e:0c:
                    1f:11:fd:f7:3d:8b:69:25:be:1b:8c:0d:24:2c:ae:
                    39:e6:7c:64:ff:3d:14:61:21:15:49:ff:ac:8e:a8:
                    ef:79:d8:24:b8:26:f1:59:9e:64:7e:d3:1a:0c:3a:
                    c2:51:e9:af:5a:2f:b1:94:3a:65:87:9b:2e:05:7b:
                    05:9d:84:01:74:9c:15:08:de:30:50:70:18:98:d4:
                    ba:d4:8e:e2:87:57:a4:37:c3:4c:e9:78:18:db:79:
                    6e:51:9c:94:ec:70:a0:f7:62:51:4e:50:92:a9:e8:
                    41:f9:c6:17:6e:44:5a:36:74:0d:8f:b1:fb:d8:9b:
                    77:26:5a:c8:25:7a:17:1a:3d:04:97:de:c6:8c:4b:
                    39:3c:66:13:29:ab:23:f1:60:ee:15:2a:c7:3c:7d:
                    33:06:ad:1f:2a:0a:a5:85:b1:47:a2:64:45:8a:5b:
                    0d:2b:60:ff:06:b6:09:3a:c4:e1:76:da:ed:87:0e:
                    7b:04:76:80:19:b4:4a:bd:a7:a1:e4:da:b8:ea:1e:
                    c6:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:F5:E2:7E:96:14:99:9B:A7:0F:87:25:74:C4:D7:1F:41:F0:36:25
            X509v3 Authority Key Identifier:
                keyid:2A:CE:12:6F:A5:83:09:11:08:3E:45:F5:83:CA:DB:08:A6:3E:C6:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ks4Sb6WDCREIPkX1g8rbCKY-xvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b73bd2-ab94-4ac3-93c4-6cbcb7e3d8d2/1/8fXifpYUmZunD4cldMTXH0HwNiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b73bd2-ab94-4ac3-93c4-6cbcb7e3d8d2/1/Ks4Sb6WDCREIPkX1g8rbCKY-xvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.244.0/22
                IPv6:
                  2a0a:7700::/29

    Signature Algorithm: sha256WithRSAEncryption
         d7:22:c6:e4:d3:30:02:bc:d7:8b:2e:3f:ba:70:c5:d0:02:61:
         d5:ab:70:83:15:d0:f7:f0:b1:35:a6:e8:a1:c6:34:c2:93:96:
         75:a6:d3:ea:f4:f3:e0:2a:b1:e2:c9:2f:c8:d4:2c:29:8c:42:
         a1:00:da:a3:03:28:b9:cb:83:77:fe:8b:e0:71:f5:63:0a:a5:
         6a:82:02:12:cc:1a:6c:47:ab:62:77:4b:34:6f:d4:b3:b4:e2:
         02:27:87:8f:a4:01:de:ac:51:67:a5:d0:1e:4b:94:72:7b:cb:
         70:10:74:c1:27:01:5b:e5:e6:57:5c:97:3f:91:b0:f8:d9:bc:
         e6:7b:c5:54:5d:d9:56:f6:e7:57:11:ce:e1:d7:0a:ad:3a:3c:
         0f:47:d1:88:e1:72:e9:98:8d:06:43:36:3a:f5:87:66:f9:50:
         35:19:b4:d3:04:c1:36:7a:a2:49:4b:60:eb:0b:c3:ae:6e:6e:
         dd:1a:e4:cc:5d:21:7d:4c:97:18:77:f5:2f:26:ec:32:ce:bd:
         f1:a5:bd:c5:51:da:89:62:74:ff:0c:70:9c:4c:bf:4b:37:84:
         c3:6f:cb:b2:c2:86:1d:f0:b3:c4:01:eb:79:4c:16:e8:da:65:
         18:c0:4f:1d:ec:bb:30:01:ec:d0:52:c3:a2:a2:1c:ba:82:72:
         7a:0a:a3:95
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlRf1OL6Jl8eMgJtTQPwBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhY2UxMjZmYTU4MzA5MTEwODNlNDVmNTgzY2FkYjA4YTYz
ZWM2ZjkwHhcNMjQwMTAyMDAzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWY1ZTI3ZTk2MTQ5OTliYTcwZjg3MjU3NGM0ZDcxZjQxZjAzNjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLYgOunIWgvalkNkyMBtrnJGlARi
u68sKiEAJ9QiXWetu1taTpxl9GLNDNAXka9cwRzwnk+db50WHgwfEf33PYtpJb4b
jA0kLK455nxk/z0UYSEVSf+sjqjvedgkuCbxWZ5kftMaDDrCUemvWi+xlDplh5su
BXsFnYQBdJwVCN4wUHAYmNS61I7ih1ekN8NM6XgY23luUZyU7HCg92JRTlCSqehB
+cYXbkRaNnQNj7H72Jt3JlrIJXoXGj0El97GjEs5PGYTKasj8WDuFSrHPH0zBq0f
KgqlhbFHomRFilsNK2D/BrYJOsThdtrthw57BHaAGbRKvaeh5Nq46h7G9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPH14n6WFJmbpw+HJXTE1x9B8DYlMB8GA1UdIwQY
MBaAFCrOEm+lgwkRCD5F9YPK2wimPsb5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3M0U2I2V0RDUkVJUGtYMWc4cmJDS1kteHZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9iNzNiZDItYWI5NC00YWMzLTkzYzQt
NmNiY2I3ZTNkOGQyLzEvOGZYaWZwWVVtWnVuRDRjbGRNVFhIMEh3TmlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9iNzNiZDItYWI5NC00YWMzLTkzYzQtNmNiY2I3ZTNkOGQy
LzEvS3M0U2I2V0RDUkVJUGtYMWc4cmJDS1kteHZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuan0MA0E
AgACMAcDBQMqCncAMA0GCSqGSIb3DQEBCwUAA4IBAQDXIsbk0zACvNeLLj+6cMXQ
AmHVq3CDFdD38LE1puihxjTCk5Z1ptPq9PPgKrHiyS/I1CwpjEKhANqjAyi5y4N3
/ovgcfVjCqVqggISzBpsR6tid0s0b9SztOICJ4ePpAHerFFnpdAeS5Rye8twEHTB
JwFb5eZXXJc/kbD42bzme8VUXdlW9udXEc7h1wqtOjwPR9GI4XLpmI0GQzY69Ydm
+VA1GbTTBME2eqJJS2DrC8Oubm7dGuTMXSF9TJcYd/UvJuwyzr3xpb3FUdqJYnT/
DHCcTL9LN4TDb8uywoYd8LPEAet5TBbo2mUYwE8d7LswAezQUsOiohy6gnJ6CqOV
-----END CERTIFICATE-----