Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/8f7d37-a740-42b0-acd0-c36976363968/1/g9iebDI-mUxz5x8NF8Eb1vWfFB8.roa
File:                     g9iebDI-mUxz5x8NF8Eb1vWfFB8.roa (raw, json)
Hash identifier:          jZPerGGBtxVY6b8fozmUX2EkYA+3OvgP0zX7L30nMYs=
Subject key identifier:   83:D8:9E:6C:32:3E:99:4C:73:E7:1F:0D:17:C1:1B:D6:F5:9F:14:1F
Certificate issuer:       /CN=938a2d72e79026f52bf5657e97ffd1b11be88641
Certificate serial:       018CC6B7AF65831AA8B06B3BD9F7949E498F
Authority key identifier: 93:8A:2D:72:E7:90:26:F5:2B:F5:65:7E:97:FF:D1:B1:1B:E8:86:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k4otcueQJvUr9WV-l__RsRvohkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/8f7d37-a740-42b0-acd0-c36976363968/1/g9iebDI-mUxz5x8NF8Eb1vWfFB8.roa
Signing time:             Mon 01 Jan 2024 20:29:35 +0000
ROA not before:           Mon 01 Jan 2024 20:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34428
IP address blocks:        185.249.157.0/24 maxlen: 24
                          2a13:f00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/8f7d37-a740-42b0-acd0-c36976363968/1/k4otcueQJvUr9WV-l__RsRvohkE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/8f7d37-a740-42b0-acd0-c36976363968/1/k4otcueQJvUr9WV-l__RsRvohkE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k4otcueQJvUr9WV-l__RsRvohkE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Nov 2024 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:af:65:83:1a:a8:b0:6b:3b:d9:f7:94:9e:49:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=938a2d72e79026f52bf5657e97ffd1b11be88641
        Validity
            Not Before: Jan  1 20:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83d89e6c323e994c73e71f0d17c11bd6f59f141f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:fc:e0:eb:2c:d6:54:a4:2c:90:8e:2a:c9:68:
                    c1:59:37:91:4d:ff:28:ac:c5:2c:a2:5c:1c:83:d8:
                    44:9f:a2:00:04:78:2e:23:27:ef:4f:36:e8:9b:09:
                    3d:a7:52:7b:0b:97:47:29:e0:61:6a:e7:a7:5a:7d:
                    d6:47:89:f9:04:86:81:b7:f1:d6:3a:10:f4:c6:1f:
                    ac:a7:1c:0d:a7:d4:b4:51:63:ea:d6:09:03:a4:4f:
                    81:42:2e:f6:f2:c6:88:82:0b:ee:f0:16:ef:85:c7:
                    d9:6f:d4:82:44:c7:1e:db:f8:1a:9e:14:85:e0:62:
                    1f:6c:c4:e3:86:87:77:cd:1f:2c:0a:6a:39:83:6e:
                    1a:32:be:94:c7:cb:d3:34:df:da:a4:f1:fe:bf:66:
                    f6:50:0f:cf:97:cd:41:2c:76:46:66:ea:6f:57:32:
                    ea:19:a0:52:6e:c3:b0:6d:8f:27:c7:01:8c:3c:9d:
                    df:62:34:c3:69:2b:e2:ff:8b:3a:ef:95:99:8f:1c:
                    c9:19:58:6d:ce:20:3b:51:b5:11:21:f5:c7:ef:7f:
                    4a:8b:3f:17:35:34:34:d7:31:9d:61:9e:c0:f3:0b:
                    78:77:ac:42:3e:75:54:f8:4b:30:21:53:a2:79:5b:
                    5e:87:2e:ed:c5:44:be:0e:3b:ae:1c:0b:62:81:b4:
                    2b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:D8:9E:6C:32:3E:99:4C:73:E7:1F:0D:17:C1:1B:D6:F5:9F:14:1F
            X509v3 Authority Key Identifier:
                keyid:93:8A:2D:72:E7:90:26:F5:2B:F5:65:7E:97:FF:D1:B1:1B:E8:86:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k4otcueQJvUr9WV-l__RsRvohkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8f7d37-a740-42b0-acd0-c36976363968/1/g9iebDI-mUxz5x8NF8Eb1vWfFB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8f7d37-a740-42b0-acd0-c36976363968/1/k4otcueQJvUr9WV-l__RsRvohkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.157.0/24
                IPv6:
                  2a13:f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         00:f8:d2:9d:da:34:66:bd:37:4b:76:4f:c1:87:5e:be:34:82:
         5f:b1:fa:5c:da:3e:46:a5:66:c3:06:ae:5d:1a:73:4d:b1:3b:
         ac:d1:4b:10:0a:c0:03:0c:47:e5:6e:7a:2f:a5:df:48:bd:df:
         27:96:52:29:79:30:b0:5c:e0:77:80:5c:f3:ae:06:53:0d:06:
         06:bb:9c:73:a8:6e:f4:ba:e9:b7:68:7d:17:7b:09:2e:d4:cb:
         70:b5:15:aa:2c:d1:1c:80:01:6c:51:bb:49:31:5b:9a:fc:e6:
         4c:82:8d:e6:32:dd:41:85:27:91:f6:da:53:31:b0:c7:4d:09:
         23:7e:24:05:a7:4f:86:8d:7d:72:5d:74:52:36:80:5d:47:92:
         83:69:e4:b8:cb:09:0f:20:f3:28:27:59:4b:15:d2:d0:a0:98:
         08:3a:41:0f:2d:e3:4f:58:0f:51:b4:9d:7a:a4:91:d1:07:39:
         b1:64:f6:c5:a3:26:21:49:57:2f:db:97:2e:1d:e3:3a:52:bf:
         78:bf:78:4b:89:08:8b:cd:3d:e9:c8:9a:9c:25:63:a2:54:42:
         2a:c0:e7:42:af:ad:5e:c8:1a:ac:6b:70:2d:56:fc:e9:bc:f7:
         01:3c:2b:da:0a:ad:a4:8c:b3:fd:b1:61:81:2c:bd:48:50:78:
         d4:93:dc:42
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt69lgxqosGs72feUnkmPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzOGEyZDcyZTc5MDI2ZjUyYmY1NjU3ZTk3ZmZkMWIxMWJl
ODg2NDEwHhcNMjQwMTAxMjAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2Q4OWU2YzMyM2U5OTRjNzNlNzFmMGQxN2MxMWJkNmY1OWYxNDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPzg6yzWVKQskI4qyWjBWTeRTf8o
rMUsolwcg9hEn6IABHguIyfvTzbomwk9p1J7C5dHKeBhauenWn3WR4n5BIaBt/HW
OhD0xh+spxwNp9S0UWPq1gkDpE+BQi728saIggvu8BbvhcfZb9SCRMce2/ganhSF
4GIfbMTjhod3zR8sCmo5g24aMr6Ux8vTNN/apPH+v2b2UA/Pl81BLHZGZupvVzLq
GaBSbsOwbY8nxwGMPJ3fYjTDaSvi/4s675WZjxzJGVhtziA7UbURIfXH739Kiz8X
NTQ01zGdYZ7A8wt4d6xCPnVU+EswIVOieVtehy7txUS+DjuuHAtigbQrvQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIPYnmwyPplMc+cfDRfBG9b1nxQfMB8GA1UdIwQY
MBaAFJOKLXLnkCb1K/Vlfpf/0bEb6IZBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazRvdGN1ZVFKdlVyOVdWLWxfX1JzUnZvaGtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi84ZjdkMzctYTc0MC00MmIwLWFjZDAt
YzM2OTc2MzYzOTY4LzEvZzlpZWJESS1tVXh6NXg4TkY4RWIxdldmRkI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi84ZjdkMzctYTc0MC00MmIwLWFjZDAtYzM2OTc2MzYzOTY4
LzEvazRvdGN1ZVFKdlVyOVdWLWxfX1JzUnZvaGtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAufmdMA0E
AgACMAcDBQMqEw8AMA0GCSqGSIb3DQEBCwUAA4IBAQAA+NKd2jRmvTdLdk/Bh16+
NIJfsfpc2j5GpWbDBq5dGnNNsTus0UsQCsADDEflbnovpd9Ivd8nllIpeTCwXOB3
gFzzrgZTDQYGu5xzqG70uum3aH0Xewku1MtwtRWqLNEcgAFsUbtJMVua/OZMgo3m
Mt1BhSeR9tpTMbDHTQkjfiQFp0+GjX1yXXRSNoBdR5KDaeS4ywkPIPMoJ1lLFdLQ
oJgIOkEPLeNPWA9RtJ16pJHRBzmxZPbFoyYhSVcv25cuHeM6Ur94v3hLiQiLzT3p
yJqcJWOiVEIqwOdCr61eyBqsa3AtVvzpvPcBPCvaCq2kjLP9sWGBLL1IUHjUk9xC
-----END CERTIFICATE-----