Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/A9_1rrjLJEngR5Zc08gWHnw_7QE.roa
File:                     A9_1rrjLJEngR5Zc08gWHnw_7QE.roa (raw, json)
Hash identifier:          U9ffBB+hbE7Rfxj69YU1Bh85BgYuOMrwEEFGu9UWO9k=
Subject key identifier:   03:DF:F5:AE:B8:CB:24:49:E0:47:96:5C:D3:C8:16:1E:7C:3F:ED:01
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       018CC8DF91A7236FCE7CB55874DCC2C250F4
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/A9_1rrjLJEngR5Zc08gWHnw_7QE.roa
Signing time:             Tue 02 Jan 2024 06:32:24 +0000
ROA not before:           Tue 02 Jan 2024 06:32:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43063
IP address blocks:        88.80.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:91:a7:23:6f:ce:7c:b5:58:74:dc:c2:c2:50:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Jan  2 06:32:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03dff5aeb8cb2449e047965cd3c8161e7c3fed01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:2a:7a:aa:16:16:ed:36:4b:69:69:2f:bd:f3:
                    2e:6b:30:35:8a:06:21:03:d5:4a:ae:b5:8d:44:86:
                    b9:d4:71:06:7a:db:83:47:cb:f2:15:e5:c8:16:da:
                    eb:4a:28:8a:82:f8:e4:3d:e1:85:39:d9:76:1e:30:
                    1e:d3:b7:e4:98:89:ec:c3:0b:a8:62:ec:7c:52:ec:
                    27:e8:b4:19:1e:cb:f6:6d:86:4f:fc:9a:1d:aa:76:
                    bb:aa:2c:16:84:19:53:c3:72:65:0c:72:82:74:92:
                    c6:8f:8a:f4:1a:7b:7f:ea:5a:f4:2d:b3:0f:06:35:
                    ba:8d:72:49:da:a4:3b:52:ef:96:ed:e7:d7:8d:7a:
                    63:63:4f:e1:a3:e2:fe:98:9e:95:ec:7c:58:a5:31:
                    46:94:17:14:2b:67:d3:6f:f8:86:78:d9:cb:f4:3c:
                    14:ce:4f:ad:95:83:ef:7d:c3:57:f0:e9:ab:ca:54:
                    f5:b2:5c:8e:22:bd:65:a1:b9:57:ef:60:30:ed:03:
                    2d:e7:9e:87:39:71:b8:86:83:3c:e6:98:5c:1a:b0:
                    44:fb:bc:d7:5f:1a:02:ec:9f:69:07:66:73:7a:86:
                    0d:4c:8d:cb:24:7e:0d:6d:89:87:8f:6e:4a:89:0c:
                    5a:e3:c1:85:67:7e:81:67:9d:16:17:2f:42:16:62:
                    b6:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:DF:F5:AE:B8:CB:24:49:E0:47:96:5C:D3:C8:16:1E:7C:3F:ED:01
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/A9_1rrjLJEngR5Zc08gWHnw_7QE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.80.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:ea:d8:2d:36:b2:55:ed:40:ef:f0:61:77:a9:49:06:c3:10:
         c8:5d:00:02:0e:a3:26:5b:ca:ae:99:39:36:ec:ed:20:df:cd:
         5f:d3:79:c6:e0:14:22:e5:bd:89:30:5b:b5:25:05:e0:88:94:
         a8:4e:94:6f:85:fd:67:c6:93:52:b5:d1:da:b6:84:53:a3:07:
         0c:60:0e:72:95:e9:c5:d9:73:74:46:39:2f:e4:f4:e7:da:e9:
         b4:9e:66:75:96:62:50:c8:24:d6:97:7f:11:61:27:fe:1b:2e:
         e4:ac:0b:c3:ce:70:29:25:dc:8d:2b:f8:22:a4:93:fd:79:f0:
         24:62:da:ef:47:13:89:fd:81:69:f0:06:ae:06:b3:2e:62:7a:
         ef:cf:7b:6f:f7:63:87:c2:a6:1b:9b:0f:99:5d:44:32:88:b3:
         9f:d6:ed:db:4b:ba:3b:88:1a:6e:8a:48:ec:71:8c:7a:cb:e5:
         92:aa:f9:9c:ba:54:16:a1:1f:db:43:4f:de:4c:ee:14:85:70:
         23:6d:ce:71:5b:22:2c:04:e4:a3:b4:9c:2d:7a:89:0d:9c:b5:
         7b:50:b8:d2:1b:ab:bb:c1:95:7f:0d:5d:12:9b:79:fd:e4:a5:
         7a:fb:8a:6a:ec:d3:b6:58:b0:1b:66:a8:2a:23:99:a6:1c:98:
         db:2d:c9:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI35GnI2/OfLVYdNzCwlD0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjQwMTAyMDYzMjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2RmZjVhZWI4Y2IyNDQ5ZTA0Nzk2NWNkM2M4MTYxZTdjM2ZlZDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSp6qhYW7TZLaWkvvfMuazA1igYh
A9VKrrWNRIa51HEGetuDR8vyFeXIFtrrSiiKgvjkPeGFOdl2HjAe07fkmInswwuo
Yux8Uuwn6LQZHsv2bYZP/Jodqna7qiwWhBlTw3JlDHKCdJLGj4r0Gnt/6lr0LbMP
BjW6jXJJ2qQ7Uu+W7efXjXpjY0/ho+L+mJ6V7HxYpTFGlBcUK2fTb/iGeNnL9DwU
zk+tlYPvfcNX8OmrylT1slyOIr1loblX72Aw7QMt556HOXG4hoM85phcGrBE+7zX
XxoC7J9pB2ZzeoYNTI3LJH4NbYmHj25KiQxa48GFZ36BZ50WFy9CFmK2dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPf9a64yyRJ4EeWXNPIFh58P+0BMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvQTlfMXJyakxKRW5nUjVaYzA4Z1dIbndfN1FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWFCCMA0G
CSqGSIb3DQEBCwUAA4IBAQA66tgtNrJV7UDv8GF3qUkGwxDIXQACDqMmW8qumTk2
7O0g381f03nG4BQi5b2JMFu1JQXgiJSoTpRvhf1nxpNStdHatoRTowcMYA5ylenF
2XN0Rjkv5PTn2um0nmZ1lmJQyCTWl38RYSf+Gy7krAvDznApJdyNK/gipJP9efAk
YtrvRxOJ/YFp8AauBrMuYnrvz3tv92OHwqYbmw+ZXUQyiLOf1u3bS7o7iBpuikjs
cYx6y+WSqvmculQWoR/bQ0/eTO4UhXAjbc5xWyIsBOSjtJwteokNnLV7ULjSG6u7
wZV/DV0Sm3n95KV6+4pq7NO2WLAbZqgqI5mmHJjbLclj
-----END CERTIFICATE-----