Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/iRgkVcJTF0YDWbFTOj07f-Jb0KU.roa
File:                     iRgkVcJTF0YDWbFTOj07f-Jb0KU.roa (raw, json)
Hash identifier:          NaMPJiEZ/1NQNduOeLq2m2KzSia3BbATa1riuBS4qjY=
Subject key identifier:   89:18:24:55:C2:53:17:46:03:59:B1:53:3A:3D:3B:7F:E2:5B:D0:A5
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       018DC2DE90BC39D27F5721852BA0ABEAF789
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/iRgkVcJTF0YDWbFTOj07f-Jb0KU.roa
Signing time:             Mon 19 Feb 2024 19:36:22 +0000
ROA not before:           Mon 19 Feb 2024 19:36:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        77.246.212.0/22 maxlen: 22
                          88.80.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c2:de:90:bc:39:d2:7f:57:21:85:2b:a0:ab:ea:f7:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Feb 19 19:36:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89182455c25317460359b1533a3d3b7fe25bd0a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ad:71:3c:bc:2b:72:30:76:27:d3:2f:22:3d:
                    3c:7f:fb:aa:b5:2d:1e:19:48:e9:60:8f:08:74:3e:
                    f3:d5:75:ac:b2:05:d3:b5:3a:6d:b6:97:eb:e1:d8:
                    cc:a5:3a:6a:50:00:40:70:5c:0a:70:a1:0c:97:61:
                    a8:83:ed:15:ab:e8:ab:3f:d7:bd:93:48:b9:d0:b8:
                    b5:3c:d6:59:64:08:0f:92:ec:aa:77:8a:da:38:e0:
                    88:38:c1:83:2f:d4:15:5a:e8:02:9d:ce:85:05:7f:
                    10:a9:4e:43:5e:de:b1:32:14:df:1f:07:90:f7:11:
                    da:80:04:af:09:93:d1:49:1b:a1:c8:58:b7:c6:5c:
                    1e:f3:32:50:fe:40:fa:d9:65:27:61:34:05:c3:b5:
                    2c:fe:2e:7c:0a:d7:2c:02:fc:da:50:75:6f:4a:55:
                    8e:42:f5:49:aa:b2:d0:1d:ef:5f:ea:17:1c:6b:7f:
                    3e:8d:00:97:a6:58:90:7a:f6:25:7f:dd:48:f0:f3:
                    fe:1c:ff:3b:61:f1:64:a3:9c:a4:66:e0:76:db:b2:
                    bc:da:43:3d:92:a6:30:a7:3a:5c:10:bd:49:50:2f:
                    cf:ec:5a:52:29:46:ec:a8:1b:4b:95:5a:56:f7:16:
                    80:ca:3d:22:d2:e0:a0:ed:9e:46:37:dd:d2:40:c5:
                    43:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:18:24:55:C2:53:17:46:03:59:B1:53:3A:3D:3B:7F:E2:5B:D0:A5
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/iRgkVcJTF0YDWbFTOj07f-Jb0KU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.212.0/22
                  88.80.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:3c:93:cd:ab:72:e7:65:60:e6:99:5c:1b:7c:9e:8f:1f:a2:
         39:4e:f4:41:93:47:8f:da:3a:31:54:65:91:6a:1c:71:09:26:
         09:66:9f:c9:67:4c:a9:9e:1c:b3:6e:59:28:6f:f2:1a:f9:f2:
         57:bf:a1:b4:9c:f8:17:4c:27:c0:ed:2b:54:1a:46:fa:3d:5d:
         9c:74:10:40:13:19:46:bd:38:7e:d2:90:40:37:83:a9:46:64:
         ba:38:df:fa:6a:16:8d:53:15:a1:10:ae:3d:91:1d:13:d3:51:
         2f:75:c2:29:db:ee:fb:23:4d:90:f9:f0:8d:fd:83:98:7d:d7:
         1e:0e:13:39:58:51:62:d5:26:fe:2c:69:15:48:6d:a7:85:0b:
         65:50:65:59:92:ad:ee:01:d6:20:85:af:f2:70:1b:2f:73:d6:
         fd:cc:df:58:cc:76:54:ae:54:93:97:d9:a4:02:a9:d1:51:5d:
         f9:2a:b7:3f:22:c6:27:7f:c6:18:bd:d5:59:83:da:f5:db:52:
         43:b4:ff:b3:b0:e3:ce:ab:f6:d3:4a:b4:37:4c:29:fa:8c:80:
         0a:f2:96:d6:c9:3a:ff:01:b9:9c:92:85:fa:c1:ad:3b:a3:c6:
         d5:78:8d:6d:df:08:60:8d:5a:66:c2:33:cd:3e:27:3b:ec:cc:
         51:50:70:3d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3C3pC8OdJ/VyGFK6Cr6veJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjQwMjE5MTkzNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTE4MjQ1NWMyNTMxNzQ2MDM1OWIxNTMzYTNkM2I3ZmUyNWJkMGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAja1xPLwrcjB2J9MvIj08f/uqtS0e
GUjpYI8IdD7z1XWssgXTtTpttpfr4djMpTpqUABAcFwKcKEMl2Gog+0Vq+irP9e9
k0i50Li1PNZZZAgPkuyqd4raOOCIOMGDL9QVWugCnc6FBX8QqU5DXt6xMhTfHweQ
9xHagASvCZPRSRuhyFi3xlwe8zJQ/kD62WUnYTQFw7Us/i58CtcsAvzaUHVvSlWO
QvVJqrLQHe9f6hcca38+jQCXpliQevYlf91I8PP+HP87YfFko5ykZuB227K82kM9
kqYwpzpcEL1JUC/P7FpSKUbsqBtLlVpW9xaAyj0i0uCg7Z5GN93SQMVD8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIkYJFXCUxdGA1mxUzo9O3/iW9ClMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvaVJna1ZjSlRGMFlEV2JGVE9qMDdmLUpiMEtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCTfbUAwQA
WFCMMA0GCSqGSIb3DQEBCwUAA4IBAQA2PJPNq3LnZWDmmVwbfJ6PH6I5TvRBk0eP
2joxVGWRahxxCSYJZp/JZ0ypnhyzblkob/Ia+fJXv6G0nPgXTCfA7StUGkb6PV2c
dBBAExlGvTh+0pBAN4OpRmS6ON/6ahaNUxWhEK49kR0T01EvdcIp2+77I02Q+fCN
/YOYfdceDhM5WFFi1Sb+LGkVSG2nhQtlUGVZkq3uAdYgha/ycBsvc9b9zN9YzHZU
rlSTl9mkAqnRUV35Krc/IsYnf8YYvdVZg9r121JDtP+zsOPOq/bTSrQ3TCn6jIAK
8pbWyTr/AbmckoX6wa07o8bVeI1t3whgjVpmwjPNPic77MxRUHA9
-----END CERTIFICATE-----