Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/ByBEl16wKKDlLETxRb-r9dTPxho.roa
File:                     ByBEl16wKKDlLETxRb-r9dTPxho.roa (raw, json)
Hash identifier:          NB+L3MCgW9YWrFsDSKfA24L96PY7+UAkKOFdy8EzrUI=
Subject key identifier:   07:20:44:97:5E:B0:28:A0:E5:2C:44:F1:45:BF:AB:F5:D4:CF:C6:1A
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       019258AD5B5F92C376A299F29DB221ECEADC
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/ByBEl16wKKDlLETxRb-r9dTPxho.roa
Signing time:             Fri 04 Oct 2024 17:56:49 +0000
ROA not before:           Fri 04 Oct 2024 17:56:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        212.87.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:58:ad:5b:5f:92:c3:76:a2:99:f2:9d:b2:21:ec:ea:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Oct  4 17:56:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=072044975eb028a0e52c44f145bfabf5d4cfc61a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:b8:05:86:18:f6:09:b3:fe:ab:a9:68:03:50:
                    da:cd:d5:5e:da:a3:45:1e:28:5e:8b:c3:b1:1d:13:
                    47:31:22:d7:cd:16:7f:fb:1e:23:14:92:21:9e:70:
                    ab:e9:7b:a2:09:a0:f2:b0:5f:60:ca:8a:70:91:31:
                    0b:82:a1:bb:92:cb:46:d0:56:2c:0e:07:0d:bf:ec:
                    1d:70:7e:8b:1d:c1:aa:b0:25:c1:ea:5b:21:cb:ba:
                    dc:b0:a2:15:d3:4f:c2:72:89:3a:ed:77:42:43:04:
                    4d:b5:0c:1e:f6:c5:d0:dc:9f:16:26:e9:f5:9e:e9:
                    0e:1b:74:2d:fb:14:7c:6e:a4:86:96:d7:e9:e0:94:
                    fa:d6:58:fc:d7:53:e5:38:39:68:36:6b:10:3b:10:
                    f8:aa:b9:c3:71:22:db:65:a0:ab:7e:b0:3b:aa:ea:
                    28:e1:fc:6b:06:28:c7:0f:84:6e:9f:9d:f2:9f:ad:
                    23:5f:2e:04:01:03:7e:93:1c:56:c4:f0:a2:32:1b:
                    69:06:17:a1:7e:00:93:27:f1:f5:67:d9:2a:9c:89:
                    25:9a:d9:36:67:07:19:c4:3e:99:03:58:33:3d:c5:
                    b7:c7:31:b3:b8:eb:53:d2:5f:4b:3f:c0:0f:92:e0:
                    7b:88:6a:a7:f6:06:c0:8c:a6:39:41:0c:8a:9f:1e:
                    02:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:20:44:97:5E:B0:28:A0:E5:2C:44:F1:45:BF:AB:F5:D4:CF:C6:1A
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/ByBEl16wKKDlLETxRb-r9dTPxho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.87.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:fe:82:0a:c2:2d:cd:bc:79:12:d4:5c:8a:cd:a1:b8:17:17:
         e5:f2:db:37:40:33:a2:6a:9f:a6:c2:04:1e:50:c5:73:d9:1c:
         9b:73:91:31:dc:30:25:93:c8:b1:bf:de:65:5c:3b:22:56:18:
         55:92:f0:0a:f8:15:62:35:25:23:b4:ca:9a:a4:00:43:06:d6:
         83:70:bb:2b:f1:2f:4b:60:e6:4f:ba:f9:5c:ec:92:c3:49:f6:
         08:7e:04:43:d7:be:ae:f9:3f:17:36:b3:c6:15:bd:5b:51:56:
         ae:28:06:f3:e4:dd:83:87:da:2c:08:06:55:5d:36:59:ad:a0:
         27:cc:14:a7:7a:6b:08:19:15:ed:7b:fc:4f:17:aa:f8:79:fd:
         e6:77:da:92:54:01:a9:85:de:cc:fa:d9:42:76:cb:f5:73:86:
         59:b8:11:10:ec:8c:bb:5f:58:e0:8d:d2:1a:41:7f:8b:ea:91:
         60:52:d8:f7:89:b4:ca:63:41:4e:44:da:04:e0:86:da:24:7a:
         81:9d:1e:f0:db:89:b3:42:65:9d:82:70:40:d4:b2:a8:20:6f:
         80:6b:d4:0f:59:2f:25:68:85:68:8b:70:e5:e7:8a:3b:15:39:
         a2:97:5d:61:f4:1c:5b:a7:26:0e:f3:c3:e6:36:82:b0:d2:ee:
         7d:91:17:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJYrVtfksN2opnynbIh7OrcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjQxMDA0MTc1NjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzIwNDQ5NzVlYjAyOGEwZTUyYzQ0ZjE0NWJmYWJmNWQ0Y2ZjNjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rgFhhj2CbP+q6loA1DazdVe2qNF
Hihei8OxHRNHMSLXzRZ/+x4jFJIhnnCr6XuiCaDysF9gyopwkTELgqG7kstG0FYs
DgcNv+wdcH6LHcGqsCXB6lshy7rcsKIV00/Ccok67XdCQwRNtQwe9sXQ3J8WJun1
nukOG3Qt+xR8bqSGltfp4JT61lj811PlODloNmsQOxD4qrnDcSLbZaCrfrA7quoo
4fxrBijHD4Run53yn60jXy4EAQN+kxxWxPCiMhtpBhehfgCTJ/H1Z9kqnIklmtk2
ZwcZxD6ZA1gzPcW3xzGzuOtT0l9LP8APkuB7iGqn9gbAjKY5QQyKnx4CyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAcgRJdesCig5SxE8UW/q/XUz8YaMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvQnlCRWwxNndLS0RsTEVUeFJiLXI5ZFRQeGhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FfIMA0G
CSqGSIb3DQEBCwUAA4IBAQBb/oIKwi3NvHkS1FyKzaG4Fxfl8ts3QDOiap+mwgQe
UMVz2Rybc5Ex3DAlk8ixv95lXDsiVhhVkvAK+BViNSUjtMqapABDBtaDcLsr8S9L
YOZPuvlc7JLDSfYIfgRD176u+T8XNrPGFb1bUVauKAbz5N2Dh9osCAZVXTZZraAn
zBSnemsIGRXte/xPF6r4ef3md9qSVAGphd7M+tlCdsv1c4ZZuBEQ7Iy7X1jgjdIa
QX+L6pFgUtj3ibTKY0FORNoE4IbaJHqBnR7w24mzQmWdgnBA1LKoIG+Aa9QPWS8l
aIVoi3Dl54o7FTmil11h9BxbpyYO88PmNoKw0u59kRfv
-----END CERTIFICATE-----