Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/vC20hVff9_XHTawqfnvxGoo0EXE.roa
File:                     vC20hVff9_XHTawqfnvxGoo0EXE.roa (raw, json)
Hash identifier:          i6DXpY+r65lKQcWiaUS58lp8KelaXAzLOhK2R+NTRsA=
Subject key identifier:   BC:2D:B4:85:57:DF:F7:F5:C7:4D:AC:2A:7E:7B:F1:1A:8A:34:11:71
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       0192ED22EB02533CD037B3EADBC751234162
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/vC20hVff9_XHTawqfnvxGoo0EXE.roa
Signing time:             Sat 02 Nov 2024 13:49:01 +0000
ROA not before:           Sat 02 Nov 2024 13:49:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        212.87.202.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ed:22:eb:02:53:3c:d0:37:b3:ea:db:c7:51:23:41:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Nov  2 13:49:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc2db48557dff7f5c74dac2a7e7bf11a8a341171
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:05:f2:6f:7c:b9:ba:8a:e8:a8:eb:0f:50:18:
                    f9:60:3c:93:ef:eb:a6:d0:7d:71:13:61:f1:c6:af:
                    bc:80:69:74:6a:4e:18:52:dd:85:2c:e9:c1:81:68:
                    23:d8:64:de:53:b4:78:0d:db:69:0b:57:27:85:20:
                    72:d7:a3:f8:89:ff:09:0a:fd:9e:38:74:37:66:40:
                    07:d3:a7:e8:a6:66:46:22:06:9a:fa:92:a7:07:11:
                    c6:be:76:f6:71:95:b3:83:64:43:03:ae:54:83:82:
                    d3:89:72:db:7a:66:22:b8:79:2f:49:1e:50:cd:10:
                    a8:a6:13:98:31:18:1f:ad:b3:d3:10:01:f8:29:5e:
                    f3:91:ea:ff:99:45:56:53:a4:30:7f:84:0d:0d:31:
                    d5:7f:1a:d1:b0:7c:85:d4:a1:a2:de:9a:38:41:27:
                    b2:43:da:d5:bf:15:14:a2:0e:16:ba:7c:53:79:c4:
                    e4:93:41:9c:1b:af:fd:25:5c:f3:2e:d2:a8:0c:ed:
                    44:8a:39:36:2d:db:54:55:1b:5e:86:0a:8f:03:7d:
                    2f:6c:32:22:96:87:02:7a:8b:fd:1f:3f:78:bf:9b:
                    39:57:7b:10:74:f9:8d:e7:7b:8f:37:4c:82:e2:74:
                    1a:79:9b:e4:a1:fc:47:28:62:f9:7d:09:31:d5:42:
                    ba:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:2D:B4:85:57:DF:F7:F5:C7:4D:AC:2A:7E:7B:F1:1A:8A:34:11:71
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/vC20hVff9_XHTawqfnvxGoo0EXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.87.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:29:83:46:cc:d8:c6:b8:19:57:0b:1b:fd:b9:6d:20:2e:f2:
         62:59:62:d8:1c:c4:af:e3:62:1c:3c:83:1c:d1:09:56:d6:7e:
         94:bb:33:e5:c2:29:42:35:d7:76:df:45:87:b4:64:77:31:fe:
         0a:00:2e:e0:de:60:f9:41:c6:e7:26:c7:a9:28:ac:16:26:19:
         9d:c5:d5:bd:9c:1c:74:ff:d3:56:77:3d:e6:9f:ff:3d:77:a6:
         6f:96:c6:42:c8:21:24:56:63:fa:6b:25:a0:4e:5c:28:87:4c:
         b1:e9:0d:fe:0d:c5:8e:97:a5:00:23:19:58:c9:2b:c8:d1:ba:
         8c:82:ea:3f:cb:6e:d1:35:5a:f0:38:f7:30:eb:f1:fe:35:03:
         26:70:87:fb:0f:81:85:79:52:25:29:b9:82:64:44:8f:18:04:
         f6:dc:32:29:6c:1c:b3:5f:30:53:0b:8f:2f:5a:5b:43:62:79:
         a1:a9:99:dd:05:95:96:25:88:3a:0a:5b:1a:b3:1a:50:53:4d:
         ff:1d:d3:c1:2d:07:1c:78:04:99:74:88:24:d2:fa:56:e6:f8:
         53:66:18:77:dc:7d:22:5f:bb:24:3a:4c:b0:da:fc:7f:d8:e2:
         a3:af:93:a8:34:c0:01:39:cc:41:24:fd:ee:b8:0e:8a:d3:99:
         5b:74:69:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLtIusCUzzQN7Pq28dRI0FiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjQxMTAyMTM0OTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzJkYjQ4NTU3ZGZmN2Y1Yzc0ZGFjMmE3ZTdiZjExYThhMzQxMTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQXyb3y5uoroqOsPUBj5YDyT7+um
0H1xE2Hxxq+8gGl0ak4YUt2FLOnBgWgj2GTeU7R4DdtpC1cnhSBy16P4if8JCv2e
OHQ3ZkAH06fopmZGIgaa+pKnBxHGvnb2cZWzg2RDA65Ug4LTiXLbemYiuHkvSR5Q
zRCophOYMRgfrbPTEAH4KV7zker/mUVWU6Qwf4QNDTHVfxrRsHyF1KGi3po4QSey
Q9rVvxUUog4WunxTecTkk0GcG6/9JVzzLtKoDO1Eijk2LdtUVRtehgqPA30vbDIi
locCeov9Hz94v5s5V3sQdPmN53uPN0yC4nQaeZvkofxHKGL5fQkx1UK67wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLwttIVX3/f1x02sKn578RqKNBFxMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvdkMyMGhWZmY5X1hIVGF3cWZudnhHb28wRVhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1FfKMA0G
CSqGSIb3DQEBCwUAA4IBAQCSKYNGzNjGuBlXCxv9uW0gLvJiWWLYHMSv42IcPIMc
0QlW1n6UuzPlwilCNdd230WHtGR3Mf4KAC7g3mD5QcbnJsepKKwWJhmdxdW9nBx0
/9NWdz3mn/89d6ZvlsZCyCEkVmP6ayWgTlwoh0yx6Q3+DcWOl6UAIxlYySvI0bqM
guo/y27RNVrwOPcw6/H+NQMmcIf7D4GFeVIlKbmCZESPGAT23DIpbByzXzBTC48v
WltDYnmhqZndBZWWJYg6ClsasxpQU03/HdPBLQcceASZdIgk0vpW5vhTZhh33H0i
X7skOkyw2vx/2OKjr5OoNMABOcxBJP3uuA6K05lbdGko
-----END CERTIFICATE-----