Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/Ab8ZeajeeTKeEQ2Lq2PKmIAx2_8.roa
File:                     Ab8ZeajeeTKeEQ2Lq2PKmIAx2_8.roa (raw, json)
Hash identifier:          NUHyrflgzYP+AXR8qTFPTfe07843PGYaRr0oSNTCC+0=
Subject key identifier:   01:BF:19:79:A8:DE:79:32:9E:11:0D:8B:AB:63:CA:98:80:31:DB:FF
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D5D31750F71506DE44C62348CDF1E
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/Ab8ZeajeeTKeEQ2Lq2PKmIAx2_8.roa
Signing time:             Mon 01 Jan 2024 00:29:56 +0000
ROA not before:           Mon 01 Jan 2024 00:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59620
IP address blocks:        90.154.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:5d:31:75:0f:71:50:6d:e4:4c:62:34:8c:df:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01bf1979a8de79329e110d8bab63ca988031dbff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:90:84:32:17:5a:4c:2d:41:5b:3b:7c:42:d7:
                    d9:df:da:1f:d0:b8:c8:fa:ec:4f:0c:0f:ac:ff:44:
                    1b:68:bd:6c:71:03:72:c1:2f:6c:6b:e6:ad:f8:c5:
                    8b:2a:6c:55:b8:4b:ea:78:4b:02:7f:0d:d4:29:61:
                    90:da:b9:d0:d2:f3:0f:d1:8a:67:56:3d:fe:bf:fe:
                    5f:c8:64:4f:9a:a4:cb:f0:7e:53:59:3d:c7:d6:43:
                    8c:35:f1:a7:36:97:dd:a2:15:7b:a5:96:fc:3e:74:
                    d5:95:bb:98:a3:0e:26:e2:56:38:e2:54:2d:b6:f9:
                    36:f8:a7:f4:86:1a:31:c8:74:1a:73:0b:0a:e1:59:
                    e1:88:3c:b6:b9:4b:c5:d9:69:c3:08:d3:1a:f4:16:
                    7a:8b:20:a1:38:d9:dc:50:f8:03:a3:d0:2d:a8:94:
                    a4:18:69:47:5b:33:c7:b7:4a:9a:d3:07:1d:76:c9:
                    30:de:d8:0a:d3:e3:6d:d7:15:51:ae:49:b4:d9:b6:
                    7e:93:b4:b2:4a:17:dd:73:3f:fd:4e:14:45:80:d0:
                    6e:28:d8:b5:af:ec:e8:c7:97:db:f5:04:4d:9b:4c:
                    16:b4:f7:06:80:85:75:2a:4a:ce:c2:4a:9c:01:24:
                    a0:23:ea:d7:69:b0:e5:cc:be:b5:ae:ac:1b:5f:ac:
                    e4:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:BF:19:79:A8:DE:79:32:9E:11:0D:8B:AB:63:CA:98:80:31:DB:FF
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/Ab8ZeajeeTKeEQ2Lq2PKmIAx2_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  90.154.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:fc:1f:9f:a5:1c:36:f0:d3:05:df:12:1e:e6:7a:8f:be:42:
         9b:de:77:b3:ee:8a:55:e2:53:cd:7d:79:6a:63:21:78:21:66:
         f3:fc:54:d9:a3:5d:62:6a:ca:db:53:d7:7f:e5:1a:23:1d:23:
         28:72:0c:b5:10:e7:a8:f6:50:df:4a:06:7d:f5:89:d8:cc:9b:
         3c:16:ec:7a:75:a7:c6:9f:b4:a9:6f:ff:ff:92:3a:d3:f4:c1:
         b5:ca:02:ad:c1:66:17:21:b4:6d:5e:1e:ad:1d:a7:e7:56:4a:
         37:72:aa:8c:8f:43:c4:a3:66:c1:b2:8b:be:92:ab:7a:4c:44:
         fa:b9:d0:03:37:ac:7b:58:9e:9c:91:82:34:07:6b:8e:1d:44:
         25:fb:0d:f4:6e:a4:df:06:02:1d:76:09:8a:95:fe:4f:74:21:
         52:73:42:72:01:37:46:ba:37:49:c4:8a:29:fa:ea:76:14:97:
         2f:b0:95:d7:25:16:eb:20:f8:e1:57:01:e4:95:f5:20:6a:97:
         ec:ba:90:50:09:e1:6f:5e:83:14:a2:cc:45:1b:65:54:63:5c:
         4d:90:b7:37:62:8e:ad:cb:f4:4a:90:d0:e8:33:63:c5:ee:c3:
         6c:a0:e8:73:3d:49:fc:1c:10:c3:0f:29:c4:81:bc:09:e8:7b:
         6f:ed:c0:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbV0xdQ9xUG3kTGI0jN8eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWJmMTk3OWE4ZGU3OTMyOWUxMTBkOGJhYjYzY2E5ODgwMzFkYmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZCEMhdaTC1BWzt8QtfZ39of0LjI
+uxPDA+s/0QbaL1scQNywS9sa+at+MWLKmxVuEvqeEsCfw3UKWGQ2rnQ0vMP0Ypn
Vj3+v/5fyGRPmqTL8H5TWT3H1kOMNfGnNpfdohV7pZb8PnTVlbuYow4m4lY44lQt
tvk2+Kf0hhoxyHQacwsK4VnhiDy2uUvF2WnDCNMa9BZ6iyChONncUPgDo9AtqJSk
GGlHWzPHt0qa0wcddskw3tgK0+Nt1xVRrkm02bZ+k7SyShfdcz/9ThRFgNBuKNi1
r+zox5fb9QRNm0wWtPcGgIV1KkrOwkqcASSgI+rXabDlzL61rqwbX6zk7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAG/GXmo3nkynhENi6tjypiAMdv/MB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvQWI4WmVhamVlVEtlRVEyTHEyUEttSUF4Ml84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWprgMA0G
CSqGSIb3DQEBCwUAA4IBAQBz/B+fpRw28NMF3xIe5nqPvkKb3nez7opV4lPNfXlq
YyF4IWbz/FTZo11iasrbU9d/5RojHSMocgy1EOeo9lDfSgZ99YnYzJs8Fux6dafG
n7Spb///kjrT9MG1ygKtwWYXIbRtXh6tHafnVko3cqqMj0PEo2bBsou+kqt6TET6
udADN6x7WJ6ckYI0B2uOHUQl+w30bqTfBgIddgmKlf5PdCFSc0JyATdGujdJxIop
+up2FJcvsJXXJRbrIPjhVwHklfUgapfsupBQCeFvXoMUosxFG2VUY1xNkLc3Yo6t
y/RKkNDoM2PF7sNsoOhzPUn8HBDDDynEgbwJ6Htv7cCw
-----END CERTIFICATE-----