Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/ibPRDL53RuSkT63LC65mVFkk4VM.roa
File:                     ibPRDL53RuSkT63LC65mVFkk4VM.roa (raw, json)
Hash identifier:          Y1izI5hsWPUUZvimklxtkT+55XVkPJHzkhyhXQl1WeE=
Subject key identifier:   89:B3:D1:0C:BE:77:46:E4:A4:4F:AD:CB:0B:AE:66:54:59:24:E1:53
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D5CFD1CBA7E6E551D10EA31FC05E2
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/ibPRDL53RuSkT63LC65mVFkk4VM.roa
Signing time:             Mon 01 Jan 2024 00:29:56 +0000
ROA not before:           Mon 01 Jan 2024 00:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57705
IP address blocks:        83.228.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:5c:fd:1c:ba:7e:6e:55:1d:10:ea:31:fc:05:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89b3d10cbe7746e4a44fadcb0bae66545924e153
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:9d:df:6f:dd:19:fd:0e:1a:b2:0f:14:4d:dc:
                    5a:9e:05:8d:26:7c:74:10:a8:e5:1f:d6:dd:6b:02:
                    84:9f:cf:de:5e:7c:99:57:1e:62:c8:64:4d:e6:d1:
                    91:8d:20:bb:61:ee:a2:a0:71:18:5d:5c:41:f5:11:
                    3c:e7:af:7f:7d:3a:65:d9:1f:c1:87:11:c8:55:27:
                    6e:19:52:93:bb:f3:69:c3:8a:55:f2:49:e1:46:16:
                    9a:51:e2:80:bb:2a:73:b1:e3:64:8a:84:03:a4:60:
                    a8:ef:83:0f:0e:85:a8:82:c7:97:17:7e:c4:e9:a6:
                    61:40:20:01:25:32:f1:6b:6f:43:de:8f:51:0a:f0:
                    e7:18:08:3d:34:4e:76:f5:f1:0b:7a:13:2d:fe:74:
                    8d:e6:77:1c:a5:a6:75:90:8a:37:4b:7b:0e:36:b7:
                    ee:cd:59:64:70:bb:67:14:e1:2c:de:0a:36:59:f3:
                    67:4a:f5:28:40:bf:e1:cb:6e:cb:51:cc:33:7c:c1:
                    3a:76:cf:78:62:34:b3:0e:ed:36:17:fc:c0:6d:72:
                    fe:82:3d:0b:b4:5b:31:7a:e6:9f:0e:2e:1a:27:54:
                    05:51:e4:87:91:01:3e:b7:ac:e5:99:bf:ba:4a:04:
                    87:3f:21:ac:60:5b:32:4e:01:76:08:fd:f4:b8:54:
                    e7:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:B3:D1:0C:BE:77:46:E4:A4:4F:AD:CB:0B:AE:66:54:59:24:E1:53
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/ibPRDL53RuSkT63LC65mVFkk4VM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.228.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:3c:9a:39:12:02:8e:43:99:26:24:a1:58:d0:65:81:cb:10:
         be:ac:b2:61:7d:08:8e:ef:43:d0:5c:2d:ff:b8:0c:15:da:2b:
         54:a4:ba:37:b8:6d:52:42:9a:46:24:b9:4c:eb:bb:ac:36:7d:
         68:b9:5d:ca:89:63:c7:cb:03:51:53:92:5d:0a:fa:bd:77:9e:
         5e:16:34:ca:08:25:8b:8e:ee:2a:4a:bc:d4:6a:6c:0f:18:79:
         47:c2:19:31:6b:de:c8:bd:3c:e8:29:9a:5d:c1:fe:6a:34:c1:
         07:36:cc:08:bf:f5:e2:18:80:24:f5:7d:9c:84:0d:4c:68:10:
         1b:7e:d3:d0:67:6b:3e:25:5c:69:93:cd:f8:54:9d:94:30:3c:
         e8:25:f9:65:f9:30:e5:5c:5d:dc:f5:5a:98:e9:94:25:d2:48:
         f4:0a:7c:e7:b2:82:4f:5d:50:7c:98:b3:18:76:bb:bc:67:99:
         cc:ef:aa:b9:ca:a2:6a:92:ca:54:7b:46:38:3b:87:3a:14:12:
         06:19:9b:7e:94:6a:56:76:79:15:74:e0:4c:c3:da:94:ca:3b:
         f4:5f:09:30:3b:3a:d3:fe:99:d7:db:bd:f7:f8:a8:8b:5b:25:
         c9:12:82:22:62:5a:98:ed:05:be:96:a5:81:35:20:80:6e:bf:
         19:45:7e:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVz9HLp+blUdEOox/AXiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWIzZDEwY2JlNzc0NmU0YTQ0ZmFkY2IwYmFlNjY1NDU5MjRlMTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmp3fb90Z/Q4asg8UTdxangWNJnx0
EKjlH9bdawKEn8/eXnyZVx5iyGRN5tGRjSC7Ye6ioHEYXVxB9RE8569/fTpl2R/B
hxHIVSduGVKTu/Npw4pV8knhRhaaUeKAuypzseNkioQDpGCo74MPDoWogseXF37E
6aZhQCABJTLxa29D3o9RCvDnGAg9NE529fELehMt/nSN5nccpaZ1kIo3S3sONrfu
zVlkcLtnFOEs3go2WfNnSvUoQL/hy27LUcwzfME6ds94YjSzDu02F/zAbXL+gj0L
tFsxeuafDi4aJ1QFUeSHkQE+t6zlmb+6SgSHPyGsYFsyTgF2CP30uFTniQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImz0Qy+d0bkpE+tywuuZlRZJOFTMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvaWJQUkRMNTNSdVNrVDYzTEM2NW1WRmtrNFZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU+RmMA0G
CSqGSIb3DQEBCwUAA4IBAQAKPJo5EgKOQ5kmJKFY0GWByxC+rLJhfQiO70PQXC3/
uAwV2itUpLo3uG1SQppGJLlM67usNn1ouV3KiWPHywNRU5JdCvq9d55eFjTKCCWL
ju4qSrzUamwPGHlHwhkxa97IvTzoKZpdwf5qNMEHNswIv/XiGIAk9X2chA1MaBAb
ftPQZ2s+JVxpk834VJ2UMDzoJfll+TDlXF3c9VqY6ZQl0kj0CnznsoJPXVB8mLMY
dru8Z5nM76q5yqJqkspUe0Y4O4c6FBIGGZt+lGpWdnkVdOBMw9qUyjv0XwkwOzrT
/pnX2733+KiLWyXJEoIiYlqY7QW+lqWBNSCAbr8ZRX5f
-----END CERTIFICATE-----