Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/N8MPPRmWIZO1VqByq4Aor9q0IYE.roa
File:                     N8MPPRmWIZO1VqByq4Aor9q0IYE.roa (raw, json)
Hash identifier:          cfCL0Bel0kRIlJnp3HoTCbrQZ/HmRdpFehMnYYS++Y8=
Subject key identifier:   37:C3:0F:3D:19:96:21:93:B5:56:A0:72:AB:80:28:AF:DA:B4:21:81
Certificate issuer:       /CN=30f1ba6111c8f1d3f37c1b7c1a5ed737402192f2
Certificate serial:       018CC94DA8DC41F06DE4645A6809C8BA1799
Authority key identifier: 30:F1:BA:61:11:C8:F1:D3:F3:7C:1B:7C:1A:5E:D7:37:40:21:92:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/N8MPPRmWIZO1VqByq4Aor9q0IYE.roa
Signing time:             Tue 02 Jan 2024 08:32:39 +0000
ROA not before:           Tue 02 Jan 2024 08:32:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3215
IP address blocks:        185.145.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:a8:dc:41:f0:6d:e4:64:5a:68:09:c8:ba:17:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30f1ba6111c8f1d3f37c1b7c1a5ed737402192f2
        Validity
            Not Before: Jan  2 08:32:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37c30f3d19962193b556a072ab8028afdab42181
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:46:f0:1d:48:4a:65:f1:b1:aa:2d:47:34:f0:
                    77:ae:15:15:fa:e2:8c:8c:84:ef:fa:96:35:60:e5:
                    22:15:6c:76:df:6b:1d:11:02:f8:d1:78:00:63:b7:
                    b3:f2:35:ab:2d:76:89:e3:c7:36:85:18:0f:64:7f:
                    5b:68:1e:f1:3a:d1:8f:60:f0:47:d3:aa:65:07:5a:
                    66:dd:97:1a:2a:b4:f7:2c:94:66:08:39:34:56:94:
                    6a:ce:e4:94:05:00:10:48:ff:e9:09:84:3f:05:7b:
                    23:33:2d:f3:1d:15:a6:a3:e7:52:04:fd:42:f1:69:
                    9b:ec:61:d4:6c:3c:07:36:c5:f7:0c:a8:23:0f:84:
                    56:0f:f3:11:e7:c4:d9:61:f7:c0:61:de:2b:50:fc:
                    79:3d:74:25:15:7f:c8:14:0b:33:d8:25:90:d7:c9:
                    25:26:53:bb:57:ea:9c:e5:96:2c:57:4c:43:5b:ab:
                    0a:06:55:62:f7:ee:b9:cf:62:a3:0e:d4:55:c3:19:
                    5b:88:db:01:1b:fa:ae:fb:25:76:9a:8b:3f:60:b6:
                    8f:d6:19:54:44:ed:ec:59:5e:e5:d4:c7:8f:c2:85:
                    e9:d3:8f:82:f5:52:f7:e1:1b:35:62:e0:2d:61:b1:
                    4d:e7:92:85:cc:4a:a0:19:38:84:f9:6e:39:2b:12:
                    8b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:C3:0F:3D:19:96:21:93:B5:56:A0:72:AB:80:28:AF:DA:B4:21:81
            X509v3 Authority Key Identifier:
                keyid:30:F1:BA:61:11:C8:F1:D3:F3:7C:1B:7C:1A:5E:D7:37:40:21:92:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/N8MPPRmWIZO1VqByq4Aor9q0IYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:36:d4:88:4e:36:37:aa:89:d0:25:8e:cc:56:05:84:5a:b1:
         14:ed:09:a5:2a:b2:d7:c2:c5:95:6e:9b:70:01:b4:99:23:00:
         56:a5:f0:d2:28:da:4d:28:23:b7:97:dd:20:ec:a6:5c:1c:4c:
         c2:39:71:2a:cf:de:3b:65:86:83:0b:57:0c:39:83:ad:ba:ec:
         06:3c:0d:16:4f:6a:73:51:4f:39:45:96:33:26:23:b6:1c:69:
         d4:68:02:04:90:ae:d6:c5:54:f6:96:2f:50:52:be:31:d5:46:
         0e:4b:3d:c0:82:14:e3:d8:c8:09:80:71:c5:88:07:b1:2e:ec:
         63:40:88:ce:b7:b0:20:55:9f:bd:82:81:c7:5d:54:98:12:bd:
         8b:e0:81:be:1d:d7:17:de:e0:e5:71:b0:13:ba:e1:18:3b:8a:
         a5:c9:de:89:55:87:35:df:50:d3:c3:a2:f5:55:f1:a1:84:1e:
         14:40:b7:d5:9a:40:42:fa:b4:d1:b1:e2:fc:b6:e5:66:5b:56:
         f3:87:de:e8:0e:41:52:ae:1b:0c:14:74:1a:d6:e3:bb:05:0f:
         eb:6d:7c:40:d7:2c:5c:34:d7:b6:0b:b0:60:82:e3:a1:6a:33:
         1a:9e:62:3f:5d:83:00:81:6f:17:f7:5e:02:ff:84:82:1c:55:
         85:43:10:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTajcQfBt5GRaaAnIuheZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZjFiYTYxMTFjOGYxZDNmMzdjMWI3YzFhNWVkNzM3NDAy
MTkyZjIwHhcNMjQwMTAyMDgzMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2MzMGYzZDE5OTYyMTkzYjU1NmEwNzJhYjgwMjhhZmRhYjQyMTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskbwHUhKZfGxqi1HNPB3rhUV+uKM
jITv+pY1YOUiFWx232sdEQL40XgAY7ez8jWrLXaJ48c2hRgPZH9baB7xOtGPYPBH
06plB1pm3ZcaKrT3LJRmCDk0VpRqzuSUBQAQSP/pCYQ/BXsjMy3zHRWmo+dSBP1C
8Wmb7GHUbDwHNsX3DKgjD4RWD/MR58TZYffAYd4rUPx5PXQlFX/IFAsz2CWQ18kl
JlO7V+qc5ZYsV0xDW6sKBlVi9+65z2KjDtRVwxlbiNsBG/qu+yV2mos/YLaP1hlU
RO3sWV7l1MePwoXp04+C9VL34Rs1YuAtYbFN55KFzEqgGTiE+W45KxKLDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDfDDz0ZliGTtVagcquAKK/atCGBMB8GA1UdIwQY
MBaAFDDxumERyPHT83wbfBpe1zdAIZLyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVBHNllSSEk4ZFB6ZkJ0OEdsN1hOMEFoa3ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy84ZDdjNTctYmE2NS00N2ZjLWJjYzQt
YzMzMDE4NjMzZDMzLzEvTjhNUFBSbVdJWk8xVnFCeXE0QW9yOXEwSVlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy84ZDdjNTctYmE2NS00N2ZjLWJjYzQtYzMzMDE4NjMzZDMz
LzEvTVBHNllSSEk4ZFB6ZkJ0OEdsN1hOMEFoa3ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZFOMA0G
CSqGSIb3DQEBCwUAA4IBAQAVNtSITjY3qonQJY7MVgWEWrEU7QmlKrLXwsWVbptw
AbSZIwBWpfDSKNpNKCO3l90g7KZcHEzCOXEqz947ZYaDC1cMOYOtuuwGPA0WT2pz
UU85RZYzJiO2HGnUaAIEkK7WxVT2li9QUr4x1UYOSz3AghTj2MgJgHHFiAexLuxj
QIjOt7AgVZ+9goHHXVSYEr2L4IG+HdcX3uDlcbATuuEYO4qlyd6JVYc131DTw6L1
VfGhhB4UQLfVmkBC+rTRseL8tuVmW1bzh97oDkFSrhsMFHQa1uO7BQ/rbXxA1yxc
NNe2C7BgguOhajManmI/XYMAgW8X914C/4SCHFWFQxDQ
-----END CERTIFICATE-----