Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/8az8hpiZaAkCHgja3qicvJlvX1o.roa
File:                     8az8hpiZaAkCHgja3qicvJlvX1o.roa (raw, json)
Hash identifier:          bbYl0hdcZJYeY2ufUl368kZbVhVoK9NXuFzsox5du2s=
Subject key identifier:   F1:AC:FC:86:98:99:68:09:02:1E:08:DA:DE:A8:9C:BC:99:6F:5F:5A
Certificate issuer:       /CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
Certificate serial:       018CCA2B0BD9DDDEA0D606BEA1BEE6597846
Authority key identifier: 3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/8az8hpiZaAkCHgja3qicvJlvX1o.roa
Signing time:             Tue 02 Jan 2024 12:34:27 +0000
ROA not before:           Tue 02 Jan 2024 12:34:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49871
IP address blocks:        212.19.51.240/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:0b:d9:dd:de:a0:d6:06:be:a1:be:e6:59:78:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
        Validity
            Not Before: Jan  2 12:34:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1acfc8698996809021e08dadea89cbc996f5f5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:4c:82:5c:aa:fe:db:4e:45:4e:27:2f:0f:15:
                    24:d6:08:33:5d:4d:ff:59:ba:e5:1a:6d:3e:4d:0a:
                    78:e2:fc:97:f2:66:d1:ea:ba:7d:5b:0a:e3:81:d7:
                    37:41:ee:8a:ce:0f:e6:52:c5:8b:14:9d:a9:0c:b4:
                    e7:56:0d:a9:7e:19:22:26:3b:32:07:ee:fe:b6:68:
                    ac:39:be:b1:22:6e:06:d8:15:e6:e8:82:93:16:2c:
                    d6:5b:2c:65:19:7c:f9:aa:a3:82:31:af:99:f5:4c:
                    ae:da:5d:29:ae:5f:28:77:df:38:6f:39:5a:28:44:
                    2d:f6:61:8f:84:44:f1:1e:68:c6:2b:0c:ef:7a:e5:
                    97:73:b8:20:f2:d1:6f:b8:49:8b:f5:a5:33:9f:64:
                    2c:63:8a:39:15:4e:b7:c5:8d:87:1a:b1:97:4e:79:
                    44:e7:71:6f:86:e6:ad:1b:5f:b2:f8:59:27:ad:13:
                    e5:2b:f5:cc:1e:f5:76:0e:15:ed:b9:19:80:1b:d2:
                    3d:18:79:30:02:84:95:06:80:ae:86:4e:a2:ec:15:
                    0c:bf:81:2c:67:49:67:b4:ec:72:8e:95:46:e3:4f:
                    4a:7b:9f:4e:18:b3:78:3d:b7:e3:a2:33:ba:63:40:
                    4f:82:75:79:a6:48:3d:e3:7d:59:87:ba:c1:a4:1f:
                    1f:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:AC:FC:86:98:99:68:09:02:1E:08:DA:DE:A8:9C:BC:99:6F:5F:5A
            X509v3 Authority Key Identifier:
                keyid:3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/8az8hpiZaAkCHgja3qicvJlvX1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.19.51.240/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:7f:f3:ad:a7:65:c6:44:63:75:bb:f9:05:8b:32:9e:fd:fc:
         f7:84:35:d1:66:01:5e:b3:1f:3f:b1:8e:bc:3a:b1:29:08:20:
         76:08:ff:30:ab:f5:8d:ce:fa:15:65:9a:a3:7d:0c:44:5f:16:
         c9:c6:40:3c:c5:0d:d4:a3:fe:15:ce:44:e3:84:aa:92:0a:ba:
         98:d0:50:08:72:f1:c5:0f:d4:ae:98:a8:26:85:76:6a:b4:d4:
         11:f7:69:f1:a9:67:6f:3b:56:54:6d:74:40:7e:2f:e5:d4:ef:
         e2:b7:2d:6c:ee:ab:4f:95:0a:e0:a7:92:0e:67:b0:34:1d:60:
         78:3c:b1:e0:8f:33:f7:84:69:37:c8:b4:68:0e:96:47:38:3c:
         a1:14:79:32:70:28:ca:2c:6f:74:e7:98:3b:b5:9e:c2:0f:a5:
         16:d0:c8:b1:80:3a:ab:33:60:92:86:e8:49:04:ed:80:4f:c3:
         a1:44:fb:48:69:11:03:33:52:a2:5c:86:4f:9a:67:9a:c0:78:
         ac:4e:30:9f:01:35:5c:a6:68:3f:f8:cc:6b:5d:54:84:27:ff:
         41:7c:e4:59:1c:30:42:1c:c5:88:d0:cd:61:6d:c9:01:96:55:
         6a:cf:c5:60:ef:24:56:8f:b8:0c:fd:8d:db:7c:39:06:05:17:
         4c:b2:63:2f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKKwvZ3d6g1ga+ob7mWXhGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkOGJhMGE1MmM0MjEyOWFmMWQ0Zjc0M2ZlYjMzYmIxNDRk
NGJiNWMwHhcNMjQwMTAyMTIzNDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWFjZmM4Njk4OTk2ODA5MDIxZTA4ZGFkZWE4OWNiYzk5NmY1ZjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEyCXKr+205FTicvDxUk1ggzXU3/
WbrlGm0+TQp44vyX8mbR6rp9Wwrjgdc3Qe6Kzg/mUsWLFJ2pDLTnVg2pfhkiJjsy
B+7+tmisOb6xIm4G2BXm6IKTFizWWyxlGXz5qqOCMa+Z9Uyu2l0prl8od984bzla
KEQt9mGPhETxHmjGKwzveuWXc7gg8tFvuEmL9aUzn2QsY4o5FU63xY2HGrGXTnlE
53FvhuatG1+y+FknrRPlK/XMHvV2DhXtuRmAG9I9GHkwAoSVBoCuhk6i7BUMv4Es
Z0lntOxyjpVG409Ke59OGLN4PbfjojO6Y0BPgnV5pkg9431Zh7rBpB8fXQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPGs/IaYmWgJAh4I2t6onLyZb19aMB8GA1UdIwQY
MBaAFD2LoKUsQhKa8dT3Q/6zO7FE1LtcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMt
YTU2ODM4NDRlNzkyLzEvOGF6OGhwaVphQWtDSGdqYTNxaWN2Smx2WDFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMtYTU2ODM4NDRlNzky
LzEvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUD1BMz8DAN
BgkqhkiG9w0BAQsFAAOCAQEAe3/zradlxkRjdbv5BYsynv3894Q10WYBXrMfP7GO
vDqxKQggdgj/MKv1jc76FWWao30MRF8WycZAPMUN1KP+Fc5E44Sqkgq6mNBQCHLx
xQ/UrpioJoV2arTUEfdp8alnbztWVG10QH4v5dTv4rctbO6rT5UK4KeSDmewNB1g
eDyx4I8z94RpN8i0aA6WRzg8oRR5MnAoyixvdOeYO7Wewg+lFtDIsYA6qzNgkobo
SQTtgE/DoUT7SGkRAzNSolyGT5pnmsB4rE4wnwE1XKZoP/jMa11UhCf/QXzkWRww
QhzFiNDNYW3JAZZVas/FYO8kVo+4DP2N23w5BgUXTLJjLw==
-----END CERTIFICATE-----