Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/8XOiLuiDB79SF_bFOXzNyUd6mgY.roa
File:                     8XOiLuiDB79SF_bFOXzNyUd6mgY.roa (raw, json)
Hash identifier:          wbHhiZ6+L+HIDHxStmpUADHQLvEaHlId8vIup9qljK8=
Subject key identifier:   F1:73:A2:2E:E8:83:07:BF:52:17:F6:C5:39:7C:CD:C9:47:7A:9A:06
Certificate issuer:       /CN=a86580e18ad6ff8dc942be883c16de8b731f9605
Certificate serial:       018CC7274631DCBFBB6E83EEFECE8815B198
Authority key identifier: A8:65:80:E1:8A:D6:FF:8D:C9:42:BE:88:3C:16:DE:8B:73:1F:96:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qGWA4YrW_43JQr6IPBbei3MflgU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/8XOiLuiDB79SF_bFOXzNyUd6mgY.roa
Signing time:             Mon 01 Jan 2024 22:31:28 +0000
ROA not before:           Mon 01 Jan 2024 22:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47167
IP address blocks:        195.216.224.0/24 maxlen: 24
                          2001:67c:294::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/qGWA4YrW_43JQr6IPBbei3MflgU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/qGWA4YrW_43JQr6IPBbei3MflgU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qGWA4YrW_43JQr6IPBbei3MflgU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:46:31:dc:bf:bb:6e:83:ee:fe:ce:88:15:b1:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a86580e18ad6ff8dc942be883c16de8b731f9605
        Validity
            Not Before: Jan  1 22:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f173a22ee88307bf5217f6c5397ccdc9477a9a06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:b9:64:8a:48:e9:d8:70:4d:77:e2:c0:48:9e:
                    2d:92:31:1f:a7:97:8c:52:64:9f:86:4d:fb:d2:8e:
                    ea:15:81:5c:08:11:bd:68:bb:f5:c1:7c:04:1c:fc:
                    41:bf:e1:da:96:dc:b9:3b:71:03:14:a7:2f:8b:fc:
                    9e:1d:57:41:6f:bd:cc:42:d2:24:bf:af:18:a0:96:
                    78:33:63:a2:74:df:81:88:f8:fc:3f:be:7d:91:d3:
                    7c:81:64:1c:88:ad:27:c8:33:14:e3:89:9e:a7:1f:
                    61:16:88:b1:5f:f8:24:52:ac:e3:48:71:8a:a4:c4:
                    b1:44:20:f1:6f:47:23:6a:5e:a6:d8:17:fb:23:80:
                    73:29:aa:37:80:1b:02:49:d1:1b:47:02:b7:2a:1b:
                    19:ae:11:97:53:88:4c:5a:1b:45:d0:3f:cb:28:22:
                    09:c6:17:27:cc:86:33:92:f4:95:d2:0b:82:cc:c2:
                    07:25:c4:16:21:41:1e:81:eb:1e:89:0a:f1:d3:fc:
                    5e:bd:a8:bc:e8:d1:65:ad:e2:1c:19:e5:64:30:69:
                    23:ac:a0:bb:2f:6e:5e:dc:50:42:de:c4:bc:4a:3b:
                    21:89:cb:a6:9b:4c:61:de:25:ce:7e:a8:4c:9f:ad:
                    d6:ad:63:4c:8c:c0:c3:d0:90:c0:f6:db:df:bf:12:
                    93:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:73:A2:2E:E8:83:07:BF:52:17:F6:C5:39:7C:CD:C9:47:7A:9A:06
            X509v3 Authority Key Identifier:
                keyid:A8:65:80:E1:8A:D6:FF:8D:C9:42:BE:88:3C:16:DE:8B:73:1F:96:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGWA4YrW_43JQr6IPBbei3MflgU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/8XOiLuiDB79SF_bFOXzNyUd6mgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/qGWA4YrW_43JQr6IPBbei3MflgU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.224.0/24
                IPv6:
                  2001:67c:294::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:cf:4b:c9:10:7f:5a:ea:db:5e:92:1b:0b:8d:68:da:c4:6e:
         83:41:38:7f:e4:20:ba:49:a8:41:72:a7:7a:21:ac:fe:78:72:
         1a:0a:27:1f:63:0c:a5:43:b9:13:a8:c2:ee:60:a8:0d:3a:72:
         41:8c:3b:4f:73:cc:ee:8b:c0:2c:ed:7f:0a:dc:9e:79:0b:53:
         3f:c0:ec:83:7c:4c:5b:4f:6e:04:14:fc:d8:c3:bb:ed:33:ec:
         3d:01:bf:f8:27:f2:f2:89:46:6a:e5:0f:5e:bc:b0:2a:e0:57:
         a6:b1:89:b1:b1:9d:b3:ff:b0:38:c0:7b:b1:b6:4e:94:40:c7:
         03:bc:17:24:3e:1e:73:1f:0f:01:c2:75:c8:c6:4c:37:08:81:
         31:a8:2f:80:81:a5:ae:b7:9b:31:81:b4:4d:78:a8:21:0c:5a:
         41:3a:94:7a:1e:be:bd:62:2f:06:e3:17:9c:2b:22:14:dc:74:
         30:e9:ec:c9:e4:fa:ac:3b:e4:48:bb:d5:7c:2d:21:a9:c6:22:
         10:13:ca:42:bd:49:09:0b:9b:2c:08:f2:97:ed:b8:3d:89:b3:
         86:de:24:30:00:fd:bb:d5:8d:f2:1d:25:16:1a:47:6e:15:ec:
         0c:30:de:fb:c3:45:64:6b:fa:ab:ea:da:67:a8:a9:ad:bf:85:
         0a:d7:32:6e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHJ0Yx3L+7boPu/s6IFbGYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjU4MGUxOGFkNmZmOGRjOTQyYmU4ODNjMTZkZThiNzMx
Zjk2MDUwHhcNMjQwMTAxMjIzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTczYTIyZWU4ODMwN2JmNTIxN2Y2YzUzOTdjY2RjOTQ3N2E5YTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLlkikjp2HBNd+LASJ4tkjEfp5eM
UmSfhk370o7qFYFcCBG9aLv1wXwEHPxBv+Halty5O3EDFKcvi/yeHVdBb73MQtIk
v68YoJZ4M2OidN+BiPj8P759kdN8gWQciK0nyDMU44mepx9hFoixX/gkUqzjSHGK
pMSxRCDxb0cjal6m2Bf7I4BzKao3gBsCSdEbRwK3KhsZrhGXU4hMWhtF0D/LKCIJ
xhcnzIYzkvSV0guCzMIHJcQWIUEegeseiQrx0/xevai86NFlreIcGeVkMGkjrKC7
L25e3FBC3sS8Sjshicumm0xh3iXOfqhMn63WrWNMjMDD0JDA9tvfvxKTxwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPFzoi7ogwe/Uhf2xTl8zclHepoGMB8GA1UdIwQY
MBaAFKhlgOGK1v+NyUK+iDwW3otzH5YFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdXQTRZcldfNDNKUXI2SVBCYmVpM01mbGdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9lMjlkY2UtYTE3NC00Yjc3LTg5YWEt
MjM2ZTkyZmM2YTU5LzEvOFhPaUx1aURCNzlTRl9iRk9Yek55VWQ2bWdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9lMjlkY2UtYTE3NC00Yjc3LTg5YWEtMjM2ZTkyZmM2YTU5
LzEvcUdXQTRZcldfNDNKUXI2SVBCYmVpM01mbGdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw9jgMA8E
AgACMAkDBwAgAQZ8ApQwDQYJKoZIhvcNAQELBQADggEBADzPS8kQf1rq216SGwuN
aNrEboNBOH/kILpJqEFyp3ohrP54choKJx9jDKVDuROowu5gqA06ckGMO09zzO6L
wCztfwrcnnkLUz/A7IN8TFtPbgQU/NjDu+0z7D0Bv/gn8vKJRmrlD168sCrgV6ax
ibGxnbP/sDjAe7G2TpRAxwO8FyQ+HnMfDwHCdcjGTDcIgTGoL4CBpa63mzGBtE14
qCEMWkE6lHoevr1iLwbjF5wrIhTcdDDp7Mnk+qw75Ei71XwtIanGIhATykK9SQkL
mywI8pftuD2Js4beJDAA/bvVjfIdJRYaR24V7Aww3vvDRWRr+qvq2meoqa2/hQrX
Mm4=
-----END CERTIFICATE-----