Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/0nf87-OupdKv16vifQ2BoJBrDZc.roa
File:                     0nf87-OupdKv16vifQ2BoJBrDZc.roa (raw, json)
Hash identifier:          u+mYqHWoyTq6BUI4C07vfl1kkGaYbvTQlJVusw5wmD8=
Subject key identifier:   D2:77:FC:EF:E3:AE:A5:D2:AF:D7:AB:E2:7D:0D:81:A0:90:6B:0D:97
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019422201AD3DD0F99738E8EF4AA82A893E0
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/0nf87-OupdKv16vifQ2BoJBrDZc.roa
Signing time:             Wed 01 Jan 2025 13:48:36 +0000
ROA not before:           Wed 01 Jan 2025 13:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44592
IP address blocks:        92.114.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:1a:d3:dd:0f:99:73:8e:8e:f4:aa:82:a8:93:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d277fcefe3aea5d2afd7abe27d0d81a0906b0d97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c1:72:24:88:64:e5:43:55:3b:c8:a5:51:df:
                    71:bd:74:c7:ab:5a:ca:77:8f:c6:1a:71:6a:5d:ab:
                    bb:4f:b2:4a:da:57:86:07:48:de:2f:14:eb:17:06:
                    b7:09:09:ac:9c:f7:79:9d:75:fe:40:f1:1b:46:0d:
                    c8:9d:94:4e:fc:86:48:78:54:fb:63:92:d3:66:39:
                    08:5b:c9:d9:9c:b6:bd:b8:c1:8b:2e:bd:4b:c6:be:
                    c8:3d:c9:9b:e5:2e:68:55:17:12:a4:bd:02:4e:d0:
                    fd:6a:d3:15:0f:b9:1e:3c:24:ec:d7:7b:b5:13:d7:
                    0a:56:77:69:32:68:72:b3:d4:5f:2d:fc:ee:73:1e:
                    81:0b:9c:2d:7e:a0:09:c5:d4:52:93:84:3e:06:fc:
                    e2:28:45:9f:fa:37:3a:77:00:8e:83:2c:ea:50:78:
                    de:53:f1:68:a2:9c:c6:7b:9a:fb:ac:90:65:2c:65:
                    55:e8:39:5d:ca:ae:e1:e5:88:8a:d9:b6:e8:a1:da:
                    d1:64:8e:79:6c:a1:d9:44:c6:1e:73:7b:90:03:a6:
                    a9:c7:27:f6:69:89:fa:b0:0f:e9:76:49:a6:38:73:
                    54:a2:2a:0c:a0:b7:96:c0:53:43:d5:f7:fd:b5:62:
                    7b:33:97:a3:cb:f3:2e:21:cb:a2:cf:76:6c:53:25:
                    e0:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:77:FC:EF:E3:AE:A5:D2:AF:D7:AB:E2:7D:0D:81:A0:90:6B:0D:97
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/0nf87-OupdKv16vifQ2BoJBrDZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.114.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:a9:aa:4c:7e:c8:1a:15:c2:5e:82:f9:ba:83:e4:79:47:db:
         ce:90:54:67:19:e0:5a:d8:5e:5c:b0:43:20:26:d1:7c:6a:3d:
         08:2a:ad:b8:67:c6:58:18:ce:3c:3f:bb:d6:47:24:03:73:14:
         b1:c1:d3:62:fa:f8:c6:bd:68:8e:51:7b:d0:92:85:8c:ad:43:
         88:88:c4:cc:c5:b3:3d:5b:be:ec:ec:9b:81:5c:9a:f1:17:b6:
         02:cf:35:20:3e:20:b1:2b:f8:30:7d:f3:d9:61:2f:11:fd:16:
         26:46:12:bd:67:7d:00:5c:70:6a:c8:21:a6:f1:36:07:78:2f:
         05:07:62:a5:2c:6c:73:f0:b2:92:09:69:ae:fa:55:c9:78:65:
         76:d2:3b:ee:20:b0:3a:f5:c5:76:6d:4e:cd:c2:c7:c7:be:c1:
         10:f4:78:96:8c:34:20:1b:f2:3c:09:03:de:2e:96:7c:f8:74:
         21:18:37:55:e5:38:c3:c3:ae:70:7c:1d:dd:a1:da:40:12:3f:
         86:e1:ed:9d:bd:33:af:4f:01:86:91:01:97:b3:36:75:59:7b:
         16:cf:b0:29:e8:13:e9:93:94:bd:15:40:5d:6c:a2:99:ba:9e:
         a1:1d:1c:ce:7e:7c:c4:13:1a:3d:47:07:68:e0:ab:d1:87:8b:
         df:15:d7:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIBrT3Q+Zc46O9KqCqJPgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjc3ZmNlZmUzYWVhNWQyYWZkN2FiZTI3ZDBkODFhMDkwNmIwZDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcFyJIhk5UNVO8ilUd9xvXTHq1rK
d4/GGnFqXau7T7JK2leGB0jeLxTrFwa3CQmsnPd5nXX+QPEbRg3InZRO/IZIeFT7
Y5LTZjkIW8nZnLa9uMGLLr1Lxr7IPcmb5S5oVRcSpL0CTtD9atMVD7kePCTs13u1
E9cKVndpMmhys9RfLfzucx6BC5wtfqAJxdRSk4Q+BvziKEWf+jc6dwCOgyzqUHje
U/FoopzGe5r7rJBlLGVV6Dldyq7h5YiK2bboodrRZI55bKHZRMYec3uQA6apxyf2
aYn6sA/pdkmmOHNUoioMoLeWwFND1ff9tWJ7M5ejy/MuIcuiz3ZsUyXgswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJ3/O/jrqXSr9er4n0NgaCQaw2XMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMG5mODctT3VwZEt2MTZ2aWZRMkJvSkJyRFpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHJVMA0G
CSqGSIb3DQEBCwUAA4IBAQAPqapMfsgaFcJegvm6g+R5R9vOkFRnGeBa2F5csEMg
JtF8aj0IKq24Z8ZYGM48P7vWRyQDcxSxwdNi+vjGvWiOUXvQkoWMrUOIiMTMxbM9
W77s7JuBXJrxF7YCzzUgPiCxK/gwffPZYS8R/RYmRhK9Z30AXHBqyCGm8TYHeC8F
B2KlLGxz8LKSCWmu+lXJeGV20jvuILA69cV2bU7NwsfHvsEQ9HiWjDQgG/I8CQPe
LpZ8+HQhGDdV5TjDw65wfB3dodpAEj+G4e2dvTOvTwGGkQGXszZ1WXsWz7Ap6BPp
k5S9FUBdbKKZup6hHRzOfnzEExo9Rwdo4KvRh4vfFdcD
-----END CERTIFICATE-----