Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/bd55ee-c7a6-41b8-bb31-6a8c3b676b57/1/iVSxKyKHdYrJyRsOpp7DRNoKYGk.roa
File:                     iVSxKyKHdYrJyRsOpp7DRNoKYGk.roa (raw, json)
Hash identifier:          7jGy/7sKXhaWUKSp+Qp2w/XB9JEbRU06uTjvny2w6Q8=
Subject key identifier:   89:54:B1:2B:22:87:75:8A:C9:C9:1B:0E:A6:9E:C3:44:DA:0A:60:69
Certificate issuer:       /CN=8c9dccf9e2f37eb107496a7aaf13894ec476e375
Certificate serial:       018CC64AF8B1A4C71D5F9B6E373482760DA6
Authority key identifier: 8C:9D:CC:F9:E2:F3:7E:B1:07:49:6A:7A:AF:13:89:4E:C4:76:E3:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jJ3M-eLzfrEHSWp6rxOJTsR243U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/bd55ee-c7a6-41b8-bb31-6a8c3b676b57/1/iVSxKyKHdYrJyRsOpp7DRNoKYGk.roa
Signing time:             Mon 01 Jan 2024 18:30:51 +0000
ROA not before:           Mon 01 Jan 2024 18:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        188.64.17.0/24 maxlen: 24
                          188.64.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/bd55ee-c7a6-41b8-bb31-6a8c3b676b57/1/jJ3M-eLzfrEHSWp6rxOJTsR243U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/bd55ee-c7a6-41b8-bb31-6a8c3b676b57/1/jJ3M-eLzfrEHSWp6rxOJTsR243U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jJ3M-eLzfrEHSWp6rxOJTsR243U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f8:b1:a4:c7:1d:5f:9b:6e:37:34:82:76:0d:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c9dccf9e2f37eb107496a7aaf13894ec476e375
        Validity
            Not Before: Jan  1 18:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8954b12b2287758ac9c91b0ea69ec344da0a6069
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f3:f5:36:f2:2c:7d:f6:a6:78:62:22:fc:72:
                    65:7d:4d:bd:0d:4f:29:41:b5:22:22:fb:2a:3e:f3:
                    44:87:be:60:0f:59:ce:6c:ee:98:62:62:f7:8f:61:
                    0d:65:59:16:04:7c:e5:47:61:37:f4:e0:91:4d:38:
                    4f:ab:6b:60:d3:ce:e1:8c:95:fe:30:8b:cb:09:38:
                    6e:74:8d:bd:95:72:25:cf:b3:47:b4:de:c0:77:a1:
                    0f:b2:bc:bb:b4:cc:6e:94:35:e7:93:f0:0b:6a:1d:
                    4b:50:2b:b2:58:a9:b4:2d:6a:63:4e:1f:14:e6:15:
                    94:1e:92:98:f0:a7:ff:18:15:da:d8:ab:01:30:ba:
                    db:d3:e2:dc:ec:89:f1:c9:f4:2d:fb:da:81:ea:8d:
                    d4:7a:31:f5:77:61:9d:90:e2:65:97:5a:f0:80:25:
                    b9:3c:a9:28:60:40:7e:f2:84:dd:3e:84:be:85:35:
                    a1:14:cc:43:78:6e:4c:c4:5b:e9:92:e4:6d:49:c0:
                    3e:6a:ea:86:54:a7:d1:39:69:4c:0d:56:13:b7:24:
                    c2:d5:56:80:ac:75:d4:52:28:49:0c:94:9a:9e:c0:
                    7d:81:b1:b9:c2:f5:13:7f:2f:ec:94:1e:70:2c:2a:
                    33:5f:d9:1b:ed:b8:37:43:01:e0:72:12:c2:a2:8a:
                    f6:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:54:B1:2B:22:87:75:8A:C9:C9:1B:0E:A6:9E:C3:44:DA:0A:60:69
            X509v3 Authority Key Identifier:
                keyid:8C:9D:CC:F9:E2:F3:7E:B1:07:49:6A:7A:AF:13:89:4E:C4:76:E3:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jJ3M-eLzfrEHSWp6rxOJTsR243U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/bd55ee-c7a6-41b8-bb31-6a8c3b676b57/1/iVSxKyKHdYrJyRsOpp7DRNoKYGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/bd55ee-c7a6-41b8-bb31-6a8c3b676b57/1/jJ3M-eLzfrEHSWp6rxOJTsR243U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.64.17.0-188.64.18.255

    Signature Algorithm: sha256WithRSAEncryption
         83:6c:15:54:32:d4:39:86:11:af:d2:25:bb:27:0a:38:d0:d3:
         4d:94:cb:36:00:e7:f9:a9:30:d2:8a:db:e0:4b:1f:8a:30:0d:
         a6:21:6c:99:34:9d:db:74:3a:4e:d1:dd:6f:a7:ff:a1:62:1d:
         98:19:cb:07:33:84:86:4c:52:68:60:be:80:f6:e4:dc:33:7e:
         db:0a:e5:df:39:9c:80:66:26:22:bb:e7:a1:9e:24:57:1d:af:
         59:1e:6a:e5:8b:b1:76:9a:cf:d0:75:22:d3:ff:fb:75:c6:3d:
         fb:85:22:c5:a1:1c:7a:90:9b:0a:0e:45:c1:0d:49:31:76:79:
         d1:f5:5c:c9:86:14:7f:f1:db:be:53:62:e4:64:49:20:0f:2d:
         d4:ad:04:aa:da:dc:a2:44:e6:71:1c:ef:24:0e:3e:c7:ae:11:
         e9:4e:86:ba:dd:70:5e:13:f1:52:8d:3c:34:41:a6:4c:a3:d6:
         e5:6c:f1:26:35:e2:c8:3f:a2:31:8a:8e:61:f1:c5:fb:f3:54:
         a9:a0:88:27:81:a2:53:c3:38:b8:08:f8:56:12:95:fa:cf:21:
         61:a9:2c:78:a5:ab:fc:0e:7d:6f:3f:ad:b4:95:dc:8c:f7:8b:
         eb:32:f9:84:95:e9:03:84:9f:54:a0:cc:4b:ff:a8:9e:42:7e:
         89:78:b4:7d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGSvixpMcdX5tuNzSCdg2mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjOWRjY2Y5ZTJmMzdlYjEwNzQ5NmE3YWFmMTM4OTRlYzQ3
NmUzNzUwHhcNMjQwMTAxMTgzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTU0YjEyYjIyODc3NThhYzljOTFiMGVhNjllYzM0NGRhMGE2MDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPP1NvIsffameGIi/HJlfU29DU8p
QbUiIvsqPvNEh75gD1nObO6YYmL3j2ENZVkWBHzlR2E39OCRTThPq2tg087hjJX+
MIvLCThudI29lXIlz7NHtN7Ad6EPsry7tMxulDXnk/ALah1LUCuyWKm0LWpjTh8U
5hWUHpKY8Kf/GBXa2KsBMLrb0+Lc7InxyfQt+9qB6o3UejH1d2GdkOJll1rwgCW5
PKkoYEB+8oTdPoS+hTWhFMxDeG5MxFvpkuRtScA+auqGVKfROWlMDVYTtyTC1VaA
rHXUUihJDJSansB9gbG5wvUTfy/slB5wLCozX9kb7bg3QwHgchLCoor2oQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIlUsSsih3WKyckbDqaew0TaCmBpMB8GA1UdIwQY
MBaAFIydzPni836xB0lqeq8TiU7EduN1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakozTS1lTHpmckVIU1dwNnJ4T0pUc1IyNDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9iZDU1ZWUtYzdhNi00MWI4LWJiMzEt
NmE4YzNiNjc2YjU3LzEvaVZTeEt5S0hkWXJKeVJzT3BwN0RSTm9LWUdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9iZDU1ZWUtYzdhNi00MWI4LWJiMzEtNmE4YzNiNjc2YjU3
LzEvakozTS1lTHpmckVIU1dwNnJ4T0pUc1IyNDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC8QBED
BAC8QBIwDQYJKoZIhvcNAQELBQADggEBAINsFVQy1DmGEa/SJbsnCjjQ002UyzYA
5/mpMNKK2+BLH4owDaYhbJk0ndt0Ok7R3W+n/6FiHZgZywczhIZMUmhgvoD25Nwz
ftsK5d85nIBmJiK756GeJFcdr1keauWLsXaaz9B1ItP/+3XGPfuFIsWhHHqQmwoO
RcENSTF2edH1XMmGFH/x275TYuRkSSAPLdStBKra3KJE5nEc7yQOPseuEelOhrrd
cF4T8VKNPDRBpkyj1uVs8SY14sg/ojGKjmHxxfvzVKmgiCeBolPDOLgI+FYSlfrP
IWGpLHilq/wOfW8/rbSV3Iz3i+sy+YSV6QOEn1SgzEv/qJ5Cfol4tH0=
-----END CERTIFICATE-----