Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/0t9qxhfeKR6HiMiXGjmhWzSmyxU.roa
File:                     0t9qxhfeKR6HiMiXGjmhWzSmyxU.roa (raw, json)
Hash identifier:          f+92wicWkUe82RzoYNoqNr/jWD/a7CmFDd4kW49DZDM=
Subject key identifier:   D2:DF:6A:C6:17:DE:29:1E:87:88:C8:97:1A:39:A1:5B:34:A6:CB:15
Certificate issuer:       /CN=8a26f476d608625ad1fe06e52b974a9f66f0141a
Certificate serial:       018CCA99C1F6D560CAEB90F7BA5714AEA76A
Authority key identifier: 8A:26:F4:76:D6:08:62:5A:D1:FE:06:E5:2B:97:4A:9F:66:F0:14:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iib0dtYIYlrR_gblK5dKn2bwFBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/0t9qxhfeKR6HiMiXGjmhWzSmyxU.roa
Signing time:             Tue 02 Jan 2024 14:35:23 +0000
ROA not before:           Tue 02 Jan 2024 14:35:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34002
IP address blocks:        81.88.104.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/iib0dtYIYlrR_gblK5dKn2bwFBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/iib0dtYIYlrR_gblK5dKn2bwFBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iib0dtYIYlrR_gblK5dKn2bwFBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:c1:f6:d5:60:ca:eb:90:f7:ba:57:14:ae:a7:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a26f476d608625ad1fe06e52b974a9f66f0141a
        Validity
            Not Before: Jan  2 14:35:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2df6ac617de291e8788c8971a39a15b34a6cb15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:1d:18:10:27:b6:e0:c6:b5:0a:72:01:b6:bd:
                    df:5f:0c:ed:6e:ed:ee:14:6c:8e:a6:34:64:93:a7:
                    67:3c:99:0b:12:8d:d3:98:62:96:ba:d8:45:3c:8e:
                    79:89:10:06:9b:01:ec:f6:83:8b:cb:7a:e5:54:99:
                    23:4d:8f:2a:41:32:7b:f0:1d:96:99:b2:16:fe:d1:
                    f9:9a:f0:66:4f:90:0f:46:df:50:18:82:14:dd:f4:
                    7f:18:9f:0c:16:51:d0:94:76:e4:d8:79:7c:8e:3e:
                    be:46:bf:43:5f:78:c4:ef:02:4b:05:37:53:97:1d:
                    b7:26:92:e6:d2:d0:a4:ed:cd:04:81:94:6a:06:df:
                    3c:be:23:69:b4:6f:e9:1f:d1:db:5a:ff:5b:fb:d0:
                    9b:a0:7b:64:37:8a:04:b0:ea:73:0a:24:79:b3:4e:
                    8d:7f:63:92:4c:3d:07:50:2a:9b:28:74:65:a9:2a:
                    00:37:9c:93:41:f1:89:ad:f3:4c:ca:97:eb:d8:8b:
                    49:cc:40:08:6e:3a:55:0a:06:19:8d:f0:99:fa:9b:
                    b5:01:ba:54:44:e9:06:c3:03:34:be:ec:f4:9a:15:
                    f7:48:ef:39:b3:b1:be:49:49:df:48:65:21:f4:eb:
                    6c:86:b7:75:23:82:de:ee:1a:df:ae:47:96:cf:a1:
                    d2:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:DF:6A:C6:17:DE:29:1E:87:88:C8:97:1A:39:A1:5B:34:A6:CB:15
            X509v3 Authority Key Identifier:
                keyid:8A:26:F4:76:D6:08:62:5A:D1:FE:06:E5:2B:97:4A:9F:66:F0:14:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iib0dtYIYlrR_gblK5dKn2bwFBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/0t9qxhfeKR6HiMiXGjmhWzSmyxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/a66f2d-ca2f-4bca-b27b-d846d106b5f7/1/iib0dtYIYlrR_gblK5dKn2bwFBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.88.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:5c:f0:eb:1a:bb:30:62:11:24:c3:05:ce:43:83:12:87:c2:
         42:7c:a5:63:86:46:30:97:86:37:97:be:d7:48:87:ac:90:eb:
         d8:a7:fd:29:40:37:36:d9:0d:e5:02:67:7d:ea:e9:9c:3e:8b:
         b8:fd:54:62:97:1e:24:da:c1:0e:9e:b4:5d:36:a6:dd:42:89:
         a7:06:6d:6b:b5:8a:e3:e0:f4:d2:e0:48:a7:37:55:a8:56:0c:
         f9:d4:6c:71:1f:0a:f1:b9:ac:d2:f4:17:c8:10:10:c6:ae:9a:
         5d:da:64:7d:b3:32:8c:b0:d9:fc:69:35:68:94:e1:da:4b:ab:
         e0:d4:ef:9e:0e:ee:ca:1f:5e:c1:45:07:05:1b:d0:b8:f3:2c:
         9a:ec:34:e8:f6:ab:43:d0:a8:75:77:fe:47:cb:d7:f5:5e:f2:
         75:f7:58:26:90:95:1f:3f:be:c3:4e:e0:47:26:db:5c:a8:bf:
         ad:b7:94:f5:dd:6b:68:59:e9:5a:95:3e:cc:81:a9:61:af:60:
         7b:e8:1d:55:12:71:bf:8a:5b:2c:03:79:b3:50:a5:20:be:8b:
         78:37:52:24:cf:2d:24:2b:3f:28:10:fb:85:6c:64:80:0b:f3:
         f4:55:56:bc:55:9e:83:28:e0:a0:6b:b4:00:e8:f8:2c:f3:7f:
         5b:ed:e3:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmcH21WDK65D3ulcUrqdqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMjZmNDc2ZDYwODYyNWFkMWZlMDZlNTJiOTc0YTlmNjZm
MDE0MWEwHhcNMjQwMTAyMTQzNTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmRmNmFjNjE3ZGUyOTFlODc4OGM4OTcxYTM5YTE1YjM0YTZjYjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1R0YECe24Ma1CnIBtr3fXwztbu3u
FGyOpjRkk6dnPJkLEo3TmGKWuthFPI55iRAGmwHs9oOLy3rlVJkjTY8qQTJ78B2W
mbIW/tH5mvBmT5APRt9QGIIU3fR/GJ8MFlHQlHbk2Hl8jj6+Rr9DX3jE7wJLBTdT
lx23JpLm0tCk7c0EgZRqBt88viNptG/pH9HbWv9b+9CboHtkN4oEsOpzCiR5s06N
f2OSTD0HUCqbKHRlqSoAN5yTQfGJrfNMypfr2ItJzEAIbjpVCgYZjfCZ+pu1AbpU
ROkGwwM0vuz0mhX3SO85s7G+SUnfSGUh9Otshrd1I4Le7hrfrkeWz6HS4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNLfasYX3ikeh4jIlxo5oVs0pssVMB8GA1UdIwQY
MBaAFIom9HbWCGJa0f4G5SuXSp9m8BQaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWliMGR0WUlZbHJSX2dibEs1ZEtuMmJ3RkJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9hNjZmMmQtY2EyZi00YmNhLWIyN2It
ZDg0NmQxMDZiNWY3LzEvMHQ5cXhoZmVLUjZIaU1pWEdqbWhXelNteXhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9hNjZmMmQtY2EyZi00YmNhLWIyN2ItZDg0NmQxMDZiNWY3
LzEvaWliMGR0WUlZbHJSX2dibEs1ZEtuMmJ3RkJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUVhoMA0G
CSqGSIb3DQEBCwUAA4IBAQAbXPDrGrswYhEkwwXOQ4MSh8JCfKVjhkYwl4Y3l77X
SIeskOvYp/0pQDc22Q3lAmd96umcPou4/VRilx4k2sEOnrRdNqbdQomnBm1rtYrj
4PTS4EinN1WoVgz51GxxHwrxuazS9BfIEBDGrppd2mR9szKMsNn8aTVolOHaS6vg
1O+eDu7KH17BRQcFG9C48yya7DTo9qtD0Kh1d/5Hy9f1XvJ191gmkJUfP77DTuBH
JttcqL+tt5T13WtoWelalT7Mgalhr2B76B1VEnG/ilssA3mzUKUgvot4N1Ikzy0k
Kz8oEPuFbGSAC/P0VVa8VZ6DKOCga7QA6Pgs839b7eMg
-----END CERTIFICATE-----