Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/c680bf-9b6c-44d3-837f-88cfa3dca6de/1/h7eRjtzgzWJTRC_Xb-HHli5LZgg.roa
File:                     h7eRjtzgzWJTRC_Xb-HHli5LZgg.roa (raw, json)
Hash identifier:          pvasT6tHrJGtEftUiQ8raZePN6iiqspjTJ0J7UJxxAk=
Subject key identifier:   87:B7:91:8E:DC:E0:CD:62:53:44:2F:D7:6F:E1:C7:96:2E:4B:66:08
Certificate issuer:       /CN=76be461eb9f7004f29a17fdddfef2e2ea05eb9af
Certificate serial:       018CCA2B68EDF11C1E9256221C11EBD6B908
Authority key identifier: 76:BE:46:1E:B9:F7:00:4F:29:A1:7F:DD:DF:EF:2E:2E:A0:5E:B9:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dr5GHrn3AE8poX_d3-8uLqBeua8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/c680bf-9b6c-44d3-837f-88cfa3dca6de/1/h7eRjtzgzWJTRC_Xb-HHli5LZgg.roa
Signing time:             Tue 02 Jan 2024 12:34:51 +0000
ROA not before:           Tue 02 Jan 2024 12:34:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        192.108.33.0/24 maxlen: 24
                          134.109.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/c680bf-9b6c-44d3-837f-88cfa3dca6de/1/dr5GHrn3AE8poX_d3-8uLqBeua8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/c680bf-9b6c-44d3-837f-88cfa3dca6de/1/dr5GHrn3AE8poX_d3-8uLqBeua8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dr5GHrn3AE8poX_d3-8uLqBeua8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:68:ed:f1:1c:1e:92:56:22:1c:11:eb:d6:b9:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76be461eb9f7004f29a17fdddfef2e2ea05eb9af
        Validity
            Not Before: Jan  2 12:34:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87b7918edce0cd6253442fd76fe1c7962e4b6608
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:76:bd:7d:f9:0e:06:ca:81:99:a3:1a:5b:bd:
                    9f:32:a9:f9:0f:a6:41:10:d3:fa:3a:7a:8d:98:fd:
                    d4:40:15:88:76:69:d4:a7:61:c1:8f:63:d5:c6:f9:
                    79:06:87:de:ae:77:c1:dd:13:47:b2:13:5d:ea:ec:
                    3f:87:21:d5:6d:00:5a:ca:75:2c:f7:42:b2:25:ee:
                    9d:cc:8e:aa:0a:df:a6:9d:37:a7:1d:57:eb:f7:a7:
                    75:04:ab:5b:3b:59:9d:df:f9:c3:ec:d6:95:ee:dd:
                    bd:f9:f8:d3:b8:1d:20:55:50:d4:a1:59:28:39:38:
                    aa:77:72:36:16:ef:82:4b:09:e9:2c:05:6f:42:e7:
                    26:2c:e1:b9:70:3e:ea:56:7a:b3:2e:7a:89:ab:4b:
                    4f:b7:bd:66:77:ed:71:a1:6f:45:86:84:23:6a:50:
                    a8:c2:4e:88:6a:9d:16:5e:1d:6f:b0:61:33:11:6d:
                    3b:e0:c2:2b:80:37:ee:87:58:47:49:ce:20:03:58:
                    15:1f:f1:e7:59:e3:a0:aa:7c:d8:af:b4:9a:c4:e5:
                    ca:27:ce:e8:64:e6:ff:9d:05:89:24:b8:ba:01:72:
                    67:d4:29:86:9e:50:b4:38:ee:8f:40:92:e8:b9:4b:
                    9f:59:4e:3b:39:2b:6e:25:dc:e9:f7:ca:04:fc:e7:
                    58:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:B7:91:8E:DC:E0:CD:62:53:44:2F:D7:6F:E1:C7:96:2E:4B:66:08
            X509v3 Authority Key Identifier:
                keyid:76:BE:46:1E:B9:F7:00:4F:29:A1:7F:DD:DF:EF:2E:2E:A0:5E:B9:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dr5GHrn3AE8poX_d3-8uLqBeua8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/c680bf-9b6c-44d3-837f-88cfa3dca6de/1/h7eRjtzgzWJTRC_Xb-HHli5LZgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/c680bf-9b6c-44d3-837f-88cfa3dca6de/1/dr5GHrn3AE8poX_d3-8uLqBeua8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.109.0.0/16
                  192.108.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:23:5c:62:7d:cc:da:85:d1:a7:8e:ba:48:1b:76:0e:0c:4b:
         31:b7:f2:bd:19:a0:a8:e0:1b:70:d3:84:00:52:ae:c5:f8:8a:
         42:35:94:ab:2a:ee:94:0a:05:ce:0f:5a:44:44:52:9d:41:7d:
         d9:62:e8:8b:18:a3:f3:31:92:e7:b2:b7:f7:a2:a1:f7:50:6b:
         e4:10:57:cf:bc:09:34:3f:83:9c:53:cd:b7:a3:3a:06:ea:8a:
         1c:95:c5:f3:ca:5c:fd:f8:4b:a9:be:e3:7a:59:6a:75:06:45:
         81:ac:c8:2c:f0:fc:60:98:c1:c1:3a:a6:c8:c6:e0:a5:c6:11:
         22:99:5c:34:f6:a2:d2:9a:38:0d:6b:68:f9:c1:15:51:34:e3:
         1b:bc:d7:bb:9b:8b:47:79:d6:47:11:8e:a2:88:87:4d:9e:52:
         94:f8:4e:ae:c4:1e:06:09:55:2a:ea:b3:36:83:fd:f7:ae:8e:
         43:60:0c:11:46:f7:2e:5d:65:0c:54:7b:9e:87:66:aa:b1:5b:
         a4:80:d0:70:61:4f:52:f1:a3:6f:2a:71:17:ed:51:69:5e:0a:
         2e:9c:ba:0b:22:12:82:c9:8e:9f:e6:4c:34:a2:66:79:47:a9:
         d7:38:d4:58:b7:61:e4:96:7b:16:7f:c6:0c:c9:8e:8f:ca:73:
         27:5a:a2:64
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzKK2jt8RweklYiHBHr1rkIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YmU0NjFlYjlmNzAwNGYyOWExN2ZkZGRmZWYyZTJlYTA1
ZWI5YWYwHhcNMjQwMTAyMTIzNDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2I3OTE4ZWRjZTBjZDYyNTM0NDJmZDc2ZmUxYzc5NjJlNGI2NjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXa9ffkOBsqBmaMaW72fMqn5D6ZB
ENP6OnqNmP3UQBWIdmnUp2HBj2PVxvl5BofernfB3RNHshNd6uw/hyHVbQBaynUs
90KyJe6dzI6qCt+mnTenHVfr96d1BKtbO1md3/nD7NaV7t29+fjTuB0gVVDUoVko
OTiqd3I2Fu+CSwnpLAVvQucmLOG5cD7qVnqzLnqJq0tPt71md+1xoW9FhoQjalCo
wk6Iap0WXh1vsGEzEW074MIrgDfuh1hHSc4gA1gVH/HnWeOgqnzYr7SaxOXKJ87o
ZOb/nQWJJLi6AXJn1CmGnlC0OO6PQJLouUufWU47OStuJdzp98oE/OdYkwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFIe3kY7c4M1iU0Qv12/hx5YuS2YIMB8GA1UdIwQY
MBaAFHa+Rh659wBPKaF/3d/vLi6gXrmvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHI1R0hybjNBRThwb1hfZDMtOHVMcUJldWE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9jNjgwYmYtOWI2Yy00NGQzLTgzN2Yt
ODhjZmEzZGNhNmRlLzEvaDdlUmp0emd6V0pUUkNfWGItSEhsaTVMWmdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9jNjgwYmYtOWI2Yy00NGQzLTgzN2YtODhjZmEzZGNhNmRl
LzEvZHI1R0hybjNBRThwb1hfZDMtOHVMcUJldWE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAhm0DBADA
bCEwDQYJKoZIhvcNAQELBQADggEBAKUjXGJ9zNqF0aeOukgbdg4MSzG38r0ZoKjg
G3DThABSrsX4ikI1lKsq7pQKBc4PWkREUp1Bfdli6IsYo/Mxkueyt/eiofdQa+QQ
V8+8CTQ/g5xTzbejOgbqihyVxfPKXP34S6m+43pZanUGRYGsyCzw/GCYwcE6psjG
4KXGESKZXDT2otKaOA1raPnBFVE04xu817ubi0d51kcRjqKIh02eUpT4Tq7EHgYJ
VSrqszaD/feujkNgDBFG9y5dZQxUe56HZqqxW6SA0HBhT1Lxo28qcRftUWleCi6c
ugsiEoLJjp/mTDSiZnlHqdc41Fi3YeSWexZ/xgzJjo/KcydaomQ=
-----END CERTIFICATE-----