Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/O8ik9MUXpF-20Yaaq3dpGgrA0sg.roa
File:                     O8ik9MUXpF-20Yaaq3dpGgrA0sg.roa (raw, json)
Hash identifier:          QIcV7gai5QpbSCoJ+wQ9gi2Non5vBNLKZMvlzYgpXzw=
Subject key identifier:   3B:C8:A4:F4:C5:17:A4:5F:B6:D1:86:9A:AB:77:69:1A:0A:C0:D2:C8
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       018CC649C7A5023EEEAB6CA4DD8C978322AD
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/O8ik9MUXpF-20Yaaq3dpGgrA0sg.roa
Signing time:             Mon 01 Jan 2024 18:29:32 +0000
ROA not before:           Mon 01 Jan 2024 18:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        81.22.142.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:c7:a5:02:3e:ee:ab:6c:a4:dd:8c:97:83:22:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan  1 18:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3bc8a4f4c517a45fb6d1869aab77691a0ac0d2c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:84:de:15:d6:79:ca:f0:5c:b1:c5:ad:2a:08:
                    fb:39:86:6b:6b:49:78:d2:be:0d:72:3b:47:d1:0a:
                    17:25:df:be:2f:99:dd:77:c3:c7:8b:11:a5:87:7a:
                    d2:d5:ff:a7:5f:a5:39:8a:97:e3:7e:39:8d:50:5d:
                    28:98:7e:46:d9:87:f8:e4:82:c7:3f:1b:16:e8:59:
                    5b:63:71:4b:48:13:55:c4:01:ae:b0:5f:15:ec:49:
                    c6:ff:54:93:ca:c5:c7:ea:9a:17:63:e0:54:dc:34:
                    5e:1c:21:ae:f1:7a:89:19:a1:4e:41:30:c6:98:00:
                    06:cc:64:6f:42:8e:6c:40:84:c8:a5:6a:4d:02:1e:
                    43:e5:51:d6:9d:b4:52:b0:43:cc:f3:c1:7c:99:be:
                    8a:a6:c9:f4:bb:31:2c:67:29:c4:57:b3:c5:6e:4b:
                    08:c9:63:68:78:5c:8d:5a:fb:9f:ea:b3:7e:20:a4:
                    b0:56:31:30:ad:23:f6:46:e5:79:43:89:63:b5:9a:
                    55:c3:63:bf:e1:04:39:19:31:1f:fc:71:52:5f:d0:
                    a9:e0:7f:db:3f:c1:65:eb:97:54:7d:b4:7d:f4:49:
                    d5:43:b7:c3:38:ee:ce:ef:95:4f:ee:0f:6c:77:b9:
                    74:cb:1b:c8:fe:e1:f4:a3:f0:3b:bf:a3:73:28:7a:
                    fd:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:C8:A4:F4:C5:17:A4:5F:B6:D1:86:9A:AB:77:69:1A:0A:C0:D2:C8
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/O8ik9MUXpF-20Yaaq3dpGgrA0sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7d:cb:10:59:21:10:3c:d6:91:75:c0:8f:07:a4:cd:21:14:e2:
         b1:02:cb:6c:c5:a9:1d:da:25:af:f0:e0:8b:8b:bb:de:d7:f7:
         09:a4:06:fd:34:47:75:f1:b7:1f:d7:d9:b4:5a:09:a6:8b:50:
         72:ad:d4:d2:88:3c:fc:f3:e5:8f:f2:8f:f4:1d:1a:6c:ae:1d:
         91:dd:1e:ba:4e:78:c4:18:7a:72:92:8c:13:4d:39:5e:48:52:
         05:0e:a8:96:9c:39:a5:38:58:e2:02:54:63:7a:83:48:24:7e:
         1a:1c:28:07:a6:cb:60:32:35:0e:97:99:9a:a5:25:42:82:9f:
         5e:d1:7c:a5:ea:c6:0c:f3:8e:61:0c:5f:16:c1:1f:b6:f1:d2:
         64:01:0b:e7:71:57:82:70:3d:7e:59:cc:bd:09:fd:34:30:d6:
         db:35:e7:8a:02:2a:8b:f9:16:ce:71:cd:56:12:53:09:86:a1:
         0d:65:94:95:4d:80:61:a2:50:50:37:51:1f:a3:a7:ad:25:cf:
         6d:60:fc:d6:1b:5f:86:d6:db:51:f7:e6:2d:13:47:0c:10:d0:
         00:9e:71:6a:f2:8f:ee:1f:e1:8b:90:11:cc:85:e6:b5:6e:c6:
         5a:f4:3c:23:01:59:b0:dd:71:9e:0c:5d:0f:12:a0:f8:ae:46:
         e2:96:b6:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGScelAj7uq2yk3YyXgyKtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjQwMTAxMTgyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmM4YTRmNGM1MTdhNDVmYjZkMTg2OWFhYjc3NjkxYTBhYzBkMmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4TeFdZ5yvBcscWtKgj7OYZra0l4
0r4NcjtH0QoXJd++L5ndd8PHixGlh3rS1f+nX6U5ipfjfjmNUF0omH5G2Yf45ILH
PxsW6FlbY3FLSBNVxAGusF8V7EnG/1STysXH6poXY+BU3DReHCGu8XqJGaFOQTDG
mAAGzGRvQo5sQITIpWpNAh5D5VHWnbRSsEPM88F8mb6Kpsn0uzEsZynEV7PFbksI
yWNoeFyNWvuf6rN+IKSwVjEwrSP2RuV5Q4ljtZpVw2O/4QQ5GTEf/HFSX9Cp4H/b
P8Fl65dUfbR99EnVQ7fDOO7O75VP7g9sd7l0yxvI/uH0o/A7v6NzKHr9xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDvIpPTFF6RfttGGmqt3aRoKwNLIMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvTzhpazlNVVhwRi0yMFlhYXEzZHBHZ3JBMHNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBURaOMA0G
CSqGSIb3DQEBCwUAA4IBAQB9yxBZIRA81pF1wI8HpM0hFOKxAstsxakd2iWv8OCL
i7ve1/cJpAb9NEd18bcf19m0Wgmmi1ByrdTSiDz88+WP8o/0HRpsrh2R3R66TnjE
GHpykowTTTleSFIFDqiWnDmlOFjiAlRjeoNIJH4aHCgHpstgMjUOl5mapSVCgp9e
0Xyl6sYM845hDF8WwR+28dJkAQvncVeCcD1+Wcy9Cf00MNbbNeeKAiqL+RbOcc1W
ElMJhqENZZSVTYBholBQN1Efo6etJc9tYPzWG1+G1ttR9+YtE0cMENAAnnFq8o/u
H+GLkBHMhea1bsZa9DwjAVmw3XGeDF0PEqD4rkbilrYy
-----END CERTIFICATE-----