Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/8LfBhgNHoJK7V_ckWteUKowO-fY.roa
File:                     8LfBhgNHoJK7V_ckWteUKowO-fY.roa (raw, json)
Hash identifier:          8VYzxbsBhzv372GA/CEfvffJ934v4R494KaHm4y4yho=
Subject key identifier:   F0:B7:C1:86:03:47:A0:92:BB:57:F7:24:5A:D7:94:2A:8C:0E:F9:F6
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B5B2EE87EDD29355C32EA16C2C2EF
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/8LfBhgNHoJK7V_ckWteUKowO-fY.roa
Signing time:             Tue 02 Jan 2024 12:34:48 +0000
ROA not before:           Tue 02 Jan 2024 12:34:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61049
IP address blocks:        185.177.83.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:5b:2e:e8:7e:dd:29:35:5c:32:ea:16:c2:c2:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0b7c1860347a092bb57f7245ad7942a8c0ef9f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:91:79:79:af:27:1f:44:cc:a8:a8:02:a5:93:
                    f7:45:d8:26:32:65:5b:f8:91:ba:59:a8:f8:ac:8a:
                    35:68:b0:e5:5f:a7:2f:7e:80:06:38:77:9e:f0:10:
                    fd:26:18:26:55:36:fa:40:12:7f:33:30:02:86:e6:
                    c6:fb:93:ed:85:ff:21:8f:02:af:cf:57:67:e0:0c:
                    e1:7f:27:8a:35:2b:b1:f3:e6:a2:ad:47:0c:a3:7d:
                    df:a1:e8:f7:7d:19:bd:2b:a7:22:de:bc:d6:b8:c3:
                    1b:22:2d:ce:d8:01:31:8d:ea:38:ce:b7:38:02:40:
                    73:9b:f2:59:5f:c7:a1:18:ad:ec:30:c5:e6:59:ce:
                    75:b3:ab:bc:11:cb:f0:ae:53:1b:f0:7b:9a:e6:0a:
                    9d:2c:d0:08:c0:b9:52:59:b3:96:27:28:67:6e:06:
                    32:33:7f:75:e3:4e:d5:ff:5a:fd:72:ec:6b:4c:61:
                    e5:14:8d:f5:d2:a9:fb:10:22:b1:44:57:c5:c9:51:
                    64:93:04:e0:2f:36:25:e6:e0:48:c7:b7:de:37:bd:
                    f4:95:ce:20:39:f2:6c:b8:04:f1:7e:d6:f6:17:4b:
                    b6:90:1a:fc:71:9e:ee:31:49:98:37:f8:fc:31:63:
                    91:19:88:3f:e6:f2:ba:74:70:3f:60:e3:97:13:47:
                    26:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:B7:C1:86:03:47:A0:92:BB:57:F7:24:5A:D7:94:2A:8C:0E:F9:F6
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/8LfBhgNHoJK7V_ckWteUKowO-fY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:23:01:69:20:b8:2b:6c:11:6e:af:e4:2d:ef:7c:57:62:37:
         32:72:eb:4b:d1:7c:80:ee:0b:81:52:28:44:a0:76:60:77:82:
         f0:f5:f9:da:88:0d:71:ec:84:27:9f:40:72:4a:05:2a:7e:e5:
         0e:b7:77:ba:5b:dc:7a:80:ef:a4:9f:44:35:e0:c9:8a:58:9c:
         d2:7c:a4:a2:f6:e5:13:33:44:74:69:4e:90:e5:b8:e9:d9:86:
         b8:7d:5c:a5:c5:58:b3:d6:59:d3:37:ba:51:79:41:69:17:a6:
         81:a8:9c:20:88:91:72:19:93:df:31:58:14:89:b6:1e:e5:ea:
         3f:77:a0:ad:3d:74:03:e9:b5:52:2f:05:01:9f:4b:30:9c:40:
         01:3b:3c:88:e1:e1:f0:66:62:d8:5c:3b:03:b7:cf:5a:88:30:
         5d:35:e6:5c:1c:88:c5:45:b1:b7:2c:d1:64:59:45:ba:42:c3:
         8f:f5:39:04:94:04:90:d2:0f:cf:91:c9:2c:ab:b3:9c:e2:75:
         45:2d:8a:90:35:84:13:b2:de:7c:6b:e5:93:25:cc:43:63:4d:
         cf:96:68:eb:f8:dd:f1:97:10:61:43:ae:6a:e9:b0:6f:86:53:
         b2:34:10:bb:b9:ec:98:a3:f3:ad:22:59:cf:b3:b8:a1:ce:32:
         60:dd:82:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK1su6H7dKTVcMuoWwsLvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGI3YzE4NjAzNDdhMDkyYmI1N2Y3MjQ1YWQ3OTQyYThjMGVmOWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJF5ea8nH0TMqKgCpZP3RdgmMmVb
+JG6Waj4rIo1aLDlX6cvfoAGOHee8BD9JhgmVTb6QBJ/MzAChubG+5Pthf8hjwKv
z1dn4AzhfyeKNSux8+airUcMo33foej3fRm9K6ci3rzWuMMbIi3O2AExjeo4zrc4
AkBzm/JZX8ehGK3sMMXmWc51s6u8EcvwrlMb8Hua5gqdLNAIwLlSWbOWJyhnbgYy
M391407V/1r9cuxrTGHlFI310qn7ECKxRFfFyVFkkwTgLzYl5uBIx7feN730lc4g
OfJsuATxftb2F0u2kBr8cZ7uMUmYN/j8MWORGYg/5vK6dHA/YOOXE0cmaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPC3wYYDR6CSu1f3JFrXlCqMDvn2MB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvOExmQmhnTkhvSks3Vl9ja1d0ZVVLb3dPLWZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubFTMA0G
CSqGSIb3DQEBCwUAA4IBAQCVIwFpILgrbBFur+Qt73xXYjcycutL0XyA7guBUihE
oHZgd4Lw9fnaiA1x7IQnn0BySgUqfuUOt3e6W9x6gO+kn0Q14MmKWJzSfKSi9uUT
M0R0aU6Q5bjp2Ya4fVylxViz1lnTN7pReUFpF6aBqJwgiJFyGZPfMVgUibYe5eo/
d6CtPXQD6bVSLwUBn0swnEABOzyI4eHwZmLYXDsDt89aiDBdNeZcHIjFRbG3LNFk
WUW6QsOP9TkElASQ0g/Pkcksq7Oc4nVFLYqQNYQTst58a+WTJcxDY03Plmjr+N3x
lxBhQ65q6bBvhlOyNBC7ueyYo/OtIlnPs7ihzjJg3YK5
-----END CERTIFICATE-----