Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/dyv6OHVtui_qUjzcNYE7q09xx6Y.roa
File:                     dyv6OHVtui_qUjzcNYE7q09xx6Y.roa (raw, json)
Hash identifier:          mIi1ZgBFrYxjT72RHijrxZmc0Ch//i0xferEwXj9gMM=
Subject key identifier:   77:2B:FA:38:75:6D:BA:2F:EA:52:3C:DC:35:81:3B:AB:4F:71:C7:A6
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B6888B46A82E71CA635E45ADDDDA6
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/dyv6OHVtui_qUjzcNYE7q09xx6Y.roa
Signing time:             Tue 02 Jan 2024 12:34:51 +0000
ROA not before:           Tue 02 Jan 2024 12:34:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212757
IP address blocks:        94.199.103.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:68:88:b4:6a:82:e7:1c:a6:35:e4:5a:dd:dd:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=772bfa38756dba2fea523cdc35813bab4f71c7a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:cf:7a:14:83:55:aa:c8:df:56:ad:a5:b7:05:
                    6d:ca:bd:b0:c0:f7:ca:08:80:e2:94:33:6e:69:4d:
                    45:e1:87:1b:22:37:8d:f7:72:44:45:6d:60:c2:da:
                    25:e0:ee:8c:dc:d0:01:b8:a5:f5:0d:6f:af:4a:4b:
                    f9:16:60:d6:8f:33:e5:a3:84:93:2e:e6:78:bb:b7:
                    ea:20:86:3f:4f:f1:d7:d4:92:0c:6d:b5:47:0e:85:
                    09:66:82:9d:25:24:dd:72:5d:e0:81:73:70:0c:c7:
                    f3:cf:fc:22:be:49:86:fd:c2:ba:51:1d:ba:91:cb:
                    59:8e:7b:9d:23:96:fc:2f:28:42:80:d2:ad:6d:33:
                    2f:cb:9c:03:ea:e7:93:93:3a:c7:c3:31:38:08:20:
                    0d:8c:e3:2e:e1:d1:28:0c:b8:50:f9:ce:a9:b4:cd:
                    76:e3:60:8f:09:3e:dd:61:51:22:55:41:8e:41:92:
                    6d:66:26:92:25:18:e4:fb:da:bf:ae:15:e9:24:b8:
                    49:73:84:e2:23:af:89:74:6f:c3:88:66:73:8a:40:
                    63:b9:29:46:a5:a9:b1:30:bc:b6:17:6d:32:33:e3:
                    17:ee:7e:b6:21:5a:7f:4c:d8:ec:4b:65:5e:45:1f:
                    53:c6:3a:55:83:2a:8a:be:62:c1:d5:79:d1:43:a4:
                    66:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:2B:FA:38:75:6D:BA:2F:EA:52:3C:DC:35:81:3B:AB:4F:71:C7:A6
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/dyv6OHVtui_qUjzcNYE7q09xx6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.199.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:10:03:1d:cd:c9:5f:d8:1d:7d:c7:bb:68:c6:f9:9e:96:17:
         a2:49:30:f8:31:70:7f:4d:74:5e:52:fb:05:48:e6:1c:b0:5d:
         41:21:0c:0f:24:8a:b0:c8:9c:8d:cd:99:cd:84:6e:c9:bf:a2:
         bc:3d:7d:94:93:5f:c0:24:66:53:14:b6:c1:70:3a:1f:b5:a0:
         54:12:a0:fb:ab:85:48:a2:49:46:11:37:c0:c6:74:3f:54:94:
         ef:b4:ac:6f:e7:ed:f3:b5:d6:12:17:c0:d2:03:24:fe:98:d1:
         e9:17:22:7a:a7:b4:66:f4:9b:73:d3:36:1c:9c:9a:bf:6b:f1:
         33:a6:0d:00:42:19:98:9f:75:ac:7f:f7:31:8e:52:63:10:7c:
         ed:b6:36:a3:ff:d1:61:7f:f4:23:f4:56:8e:97:da:49:b4:9a:
         45:ab:74:7b:90:d6:70:54:e9:83:fd:b8:ac:0c:65:99:81:bc:
         61:c8:2c:80:f7:42:65:b8:f7:60:bc:0c:83:fb:ac:39:b5:93:
         ec:a1:47:a3:6e:69:86:49:fc:24:71:a0:93:55:1d:fb:5d:90:
         fc:76:56:6d:8f:d8:a3:d1:b8:20:3f:3f:17:50:47:57:1c:fc:
         5e:f4:02:0e:d2:c2:1f:56:1b:78:b4:e4:48:59:fe:43:01:0f:
         31:66:ce:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK2iItGqC5xymNeRa3d2mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzJiZmEzODc1NmRiYTJmZWE1MjNjZGMzNTgxM2JhYjRmNzFjN2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhc96FINVqsjfVq2ltwVtyr2wwPfK
CIDilDNuaU1F4YcbIjeN93JERW1gwtol4O6M3NABuKX1DW+vSkv5FmDWjzPlo4ST
LuZ4u7fqIIY/T/HX1JIMbbVHDoUJZoKdJSTdcl3ggXNwDMfzz/wivkmG/cK6UR26
kctZjnudI5b8LyhCgNKtbTMvy5wD6ueTkzrHwzE4CCANjOMu4dEoDLhQ+c6ptM12
42CPCT7dYVEiVUGOQZJtZiaSJRjk+9q/rhXpJLhJc4TiI6+JdG/DiGZzikBjuSlG
pamxMLy2F20yM+MX7n62IVp/TNjsS2VeRR9TxjpVgyqKvmLB1XnRQ6RmiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHcr+jh1bbov6lI83DWBO6tPccemMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvZHl2Nk9IVnR1aV9xVWp6Y05ZRTdxMDl4eDZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXsdnMA0G
CSqGSIb3DQEBCwUAA4IBAQA0EAMdzclf2B19x7toxvmelheiSTD4MXB/TXReUvsF
SOYcsF1BIQwPJIqwyJyNzZnNhG7Jv6K8PX2Uk1/AJGZTFLbBcDoftaBUEqD7q4VI
oklGETfAxnQ/VJTvtKxv5+3ztdYSF8DSAyT+mNHpFyJ6p7Rm9Jtz0zYcnJq/a/Ez
pg0AQhmYn3Wsf/cxjlJjEHzttjaj/9Fhf/Qj9FaOl9pJtJpFq3R7kNZwVOmD/bis
DGWZgbxhyCyA90JluPdgvAyD+6w5tZPsoUejbmmGSfwkcaCTVR37XZD8dlZtj9ij
0bggPz8XUEdXHPxe9AIO0sIfVht4tORIWf5DAQ8xZs5b
-----END CERTIFICATE-----