Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/aNHoX_fI2zzExSiexj5-9mr3iJ4.roa
File:                     aNHoX_fI2zzExSiexj5-9mr3iJ4.roa (raw, json)
Hash identifier:          kRbVOdrpIyUnfs0DyImP+MNFpgapGdWB6ok/cqdQCkI=
Subject key identifier:   68:D1:E8:5F:F7:C8:DB:3C:C4:C5:28:9E:C6:3E:7E:F6:6A:F7:88:9E
Certificate issuer:       /CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
Certificate serial:       018CC2DB5F13AE58FD64BD31B22537725DE4
Authority key identifier: F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/aNHoX_fI2zzExSiexj5-9mr3iJ4.roa
Signing time:             Mon 01 Jan 2024 02:30:05 +0000
ROA not before:           Mon 01 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213245
IP address blocks:        84.17.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 04:03:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5f:13:ae:58:fd:64:bd:31:b2:25:37:72:5d:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
        Validity
            Not Before: Jan  1 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68d1e85ff7c8db3cc4c5289ec63e7ef66af7889e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:7d:2a:27:a6:f2:8e:44:01:f4:80:b1:73:82:
                    8a:66:3e:9f:1c:b8:37:b3:98:59:4d:23:f2:92:d3:
                    7e:25:ac:6a:85:08:52:99:df:e8:34:d1:f0:d1:61:
                    85:be:2b:84:ab:a1:73:b1:3c:6b:ec:91:9c:7f:fa:
                    78:a6:c7:32:61:e5:19:5a:ac:db:eb:ba:fb:35:03:
                    29:8a:fd:69:b2:3c:03:4d:de:89:9b:be:bf:de:be:
                    3b:cd:26:19:be:2d:30:19:9d:c8:ff:79:e9:cc:9f:
                    f0:1c:67:4d:df:84:9e:33:6d:06:06:ad:01:25:87:
                    08:d4:f7:c3:ca:df:59:2d:3f:ea:4b:54:e0:ab:98:
                    bf:72:ae:e9:ff:8b:f2:70:f4:ff:42:56:04:56:27:
                    5a:88:82:69:5d:bc:f7:43:3f:3a:c7:42:31:82:6e:
                    06:af:74:0f:47:00:74:f9:1a:53:14:9c:6d:1f:50:
                    2b:b0:c4:ab:74:30:3c:61:f6:bd:e9:c7:ff:14:7d:
                    6e:f9:e3:77:d8:94:55:da:b7:b9:36:9e:bb:d8:a0:
                    56:1a:c5:fe:2c:58:cc:78:cf:eb:46:a6:78:92:c5:
                    7b:a0:44:f3:ab:62:4a:87:54:64:b8:c7:2b:21:3b:
                    e0:cf:39:6b:15:b9:78:e7:62:4d:7e:8f:14:6a:0a:
                    4d:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:D1:E8:5F:F7:C8:DB:3C:C4:C5:28:9E:C6:3E:7E:F6:6A:F7:88:9E
            X509v3 Authority Key Identifier:
                keyid:F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/aNHoX_fI2zzExSiexj5-9mr3iJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.17.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:35:2e:1a:93:10:a9:e8:61:e6:17:eb:02:fc:45:34:3a:f4:
         82:5a:b3:a2:8d:f4:16:30:47:ca:c3:2e:19:64:01:5e:9e:20:
         24:0f:7f:c4:c6:d7:c9:6e:37:3d:2c:0a:cf:78:62:02:e0:e3:
         d3:04:7d:97:6c:2e:4f:12:9d:e1:b1:79:cf:9b:24:db:cb:da:
         f9:bf:f6:73:ab:c1:0d:f6:46:80:fc:b3:82:b9:30:1a:90:85:
         9f:39:d2:f7:a6:d9:c0:7b:4b:13:66:15:e8:54:39:e8:59:23:
         25:5d:3f:ea:01:15:6f:9d:40:18:61:c8:fd:95:06:ad:6b:b4:
         36:79:e5:60:be:85:46:da:ff:5b:b5:12:23:fa:64:01:0c:4a:
         4f:96:e1:7f:7c:1e:55:18:2e:88:3a:62:5f:57:a6:7e:8f:c2:
         1f:63:79:3e:34:4f:6d:93:25:27:4d:54:df:a5:96:c0:7e:f5:
         b2:dd:ae:35:a6:5c:f0:b5:54:e9:23:86:02:ae:4e:e0:4a:4e:
         33:49:f6:39:f7:81:bc:42:6f:a9:88:49:c4:dc:3f:e5:be:9b:
         69:78:11:c7:cd:ee:68:47:09:84:52:1c:9b:89:71:17:a2:58:
         7c:77:fd:45:25:71:01:c1:f2:60:33:6d:48:db:ca:40:99:5c:
         f0:3c:96:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC218Trlj9ZL0xsiU3cl3kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2Mjk1MGViNzkxNjY2OGJiZmE4ZDFiODcwNTYwYjFj
YTc3MzkwHhcNMjQwMTAxMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGQxZTg1ZmY3YzhkYjNjYzRjNTI4OWVjNjNlN2VmNjZhZjc4ODllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl30qJ6byjkQB9ICxc4KKZj6fHLg3
s5hZTSPyktN+JaxqhQhSmd/oNNHw0WGFviuEq6FzsTxr7JGcf/p4pscyYeUZWqzb
67r7NQMpiv1psjwDTd6Jm76/3r47zSYZvi0wGZ3I/3npzJ/wHGdN34SeM20GBq0B
JYcI1PfDyt9ZLT/qS1Tgq5i/cq7p/4vycPT/QlYEVidaiIJpXbz3Qz86x0Ixgm4G
r3QPRwB0+RpTFJxtH1ArsMSrdDA8Yfa96cf/FH1u+eN32JRV2re5Np672KBWGsX+
LFjMeM/rRqZ4ksV7oETzq2JKh1RkuMcrITvgzzlrFbl452JNfo8UagpNMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjR6F/3yNs8xMUonsY+fvZq94ieMB8GA1UdIwQY
MBaAFPS3YpUOt5FmaLv6jRuHBWCxync5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAt
MmY4ZGYxODdmOThiLzEvYU5Ib1hfZkkyenpFeFNpZXhqNS05bXIzaUo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAtMmY4ZGYxODdmOThi
LzEvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVBFYMA0G
CSqGSIb3DQEBCwUAA4IBAQBUNS4akxCp6GHmF+sC/EU0OvSCWrOijfQWMEfKwy4Z
ZAFeniAkD3/ExtfJbjc9LArPeGIC4OPTBH2XbC5PEp3hsXnPmyTby9r5v/Zzq8EN
9kaA/LOCuTAakIWfOdL3ptnAe0sTZhXoVDnoWSMlXT/qARVvnUAYYcj9lQata7Q2
eeVgvoVG2v9btRIj+mQBDEpPluF/fB5VGC6IOmJfV6Z+j8IfY3k+NE9tkyUnTVTf
pZbAfvWy3a41plzwtVTpI4YCrk7gSk4zSfY594G8Qm+piEnE3D/lvptpeBHHze5o
RwmEUhybiXEXolh8d/1FJXEBwfJgM21I28pAmVzwPJbp
-----END CERTIFICATE-----